Refresh PROMOD and liquidity inventory reports

Clarify mesh+verify-only use of --skip-register-gru and document
forge build / FOUNDRY_PROFILE=chain138 to keep artifacts warm;
extend --help to include the new header lines.

Made-with: Cursor

.cursor/rules/chain138-tokens-and-pmm.mdc

@@ -10,9 +10,23 @@ alwaysApply: true
 - **cUSDT:** `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` (6 decimals)
 - **cUSDC:** `0xf22258f57794CC8E06237084b353Ab30fFfa640b` (6 decimals)
 
-**DODOPMMIntegration:** `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` — reconciled with `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` (on-chain verification 2026-03-26); `compliantUSDT()` / `compliantUSDC()` return the canonical cUSDT/cUSDC above.
+**DODOPMMIntegration (live, traded):** `0x86ADA6Ef91A3B450F89f2b751e93B1b7A3218895` — confirmed live via on-chain probe (2026-04-22): `compliantUSDT()` / `compliantUSDC()` return the canonical cUSDT/cUSDC above; `pools[][]` mapping resolves to the live funded pool set below; `isRegisteredPool` is TRUE for all 8 pools listed under "PMM pools (live, traded)". `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` is a parallel deployment of the same source with different immutables and seeded but un-traded pools — do not wire dApps or routers to it.
 
-**PMM pools (live funded public):** cUSDT/cUSDC `0xff8d3b8fDF7B112759F076B69f4271D4209C0849` | cUSDT/USDT `0x6fc60DEDc92a2047062294488539992710b99D71` | cUSDC/USDC `0x9f74Be42725f2Aa072a9E0CdCce0E7203C510263` — see `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md` / `PMM_DEX_ROUTING_STATUS.md`.
+**DODOPMMProvider (ILiquidityProvider, live):** `0x3f729632E9553EBacCdE2e9b4c8F2B285b014F2e` — `dodoIntegration() == 0x86ADA6Ef…`, `providerName() == "DODO PMM"`, `isKnownPool` TRUE for all 8 live pools. Use this address as `dodoLiquidityProvider` when deploying `EnhancedSwapRouter`; see `docs/11-references/PMM_DEX_ROUTING_STATUS.md`.
+
+**PMM pools (live, traded — 2026-04-22 on-chain probe):**
+- cUSDT/cUSDC `0x9e89bAe009adf128782E19e8341996c596ac40dC` (~983k cUSDT / ~1.016M cUSDC, asymmetric — actively traded)
+- cUSDT/USDT  `0x866Cb44b59303d8dc5f4F9E3E7A8e8b0bf238d66` (~1M / ~1M)
+- cUSDC/USDC  `0xc39B7D0F40838cbFb54649d327f49a6DAC964062` (~1M / ~1M)
+- cBTC/cUSDT  `0x67049e7333481e2cac91af61403ac7bddfab7bcd` (10k cBTC base / 9M cUSDT quote)
+- cBTC/cUSDC  `0x72f1a0794153c3b8a1e8a731f1d8e1a52cb10dc5` (10k cBTC base / 9M cUSDC quote)
+- WETH/USDC   `0xb53a0508940b1ff90f1aad4f6cb50a7012fe5593` (~10.1M USDC quote)
+- WETH/USDT   `0xe227f6c0520c0c6e8786fe56fa76c4914f861533` (~10.1M USDT quote)
+- cBTC/cXAUC  `0xf3e8a07d419b61f002114e64d79f7cf8f7989433` (10k cBTC base / 1.7k cXAUC quote)
+
+The earlier rule's pool addresses (`0xff8d3b8f…`, `0x6fc60D…`, `0x9f74Be…`) belong to the **parallel** integration `0x5BDc62f1…` (Stack B) and are seeded 10M/10M flat or 0/0 — they are not the live PMM trading set. Source-of-truth corrections to follow in `ADDRESS_MATRIX_AND_STATUS.md` and `PMM_DEX_ROUTING_STATUS.md`.
+
+**cBTC:** `0xe94260c555ac1d9d3cc9e1632883452ebdf0082e` (8 decimals) — base token of the three cBTC pools above.
 
 **cXAUC / cXAUT (XAU):** `0x290E52a8819A4fbD0714E517225429aA2B70EC6b`, `0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E` (6 decimals). **1 full token = 1 troy ounce Au** — not USD face value; see `EXPLORER_TOKEN_LIST_CROSSCHECK.md` section 5.1.
 

.devin/README.md

@@ -0,0 +1,18 @@
+# Devin for Terminal in Cursor
+
+This project is configured to use Devin for Terminal as a local CLI companion inside Cursor.
+
+- Cursor config import is enabled through `.cursor/rules/` and `.cursor/mcp.json` if present.
+- Windsurf config import is disabled for this project.
+- `AGENTS.md` remains the canonical shared project guidance.
+- Personal Devin overrides and secrets belong in `.devin/config.local.json`, which is gitignored.
+- Run `devin auth login` interactively before first use.
+
+Useful commands:
+
+```bash
+devin
+devin -- "review this repo and suggest the next safe task"
+devin auth status
+devin mcp list
+```

.devin/agents/reviewer/AGENT.md

@@ -0,0 +1,21 @@
+---
+name: reviewer
+description: Read-only reviewer for Cursor/Devin handoffs
+allowed-tools:
+  - read
+  - grep
+  - glob
+  - exec
+permissions:
+  allow:
+    - Exec(git status)
+    - Exec(git diff)
+    - Exec(git log)
+  deny:
+    - write
+    - edit
+---
+
+You are a read-only review subagent for this Cursor workspace.
+
+Review changes for correctness, security, operational risk, and consistency with `AGENTS.md` and relevant `.cursor/rules/` guidance. Do not modify files. Report only actionable findings first, ordered by severity, with exact file paths.

.devin/config.json

@@ -0,0 +1,38 @@
+{
+  // Devin for Terminal project config optimized for Cursor as the primary IDE.
+  "read_config_from": {
+    "cursor": true,
+    "windsurf": false,
+    "claude": true
+  },
+  "permissions": {
+    "allow": [
+      "Read(**)",
+      "Exec(git status)",
+      "Exec(git diff)",
+      "Exec(git log)",
+      "Exec(pnpm run)",
+      "Exec(bash scripts/verify)",
+      "Exec(bash scripts/validation)"
+    ],
+    "ask": [
+      "Write(**)",
+      "Exec(git commit)",
+      "Exec(git push)",
+      "Exec(docker)",
+      "Exec(docker compose)",
+      "mcp__*"
+    ],
+    "deny": [
+      "Exec(rm)",
+      "Exec(sudo)",
+      "Exec(chmod -R)",
+      "Exec(chown -R)",
+      "Write(.env*)",
+      "Write(**/.env*)",
+      "Write(reports/secrets/**)",
+      "Write(config/production/*did-secrets.env)"
+    ]
+  },
+  "mcpServers": {}
+}

.devin/hooks.v1.json

@@ -0,0 +1,14 @@
+{
+  "PreToolUse": [
+    {
+      "matcher": "exec",
+      "hooks": [
+        {
+          "type": "command",
+          "command": "bash scripts/devin/block-dangerous-command.sh",
+          "timeout": 10
+        }
+      ]
+    }
+  ]
+}

.devin/skills/cursor-handoff/SKILL.md

@@ -0,0 +1,22 @@
+---
+name: cursor-handoff
+description: Align Devin for Terminal work with this Cursor workspace and project rules
+allowed-tools:
+  - read
+  - grep
+  - glob
+  - exec
+triggers:
+  - user
+  - model
+---
+
+Use this skill when starting or resuming work in this repository from Devin for Terminal.
+
+1. Treat Cursor as the primary IDE context and read `.cursor/rules/` when relevant.
+2. Read `AGENTS.md` first for canonical project guidance.
+3. Do not rely on Windsurf rules, skills, workflows, or MCP settings for this project.
+4. Check `git status --short` before editing and preserve unrelated user changes.
+5. Prefer dry-run flags for operator, deployment, DNS, Proxmox, and LAN-sensitive scripts.
+6. Never write secrets or runtime credentials into tracked files.
+7. When using MCP servers, assume Cursor and Devin maintain separate authentication sessions.

.devin/skills/review/SKILL.md

@@ -0,0 +1,28 @@
+---
+name: review
+description: Review code changes before commit or handoff
+allowed-tools:
+  - read
+  - grep
+  - glob
+  - exec
+permissions:
+  allow:
+    - Exec(git status)
+    - Exec(git diff)
+    - Exec(git log)
+  deny:
+    - write
+    - edit
+triggers:
+  - user
+  - model
+---
+
+Review the current changes with a correctness-first stance.
+
+1. Run `git status --short`.
+2. Run `git diff` and, if staged changes exist, `git diff --staged`.
+3. Focus on bugs, security regressions, deployment risk, missing validation, and secret exposure.
+4. Cite exact file paths and keep findings ordered by severity.
+5. If no issues are found, say so and call out any test or validation gaps.

.env.master.example

@@ -77,6 +77,16 @@ GITEA_URL=
 GITEA_TOKEN=
 GITEA_ORG=
 
+# --- Phoenix deploy API (Gitea Actions secrets on EACH repo that triggers deploy) ---
+# PHOENIX_DEPLOY_URL=       # full POST URL e.g. http://192.168.11.59:4001/api/deploy — same variable name as repo Secrets in Gitea
+# PHOENIX_DEPLOY_TOKEN=    # bearer for Phoenix deploy API — set per-repo Secret on Gitea, not necessarily in this root .env
+
+# --- CyberSecur Global (Gov portal static site; optional Web3Forms intake) ---
+# CYBERSECUR_WEB3FORMS_ACCESS_KEY=   # web3forms.com — used by CyberSecur-Global/deploy/render-intake.sh (key is public in browser HTML per provider)
+# After rotating the key in the Web3Forms dashboard, update this line and redeploy:
+#   CYBERSECUR_REPO=/path/to/CyberSecur-Global ./scripts/deployment/sync-cybersecur-global-to-ct7810.sh
+# CYBERSECUR_INTAKE_REDIRECT_URL=    # optional; default https://cybersecur.d-bis.org/intake-thanks.html
+
 # --- Database & app auth ---
 DATABASE_URL=
 JWT_SECRET=
@@ -104,6 +114,8 @@ DEPLOYER_ADDRESS=
 RPC_URL_138=
 RPC_URL_138_PUBLIC=
 ETHEREUM_MAINNET_RPC=
+# Clear scripts/verify/check-external-dependencies.sh — use real service URLs when split; example interim health target:
+# DBIS_CORE_URL=https://dbis-api.d-bis.org/health
 DBIS_CORE_URL=
 CC_PAYMENT_ADAPTERS_URL=
 CC_AUDIT_LEDGER_URL=
@@ -111,9 +123,15 @@ CC_SHARED_EVENTS_URL=
 CC_SHARED_SCHEMAS_URL=
 FIN_GATEWAY_URL=
 ALLIANCE_ACCESS_URL=
+# cast must be in PATH; use a runner-reachable Chain 138 RPC, e.g.:
+# CHAIN138_CI_RPC_URL=https://rpc.public-0138.defi-oracle.io
 CHAIN138_CI_RPC_URL=
 ALL_MAINNET_RPC=
+# Alltra / Wemix / Etherlink: set for production; for local read-only checks, deployer-gas-auto-route.sh falls back to public RPCs documented in scripts/deployment/deployer-gas-auto-route.sh
 CHAIN_651940_RPC_URL=
+# ALLTRA_MAINNET_RPC=https://mainnet-rpc.alltra.global
+# WEMIX_RPC_URL=https://api.wemix.com
+# ETHERLINK_RPC_URL=https://node.mainnet.etherlink.com
 CHAIN_1_UNISWAP_V2_FACTORY=0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f
 CHAIN_1_UNISWAP_V2_ROUTER=0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D
 CHAIN_1_UNISWAP_V2_START_BLOCK=0

.gitea/CONTRIBUTING.md

@@ -6,6 +6,12 @@
 2. Make changes, ensure tests pass
 3. Open a pull request
 
+Repo ↔ VM CI/CD mapping and templates for **other** Gitea repos: [docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](../docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md), [config/gitea-workflow-templates/README.md](../config/gitea-workflow-templates/README.md).
+
+Deploy workflow policy:
+`main` and `master` are both deploy-triggering branches, so `.gitea/workflow-sources/deploy-to-phoenix.yml` and `.gitea/workflow-sources/validate-on-pr.yml` must stay identical across both branches.
+Use `bash scripts/verify/sync-gitea-workflows.sh` after editing workflow-source files, and `bash scripts/verify/run-all-validation.sh --skip-genesis` to catch workflow drift before push.
+
 ## Pull Requests
 
 - Use the PR template when opening a PR

.gitea/workflow-sources/deploy-to-phoenix.yml

@@ -0,0 +1,125 @@
+# Canonical deploy workflow. Keep source and checked-in workflow copies byte-identical.
+# Validation checks both file sync and main/master parity.
+name: Deploy to Phoenix
+
+on:
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Fetch deploy branches for workflow parity check
+        run: |
+          REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
+          if git remote | grep -qx gitea; then
+            REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
+          fi
+          git fetch --depth=1 "$REMOTE" main master
+
+      - name: Install validation dependencies
+        run: |
+          corepack enable
+          pnpm install --frozen-lockfile
+
+      # The cW* mesh matrix and deployment-status validators read
+      # cross-chain-pmm-lps/config/*.json. The parent checkout does not
+      # materialize submodules by default, and .gitmodules mixes public HTTPS
+      # with SSH URLs, so clone only the required public validation dependency.
+      - name: Materialize cross-chain-pmm-lps
+        run: |
+          set -euo pipefail
+          if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then
+            rm -rf cross-chain-pmm-lps
+            git clone --depth=1 \
+              https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \
+              cross-chain-pmm-lps
+          fi
+
+      - name: Run repo validation gate
+        run: |
+          bash scripts/verify/run-all-validation.sh --skip-genesis
+
+  deploy:
+    needs: validate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Trigger Phoenix deployment
+        run: |
+          set -euo pipefail
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          set +e
+          curl -sSf --retry 3 --retry-connrefused --retry-delay 10 --retry-max-time 180 \
+            --connect-timeout 10 --max-time 120 \
+            -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+            -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"
+          rc="$?"
+          set -e
+          if [ "$rc" -eq 52 ]; then
+            HEALTH_URL="${{ secrets.PHOENIX_DEPLOY_URL }}"
+            HEALTH_URL="${HEALTH_URL%/api/deploy}/health"
+            echo "Phoenix deploy API restarted during self-deploy; verifying ${HEALTH_URL}"
+            for i in $(seq 1 12); do
+              if curl -fsS --max-time 5 "$HEALTH_URL"; then
+                exit 0
+              fi
+              sleep 5
+            done
+          fi
+          exit "$rc"
+
+  deploy-atomic-swap-dapp:
+    needs: deploy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Trigger Atomic Swap dApp deployment (Phoenix)
+        run: |
+          set -euo pipefail
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          curl -sSf \
+            --connect-timeout 10 --max-time 900 \
+            -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+            -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"atomic-swap-dapp-live\"}"
+
+  # After app deploy, ask Phoenix to run path-gated Cloudflare DNS sync on the host that has
+  # PHOENIX_REPO_ROOT + .env (not on this runner). Skips unless PHOENIX_CLOUDFLARE_SYNC=1 on that host.
+  # continue-on-error: first-time or missing opt-in should not block the main deploy.
+  cloudflare:
+    needs:
+      - deploy
+      - deploy-atomic-swap-dapp
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Request Cloudflare DNS sync (Phoenix)
+        run: |
+          set -euo pipefail
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          curl -sSf --retry 5 --retry-all-errors --retry-connrefused --retry-delay 10 --retry-max-time 300 \
+            --connect-timeout 10 --max-time 120 \
+            -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+            -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}" \
+            || { echo "Cloudflare DNS sync request failed; optional sync is non-blocking."; exit 0; }

.gitea/workflow-sources/validate-on-pr.yml

@@ -0,0 +1,33 @@
+# Canonical PR validation workflow. Keep source and checked-in workflow copies byte-identical.
+# Validation checks both file sync and main/master parity.
+# PR-only: push validation already runs in deploy-to-phoenix.yml; this gives PRs the same
+# no-LAN checks without the deploy job (and without deploy secrets).
+name: Validate (PR)
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches: [main, master]
+  workflow_dispatch:
+jobs:
+  run-all-validation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Fetch deploy branches for workflow parity check
+        run: |
+          REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
+          if git remote | grep -qx gitea; then
+            REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
+          fi
+          git fetch --depth=1 "$REMOTE" main master
+      - name: Install validation dependencies
+        run: |
+          corepack enable
+          pnpm install --frozen-lockfile
+      # Optional: set org/repo variable URA_STRICT_CLOSURE=1 to fail PRs while pilot placeholders
+      # remain in manifest (see scripts/ura/validate-manifest-closure.mjs). Not enabled by default.
+      - name: run-all-validation (no LAN, no genesis)
+        env:
+          URA_STRICT_CLOSURE: ${{ vars.URA_STRICT_CLOSURE }}
+        run: bash scripts/verify/run-all-validation.sh --skip-genesis

.gitea/workflows/bootstrap-phoenix-deploy-api.yml

@@ -0,0 +1,210 @@
+name: Bootstrap Phoenix Deploy API
+
+# Reinstalls phoenix-deploy-api on the dev VM (CT 5700) with the latest server.js
+# from master. This is the missing link between "code on master is the real
+# implementation" and "running service on CT 5700 still has the stub". Run this
+# workflow_dispatch job whenever phoenix-deploy-api/server.js, deploy-targets.json
+# or related scripts change and you need the running service to pick up the change
+# without a manual LAN visit.
+#
+# Required Gitea repo secrets (Settings -> Secrets):
+#   PHOENIX_PVE_HOST       PVE node IP that hosts CT 5700 (e.g. 192.168.11.12)
+#   PHOENIX_PVE_USER       SSH user on the PVE node (default: root)
+#   PHOENIX_PVE_SSH_KEY    Private SSH key (PEM, OpenSSH format) authorised on the PVE node
+#   PHOENIX_PVE_KNOWN_HOSTS  Pre-populated known_hosts entry for the PVE node (avoids strict-host prompt)
+#   PHOENIX_DEV_VM_VMID    Container VMID (default: 5700)
+#   PHOENIX_DEPLOY_DEV_VM_IP  IP of the dev VM for the post-install health check (default: 192.168.11.59)
+#   PHOENIX_DEPLOY_URL     Phoenix deploy webhook URL (already used by deploy job)
+#   PHOENIX_DEPLOY_TOKEN   Bearer token for the webhook (already used by deploy job)
+#
+# Trigger only via Gitea UI (Actions tab -> "Bootstrap Phoenix Deploy API" -> Run
+# workflow). NOT triggered on push: reinstalling the deploy service is sensitive
+# enough that we want it gated behind a manual click.
+
+on:
+  workflow_dispatch:
+    inputs:
+      verify_only:
+        description: "If true, only run the post-install /health + auth probe and skip the reinstall step."
+        type: boolean
+        required: false
+        default: false
+
+jobs:
+  bootstrap:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout proxmox repo
+        uses: actions/checkout@v4
+
+      - name: Validate repo layout
+        run: |
+          set -euo pipefail
+          test -d phoenix-deploy-api || { echo "phoenix-deploy-api/ missing" >&2; exit 1; }
+          test -f phoenix-deploy-api/server.js
+          test -f phoenix-deploy-api/scripts/install-systemd.sh
+          test -f phoenix-deploy-api/deploy-targets.json
+          # Manifest is optional; warn if missing but do not fail.
+          if [ ! -f config/public-sector-program-manifest.json ]; then
+            echo "::warning::config/public-sector-program-manifest.json missing — install will warn on CT"
+          fi
+          # Make sure the running master implementation is NOT the stub message
+          # that triggered this whole bootstrap thread.
+          if grep -q "Deploy request queued (stub)" phoenix-deploy-api/server.js; then
+            echo "phoenix-deploy-api/server.js still contains the stub string — refusing to bootstrap." >&2
+            exit 1
+          fi
+
+      - name: Install SSH key for PVE access
+        if: ${{ github.event.inputs.verify_only != 'true' }}
+        run: |
+          set -euo pipefail
+          mkdir -p "$HOME/.ssh"
+          chmod 700 "$HOME/.ssh"
+          umask 077
+          printf '%s\n' "${{ secrets.PHOENIX_PVE_SSH_KEY }}" > "$HOME/.ssh/id_pve"
+          chmod 600 "$HOME/.ssh/id_pve"
+          if [ -n "${{ secrets.PHOENIX_PVE_KNOWN_HOSTS }}" ]; then
+            printf '%s\n' "${{ secrets.PHOENIX_PVE_KNOWN_HOSTS }}" > "$HOME/.ssh/known_hosts"
+            chmod 644 "$HOME/.ssh/known_hosts"
+          else
+            # Fall back to accept-new on first connect; subsequent connects pin.
+            touch "$HOME/.ssh/known_hosts"
+            chmod 644 "$HOME/.ssh/known_hosts"
+          fi
+
+      - name: Build deploy bundle
+        if: ${{ github.event.inputs.verify_only != 'true' }}
+        run: |
+          set -euo pipefail
+          mkdir -p .out
+          if [ -f config/public-sector-program-manifest.json ]; then
+            tar czf .out/pda-deploy-bundle.tar.gz \
+              phoenix-deploy-api \
+              config/public-sector-program-manifest.json
+          else
+            tar czf .out/pda-deploy-bundle.tar.gz phoenix-deploy-api
+          fi
+          ls -lh .out/pda-deploy-bundle.tar.gz
+
+      - name: scp bundle to PVE host
+        if: ${{ github.event.inputs.verify_only != 'true' }}
+        env:
+          PVE_HOST: ${{ secrets.PHOENIX_PVE_HOST }}
+          PVE_USER: ${{ secrets.PHOENIX_PVE_USER }}
+        run: |
+          set -euo pipefail
+          : "${PVE_HOST:?PHOENIX_PVE_HOST not set in repo secrets}"
+          PVE_USER_VAL="${PVE_USER:-root}"
+          KNOWN_HOSTS_OPT="-o UserKnownHostsFile=$HOME/.ssh/known_hosts"
+          if [ ! -s "$HOME/.ssh/known_hosts" ]; then
+            KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=accept-new"
+          else
+            KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=yes"
+          fi
+          scp -i "$HOME/.ssh/id_pve" $KNOWN_HOSTS_OPT \
+            -o ConnectTimeout=20 \
+            .out/pda-deploy-bundle.tar.gz \
+            "${PVE_USER_VAL}@${PVE_HOST}:/tmp/pda-deploy-bundle.tar.gz"
+
+      - name: pct push + install-systemd on CT
+        if: ${{ github.event.inputs.verify_only != 'true' }}
+        env:
+          PVE_HOST: ${{ secrets.PHOENIX_PVE_HOST }}
+          PVE_USER: ${{ secrets.PHOENIX_PVE_USER }}
+          VMID: ${{ secrets.PHOENIX_DEV_VM_VMID }}
+        run: |
+          set -euo pipefail
+          : "${PVE_HOST:?PHOENIX_PVE_HOST not set in repo secrets}"
+          PVE_USER_VAL="${PVE_USER:-root}"
+          VMID_VAL="${VMID:-5700}"
+          KNOWN_HOSTS_OPT="-o UserKnownHostsFile=$HOME/.ssh/known_hosts"
+          if [ ! -s "$HOME/.ssh/known_hosts" ]; then
+            KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=accept-new"
+          else
+            KNOWN_HOSTS_OPT="$KNOWN_HOSTS_OPT -o StrictHostKeyChecking=yes"
+          fi
+          ssh -i "$HOME/.ssh/id_pve" $KNOWN_HOSTS_OPT \
+            -o ConnectTimeout=20 \
+            "${PVE_USER_VAL}@${PVE_HOST}" "VMID=${VMID_VAL} bash -s" <<'REMOTE_EOF'
+          set -euo pipefail
+          : "${VMID:?}"
+          # Verify CT exists and is running.
+          if ! pct status "${VMID}" >/dev/null 2>&1; then
+            echo "CT ${VMID} not found on this PVE node." >&2
+            exit 1
+          fi
+          if ! pct exec "${VMID}" -- true 2>/dev/null; then
+            echo "CT ${VMID} not running. Start it first: pct start ${VMID}" >&2
+            exit 1
+          fi
+          STAGE="/tmp/proxmox-pda-stage"
+          pct push "${VMID}" /tmp/pda-deploy-bundle.tar.gz /root/pda-deploy.tar.gz
+          pct exec "${VMID}" -- bash -c "
+            set -euo pipefail
+            rm -rf '${STAGE}'
+            mkdir -p '${STAGE}'
+            tar xzf /root/pda-deploy.tar.gz -C '${STAGE}'
+            cd '${STAGE}'
+            bash phoenix-deploy-api/scripts/install-systemd.sh
+            rm -f /root/pda-deploy.tar.gz
+          "
+          rm -f /tmp/pda-deploy-bundle.tar.gz
+          REMOTE_EOF
+
+      - name: Health check (no auth)
+        env:
+          DEV_VM_IP: ${{ secrets.PHOENIX_DEPLOY_DEV_VM_IP }}
+        run: |
+          set -euo pipefail
+          IP="${DEV_VM_IP:-192.168.11.59}"
+          # Service may take a moment to come up after install; retry briefly.
+          for i in 1 2 3 4 5 6; do
+            if curl -sSf -m 5 "http://${IP}:4001/health" -o /tmp/health.json; then
+              echo "Health check OK on attempt ${i}"
+              cat /tmp/health.json || true
+              echo
+              break
+            fi
+            echo "Health check attempt ${i}/6 failed; sleeping 3s"
+            sleep 3
+            if [ "${i}" = "6" ]; then
+              echo "Phoenix Deploy API /health unreachable after install." >&2
+              exit 1
+            fi
+          done
+
+      - name: Auth + non-stub probe (POST with bogus target)
+        env:
+          PHOENIX_DEPLOY_URL: ${{ secrets.PHOENIX_DEPLOY_URL }}
+          PHOENIX_DEPLOY_TOKEN: ${{ secrets.PHOENIX_DEPLOY_TOKEN }}
+        run: |
+          set -euo pipefail
+          : "${PHOENIX_DEPLOY_URL:?}"
+          : "${PHOENIX_DEPLOY_TOKEN:?}"
+          # POST a bogus target. The post-bootstrap server should:
+          #   - accept the bearer token (NOT 401)
+          #   - reject the unknown target with a non-stub error
+          # The pre-bootstrap stub returned 202 with "Deploy request queued (stub)"
+          # for ANY target. So we explicitly check the response body does NOT
+          # contain that stub phrase.
+          BODY="$(curl -sS -m 10 -X POST "${PHOENIX_DEPLOY_URL}" \
+            -H "Authorization: Bearer ${PHOENIX_DEPLOY_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d '{"repo":"d-bis/proxmox","sha":"HEAD","branch":"master","target":"__bootstrap_probe__"}' || true)"
+          echo "Response body:"
+          echo "${BODY}"
+          if echo "${BODY}" | grep -q 'Deploy request queued (stub)'; then
+            echo "::error::Phoenix Deploy API still returning stub response — bootstrap did not take effect."
+            exit 1
+          fi
+          if echo "${BODY}" | grep -qi 'unauthorized\|invalid token\|401'; then
+            echo "::error::Phoenix Deploy API rejected the bearer token. PHOENIX_DEPLOY_TOKEN is out of sync with PHOENIX_DEPLOY_SECRET on the CT."
+            exit 1
+          fi
+          echo "Phoenix Deploy API is post-stub and authenticating correctly."
+
+      - name: Cleanup secrets
+        if: always()
+        run: |
+          rm -f "$HOME/.ssh/id_pve" "$HOME/.ssh/known_hosts" || true

.gitea/workflows/deploy-to-phoenix.yml

@@ -1,3 +1,5 @@
+# Canonical deploy workflow. Keep source and checked-in workflow copies byte-identical.
+# Validation checks both file sync and main/master parity.
 name: Deploy to Phoenix
 
 on:
@@ -12,12 +14,24 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      # The cw* mesh matrix and deployment-status validators read
-      # cross-chain-pmm-lps/config/*.json. .gitmodules mixes Gitea HTTPS
-      # with git@github.com: SSH URLs, so `submodules: recursive` on the
-      # parent checkout isn't safe. Shallow-clone the public mirror of the
-      # pmm-lps repo directly (config-only, no secrets needed).
-      - name: Materialize cross-chain-pmm-lps (config only)
+      - name: Fetch deploy branches for workflow parity check
+        run: |
+          REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
+          if git remote | grep -qx gitea; then
+            REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
+          fi
+          git fetch --depth=1 "$REMOTE" main master
+
+      - name: Install validation dependencies
+        run: |
+          corepack enable
+          pnpm install --frozen-lockfile
+
+      # The cW* mesh matrix and deployment-status validators read
+      # cross-chain-pmm-lps/config/*.json. The parent checkout does not
+      # materialize submodules by default, and .gitmodules mixes public HTTPS
+      # with SSH URLs, so clone only the required public validation dependency.
+      - name: Materialize cross-chain-pmm-lps
         run: |
           set -euo pipefail
           if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then
@@ -40,15 +54,33 @@ jobs:
 
       - name: Trigger Phoenix deployment
         run: |
+          set -euo pipefail
           SHA="$(git rev-parse HEAD)"
           BRANCH="$(git rev-parse --abbrev-ref HEAD)"
-          curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+          set +e
+          curl -sSf --retry 3 --retry-connrefused --retry-delay 10 --retry-max-time 180 \
+            --connect-timeout 10 --max-time 120 \
+            -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
             -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
             -H "Content-Type: application/json" \
             -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"
+          rc="$?"
+          set -e
+          if [ "$rc" -eq 52 ]; then
+            HEALTH_URL="${{ secrets.PHOENIX_DEPLOY_URL }}"
+            HEALTH_URL="${HEALTH_URL%/api/deploy}/health"
+            echo "Phoenix deploy API restarted during self-deploy; verifying ${HEALTH_URL}"
+            for i in $(seq 1 12); do
+              if curl -fsS --max-time 5 "$HEALTH_URL"; then
+                exit 0
+              fi
+              sleep 5
+            done
+          fi
+          exit "$rc"
 
   deploy-atomic-swap-dapp:
-    needs: validate
+    needs: deploy
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -56,9 +88,12 @@ jobs:
 
       - name: Trigger Atomic Swap dApp deployment (Phoenix)
         run: |
+          set -euo pipefail
           SHA="$(git rev-parse HEAD)"
           BRANCH="$(git rev-parse --abbrev-ref HEAD)"
-          curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+          curl -sSf \
+            --connect-timeout 10 --max-time 900 \
+            -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
             -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
             -H "Content-Type: application/json" \
             -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"atomic-swap-dapp-live\"}"
@@ -78,9 +113,13 @@ jobs:
 
       - name: Request Cloudflare DNS sync (Phoenix)
         run: |
+          set -euo pipefail
           SHA="$(git rev-parse HEAD)"
           BRANCH="$(git rev-parse --abbrev-ref HEAD)"
-          curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+          curl -sSf --retry 5 --retry-all-errors --retry-connrefused --retry-delay 10 --retry-max-time 300 \
+            --connect-timeout 10 --max-time 120 \
+            -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
             -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
             -H "Content-Type: application/json" \
-            -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}"
+            -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}" \
+            || { echo "Cloudflare DNS sync request failed; optional sync is non-blocking."; exit 0; }

.gitea/workflows/validate-on-pr.yml

@@ -1,3 +1,5 @@
+# Canonical PR validation workflow. Keep source and checked-in workflow copies byte-identical.
+# Validation checks both file sync and main/master parity.
 # PR-only: push validation already runs in deploy-to-phoenix.yml; this gives PRs the same
 # no-LAN checks without the deploy job (and without deploy secrets).
 name: Validate (PR)
@@ -12,14 +14,20 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Materialize cross-chain-pmm-lps (config only)
+      - name: Fetch deploy branches for workflow parity check
         run: |
-          set -euo pipefail
-          if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then
-            rm -rf cross-chain-pmm-lps
-            git clone --depth=1 \
-              https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \
-              cross-chain-pmm-lps
+          REMOTE="${GITEA_WORKFLOW_REMOTE:-origin}"
+          if git remote | grep -qx gitea; then
+            REMOTE="${GITEA_WORKFLOW_REMOTE:-gitea}"
           fi
+          git fetch --depth=1 "$REMOTE" main master
+      - name: Install validation dependencies
+        run: |
+          corepack enable
+          pnpm install --frozen-lockfile
+      # Optional: set org/repo variable URA_STRICT_CLOSURE=1 to fail PRs while pilot placeholders
+      # remain in manifest (see scripts/ura/validate-manifest-closure.mjs). Not enabled by default.
       - name: run-all-validation (no LAN, no genesis)
+        env:
+          URA_STRICT_CLOSURE: ${{ vars.URA_STRICT_CLOSURE }}
         run: bash scripts/verify/run-all-validation.sh --skip-genesis

.gitignore

@@ -26,6 +26,9 @@ Thumbs.db
 # Local-only Cursor session / context (exclude from Gitea)
 .cursor/local/
 
+# Devin for Terminal personal overrides / secrets
+.devin/config.local.json
+
 # IDE files
 .vscode/
 .idea/
@@ -80,8 +83,13 @@ cross-chain-pmm-lps-publish/
 
 # Local scratch (never commit)
 .tmp-*.cjs
+.codex
 .codex/
 .venv-checkjson/
+.env.bak.pmg.*
+
+# Teammate / third-party onboarding (API token handoffs; never commit)
+reports/secrets/
 
 # Operator / runtime env snapshots under reports/ (sensitive; regenerate from hosts)
 reports/status/operator-*.env
@@ -98,6 +106,49 @@ output/omnl-e2e-*/
 output/office22-*.zip
 output/settlement-events/
 output/transaction-package-*/
+output/cw-assets-usd-quote-dump.json
+output/jvmtm-evidence/
+
+# Generated verification evidence snapshots (keep curated evidence, ignore rerunnable timestamped dumps)
+docs/04-configuration/verification-evidence/e2e-verification-*/
+
+# Generated deployment and inventory machine outputs
+reports/deployment/*_20[0-9][0-9]-[0-9][0-9]-[0-9][0-9].md
+reports/deployment/check-deployer-lp-balances-*.json
+reports/inventory/container_inventory_*.csv
+reports/inventory/contract-inventory-*.json
+reports/inventory/DEPLOYED_CONTRACTS_*.md
+reports/inventory/INCOMPLETE_DUPLICATE_ANALYSIS.md
+reports/inventory/INVENTORY_COVERAGE_GAPS.md
+reports/inventory/deployed-contracts-completion-matrix.json
+reports/inventory/incomplete-duplicate-bytecode-analysis.json
+
+# Generated status artifacts (rerunnable from wrappers/validation scripts)
+reports/status/MULTI_NETWORK_DEPLOYMENT_AUDIT_*.md
+reports/status/*-latest.json
+reports/status/*-latest.md
+reports/status/*-latest.csv
+reports/status/hardware_poll_*.txt
+reports/status/lxc_cluster_health_*.json
+reports/status/lxc_cluster_health_*.txt
+reports/status/mainnet-cwusdc-usdc-preflight-*.json
+reports/status/mainnet-cwusdc-usdc-repeg-plan-*.json
+reports/status/live_inventory_*.json
+reports/status/drift_*.json
+
+# Ephemeral e2e dry-run outputs (local re-runs; not canonical reports)
+reports/e2e-dry-runs/
+
+# Local relay / thirdweb scaffold trees (subtree or vendor experiments — git add -f if promoted)
+relay/
+relay-api/
+relay-docs/
+relay-web/
+thirdweb-contracts/
+
+# One-off liquidity staging helpers (operator-generated; use committed runbooks as source of truth)
+scripts/verify/stage-250m-eth-to-cwusdc-dry-run.sh
+scripts/verify/stage-427m-cusdc-weth-liquidity-funding.sh
 
 # Large optional vendor trees and local checkouts (keep out of main clone)
 smom-dbis-138-publish/

AGENTS.md

@@ -11,6 +11,10 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
 | Need | Location |
 |------|-----------|
 | Doc index | `docs/MASTER_INDEX.md` |
+| Canonical ecosystem master plan | `docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md` — umbrella root; subordinate roots: `dbis_chain_138_technical_master_plan.md`, `docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md`, `docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md` |
+| Treasury / EMI / wallet / VA master plan | `docs/02-architecture/GOVERNMENT_TREASURY_EMI_WALLET_MASTER_PLAN.md` — government treasury, EMIs, digital wallets, virtual accounts (incl. Tatum-style), Rail vs RTGS gates |
+| Universal resource activation (manifest, CI, Phoenix) | `UNIVERSAL_RESOURCE_WIRING.md`, `URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`, `URA_OPERATIONAL_READINESS_CHECKLIST.md` (under `docs/04-configuration/universal-resource-activation/`); `config/universal-resource-activation/{manifest.json,policy-profiles.json,integration/}`; `pnpm ura:ops-readiness` / `ura:ops-readiness:full`, `ura:production-ready` / `ura:production-ready:connectivity`, `ura:validate`, `ura:validate-profiles`, `ura:merge-manifest`, `ura:validate-ledger-mapping`, `ura:writer:ledger`, `ura:writer:settlement`, `ura:profile-hash`, `ura:validate-closure`, `ura:keccak`, `ura:smoke`; `URA_STRICT_CLOSURE` / Gitea `vars.URA_STRICT_CLOSURE`; `smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol` (scoped forge test); Phoenix `PUBLIC_V1_NO_PARTNER_KEY_PATHS` |
+| Multi-jurisdiction compliance (matrices, onboarding) | `docs/04-configuration/compliance-matrices/README.md`, `INSTITUTION_ONBOARDING_CHARTER.md`, `INSTITUTION_ONBOARDING_PLAYBOOK.md`, `docs/04-configuration/jurisdictions/JURISDICTION_CATALOG.md`, `config/jurisdictions/catalog.v1.json`, `docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md`, `docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md` |
 | cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (section 5.1) |
 | PMM mesh 6s tick | `smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh` — `docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation) |
 | VMID / IP / FQDN | `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md` |
@@ -18,7 +22,7 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
 | Live vs template (read-only SSH) | `bash scripts/verify/audit-proxmox-operational-template.sh` |
 | Config validation | `bash scripts/validation/validate-config-files.sh` |
 | pnpm lockfile vs workspace (prevents `pnpm outdated` / importer bugs) | `bash scripts/verify/check-pnpm-workspace-lockfile.sh` — also run as **step 1b** in `run-all-validation.sh` |
-| CI validation (no LAN) + cW* mesh matrix | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` — same gate as **Gitea** push/PR: `run-all-validation` in `.gitea/workflows/deploy-to-phoenix.yml` (push) and `.gitea/workflows/validate-on-pr.yml` (PR only). Steps: dependencies, **pnpm workspace/lockfile check**, config, cW* mesh (when pair-discovery exists), **`node cross-chain-pmm-lps/scripts/validate-deployment-status.cjs`**, optional genesis. Manual only: `bash scripts/verify/build-cw-mesh-deployment-matrix.sh [--json-out …]` |
+| CI validation (no LAN) + cW* mesh matrix | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` — same gate as **Gitea** push/PR: `run-all-validation` in `.gitea/workflows/deploy-to-phoenix.yml` (push) and `.gitea/workflows/validate-on-pr.yml` (PR only). After deploy, optional **Cloudflare** `cloudflare-sync` (Phoenix + `PHOENIX_REPO_ROOT`; set `PHOENIX_CLOUDFLARE_SYNC=1` on that host) via `scripts/deployment/gitea-cloudflare-sync.sh`. Steps: dependencies, **pnpm workspace/lockfile check**, config, cW* mesh (when pair-discovery exists), **`node cross-chain-pmm-lps/scripts/validate-deployment-status.cjs`**, optional genesis. Manual only: `bash scripts/verify/build-cw-mesh-deployment-matrix.sh [--json-out …]` |
 | FQDN / NPM E2E verifier | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` — inventory: `docs/04-configuration/E2E_ENDPOINTS_LIST.md`. Gitea Actions URLs (no API): `bash scripts/verify/print-gitea-actions-urls.sh` |
 | Submodule trees clean (CI / post-merge) | `bash scripts/verify/submodules-clean.sh` |
 | Submodule + explorer remotes | `docs/00-meta/SUBMODULE_HYGIENE.md` — `mcp-proxmox` uses **Gitea** `https://gitea.d-bis.org/d-bis/mcp-proxmox.git` (not the old GitHub-only URL). `cross-chain-pmm-lps-publish` is a **worktree** of `cross-chain-pmm-lps`, not a submodule. |
@@ -35,6 +39,7 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
 | Etherscan Value $0 for Mainnet `cW*` | Listing path (CoinGecko/CMC), not a contract toggle — `docs/04-configuration/coingecko/ETHERSCAN_USD_VALUE_MAINNET_TOKENS.md` |
 | Verify contracts on explorers (all networks) | `cd smom-dbis-138 && ./scripts/deployment/verify-all-networks-explorers.sh` — Blockscout 138, Etherscan + multichain `cW*`, Avax/Arb bridges, optional Cronos/Wemix/CCIPLogger |
 | Operator (LAN + secrets) | `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` unset; backup also needs `NPM_EMAIL` in `.env`) |
+| Remote SSH to dev VM (5700 / `192.168.11.59`) for runner & deploy API | [docs/04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md](docs/04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md) (Cloudflare Access + tunnel, or UDM allowlist) |
 | Cloudflare bulk DNS → `PUBLIC_IP` | `./scripts/update-all-dns-to-public-ip.sh` — use **`--dry-run`** and **`--zone-only=sankofa.nexus`** (or `d-bis.org` / `mim4u.org` / `defi-oracle.io`) to limit scope; see script header. Prefer scoped **`CLOUDFLARE_API_TOKEN`** (see `.env.master.example`). |
 
 ## Git submodules

config/aggregator-route-matrix.csv

@@ -20,5 +20,5 @@ liveBridgeRoute,138-WETH-25-ccip,live,bridge,138,25,WETH,0xC02aaA39b223FE8D0A0e5
 liveBridgeRoute,138-WETH-42220-ccip,live,bridge,138,42220,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,CCIP,0xcacfd227A040002e49e2e01626363071324f820a,LiFi,,,,
 liveBridgeRoute,138-WETH-651940-alltra,live,bridge,138,651940,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,WETH,0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2,,ALT,0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc,LiFi,,,,
 liveBridgeRoute,138-WETH10-1-ccip,live,bridge,138,1,WETH10,0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f,WETH10,0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f,,CCIP,0xe0E93247376aa097dB308B92e6Ba36bA015535D0,LiFi,,,,
-blockedOrPlannedRoute,651940-public-dex-routes,planned,swap,651940,651940,,,,,,,,,,,,Uniswap V2/V3 and DODO are env placeholders only; no pool addresses are documented in-repo.
-blockedOrPlannedRoute,138-weth-1111-ccip,planned,bridge,138,1111,,,,,,,,,,,,"Wemix bridge contracts are deployed and destinations are wired, but the 1111 bridge contracts still hold zero LINK and the lane has not been proven by a successful test transfer."
+blockedOrPlannedRoute,651940-public-dex-routes,planned,swap,651940,651940,,,,,,,,,,,,Alltra same-chain settlement remains documentation-only: no deployed PMM or Uniswap venue inventory is published in canonical deployment status, and HYDX/AlltraDEX router-factory-pool addresses are still not committed in-repo.
+blockedOrPlannedRoute,138-weth-1111-ccip,planned,bridge,138,1111,,,,,,,,,,,,"Wemix bridge contracts are deployed and destinations are wired, but the current Chain 138 CCIP router still rejects the Wemix selector with `CCIPRouter: chain not supported`; the WEMIX-side LINK balances are also zero and no successful proof transfer has been recorded."

config/all-mainnet-canary-evidence.example.json

@@ -0,0 +1,23 @@
+{
+  "description": "Copy to config/all-mainnet-canary-evidence.json after live canary swaps. Each row needs real transaction hashes and observed balance deltas.",
+  "evidence": [
+    {
+      "poolId": "651940-uniswap_v2-wall-ausdc",
+      "status": "canary_passed",
+      "generatedAt": "2026-04-29T00:00:00.000Z",
+      "canaryTransactions": [
+        {
+          "amountLabel": "seed",
+          "txHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
+          "sourceToken": "WALL",
+          "destinationToken": "AUSDC",
+          "observedInputRaw": "0",
+          "observedOutputRaw": "0"
+        }
+      ],
+      "notes": [
+        "Replace with real canary transaction evidence before applying."
+      ]
+    }
+  ]
+}

config/all-mainnet-canary-evidence.json

@@ -0,0 +1,498 @@
+{
+  "description": "ALL Mainnet canary evidence recorded from live canary transactions executed with deployer wallet 0x4A666F96fC8764181194447A7dFdb7d471b301C8.",
+  "evidence": [
+    {
+      "poolId": "651940-dodo_pmm-wall-ausdc",
+      "generatedAt": "2026-04-29T04:41:13.993Z",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x727cea66f601b514b0d82c4bc93c29fbc09047e8185c146a05564dce7916829c",
+          "fundingTransferTxHash": "0x65f8d2e15556c26b46dd7323a90cb174279fc6bd0e7002a868553dc990bfa656",
+          "amountInRaw": "1000000",
+          "tokenIn": "WALL",
+          "tokenOut": "AUSDC",
+          "executor": "DODO_DVM.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on ALL Mainnet DODO PMM WALL/AUSDC."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "651940-uniswap_v2-wall-ausdc",
+      "generatedAt": "2026-04-29T04:41:13.993Z",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x0b76149f25e36919637fbeab10056e45d8ab7757454174966842c3f52f53dd5c",
+          "approvalTxHash": "0xc33d872d15628cfe521552ccc9a4b908f31df59189764468775b4557826514b6",
+          "amountInRaw": "1000000",
+          "tokenIn": "WALL",
+          "tokenOut": "AUSDC",
+          "executor": "UniswapV2Router.swapExactTokensForTokens"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on ALL Mainnet Uniswap V2 WALL/AUSDC."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "651940-dodo_pmm-wall-ausdt",
+      "generatedAt": "2026-04-30T06:58:00Z",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x6b74c3b6816eb67409268a6e3b108fd631d278baf0fd57524a63c60c995bded3",
+          "fundingTransferTxHash": "0x2e1540c484abac9049e383a16fc35a5b6b81a33bd70183b80b20f94533dbe141",
+          "amountInRaw": "1000000",
+          "tokenIn": "WALL",
+          "tokenOut": "AUSDT",
+          "executor": "DODO_DVM.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on ALL Mainnet DODO PMM WALL/AUSDT."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "137-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-29T04:41:13.993Z",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x4f68cdb0502b0fd50602013e54cbf898556a5c1181d8009f9b0c166dfccf5ce7",
+          "fundingTransferTxHash": "0x2b2721dd505f82488b05f32810f7e94b3a712e9b459b638be9b8ea34c20925d9",
+          "amountInRaw": "1",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "DODO_DVM.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on Polygon DODO PMM cWUSDC/USDC."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "137-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-29T04:41:13.993Z",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x9c946c7c912e2eabe960c752041b533948e85e2a1603c80de80c5b0ee447908d",
+          "fundingTransferTxHash": "0xcac8b9187325869f164f6b7cd5464fcf46dce6be83ef04d760e7ecc21de7d40d",
+          "amountInRaw": "1",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "DODO_DVM.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on Polygon DODO PMM cWUSDT/USDT."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "651940-uniswap_v2-usdt-ausdc",
+      "generatedAt": "2026-04-30T07:30:00Z",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0xa5479400c203922b0e29a4c438daeeeef6f99b847d617f029e7978c1beba6b2b",
+          "approvalTxHash": "0xe4e73ff7d9c4a998e4cca1fcbf847d351171c0c026b11e798a0c1dc2bb6b4f12",
+          "fundingSwapTxHash": "0x39bddcca6160e2df5c7595350f9d911c73e0e7bfe59595fae2c3248576962d5b",
+          "fundingApprovalTxHash": "0x238bae3818d16a95711c19657dbd08bc076ef3fde7fedb7291ed514d2e090684",
+          "amountInRaw": "1000000",
+          "tokenIn": "USDT",
+          "tokenOut": "AUSDC",
+          "executor": "UniswapV2Router.swapExactTokensForTokens"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on ALL Mainnet Uniswap V2 USDT/AUSDC after acquiring USDT inventory via AUSDC/USDT."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "651940-uniswap_v2-wall-usdt",
+      "generatedAt": "2026-04-30T07:30:00Z",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x7b6a3d5dedc775e9b0f73de4e0a89bdd004f82c451d7cccf1e2178e5893d487c",
+          "approvalTxHash": "0xdd7985b4535915523831f989e054e6333af6b84e589c67791e73cce7acbff6a6",
+          "amountInRaw": "1000000",
+          "tokenIn": "WALL",
+          "tokenOut": "USDT",
+          "executor": "UniswapV2Router.swapExactTokensForTokens"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on ALL Mainnet Uniswap V2 WALL/USDT."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "42220-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T00:00:00.000-07:00",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x32d3869f987d558e392fd01aab77968d9cad1d90da71be1db90061f58d5c14b1",
+          "fundingTransferTxHash": "0x8ecd2a68f5dc3f2ab471ccc7ea8fdce16064029b6792bce7a387d943326fa1d6",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "DODO_DVM.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on Celo DODO PMM cWUSDC/USDC after deployer-funded seed liquidity."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "42220-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T00:00:00.000-07:00",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x0498a0484f6707e0f8019b8803a8aed932f33f587a57186cc37bcdc594393094",
+          "fundingTransferTxHash": "0xd4182a6e116df30544097851892f379d67af2b33fc2374bb0204a6450dcecea4",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "DODO_DVM.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Tiny live canary swap executed on Celo DODO PMM cWUSDT/USDT after deployer-funded seed liquidity."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "56-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x85a62d3d5b23878ec17a6fa7b89e7f8218970cae7a99a9b4b7fd4bd9756e70ea",
+          "fundingTransferTxHash": "0x86081d0142d9d35062873599754cd7ea70f02449c002fa4f94f5673cccafdc6c",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "56-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x4a1373fb637f26bb2e9e1f05db333081ec9beeb70d03f7085c57700902ab41e3",
+          "fundingTransferTxHash": "0xb4b952d588be03f8a59bfb38cc71311d2191de86373f59248b11f9b9c59bf1bc",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "8453-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0xe1fd7a1268cbb205ef3f47cc730cc1a06b5b81f491fc86ad6a2c7cef355c0752",
+          "fundingTransferTxHash": "0xe2ffeff928685f8fc4c050e0c6736d10c0ea48a65d65fe7c2ea560b3729ce5b8",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "8453-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x6c9e3129cd8b9f81022b27160e3bbce828f033afb40b670742318df67b309126",
+          "fundingTransferTxHash": "0xa6b837616c42073f6afb85bc0a6a4cab77dfe1e3925fd5bfbe7d1a92c31c4f57",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "42161-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0xb27ffc20e1b993751342d7a76da70c1ec6190a4f67f52313b36beb0e9d49a12a",
+          "fundingTransferTxHash": "0x6cbeec16f67bb92df6bfbe0659c3d6098c96bd32b5917d001fb53587fa988d8a",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "43114-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0xfdbea3b4a196335b0b128befbd43a17916f2ec95787ab99651cbfd355e2bd2e5",
+          "fundingTransferTxHash": "0x4bafb7ecf6988bac594860bb9d2f33030557b467d09c371033ae4f4867469550",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "43114-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x6aa323b5d4abae31ef13f2d01972725fa8c939aee9fbd8326aad4910e3a33c91",
+          "fundingTransferTxHash": "0x8f1d905595aa540e32bcefd03a146dca39bce6aafe6d14d5b6731c583cb922f6",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "25-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x3d4fbd2ffdec9b2402cfa391b49dab9918ed30def3cd6edc43e4d6cae502df72",
+          "fundingTransferTxHash": "0x539702d9d5808c579023bc52f54bacb0327d886b6f969ae5d2830bd286749692",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "25-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0xd97ce616c7074301d66163a880798bf6a2165140320ccc440f80581972915fe0",
+          "fundingTransferTxHash": "0x3beff83366f24ba3fa0cec70aaae08b3edce1d1e8d56a9fbd094de97d5d653e7",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "100-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0xc63f257b2dc91621c4a260af3b88068ae92d2390cbbf44b4a971551b4b8b1c21",
+          "fundingTransferTxHash": "0x4c2bfe8c3cbe4d35121489448fd93d7d61e48812574485c0a4afe3aff4e7522e",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "100-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:05:02.700Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x29538d2cbd34b2f726fa8f696037dd176e0c463d7cc98ee6d4686182b0602b7d",
+          "fundingTransferTxHash": "0x864c92f1ef26b949d6ad4178e063846bf9c85bb9d5d516de4e63e2afb147fc48",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDT",
+          "tokenOut": "USDT",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "1-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T09:15:42.476Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0xb485735ec59594e7a83d91feb98350cac490d28b0fc0418674d29e64dd93f0a5",
+          "fundingTransferTxHash": "0x80b2e141625a78c870ad80875ccc3fab0aa3d4ed6b64e324239fc9b30caed54c",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "1-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:15:42.476Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "quote_to_base",
+          "txHash": "0x6407c89bed9b1631a793c63e0a1f17d8be994eda7b56dbc25b94377df4dada9a",
+          "fundingTransferTxHash": "0x829936195c802b93b385fb9bb1c75ed3e657319a7e89433a1e9e2581761b49ea",
+          "amountInRaw": "100",
+          "tokenIn": "USDT",
+          "tokenOut": "cWUSDT",
+          "executor": "MockDVMPool.transfer_then_sellQuote"
+        }
+      ],
+      "notes": [
+        "Replacement pool reverse canary swap executed after replacing nonstandard DODO surface; quote-to-base path avoids mainnet USDT non-standard transfer return behavior on sellBase."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "42161-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T11:18:00.000Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "status": "production",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x1c8aee3f0a3d7c3dfd1c53471b65a56fe34d514b84721fef2eafd40581259997",
+          "fundingTransferTxHash": "0x020a5c922757816f82542cd0d0e623b8120db9b2816de528b110854d3164cd9f",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "DODO_DVM.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Official DODO DVM canary swap executed after DODOAtomicSeeder funding."
+      ]
+    },
+    {
+      "poolId": "10-dodo_pmm-cwusdc-usdc",
+      "generatedAt": "2026-04-30T09:24:25.038Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "base_to_quote",
+          "txHash": "0x8b27405ff031288cb8f298309b10742efc844ab22d515c731a61c0e7054295e9",
+          "fundingTransferTxHash": "0xf7f089b5e1aa6b52f414de874ebd94f6f7b23da1dfc9158e9da63b21ea9aa10c",
+          "amountInRaw": "100",
+          "tokenIn": "cWUSDC",
+          "tokenOut": "USDC",
+          "executor": "MockDVMPool.transfer_then_sellBase"
+        }
+      ],
+      "notes": [
+        "Replacement pool canary swap executed on Optimism after replacing nonstandard DODO surface."
+      ],
+      "status": "production"
+    },
+    {
+      "poolId": "10-dodo_pmm-cwusdt-usdt",
+      "generatedAt": "2026-04-30T09:36:38.117Z",
+      "sourceFile": "config/all-mainnet-canary-evidence.json",
+      "canaryTransactions": [
+        {
+          "direction": "quote_to_base",
+          "txHash": "0xf3244685f8e0a0704d549a2bf9a980380c5fb06611e1765e77caf1a62238b506",
+          "fundingTransferTxHash": "0xdb912224b13137710b1723ff3b5fc9c7b752a642ffc1fc4a9e1a277a0bedf147",
+          "amountInRaw": "100",
+          "tokenIn": "USDT",
+          "tokenOut": "cWUSDT",
+          "executor": "MockDVMPool.transfer_then_sellQuote"
+        }
+      ],
+      "notes": [
+        "Replacement pool reverse canary swap executed on Optimism after retained seed remediation and successful buyShares."
+      ],
+      "status": "production"
+    }
+  ]
+}

config/all-mainnet-enhanced-router-deployment.json

@@ -0,0 +1,147 @@
+{
+  "name": "ALL Mainnet Enhanced Router Deployment Evidence",
+  "version": "0.1.0",
+  "generatedAt": "2026-04-29T05:52:00Z",
+  "chainId": 651940,
+  "network": "ALL Mainnet (Alltra)",
+  "evmVersion": "paris",
+  "reason": "ALL Mainnet RPC/runtime rejected Cancun bytecode with BadInstruction; Paris bytecode was used for live deployment.",
+  "deployer": "0x4A666F96fC8764181194447A7dFdb7d471b301C8",
+  "contracts": {
+    "dodoPmmProvider": {
+      "address": "0x36F65027D21e151F0b7810bae1E94b225AC7Ba9e",
+      "transactionHash": "0xd2e69b556e84786338fd526ba149d1f88488a07190d081f935d7fffbe9d1b2e0",
+      "constructorArgs": {
+        "dodoPmmIntegration": "0x8528E268F3b8C94208d09D131ACa3Ea93Bad57c7",
+        "admin": "0x4A666F96fC8764181194447A7dFdb7d471b301C8"
+      }
+    },
+    "enhancedSwapRouterV2": {
+      "address": "0xb905fEfA56b028221E2Bc248Bbcd41141dc7aeD3",
+      "transactionHash": "0x2c5d409b6e06cbfb69d8e251240d830d624625a4d505cc963edb65b55623bc79",
+      "constructorArgs": {
+        "weth": "0x798F6762BB40d6801A593459d08F890603D3979C",
+        "usdt": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e",
+        "usdc": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881",
+        "daiSlot": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
+        "daiSlotNote": "AUSDT is used as the third stablecoin slot for ALL Mainnet; no canonical ALL DAI token is committed."
+      }
+    },
+    "intentBridgeCoordinatorV2": {
+      "address": "0x9276ae27d9c624B43dbE43494f34A9c5F0233a0B",
+      "transactionHash": "0x5695b3f9ec59e09d5e4f8569ea8af31578ced0a56aba885a7c475a5187aadd3d"
+    },
+    "adapters": {
+      "dodo": {
+        "address": "0x391D192BED6188c4DaB4C93c078bD18432687474",
+        "transactionHash": "0xc4a036a6fff5eb9886e797559017cf8709505d13f39f5feddf055967cf9b4648",
+        "enabled": true
+      },
+      "dodoV3": {
+        "address": "0x97Ce874142625134aEEBDF42B5E7bB806e731D25",
+        "transactionHash": "0x5ad21f59b823adbc2cebc1e9c45ab3f8f0f1286e46a290c09c0667f499577136",
+        "enabled": false
+      },
+      "uniswapV3": {
+        "address": "0xBF75F3401de20bebBB1CBb678499941807E3E040",
+        "transactionHash": "0x081b86cc99306e694ef9daa3d3f9dc7f35ce91dce08c57ddaedcdd4b9a00008d",
+        "enabled": false
+      },
+      "balancer": {
+        "address": "0xDE7F15AF1D84e3694f7E966293d20e64Fc04d9fF",
+        "transactionHash": "0xa4f30c029fa062ae1b481786950ab0243541ce5b0b859fc534b55f7b444ba83c",
+        "enabled": false
+      },
+      "curve": {
+        "address": "0x753D2b0a723992D7B174D6e19F7b7Cb74be8D61a",
+        "transactionHash": "0xcdf0ff9723aedab96aeaa0b8f57f25ad6075f9467e0d19f3b842fb17c0bb6a79",
+        "enabled": false
+      },
+      "oneInch": {
+        "address": "0x487090bbb7d17875281692d582a11B445b3A7AC7",
+        "transactionHash": "0x4d0dd682b8e22812a258fee497c07e5cecfbc1228f413e67d9fe7b24f327a926",
+        "enabled": false
+      }
+    }
+  },
+  "routes": [
+    {
+      "poolId": "651940-dodo_pmm-wall-ausdc",
+      "provider": "dodo",
+      "tokenA": {
+        "symbol": "WALL",
+        "address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
+      },
+      "tokenB": {
+        "symbol": "AUSDC",
+        "address": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881"
+      },
+      "poolAddress": "0x7b81Dad382BBB57e91a80389bA48e41Abd10794F",
+      "status": "quoteable",
+      "verification": {
+        "amountInRaw": "1000000",
+        "amountOutRaw": "1999999",
+        "slippageBps": 30,
+        "routerQuoteExecutable": true
+      }
+    },
+    {
+      "poolId": "651940-dodo_pmm-wall-ausdt",
+      "provider": "dodo",
+      "tokenA": {
+        "symbol": "WALL",
+        "address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
+      },
+      "tokenB": {
+        "symbol": "AUSDT",
+        "address": "0x015B1897Ed5279930bC2Be46F661894d219292A6"
+      },
+      "poolAddress": "0x8D9bB238B6a76a438B116Ff22F5F7535191D49b4",
+      "status": "quoteable",
+      "verification": {
+        "amountInRaw": "1000000",
+        "amountOutRaw": "1999999",
+        "slippageBps": 30,
+        "routerQuoteExecutable": true
+      }
+    }
+  ],
+  "providerStatus": {
+    "enabled": [
+      "dodo"
+    ],
+    "disabled": [
+      "dodoV3",
+      "uniswapV3",
+      "balancer",
+      "curve",
+      "oneInch",
+      "partner"
+    ]
+  },
+  "remainingOptionalBlockers": [
+    "HYDX-native router/factory is not deployed or not committed in inventory.",
+    "Uniswap V3 factory/router/quoter/pool stack is not deployed or not committed in inventory."
+  ],
+  "disabledRoutes": [
+    {
+      "poolId": "651940-dodo_pmm-wall-usdt",
+      "provider": "dodo",
+      "tokenA": {
+        "symbol": "WALL",
+        "address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
+      },
+      "tokenB": {
+        "symbol": "USDT",
+        "address": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e"
+      },
+      "poolAddress": "0x261D7e1447EE88398B2b5a274D49454F5B86800E",
+      "status": "disabled_wrong_quote_asset",
+      "reason": "AUSDT is the canonical ALL Mainnet cUSDT surface for this routing set.",
+      "disabledTransactions": [
+        "0x79f171ddc9977e99bb894bf7ff7a11a430441cc1285e7ecd747907ef3f23a0c4",
+        "0xec74f92e287cf1e193e791462f66b35cf9487ece8e343108fbdd3de760dc5c55"
+      ]
+    }
+  ]
+}

config/all-mainnet-uniswap-v3-deployment.json

@@ -0,0 +1,68 @@
+{
+  "generatedAt": "2026-04-29T06:18:00Z",
+  "chainId": 651940,
+  "deployer": "0x4A666F96fC8764181194447A7dFdb7d471b301C8",
+  "fee": 3000,
+  "tokens": {
+    "WETH": "0x798F6762BB40d6801A593459d08F890603D3979C",
+    "WALL": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4",
+    "AUSDT": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
+    "token0": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
+    "token1": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4"
+  },
+  "contracts": {
+    "nftDescriptorLibrary": "0xb53E8A0A19fB381537c6f28D37b7C2f7DC29EF02",
+    "nonfungibleTokenPositionDescriptor": "0x2a76C73458A0C11df4e0E43004598480d6D1E768",
+    "factory": "0xF1a334465C5DD628492780B39Be68D561A9AecA2",
+    "swapRouter": "0xe9Ea1B70803c18C4CEb8839D5D68681c7903511B",
+    "quoter": "0x0ecC56077325863c80cbe516D63e0afAFf7EA579",
+    "quoterV2": "0x024Ff178BaB7e6fa1794c3A216D2B299C3F295d2",
+    "nonfungiblePositionManager": "0xD29422211e1f2C1015FBb5dC2004657Dd8318aF6",
+    "pool": "0x9e0FC06BA367b51a0aBc5c0924306088DBB0e9c4"
+  },
+  "transactions": {
+    "nftDescriptorLibrary": "0x774202382ec2d29cced671b34c2b951682f60d3e60afd7fe64c13488cb341e32",
+    "nonfungibleTokenPositionDescriptor": "0xc6b98fc36e4c3b1d4d2e80efd4acacc31e2af2ff45de04f9fb066dcfffd380d3",
+    "factory": "0xb6e46b6d145cc707f12f4cf8980bf81d7b5b8d3bea9416737a7465c186b0fefd",
+    "swapRouter": "0x5fd7d021e8ac1bad918a1eb470a116f9dc6e750c102a5512e05391858296cc53",
+    "quoter": "0x0d5c14d3264c5abd70990349911a6eb3076f41feb2db93ccf74b2de022cd087f",
+    "quoterV2": "0x774327c7e7a7650fbfd9d28a8becbd88f86eb8f942a825980052bc50484aa54c",
+    "nonfungiblePositionManager": "0xe5be3fa83bd676051e2cc5ff990768d3de87e49a387d94be77352eaf1c38545f"
+  },
+  "poolState": {
+    "sqrtPriceX96": "79228162514264337593543950336",
+    "tick": 0,
+    "liquidity": "1000000000000000000"
+  },
+  "name": "ALL Mainnet Uniswap V3 Deployment Evidence",
+  "version": "0.1.0",
+  "network": "ALL Mainnet (Alltra)",
+  "evmVersion": "upstream-uniswap-artifacts-solc-0.7.x",
+  "packageSources": {
+    "v3Core": "@uniswap/v3-core@1.0.1",
+    "v3Periphery": "@uniswap/v3-periphery@1.4.4",
+    "swapRouterContracts": "@uniswap/swap-router-contracts@1.3.1"
+  },
+  "poolStateAfterRouterSwap": {
+    "testedAt": "2026-04-29T06:17:00Z",
+    "swapRouter": "0xe9Ea1B70803c18C4CEb8839D5D68681c7903511B",
+    "direction": "WALL_TO_AUSDT",
+    "amountInRaw": "1000000",
+    "amountOutRaw": "996999",
+    "approveTxHash": "0x572d1c6b2d0cdf6248913cd995e80196fbe0717017411c2251637afbfa825e1f",
+    "swapTxHash": "0xddf85aed18a6d872ac72d4f57b241e44946881e404f4f17cb7271180c8caa183",
+    "gasUsed": "119111"
+  },
+  "enhancedRouterIntegration": {
+    "enhancedSwapRouterV2": "0xb905fEfA56b028221E2Bc248Bbcd41141dc7aeD3",
+    "routeConfigured": true,
+    "providerEnabled": false,
+    "providerDisabledReason": "Existing UniswapV3RouteExecutorAdapter uses staticcall into the official Uniswap Quoter; the upstream Quoter is callable directly but does not return through that adapter staticcall path. Standalone SwapRouter/Quoter/Pool stack is live; enhanced-router V3 provider remains disabled until adapter quote compatibility is fixed.",
+    "routeSetTransactions": [
+      "0xa40b24889ab3ad985936562ee3690dafd14bfb1676ff49806a6fcb45c7704ef5",
+      "0x848fd6c7cedaebe7787c2f15a931b73afde709dac100cb745eab2d9eaa6da86c"
+    ],
+    "providerEnableTxHash": "0x4b430081582e1f2db5fedc904b8e90e137480dcae2f1e0a41dd25490f05394c7",
+    "providerDisableTxHash": "0x78b8ce4fdc296585ace36dd8c8318731cc5526115e712b14d1ad630c4f63aba6"
+  }
+}

config/all-mainnet-vault-assignments.example.json

@@ -0,0 +1,27 @@
+{
+  "description": "Copy to config/all-mainnet-vault-assignments.json and replace placeholder addresses with approved per-role vaults/multisigs. The apply script refuses placeholders.",
+  "defaultByRole": {
+    "treasury_reserve": "0x0000000000000000000000000000000000000000",
+    "bridge_liquidity": "0x0000000000000000000000000000000000000000",
+    "protocol_adapter": "0x0000000000000000000000000000000000000000",
+    "emergency_withdraw": "0x0000000000000000000000000000000000000000",
+    "single_sided_inventory": "0x0000000000000000000000000000000000000000"
+  },
+  "byChain": {
+    "651940": {
+      "treasury_reserve": "0x0000000000000000000000000000000000000000",
+      "bridge_liquidity": "0x0000000000000000000000000000000000000000",
+      "protocol_adapter": "0x0000000000000000000000000000000000000000",
+      "emergency_withdraw": "0x0000000000000000000000000000000000000000",
+      "single_sided_inventory": "0x0000000000000000000000000000000000000000"
+    }
+  },
+  "byPoolId": {
+    "651940-uniswap_v2-wall-ausdc": {
+      "treasury_reserve": "0x0000000000000000000000000000000000000000",
+      "bridge_liquidity": "0x0000000000000000000000000000000000000000",
+      "protocol_adapter": "0x0000000000000000000000000000000000000000",
+      "emergency_withdraw": "0x0000000000000000000000000000000000000000"
+    }
+  }
+}

config/all-mainnet-vault-assignments.json

@@ -0,0 +1,20 @@
+{
+  "description": "Operational vault assignments generated from smom-dbis-138/.env public addresses. No private material is stored here.",
+  "defaultByRole": {
+    "treasury_reserve": "0x74eccf9affb0e0938c2168ebdf7ef63a26964483",
+    "bridge_liquidity": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8",
+    "protocol_adapter": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
+    "emergency_withdraw": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
+    "single_sided_inventory": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8"
+  },
+  "byChain": {
+    "651940": {
+      "treasury_reserve": "0x74eccf9affb0e0938c2168ebdf7ef63a26964483",
+      "bridge_liquidity": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8",
+      "protocol_adapter": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
+      "emergency_withdraw": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965",
+      "single_sided_inventory": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8"
+    }
+  },
+  "byPoolId": {}
+}

config/allmainnet-non-dodo-protocol-surface.json

@@ -1,17 +1,69 @@
 {
   "name": "ALL Mainnet Non-DODO Protocol Surface",
   "version": "0.1.0",
-  "updated": "2026-04-21",
+  "updated": "2026-04-29",
   "chainId": 651940,
   "network": "ALL Mainnet (Alltra)",
-  "status": "bridge_live_swap_inventory_pending",
+  "status": "bridge_live_enhanced_router_partial_swap_inventory_published",
   "summary": {
-    "bridgeOnlyLive": true,
-    "sameChainSwapInventoryPublished": false,
+    "bridgeOnlyLive": false,
+    "sameChainSwapInventoryPublished": true,
     "notes": [
       "The Chain 138 <-> 651940 AlltraAdapter bridge is live.",
-      "This file documents the known non-DODO Alltra protocol and token surface without asserting live routable pool inventory.",
-      "Promote protocols here into canonical route inventory only after real factory/router/pool addresses are committed and verified."
+      "This file documents the known non-DODO Alltra protocol and token surface plus the committed same-chain inventory fragments that have real factory/router/pool addresses in config/all-mainnet-pool-creation-matrix.json.",
+      "Same-chain inventory publication is partial: production routing remains gated by required vault assignments, funding, live reserve reads, and canary evidence.",
+      "ALL Mainnet EnhancedSwapRouterV2 is deployed and DODO-backed routes are wired for the committed WALL/AUSDC and WALL/AUSDT DODO PMM pools; the earlier WALL/USDT route is disabled because AUSDT is the canonical ALL Mainnet cUSDT surface."
+    ]
+  },
+  "classificationFramework": {
+    "category": [
+      "tokenized-fiat",
+      "stablecoin",
+      "wrapped-native",
+      "dex-token",
+      "defi-token",
+      "governance-token",
+      "utility-token",
+      "rwa-token",
+      "commodity-token",
+      "other"
+    ],
+    "instrumentType": [
+      "emoney",
+      "deposit-token",
+      "fiat-backed-stablecoin",
+      "wrapped-native",
+      "protocol-token",
+      "governance-token",
+      "utility-token",
+      "other"
+    ],
+    "backingAssets": [
+      "cash",
+      "cash-equivalents",
+      "bank-deposits",
+      "treasuries",
+      "commodity-reserves",
+      "protocol-utility",
+      "native-gas-asset",
+      "unknown"
+    ],
+    "metadataDomains": [
+      "backingMetadata",
+      "bridgeMetadata",
+      "cashMetadata",
+      "commodityMetadata",
+      "reserveMetadata",
+      "securityMetadata",
+      "settlementMetadata"
+    ],
+    "notes": [
+      "Use category for the broad asset bucket.",
+      "Use instrumentType, issuerType, claimType, backingAssets, capabilities, and tags for legal, reserve, and integration semantics.",
+      "Use cash only as a backing, redemption, or settlement asset descriptor; do not use cash as the token category unless the instrument is literally cash-equivalent legal tender.",
+      "Use commodityMetadata only when the token directly references or is backed by a commodity reserve.",
+      "Use securityMetadata for pause/admin/monitoring controls; unknown means not yet committed in this inventory, not absent on-chain.",
+      "GRU tags use lowercase namespace:value strings and include the version, for example gru:v2."
     ]
   },
   "documentedTokens": [
@@ -19,21 +71,284 @@
       "symbol": "AUSDT",
       "address": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
       "decimals": 18,
-      "category": "stablecoin",
+      "category": "tokenized-fiat",
+      "instrumentType": "fiat-backed-stablecoin",
+      "issuerType": "token-issuer-unverified",
+      "currencyCode": "USD",
+      "claimType": "claim-on-issuer-unverified",
+      "settlementAssetClass": "fiat",
+      "backingAssets": [
+        "cash",
+        "cash-equivalents"
+      ],
+      "gruVersion": "v2",
+      "gruFamilySymbol": "cAUSDT",
+      "gruTransportRole": "all-mainnet-primary-surface",
+      "tags": [
+        "tokenized-fiat",
+        "fiat:usd",
+        "backing:cash",
+        "backing:cash-equivalents",
+        "gru:v2",
+        "gru:m1",
+        "gru:transport",
+        "gru:all-mainnet",
+        "gru:causdt-family"
+      ],
+      "backingMetadata": {
+        "backingModel": "fiat-reserve-backed",
+        "backingAssetClasses": [
+          "cash",
+          "cash-equivalents"
+        ],
+        "backingVerificationStatus": "reserve-disclosure-not-committed",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "live-canonical-target",
+        "bridgeKind": "AlltraAdapter",
+        "sourceChainId": 138,
+        "destinationChainId": 651940,
+        "sourceSymbol": "cUSDT",
+        "sourceAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
+        "destinationSymbol": "AUSDT",
+        "destinationAddress": "0x015B1897Ed5279930bC2Be46F661894d219292A6",
+        "adapterAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc",
+        "bridgeCanonicalAssetVersion": "gru-v2",
+        "bridgeMirroredAssetVersion": "all-mainnet-surface"
+      },
+      "cashMetadata": {
+        "cashRole": "reserve-and-redemption-asset-class",
+        "currency": "USD",
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "issuer-or-bridge-reserve-unverified",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": null,
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "pending-disclosure",
+        "riskTier": "policy-review-required",
+        "registryStatus": "documented-surface-not-stablecoin-registry-entry"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "corridor-halt-required-for-issuer-bridge-or-peg-risk",
+        "monitoring": [
+          "peg-deviation",
+          "bridge-health",
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "fiat",
+        "settlementCurrency": "USD",
+        "settlementFinalityDomain": "off-chain-regulated-ledger-or-issuer-domain",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": true,
+        "redemptionPath": "issuer-or-bridge-redemption-unverified",
+        "parRedemption": "unverified"
+      },
       "status": "verified"
     },
     {
       "symbol": "USDT",
       "address": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e",
       "decimals": 18,
-      "category": "stablecoin",
+      "category": "tokenized-fiat",
+      "instrumentType": "fiat-backed-stablecoin",
+      "issuerType": "token-issuer-unverified",
+      "currencyCode": "USD",
+      "claimType": "claim-on-issuer-unverified",
+      "settlementAssetClass": "fiat",
+      "backingAssets": [
+        "cash",
+        "cash-equivalents"
+      ],
+      "gruVersion": "v2",
+      "gruFamilySymbol": "cUSDT",
+      "gruTransportRole": "all-mainnet-usdt-surface",
+      "tags": [
+        "tokenized-fiat",
+        "fiat:usd",
+        "backing:cash",
+        "backing:cash-equivalents",
+        "gru:v2",
+        "gru:m1",
+        "gru:transport",
+        "gru:all-mainnet",
+        "gru:cusdt-family"
+      ],
+      "backingMetadata": {
+        "backingModel": "fiat-reserve-backed",
+        "backingAssetClasses": [
+          "cash",
+          "cash-equivalents"
+        ],
+        "backingVerificationStatus": "reserve-disclosure-not-committed",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "documented-token-not-canonical-138-to-651940-target",
+        "bridgeKind": "unknown-or-noncanonical",
+        "sourceChainId": null,
+        "destinationChainId": 651940,
+        "sourceSymbol": null,
+        "sourceAddress": null,
+        "destinationSymbol": "USDT",
+        "destinationAddress": "0x66D8Efa0AF63B0e84eb1Dd72bf00f00cd1e2234e",
+        "adapterAddress": null,
+        "bridgeCanonicalAssetVersion": null,
+        "bridgeMirroredAssetVersion": "all-mainnet-surface"
+      },
+      "cashMetadata": {
+        "cashRole": "reserve-and-redemption-asset-class",
+        "currency": "USD",
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "issuer-reserve-unverified",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": null,
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "pending-disclosure",
+        "riskTier": "policy-review-required",
+        "registryStatus": "documented-surface-not-stablecoin-registry-entry"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "corridor-halt-required-for-issuer-or-peg-risk",
+        "monitoring": [
+          "peg-deviation",
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "fiat",
+        "settlementCurrency": "USD",
+        "settlementFinalityDomain": "off-chain-issuer-domain",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": true,
+        "redemptionPath": "issuer-redemption-unverified",
+        "parRedemption": "unverified"
+      },
       "status": "verified"
     },
     {
       "symbol": "USDC",
       "address": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881",
       "decimals": 18,
-      "category": "stablecoin",
+      "category": "tokenized-fiat",
+      "instrumentType": "fiat-backed-stablecoin",
+      "issuerType": "token-issuer-unverified",
+      "currencyCode": "USD",
+      "claimType": "claim-on-issuer-unverified",
+      "settlementAssetClass": "fiat",
+      "backingAssets": [
+        "cash",
+        "cash-equivalents"
+      ],
+      "gruVersion": "v2",
+      "gruFamilySymbol": "cUSDC",
+      "gruTransportRole": "all-mainnet-usdc-surface",
+      "tags": [
+        "tokenized-fiat",
+        "fiat:usd",
+        "backing:cash",
+        "backing:cash-equivalents",
+        "gru:v2",
+        "gru:m1",
+        "gru:transport",
+        "gru:all-mainnet",
+        "gru:cusdc-family"
+      ],
+      "backingMetadata": {
+        "backingModel": "fiat-reserve-backed",
+        "backingAssetClasses": [
+          "cash",
+          "cash-equivalents"
+        ],
+        "backingVerificationStatus": "reserve-disclosure-not-committed",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "live-canonical-target",
+        "bridgeKind": "AlltraAdapter",
+        "sourceChainId": 138,
+        "destinationChainId": 651940,
+        "sourceSymbol": "cUSDC",
+        "sourceAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
+        "destinationSymbol": "USDC",
+        "destinationAddress": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881",
+        "adapterAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc",
+        "bridgeCanonicalAssetVersion": "gru-v2",
+        "bridgeMirroredAssetVersion": "all-mainnet-surface"
+      },
+      "cashMetadata": {
+        "cashRole": "reserve-and-redemption-asset-class",
+        "currency": "USD",
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "issuer-or-bridge-reserve-unverified",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": null,
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "pending-disclosure",
+        "riskTier": "policy-review-required",
+        "registryStatus": "documented-surface-not-stablecoin-registry-entry"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "corridor-halt-required-for-issuer-bridge-or-peg-risk",
+        "monitoring": [
+          "peg-deviation",
+          "bridge-health",
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "fiat",
+        "settlementCurrency": "USD",
+        "settlementFinalityDomain": "off-chain-regulated-ledger-or-issuer-domain",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": true,
+        "redemptionPath": "issuer-or-bridge-redemption-unverified",
+        "parRedemption": "unverified"
+      },
       "status": "verified"
     },
     {
@@ -41,6 +356,80 @@
       "address": "0x798F6762BB40d6801A593459d08F890603D3979C",
       "decimals": 18,
       "category": "wrapped-native",
+      "instrumentType": "wrapped-native",
+      "issuerType": "wrapper-contract",
+      "settlementAssetClass": "crypto-native",
+      "backingAssets": [
+        "native-gas-asset"
+      ],
+      "gruVersion": null,
+      "tags": [
+        "wrapped-native",
+        "gas:eth",
+        "all-mainnet"
+      ],
+      "backingMetadata": {
+        "backingModel": "wrapped-native-escrow",
+        "backingAssetClasses": [
+          "native-gas-asset"
+        ],
+        "backingVerificationStatus": "wrapper-contract-address-verified",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "mapped-138-to-651940",
+        "bridgeKind": "AlltraAdapter",
+        "sourceChainId": 138,
+        "destinationChainId": 651940,
+        "sourceSymbol": "WETH9",
+        "sourceAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
+        "destinationSymbol": "WETH",
+        "destinationAddress": "0x798F6762BB40d6801A593459d08F890603D3979C",
+        "adapterAddress": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc"
+      },
+      "cashMetadata": {
+        "cashRole": "none",
+        "currency": null,
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "native-asset-wrapper-escrow",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": "wrapper-contract-balance",
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "contract-balance-verifiable-on-chain",
+        "riskTier": "bridge-and-wrapper-risk",
+        "registryStatus": "documented-token-surface"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "corridor-halt-required-for-bridge-or-wrapper-risk",
+        "monitoring": [
+          "bridge-health",
+          "wrapper-contract-balance",
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "crypto-native",
+        "settlementCurrency": "ETH",
+        "settlementFinalityDomain": "chain-finality",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": false,
+        "redemptionPath": "unwrap-or-bridge-withdrawal",
+        "parRedemption": "one-to-one-native-asset-when-wrapper-solvent"
+      },
       "status": "verified"
     },
     {
@@ -48,6 +437,79 @@
       "address": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4",
       "decimals": 18,
       "category": "wrapped-native",
+      "instrumentType": "wrapped-native",
+      "issuerType": "wrapper-contract",
+      "settlementAssetClass": "crypto-native",
+      "backingAssets": [
+        "native-gas-asset"
+      ],
+      "gruVersion": null,
+      "tags": [
+        "wrapped-native",
+        "gas:all",
+        "all-mainnet"
+      ],
+      "backingMetadata": {
+        "backingModel": "wrapped-native-escrow",
+        "backingAssetClasses": [
+          "native-gas-asset"
+        ],
+        "backingVerificationStatus": "wrapper-contract-address-verified",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "documented-all-mainnet-native-wrapper",
+        "bridgeKind": "native-wrapper",
+        "sourceChainId": 651940,
+        "destinationChainId": 651940,
+        "sourceSymbol": "ALL",
+        "sourceAddress": null,
+        "destinationSymbol": "WALL",
+        "destinationAddress": "0x2da2b8f961F161ab6320acB3377e2e844a3C3ce4",
+        "adapterAddress": null
+      },
+      "cashMetadata": {
+        "cashRole": "none",
+        "currency": null,
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "native-asset-wrapper-escrow",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": "wrapper-contract-balance",
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "contract-balance-verifiable-on-chain",
+        "riskTier": "wrapper-risk",
+        "registryStatus": "documented-token-surface"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "corridor-halt-required-for-wrapper-risk",
+        "monitoring": [
+          "wrapper-contract-balance",
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "crypto-native",
+        "settlementCurrency": "ALL",
+        "settlementFinalityDomain": "chain-finality",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": false,
+        "redemptionPath": "unwrap-to-native-all",
+        "parRedemption": "one-to-one-native-asset-when-wrapper-solvent"
+      },
       "status": "verified"
     },
     {
@@ -55,6 +517,79 @@
       "address": "0x0d9793861AEB9244AD1B34375a83A6730F6AdD38",
       "decimals": 18,
       "category": "dex-token",
+      "instrumentType": "protocol-token",
+      "issuerType": "protocol",
+      "settlementAssetClass": "crypto-native",
+      "backingAssets": [
+        "protocol-utility"
+      ],
+      "gruVersion": null,
+      "tags": [
+        "dex-token",
+        "protocol:hydx",
+        "all-mainnet"
+      ],
+      "backingMetadata": {
+        "backingModel": "protocol-utility",
+        "backingAssetClasses": [
+          "protocol-utility"
+        ],
+        "backingVerificationStatus": "not-reserve-backed",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "not-bridge-canonical-in-this-inventory",
+        "bridgeKind": null,
+        "sourceChainId": null,
+        "destinationChainId": 651940,
+        "sourceSymbol": null,
+        "sourceAddress": null,
+        "destinationSymbol": "HYDX",
+        "destinationAddress": "0x0d9793861AEB9244AD1B34375a83A6730F6AdD38",
+        "adapterAddress": null
+      },
+      "cashMetadata": {
+        "cashRole": "none",
+        "currency": null,
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "none-protocol-token",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": null,
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "not-applicable",
+        "riskTier": "protocol-token-risk",
+        "registryStatus": "documented-token-surface"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
+        "monitoring": [
+          "liquidity-depth",
+          "contract-admin-changes",
+          "protocol-surface-confirmation"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "crypto-native",
+        "settlementCurrency": "HYDX",
+        "settlementFinalityDomain": "chain-finality",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": false,
+        "redemptionPath": "not-applicable",
+        "parRedemption": "not-applicable"
+      },
       "status": "verified"
     },
     {
@@ -62,6 +597,78 @@
       "address": "0x1839f77eBed7F388c7035f7061B4B8Ef0E72317a",
       "decimals": 8,
       "category": "defi-token",
+      "instrumentType": "protocol-token",
+      "issuerType": "protocol",
+      "settlementAssetClass": "crypto-native",
+      "backingAssets": [
+        "protocol-utility"
+      ],
+      "gruVersion": null,
+      "tags": [
+        "defi-token",
+        "protocol:hybx",
+        "all-mainnet"
+      ],
+      "backingMetadata": {
+        "backingModel": "protocol-utility",
+        "backingAssetClasses": [
+          "protocol-utility"
+        ],
+        "backingVerificationStatus": "not-reserve-backed",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "not-bridge-canonical-in-this-inventory",
+        "bridgeKind": null,
+        "sourceChainId": null,
+        "destinationChainId": 651940,
+        "sourceSymbol": null,
+        "sourceAddress": null,
+        "destinationSymbol": "HYBX",
+        "destinationAddress": "0x1839f77eBed7F388c7035f7061B4B8Ef0E72317a",
+        "adapterAddress": null
+      },
+      "cashMetadata": {
+        "cashRole": "none",
+        "currency": null,
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "none-protocol-token",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": null,
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "not-applicable",
+        "riskTier": "protocol-token-risk",
+        "registryStatus": "documented-token-surface"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
+        "monitoring": [
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "crypto-native",
+        "settlementCurrency": "HYBX",
+        "settlementFinalityDomain": "chain-finality",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": false,
+        "redemptionPath": "not-applicable",
+        "parRedemption": "not-applicable"
+      },
       "status": "verified"
     },
     {
@@ -69,6 +676,79 @@
       "address": "0xE59Bb804F4884FcEA183a4A67B1bb04f4a4567bc",
       "decimals": 8,
       "category": "defi-token",
+      "instrumentType": "utility-token",
+      "issuerType": "protocol",
+      "settlementAssetClass": "crypto-native",
+      "backingAssets": [
+        "protocol-utility"
+      ],
+      "gruVersion": null,
+      "tags": [
+        "defi-token",
+        "utility-token",
+        "protocol:cht",
+        "all-mainnet"
+      ],
+      "backingMetadata": {
+        "backingModel": "protocol-utility",
+        "backingAssetClasses": [
+          "protocol-utility"
+        ],
+        "backingVerificationStatus": "not-reserve-backed",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "not-bridge-canonical-in-this-inventory",
+        "bridgeKind": null,
+        "sourceChainId": null,
+        "destinationChainId": 651940,
+        "sourceSymbol": null,
+        "sourceAddress": null,
+        "destinationSymbol": "CHT",
+        "destinationAddress": "0xE59Bb804F4884FcEA183a4A67B1bb04f4a4567bc",
+        "adapterAddress": null
+      },
+      "cashMetadata": {
+        "cashRole": "none",
+        "currency": null,
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "none-utility-token",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": null,
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "not-applicable",
+        "riskTier": "utility-token-risk",
+        "registryStatus": "documented-token-surface"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
+        "monitoring": [
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "crypto-native",
+        "settlementCurrency": "CHT",
+        "settlementFinalityDomain": "chain-finality",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": false,
+        "redemptionPath": "not-applicable",
+        "parRedemption": "not-applicable"
+      },
       "status": "verified"
     },
     {
@@ -76,6 +756,78 @@
       "address": "0x690740f055A41FA7669f5a379Bf71B0cDF353073",
       "decimals": 18,
       "category": "defi-token",
+      "instrumentType": "protocol-token",
+      "issuerType": "protocol",
+      "settlementAssetClass": "crypto-native",
+      "backingAssets": [
+        "protocol-utility"
+      ],
+      "gruVersion": null,
+      "tags": [
+        "defi-token",
+        "protocol:auda",
+        "all-mainnet"
+      ],
+      "backingMetadata": {
+        "backingModel": "protocol-utility",
+        "backingAssetClasses": [
+          "protocol-utility"
+        ],
+        "backingVerificationStatus": "not-reserve-backed",
+        "overcollateralizationRequired": false
+      },
+      "bridgeMetadata": {
+        "bridgeStatus": "not-bridge-canonical-in-this-inventory",
+        "bridgeKind": null,
+        "sourceChainId": null,
+        "destinationChainId": 651940,
+        "sourceSymbol": null,
+        "sourceAddress": null,
+        "destinationSymbol": "AUDA",
+        "destinationAddress": "0x690740f055A41FA7669f5a379Bf71B0cDF353073",
+        "adapterAddress": null
+      },
+      "cashMetadata": {
+        "cashRole": "none",
+        "currency": null,
+        "cashBackingAssertedByRepo": false,
+        "cashBackingEvidenceRef": null
+      },
+      "commodityMetadata": {
+        "commodityBacked": false,
+        "commodityType": null,
+        "commodityUnit": null,
+        "reserveLocationRef": null
+      },
+      "reserveMetadata": {
+        "reserveModel": "none-protocol-token",
+        "reserveDisclosureRef": null,
+        "reserveAccountRef": null,
+        "proofOfReserveRef": null,
+        "reserveVerificationStatus": "not-applicable",
+        "riskTier": "protocol-token-risk",
+        "registryStatus": "documented-token-surface"
+      },
+      "securityMetadata": {
+        "pauseAuthority": "unknown",
+        "adminAuthority": "unknown",
+        "upgradeability": "unknown",
+        "keyManagement": "unknown",
+        "emergencyHalt": "routing-halt-required-for-protocol-or-contract-risk",
+        "monitoring": [
+          "liquidity-depth",
+          "contract-admin-changes"
+        ]
+      },
+      "settlementMetadata": {
+        "settlementAssetClass": "crypto-native",
+        "settlementCurrency": "AUDA",
+        "settlementFinalityDomain": "chain-finality",
+        "onChainFinality": "token-transfer-final-on-chain-651940-after-confirmation",
+        "accountingEvidenceRequired": false,
+        "redemptionPath": "not-applicable",
+        "parRedemption": "not-applicable"
+      },
       "status": "verified"
     }
   ],
@@ -83,12 +835,43 @@
     {
       "name": "AlltraDEX / EnhancedSwapRouter",
       "family": "custom_router",
-      "status": "documented_inventory_pending",
+      "status": "partial_live_dodo_backed_router_deployed",
       "factoryAddress": null,
-      "routerAddress": null,
+      "routerAddress": "0xb905fEfA56b028221E2Bc248Bbcd41141dc7aeD3",
+      "coordinatorAddress": "0x9276ae27d9c624B43dbE43494f34A9c5F0233a0B",
+      "providerAddress": "0x36F65027D21e151F0b7810bae1E94b225AC7Ba9e",
+      "adapters": {
+        "dodo": "0x391D192BED6188c4DaB4C93c078bD18432687474",
+        "dodoV3": "0x97Ce874142625134aEEBDF42B5E7bB806e731D25",
+        "uniswapV3": "0xBF75F3401de20bebBB1CBb678499941807E3E040",
+        "balancer": "0xDE7F15AF1D84e3694f7E966293d20e64Fc04d9fF",
+        "curve": "0x753D2b0a723992D7B174D6e19F7b7Cb74be8D61a",
+        "oneInch": "0x487090bbb7d17875281692d582a11B445b3A7AC7"
+      },
+      "enabledProviders": [
+        "dodo"
+      ],
+      "disabledProviders": [
+        "dodoV3",
+        "uniswapV3",
+        "balancer",
+        "curve",
+        "oneInch",
+        "partner"
+      ],
+      "publishedRoutePoolIds": [
+        "651940-dodo_pmm-wall-ausdc",
+        "651940-dodo_pmm-wall-ausdt"
+      ],
+      "deploymentEvidenceRef": "config/all-mainnet-enhanced-router-deployment.json",
       "notes": [
         "Documented in docs/11-references/ALL_MAINNET_ROUTING_ENGINE.md as the intended same-chain swap surface.",
-        "No committed canonical factory/router/pool inventory is currently published in-repo."
+        "EnhancedSwapRouterV2 is deployed on ALL Mainnet with DODO as the only enabled provider.",
+        "Optional adapters were deployed for future wiring but are disabled until canonical provider targets and pools are committed.",
+        "WALL/AUSDC and WALL/AUSDT are funded and quoteable through the router provider path; the earlier WALL/USDT route is disabled because AUSDT is the canonical quote asset."
+      ],
+      "disabledRoutePoolIds": [
+        "651940-dodo_pmm-wall-usdt"
       ]
     },
     {
@@ -105,40 +888,68 @@
       ],
       "notes": [
         "The HYDX token is documented and verified on ALL Mainnet.",
-        "The repo expects factory/router discovery via env, but no canonical pool inventory is currently committed."
+        "The repo expects factory/router discovery via env, but no canonical HYDX-native router inventory is currently committed.",
+        "HYDX currently has committed same-chain exposure through the ALL Mainnet Uniswap V2 HYDX/WALL pool, not through a dedicated HYDX-native router surface."
       ]
     },
     {
       "name": "Uniswap V2",
       "family": "uniswap_v2",
-      "status": "env_placeholder_only",
-      "factoryAddress": null,
-      "routerAddress": null,
+      "status": "partial_live_inventory_published",
+      "factoryAddress": "0x3C3ED514691C06c89Bf6626B05D22991E8924c93",
+      "routerAddress": "0xED04Ee8307C0656207AF5aFE3926AE2380052940",
+      "inventoryRef": "config/all-mainnet-pool-creation-matrix.json",
+      "publishedPoolIds": [
+        "651940-uniswap_v2-wall-ausdc",
+        "651940-uniswap_v2-wall-usdt",
+        "651940-uniswap_v2-usdt-ausdc",
+        "651940-uniswap_v2-hydx-wall"
+      ],
       "notes": [
-        "Referenced in token-aggregation dex-factory config and docs as an env-driven surface.",
-        "Do not treat as routable until real factory/router/pair addresses are committed."
+        "Factory/router and multiple pair addresses are committed in config/all-mainnet-pool-creation-matrix.json.",
+        "Required spend rows remain gated until vault assignments and canary evidence are recorded."
       ]
     },
     {
       "name": "Uniswap V3",
       "family": "uniswap_v3",
-      "status": "env_placeholder_only",
-      "factoryAddress": null,
-      "routerAddress": null,
+      "status": "standalone_live_router_quoter_pool_deployed",
+      "factoryAddress": "0xF1a334465C5DD628492780B39Be68D561A9AecA2",
+      "routerAddress": "0xe9Ea1B70803c18C4CEb8839D5D68681c7903511B",
       "notes": [
-        "Referenced in token-aggregation dex-factory config and docs as an env-driven surface.",
-        "Do not treat as routable until real factory/router/pool addresses are committed."
-      ]
+        "Official Uniswap V3 factory, legacy SwapRouter, Quoter, QuoterV2, NonfungiblePositionManager, and AUSDT/WALL 0.30% pool are deployed on ALL Mainnet.",
+        "The standalone SwapRouter path was tested with a tiny WALL -> AUSDT canary swap.",
+        "EnhancedSwapRouterV2 route config was written, but provider 1 remains disabled because the current UniswapV3RouteExecutorAdapter staticcall quote path is incompatible with the upstream Quoter behavior."
+      ],
+      "quoterAddress": "0x0ecC56077325863c80cbe516D63e0afAFf7EA579",
+      "quoterV2Address": "0x024Ff178BaB7e6fa1794c3A216D2B299C3F295d2",
+      "positionManagerAddress": "0xD29422211e1f2C1015FBb5dC2004657Dd8318aF6",
+      "descriptorAddress": "0x2a76C73458A0C11df4e0E43004598480d6D1E768",
+      "poolAddress": "0x9e0FC06BA367b51a0aBc5c0924306088DBB0e9c4",
+      "inventoryRef": "config/all-mainnet-pool-creation-matrix.json",
+      "deploymentEvidenceRef": "config/all-mainnet-uniswap-v3-deployment.json",
+      "publishedPoolIds": [
+        "651940-uniswap_v3-wall-ausdt"
+      ],
+      "enhancedRouterProviderStatus": "disabled_adapter_quote_compatibility_pending"
     },
     {
       "name": "DODO PMM",
       "family": "dodo_pmm",
-      "status": "env_placeholder_only",
-      "factoryAddress": null,
-      "routerAddress": null,
+      "status": "partial_live_inventory_published",
+      "factoryAddress": "0x8a3403aef8d40c0F4AfaF6Dc2000A537EbC863c2",
+      "routerAddress": "0x8528E268F3b8C94208d09D131ACa3Ea93Bad57c7",
+      "inventoryRef": "config/all-mainnet-pool-creation-matrix.json",
+      "publishedPoolIds": [
+        "651940-dodo_pmm-wall-ausdc",
+        "651940-dodo_pmm-wall-ausdt"
+      ],
       "notes": [
-        "Mentioned in docs as placeholder-only for ALL Mainnet.",
-        "No committed DODO PMM pool inventory is currently published for chain 651940."
+        "DVM factory, DVM factory adapter, integration/router, and DODO PMM pool addresses are committed in config/all-mainnet-pool-creation-matrix.json; WALL/AUSDT supersedes the earlier WALL/USDT row for canonical spend routing.",
+        "Required spend rows remain gated until vault assignments, funding, live reserve reads, and canary evidence are recorded."
+      ],
+      "disabledPoolIds": [
+        "651940-dodo_pmm-wall-usdt"
       ]
     }
   ],
@@ -154,8 +965,9 @@
     ]
   },
   "nextTasks": [
-    "Publish real same-chain pool inventory before promoting ALL Mainnet beyond bridge-live inventory.",
-    "Commit canonical factory/router metadata once HYDX or AlltraDEX routing addresses are confirmed.",
-    "Add pool-level addresses and verification artifacts before enabling public route generation from this protocol surface."
+    "Keep the disabled WALL/USDT row historical-only unless explicitly re-approved for USDT routing.",
+    "Commit canonical factory/router metadata once a HYDX-native routing address is confirmed.",
+    "Deploy or import canonical Uniswap V3 factory/router/quoter/pool inventory before enabling the ALL Mainnet Uniswap V3 adapter.",
+    "Add pool-level addresses and verification artifacts before enabling public route generation from disabled optional protocol providers."
   ]
 }

config/besu-node-lists/permissions-nodes.toml

@@ -1,6 +1,6 @@
 # Node Permissioning — SINGLE SOURCE OF TRUTH for all Besu nodes
 # Must match config/besu-node-lists/static-nodes.json and be deployed to every node.
-# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 34 enodes (incl. Putu RPC 2307/2308 .237/.238).
+# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 37 enodes after live adds of 2103 (.217), 1509 (.219), and 1510 (.220).
 
 nodes-allowlist=[
   "enode://2221dd9fc65c9082d4a937832cba9f6759981888df6798407c390bd153f4332c152ea5d03dd9d9cda74d7990fb3479a5c4ba7166269322be9790eed9ebdcfe24@192.168.11.100:30303",
@@ -17,8 +17,11 @@ nodes-allowlist=[
   "enode://5f048208071f2a3036128433e1e4a647a7683abd8bc0f27d063e2933ced983accdfc44998666f3be711e4eff27511142d9989775b86cdbe28c79b74409fc36bb@192.168.11.214:30303",
   "enode://8da1b586e2e98f521f07148d3bb5d81fde151ce3d5738b51bc36e2c81de1aaa5404ce31e991b4393bbe471934f0a9a31f78d1d7c17c1899c3e2dde5e9f16eb24@192.168.11.244:30303",
   "enode://acd46d31913b8379f075467cd88d2ea650d33474d2f9546426da4a414fe92233584c9d8c2e1ea9962fa4257c20b66c9434d0488e51c632f285205d6a379cfbd6@192.168.11.245:30303",
+  "enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
+  "enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
   "enode://6cdc892fa09afa2b05c21cc9a1193a86cf0d195ce81b02a270d8bb987f78ca98ad90d907670796c90fc6e4eaf3b4cae6c0c15871e2564de063beceb4bbfc6532@192.168.11.211:30303",
   "enode://e53713bb77ad9f39e8a04b9c82aadddd3449220167f546bca8e9f36f6ebf60ae003e48ac293790e2bd7b0aca382777db9eca61d6f048c04f9dbe65eedb79d893@192.168.11.212:30303?discport=0",
+  "enode://e871ff3b1f58b9a87122e552b2404e1893bf92ae74d4fa6bc2bd002d0350c506ea452f4aefa1a3497ef32694c4beb48bf8a006d2b82f57649c90b22f59044aad@192.168.11.217:30303?discport=0",
   "enode://07daf3d64079faa3982bc8be7aa86c24ef21eca4565aae4a7fd963c55c728de0639d80663834634edf113b9f047d690232ae23423c64979961db4b6449aa6dfd@192.168.11.221:30303",
   "enode://868bd957d6d887944deac0190161a3db7d1316a022e40a2383d5c334aa3fb8bc7ca36f165b6fb377b77d202fec46f3840f2f659b6a47807b7ce9b944b8382f10@192.168.11.232:30303",
   "enode://688f271d94c7995600ae36d25aa2fb92fea0c52e50e86c598be8966515458c1408b67fba76e1f771073e4774a6e399588443da63394ea25d56e6ca36f2288e00@192.168.11.233:30303",

config/besu-node-lists/static-nodes.json

@@ -13,8 +13,11 @@
   "enode://5f048208071f2a3036128433e1e4a647a7683abd8bc0f27d063e2933ced983accdfc44998666f3be711e4eff27511142d9989775b86cdbe28c79b74409fc36bb@192.168.11.214:30303",
   "enode://8da1b586e2e98f521f07148d3bb5d81fde151ce3d5738b51bc36e2c81de1aaa5404ce31e991b4393bbe471934f0a9a31f78d1d7c17c1899c3e2dde5e9f16eb24@192.168.11.244:30303",
   "enode://acd46d31913b8379f075467cd88d2ea650d33474d2f9546426da4a414fe92233584c9d8c2e1ea9962fa4257c20b66c9434d0488e51c632f285205d6a379cfbd6@192.168.11.245:30303",
+  "enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
+  "enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
   "enode://6cdc892fa09afa2b05c21cc9a1193a86cf0d195ce81b02a270d8bb987f78ca98ad90d907670796c90fc6e4eaf3b4cae6c0c15871e2564de063beceb4bbfc6532@192.168.11.211:30303",
   "enode://e53713bb77ad9f39e8a04b9c82aadddd3449220167f546bca8e9f36f6ebf60ae003e48ac293790e2bd7b0aca382777db9eca61d6f048c04f9dbe65eedb79d893@192.168.11.212:30303?discport=0",
+  "enode://e871ff3b1f58b9a87122e552b2404e1893bf92ae74d4fa6bc2bd002d0350c506ea452f4aefa1a3497ef32694c4beb48bf8a006d2b82f57649c90b22f59044aad@192.168.11.217:30303?discport=0",
   "enode://07daf3d64079faa3982bc8be7aa86c24ef21eca4565aae4a7fd963c55c728de0639d80663834634edf113b9f047d690232ae23423c64979961db4b6449aa6dfd@192.168.11.221:30303",
   "enode://868bd957d6d887944deac0190161a3db7d1316a022e40a2383d5c334aa3fb8bc7ca36f165b6fb377b77d202fec46f3840f2f659b6a47807b7ce9b944b8382f10@192.168.11.232:30303",
   "enode://688f271d94c7995600ae36d25aa2fb92fea0c52e50e86c598be8966515458c1408b67fba76e1f771073e4774a6e399588443da63394ea25d56e6ca36f2288e00@192.168.11.233:30303",

config/dbis-ecosystem-master-plan-tracker.json

@@ -0,0 +1,166 @@
+{
+  "schemaVersion": "1.0.0",
+  "updated": "2026-04-24",
+  "canonicalRootDoc": "docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md",
+  "workstreams": [
+    {
+      "id": "W1",
+      "title": "Besu / Chain 138 infrastructure and RPC topology",
+      "status": "live",
+      "horizon": "near_term",
+      "ownerClass": "mixed",
+      "dependsOn": [],
+      "sourceDocs": [
+        "docs/06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md",
+        "dbis_chain_138_technical_master_plan.md",
+        "docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md"
+      ],
+      "acceptanceGate": "Canonical Besu inventory reconciled across all active cluster hosts, block production healthy, and no unexplained canonical node gaps remain.",
+      "evidenceArtifact": "scripts/verify/check-cluster-besu-inventory.sh --json"
+    },
+    {
+      "id": "W2",
+      "title": "Liquidity, PMM, bridge, and public routing coverage",
+      "status": "partially live",
+      "horizon": "near_term",
+      "ownerClass": "mixed",
+      "dependsOn": [
+        "W1"
+      ],
+      "sourceDocs": [
+        "docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md",
+        "docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md",
+        "reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md"
+      ],
+      "acceptanceGate": "Machine-readable route coverage is current and can distinguish live, partial, and blocked routing paths for stablecoins and top assets.",
+      "evidenceArtifact": "config/public-routing-coverage-matrix.json"
+    },
+    {
+      "id": "W3",
+      "title": "Phoenix deploy/control-plane integration",
+      "status": "partially live",
+      "horizon": "near_term",
+      "ownerClass": "mixed",
+      "dependsOn": [
+        "W1",
+        "W2",
+        "W4"
+      ],
+      "sourceDocs": [
+        "docs/04-configuration/PHOENIX_SANKOFA_OPERATOR_HANDOFF.md",
+        "docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md"
+      ],
+      "acceptanceGate": "Phoenix deploy/control APIs expose current canonical manifests and validated deploy targets without drifting from repo truth.",
+      "evidenceArtifact": "scripts/validation/validate-config-files.sh"
+    },
+    {
+      "id": "W4",
+      "title": "URA manifest, policy profiles, registry, and route confidence",
+      "status": "repo-implemented",
+      "horizon": "near_term",
+      "ownerClass": "repo",
+      "dependsOn": [
+        "W2",
+        "W3"
+      ],
+      "sourceDocs": [
+        "docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md",
+        "docs/04-configuration/universal-resource-activation/README.md",
+        "config/universal-resource-activation/manifest.json"
+      ],
+      "acceptanceGate": "URA manifest and policy profiles validate, registry references are coherent, and route-confidence can be produced as a first-class control-plane artifact.",
+      "evidenceArtifact": "scripts/validate/validate-universal-resource-activation.mjs"
+    },
+    {
+      "id": "W5",
+      "title": "DBIS RTGS / DBIS Rail / OMNL / settlement sidecars",
+      "status": "partially live",
+      "horizon": "near_term",
+      "ownerClass": "mixed",
+      "dependsOn": [
+        "W4",
+        "W6"
+      ],
+      "sourceDocs": [
+        "docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md",
+        "docs/dbis-rail/DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md",
+        "docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md"
+      ],
+      "acceptanceGate": "First-slice settlement boundaries, event sources, custody roles, and sidecar responsibilities are explicit enough for production gating.",
+      "evidenceArtifact": "docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md"
+    },
+    {
+      "id": "W6",
+      "title": "Jurisdiction/compliance and onboarding matrices",
+      "status": "repo-implemented",
+      "horizon": "near_term",
+      "ownerClass": "repo",
+      "dependsOn": [
+        "W4"
+      ],
+      "sourceDocs": [
+        "docs/04-configuration/compliance-matrices/README.md",
+        "docs/04-configuration/jurisdictions/JURISDICTION_CATALOG.md",
+        "docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md"
+      ],
+      "acceptanceGate": "Jurisdiction and onboarding matrices are machine-readable enough to gate policy profiles and institutional activation paths.",
+      "evidenceArtifact": "config/jurisdictions/catalog.v1.json"
+    },
+    {
+      "id": "W7",
+      "title": "Identity / Hyperledger / interoperability stack",
+      "status": "planned",
+      "horizon": "long_term",
+      "ownerClass": "external",
+      "dependsOn": [
+        "W5",
+        "W6"
+      ],
+      "sourceDocs": [
+        "docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md",
+        "docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md"
+      ],
+      "acceptanceGate": "Identity and interoperability slices have explicit runtime ownership, promotion gates, and environment-specific deployment decisions.",
+      "evidenceArtifact": "docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md"
+    },
+    {
+      "id": "W8",
+      "title": "Observability, verification, evidence, and operator readiness",
+      "status": "live",
+      "horizon": "near_term",
+      "ownerClass": "mixed",
+      "dependsOn": [
+        "W1",
+        "W2",
+        "W3",
+        "W4",
+        "W5",
+        "W6"
+      ],
+      "sourceDocs": [
+        "docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md",
+        "docs/00-meta/OPERATOR_READY_CHECKLIST.md",
+        "docs/04-configuration/universal-resource-activation/URA_OPERATIONAL_READINESS_CHECKLIST.md"
+      ],
+      "acceptanceGate": "Validation, health, and operator readiness outputs are current enough to act as production gates rather than ad hoc references.",
+      "evidenceArtifact": "scripts/verify/run-all-validation.sh"
+    }
+  ],
+  "blockedBy": [
+    {
+      "id": "B1",
+      "class": "external",
+      "description": "Some institutional integrations, custody counterparties, and settlement-sidecar dependencies cannot be closed from repo-only work."
+    },
+    {
+      "id": "B2",
+      "class": "external",
+      "description": "Some public-network expansion lanes remain constrained by third-party bridge, exchange, or destination-liquidity realities."
+    },
+    {
+      "id": "B3",
+      "class": "operator",
+      "description": "Operator promotion of URA, sidecar, and policy-aware runtime slices still trails repo implementation in several areas."
+    }
+  ]
+}

config/generated-node-configs/config-1500.toml

@@ -0,0 +1,52 @@
+# Besu Configuration for besu-sentry-1 (VMID: 1500)
+# Generated baseline sentry config promoted into first-class repo coverage.
+
+data-path="/data/besu"
+genesis-file=""
+
+# Network
+network-id=138
+p2p-host="192.168.11.150"
+p2p-port=30303
+max-peers=32
+discovery-enabled=true
+
+# RPC
+rpc-http-enabled=true
+rpc-http-host="0.0.0.0"
+rpc-http-port=8545
+rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+rpc-http-cors-origins=["*"]
+rpc-http-api-enable-unsafe-txsigning=true
+
+rpc-ws-enabled=true
+rpc-ws-host="0.0.0.0"
+rpc-ws-port=8546
+rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+
+# GraphQL
+graphql-http-enabled=true
+graphql-http-host="0.0.0.0"
+graphql-http-port=8547
+
+# Metrics
+metrics-enabled=true
+metrics-host="0.0.0.0"
+metrics-port=9545
+
+# Logging
+logging="INFO"
+log-destination="CONSOLE"
+
+# Sync
+sync-mode="FULL"
+fast-sync-min-peers=2
+
+# Privacy
+privacy-enabled=false
+
+# Mining
+miner-enabled=false
+
+# QBFT
+qbft-enabled=true

config/generated-node-configs/config-1501.toml

@@ -0,0 +1,52 @@
+# Besu Configuration for besu-sentry-2 (VMID: 1501)
+# Generated baseline sentry config promoted into first-class repo coverage.
+
+data-path="/data/besu"
+genesis-file=""
+
+# Network
+network-id=138
+p2p-host="192.168.11.151"
+p2p-port=30303
+max-peers=32
+discovery-enabled=true
+
+# RPC
+rpc-http-enabled=true
+rpc-http-host="0.0.0.0"
+rpc-http-port=8545
+rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+rpc-http-cors-origins=["*"]
+rpc-http-api-enable-unsafe-txsigning=true
+
+rpc-ws-enabled=true
+rpc-ws-host="0.0.0.0"
+rpc-ws-port=8546
+rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+
+# GraphQL
+graphql-http-enabled=true
+graphql-http-host="0.0.0.0"
+graphql-http-port=8547
+
+# Metrics
+metrics-enabled=true
+metrics-host="0.0.0.0"
+metrics-port=9545
+
+# Logging
+logging="INFO"
+log-destination="CONSOLE"
+
+# Sync
+sync-mode="FULL"
+fast-sync-min-peers=2
+
+# Privacy
+privacy-enabled=false
+
+# Mining
+miner-enabled=false
+
+# QBFT
+qbft-enabled=true

config/generated-node-configs/config-1502.toml

@@ -0,0 +1,52 @@
+# Besu Configuration for besu-sentry-3 (VMID: 1502)
+# Generated baseline sentry config promoted into first-class repo coverage.
+
+data-path="/data/besu"
+genesis-file=""
+
+# Network
+network-id=138
+p2p-host="192.168.11.152"
+p2p-port=30303
+max-peers=32
+discovery-enabled=true
+
+# RPC
+rpc-http-enabled=true
+rpc-http-host="0.0.0.0"
+rpc-http-port=8545
+rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+rpc-http-cors-origins=["*"]
+rpc-http-api-enable-unsafe-txsigning=true
+
+rpc-ws-enabled=true
+rpc-ws-host="0.0.0.0"
+rpc-ws-port=8546
+rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+
+# GraphQL
+graphql-http-enabled=true
+graphql-http-host="0.0.0.0"
+graphql-http-port=8547
+
+# Metrics
+metrics-enabled=true
+metrics-host="0.0.0.0"
+metrics-port=9545
+
+# Logging
+logging="INFO"
+log-destination="CONSOLE"
+
+# Sync
+sync-mode="FULL"
+fast-sync-min-peers=2
+
+# Privacy
+privacy-enabled=false
+
+# Mining
+miner-enabled=false
+
+# QBFT
+qbft-enabled=true

config/generated-node-configs/config-1503.toml

@@ -0,0 +1,52 @@
+# Besu Configuration for besu-sentry-4 (VMID: 1503)
+# Generated baseline sentry config promoted into first-class repo coverage.
+
+data-path="/data/besu"
+genesis-file=""
+
+# Network
+network-id=138
+p2p-host="192.168.11.153"
+p2p-port=30303
+max-peers=32
+discovery-enabled=true
+
+# RPC
+rpc-http-enabled=true
+rpc-http-host="0.0.0.0"
+rpc-http-port=8545
+rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+rpc-http-cors-origins=["*"]
+rpc-http-api-enable-unsafe-txsigning=true
+
+rpc-ws-enabled=true
+rpc-ws-host="0.0.0.0"
+rpc-ws-port=8546
+rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+
+# GraphQL
+graphql-http-enabled=true
+graphql-http-host="0.0.0.0"
+graphql-http-port=8547
+
+# Metrics
+metrics-enabled=true
+metrics-host="0.0.0.0"
+metrics-port=9545
+
+# Logging
+logging="INFO"
+log-destination="CONSOLE"
+
+# Sync
+sync-mode="FULL"
+fast-sync-min-peers=2
+
+# Privacy
+privacy-enabled=false
+
+# Mining
+miner-enabled=false
+
+# QBFT
+qbft-enabled=true

config/generated-node-configs/config-1504.toml

@@ -0,0 +1,52 @@
+# Besu Configuration for besu-sentry-ali (VMID: 1504)
+# Generated baseline sentry config promoted into first-class repo coverage.
+
+data-path="/data/besu"
+genesis-file=""
+
+# Network
+network-id=138
+p2p-host="192.168.11.154"
+p2p-port=30303
+max-peers=32
+discovery-enabled=true
+
+# RPC
+rpc-http-enabled=true
+rpc-http-host="0.0.0.0"
+rpc-http-port=8545
+rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+rpc-http-cors-origins=["*"]
+rpc-http-api-enable-unsafe-txsigning=true
+
+rpc-ws-enabled=true
+rpc-ws-host="0.0.0.0"
+rpc-ws-port=8546
+rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+
+# GraphQL
+graphql-http-enabled=true
+graphql-http-host="0.0.0.0"
+graphql-http-port=8547
+
+# Metrics
+metrics-enabled=true
+metrics-host="0.0.0.0"
+metrics-port=9545
+
+# Logging
+logging="INFO"
+log-destination="CONSOLE"
+
+# Sync
+sync-mode="FULL"
+fast-sync-min-peers=2
+
+# Privacy
+privacy-enabled=false
+
+# Mining
+miner-enabled=false
+
+# QBFT
+qbft-enabled=true

config/generated-node-configs/config-1507.toml

@@ -8,7 +8,7 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.244"
 p2p-port=30303
-max-peers=32
+max-peers=40
 discovery-enabled=true
 
 # RPC
@@ -40,6 +40,7 @@ log-destination="CONSOLE"
 
 # Sync
 sync-mode="FULL"
+tx-pool-max-future-by-sender=1
 fast-sync-min-peers=2
 
 # Privacy

config/generated-node-configs/config-1508.toml

@@ -8,7 +8,7 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.245"
 p2p-port=30303
-max-peers=32
+max-peers=40
 discovery-enabled=true
 
 # RPC
@@ -40,6 +40,7 @@ log-destination="CONSOLE"
 
 # Sync
 sync-mode="FULL"
+tx-pool-max-future-by-sender=1
 fast-sync-min-peers=2
 
 # Privacy

config/generated-node-configs/config-1509.toml

@@ -0,0 +1,53 @@
+# Besu Configuration for besu-sentry-thirdweb-01 (VMID: 1509)
+# Generated canonical per-node config for promoted sentry inventory.
+
+data-path="/data/besu"
+genesis-file=""
+
+# Network
+network-id=138
+p2p-host="192.168.11.219"
+p2p-port=30303
+max-peers=40
+discovery-enabled=true
+
+# RPC
+rpc-http-enabled=true
+rpc-http-host="0.0.0.0"
+rpc-http-port=8545
+rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+rpc-http-cors-origins=["*"]
+rpc-http-api-enable-unsafe-txsigning=true
+
+rpc-ws-enabled=true
+rpc-ws-host="0.0.0.0"
+rpc-ws-port=8546
+rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+
+# GraphQL
+graphql-http-enabled=true
+graphql-http-host="0.0.0.0"
+graphql-http-port=8547
+
+# Metrics
+metrics-enabled=true
+metrics-host="0.0.0.0"
+metrics-port=9545
+
+# Logging
+logging="INFO"
+log-destination="CONSOLE"
+
+# Sync
+sync-mode="FULL"
+tx-pool-max-future-by-sender=1
+fast-sync-min-peers=2
+
+# Privacy
+privacy-enabled=false
+
+# Mining
+miner-enabled=false
+
+# QBFT
+qbft-enabled=true

config/generated-node-configs/config-1510.toml

@@ -0,0 +1,53 @@
+# Besu Configuration for besu-sentry-thirdweb-02 (VMID: 1510)
+# Generated canonical per-node config for promoted sentry inventory.
+
+data-path="/data/besu"
+genesis-file=""
+
+# Network
+network-id=138
+p2p-host="192.168.11.220"
+p2p-port=30303
+max-peers=40
+discovery-enabled=true
+
+# RPC
+rpc-http-enabled=true
+rpc-http-host="0.0.0.0"
+rpc-http-port=8545
+rpc-http-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+rpc-http-cors-origins=["*"]
+rpc-http-api-enable-unsafe-txsigning=true
+
+rpc-ws-enabled=true
+rpc-ws-host="0.0.0.0"
+rpc-ws-port=8546
+rpc-ws-api=["ETH","NET","WEB3","ADMIN","PERSONAL","MINER","DEBUG"]
+
+# GraphQL
+graphql-http-enabled=true
+graphql-http-host="0.0.0.0"
+graphql-http-port=8547
+
+# Metrics
+metrics-enabled=true
+metrics-host="0.0.0.0"
+metrics-port=9545
+
+# Logging
+logging="INFO"
+log-destination="CONSOLE"
+
+# Sync
+sync-mode="FULL"
+tx-pool-max-future-by-sender=1
+fast-sync-min-peers=2
+
+# Privacy
+privacy-enabled=false
+
+# Mining
+miner-enabled=false
+
+# QBFT
+qbft-enabled=true

config/generated-node-configs/config-2500.toml

@@ -9,8 +9,8 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.172"
 p2p-port=30303
-max-peers=32
-discovery-enabled=true
+max-peers=40
+discovery-enabled=false
 
 # RPC - Full Function (can deploy contracts, execute writes)
 rpc-http-enabled=true

config/generated-node-configs/config-2501.toml

@@ -9,8 +9,8 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.173"
 p2p-port=30303
-max-peers=32
-discovery-enabled=true
+max-peers=40
+discovery-enabled=false
 
 # RPC - Standard Base (read-only, no admin APIs)
 rpc-http-enabled=true

config/generated-node-configs/config-2502.toml

@@ -9,8 +9,8 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.174"
 p2p-port=30303
-max-peers=32
-discovery-enabled=true
+max-peers=40
+discovery-enabled=false
 
 # RPC - Standard Base (read-only, no admin APIs)
 rpc-http-enabled=true

config/generated-node-configs/config-2503.toml

@@ -9,8 +9,8 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.246"
 p2p-port=30303
-max-peers=32
-discovery-enabled=true
+max-peers=40
+discovery-enabled=false
 
 # RPC - Full Function (can deploy contracts, execute writes)
 rpc-http-enabled=true

config/generated-node-configs/config-2504.toml

@@ -9,8 +9,8 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.247"
 p2p-port=30303
-max-peers=32
-discovery-enabled=true
+max-peers=40
+discovery-enabled=false
 
 # RPC - Standard Base (read-only, no admin APIs)
 rpc-http-enabled=true

config/generated-node-configs/config-2505.toml

@@ -9,8 +9,8 @@ genesis-file=""
 network-id=138
 p2p-host="192.168.11.248"
 p2p-port=30303
-max-peers=32
-discovery-enabled=true
+max-peers=40
+discovery-enabled=false
 
 # RPC - Standard Base (read-only, no admin APIs)
 rpc-http-enabled=true

config/generated-node-configs/service-1500.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Hyperledger Besu
+After=network.target
+
+[Service]
+Type=simple
+User=besu
+Group=besu
+ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

config/generated-node-configs/service-1501.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Hyperledger Besu
+After=network.target
+
+[Service]
+Type=simple
+User=besu
+Group=besu
+ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

config/generated-node-configs/service-1502.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Hyperledger Besu
+After=network.target
+
+[Service]
+Type=simple
+User=besu
+Group=besu
+ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

config/generated-node-configs/service-1503.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Hyperledger Besu
+After=network.target
+
+[Service]
+Type=simple
+User=besu
+Group=besu
+ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

config/generated-node-configs/service-1504.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Hyperledger Besu
+After=network.target
+
+[Service]
+Type=simple
+User=besu
+Group=besu
+ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

config/generated-node-configs/service-1509.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Hyperledger Besu
+After=network.target
+
+[Service]
+Type=simple
+User=besu
+Group=besu
+ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

config/generated-node-configs/service-1510.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Hyperledger Besu
+After=network.target
+
+[Service]
+Type=simple
+User=besu
+Group=besu
+ExecStart=/opt/besu/bin/besu --config-file=/etc/besu/config.toml
+Restart=always
+RestartSec=10
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

config/gitea-workflow-templates/README.md

@@ -0,0 +1,13 @@
+# Gitea Actions workflow templates
+
+Copy one of these into **your repo** as `.gitea/workflows/<workflow-name>.yml`, then set repo **Secrets** in Gitea (`PHOENIX_DEPLOY_URL`, `PHOENIX_DEPLOY_TOKEN`).
+
+| Template | Use when |
+|----------|----------|
+| [`deploy-via-phoenix-api.yml`](deploy-via-phoenix-api.yml) | App/service with a row in `phoenix-deploy-api/deploy-targets.json` |
+| [`validate-only.yml`](validate-only.yml) | Libraries/docs — CI gate only, no VM deploy |
+| **[`repos/`](repos/README.md)** | **Concrete YAML** for DBIS, CROMERO, CurrenciCombo — copy into those Gitea repos |
+
+See [docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](../../docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md) for repo ↔ VM mapping.
+
+**Operator checklist:** [docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](../../docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md).

config/gitea-workflow-templates/deploy-via-phoenix-api.yml

@@ -0,0 +1,30 @@
+# Template — copy to YOUR_REPO/.gitea/workflows/<name>.yml and replace placeholders.
+# Secrets (repo settings): PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
+name: Deploy via Phoenix API
+
+on:
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Trigger Phoenix deployment
+        env:
+          PHOENIX_DEPLOY_URL: ${{ secrets.PHOENIX_DEPLOY_URL }}
+          PHOENIX_DEPLOY_TOKEN: ${{ secrets.PHOENIX_DEPLOY_TOKEN }}
+          TARGET: default
+        run: |
+          set -euo pipefail
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          REPO="${{ gitea.repository }}"
+          curl -sSf -X POST "${PHOENIX_DEPLOY_URL}" \
+            -H "Authorization: Bearer ${PHOENIX_DEPLOY_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"${REPO}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"${TARGET}\"}"

config/gitea-workflow-templates/repos/README.md

@@ -0,0 +1,14 @@
+# Ready-to-copy workflows (repo-specific)
+
+Copy the matching file into **that** Gitea repo as `.gitea/workflows/<name>.yml`, then set secrets **`PHOENIX_DEPLOY_URL`**, **`PHOENIX_DEPLOY_TOKEN`**.
+
+| File | Gitea `repo` | `target` | Notes |
+|------|----------------|----------|--------|
+| [`dbis-portal-live.yml`](dbis-portal-live.yml) | `Gov_Web_Portals/DBIS` | `dbis-portal-live` | CT 7804 portal |
+| [`cromero-default.yml`](cromero-default.yml) | `d-bis/CROMERO` | `default` | NPM ecosystem build |
+| [`currencicombo-default.yml`](currencicombo-default.yml) | `d-bis/CurrenciCombo` | `default` | Phoenix CT 8604 |
+| — | `d-bis/explorer-monorepo` | `explorer-live` | Already in **explorer-monorepo** submodule: `.gitea/workflows/deploy-live.yml` |
+| — | `Gov_Web_Portals/CyberSecur-Global` | `default` | In **CyberSecur-Global** repo: `.gitea/workflows/deploy-to-ct7810.yml` |
+| — | `d-bis/cross-chain-pmm-lps` | _(validate only)_ | `.gitea/workflows/validate-capital-efficiency.yml` |
+
+`d-bis/proxmox` uses monorepo workflows in-repo (no copy from here).

config/gitea-workflow-templates/repos/cromero-default.yml

@@ -0,0 +1,23 @@
+# Copy to d-bis/CROMERO → .gitea/workflows/deploy-via-phoenix.yml
+# Secrets: PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
+name: Deploy CROMERO (Phoenix)
+
+on:
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Trigger Phoenix deployment
+        run: |
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+            -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"d-bis/CROMERO\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"

config/gitea-workflow-templates/repos/currencicombo-default.yml

@@ -0,0 +1,23 @@
+# Copy to d-bis/CurrenciCombo → .gitea/workflows/deploy-via-phoenix.yml
+# Secrets: PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
+name: Deploy CurrenciCombo (Phoenix)
+
+on:
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Trigger Phoenix deployment
+        run: |
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+            -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"d-bis/CurrenciCombo\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}"

config/gitea-workflow-templates/repos/dbis-portal-live.yml

@@ -0,0 +1,23 @@
+# Copy to Gov_Web_Portals/DBIS → .gitea/workflows/deploy-portal-live.yml
+# Secrets: PHOENIX_DEPLOY_URL, PHOENIX_DEPLOY_TOKEN
+name: Deploy DBIS portal (Phoenix)
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Trigger Phoenix deployment
+        run: |
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+            -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"Gov_Web_Portals/DBIS\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"dbis-portal-live\"}"

config/gitea-workflow-templates/validate-only.yml

@@ -0,0 +1,18 @@
+# Template — copy to YOUR_REPO/.gitea/workflows/validate.yml — adjust run steps.
+name: Validate
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Placeholder validation
+        run: |
+          echo "Replace this step with repo-specific checks (e.g. npm test, forge test)."

config/ip-addresses.conf

@@ -77,6 +77,8 @@ BLOCKSCOUT_API_URL="http://${IP_BLOCKSCOUT}:${BLOCKSCOUT_API_PORT}"
 FORGE_VERIFIER_PROXY_PORT="${FORGE_VERIFIER_PROXY_PORT:-3080}"
 IP_NPMPLUS="192.168.11.167"
 IP_NPMPLUS_SECONDARY="192.168.11.168"
+# Proxmox Mail Gateway (LXC 100, VMID 100) — PMG web UI; SMTP 25/587 on same host
+IP_PMG="${IP_PMG:-192.168.11.32}"
 IP_NGINX_LEGACY="192.168.11.26"
 IP_ORDER_OPENSEARCH="192.168.11.48"
 IP_ORDER_HAPROXY="192.168.11.39"
@@ -169,6 +171,10 @@ PUBLIC_IP_MIFOS="76.53.10.41"
 # DApp LXC (VMID 5801) — frontend-dapp for Chain 138 bridge. See docs/03-deployment/DAPP_LXC_DEPLOYMENT.md; E2E: tunnel + NPMplus dapp.d-bis.org
 IP_DAPP_LXC="192.168.11.58"
 
+# CurrenciCombo Phoenix CT (VMID 8604) on r630-01 — internal Phoenix app deployment on VLAN 160
+IP_CURRENCICOMBO_PHOENIX="${IP_CURRENCICOMBO_PHOENIX:-10.160.0.14}"
+CURRENCICOMBO_PHOENIX_VMID="${CURRENCICOMBO_PHOENIX_VMID:-8604}"
+
 # Phoenix / Sankofa public edge (NPMplus → CT 7800 API, 7801 portal). Legacy scripts use IP_SERVICE_50 / IP_SERVICE_51.
 # SolaceScanScout / Blockscout is IP_BLOCKSCOUT:80 — do NOT point sankofa.nexus or phoenix.sankofa.nexus there.
 IP_SERVICE_50="${IP_SERVICE_50:-192.168.11.50}"

config/jurisdictions/catalog.v1.json

@@ -0,0 +1,44 @@
+{
+  "schemaVersion": "1.0.0",
+  "updatedAt": "2026-04-25T18:00:00Z",
+  "description": "Canonical jurisdiction catalog for multi-institution onboarding. Add rows as jurisdictions are formally in-scope. Legal review required before marking status production_ready.",
+  "jurisdictions": [
+    {
+      "id": "ID",
+      "label": "Indonesia",
+      "governingLawNote": "Indonesian law; BI and sector regulators — detail in compliance matrix, not legal advice.",
+      "regulatorsNote": "Bank Indonesia (BI); OJK where applicable — confirm with counsel.",
+      "activitiesInScope": ["payments_omnl", "server_funds_treasury", "rtgs_sidecars", "chain138_settlement_evidence"],
+      "activitiesExcluded": ["generic_securities_issuance_unless_scoped"],
+      "complianceMatrixPath": "docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md",
+      "status": "pilot_ready",
+      "policyProfileIdsReferenced": [
+        "institutional_custody_skr_v1",
+        "server_funds_treasury_v1",
+        "infra_capacity_ops_v1"
+      ]
+    },
+    {
+      "id": "GENERIC-COMMON-LAW-STUB",
+      "label": "Generic common-law banking stub (template)",
+      "governingLawNote": "Illustrative only — replace with real jurisdiction before production.",
+      "regulatorsNote": "Placeholder — no regulator list.",
+      "activitiesInScope": ["template_process_only"],
+      "activitiesExcluded": ["all_production_until_replaced"],
+      "complianceMatrixPath": "docs/04-configuration/compliance-matrices/GENERIC-COMMON-LAW-STUB/banking_v1.md",
+      "status": "template_only",
+      "policyProfileIdsReferenced": []
+    },
+    {
+      "id": "US-DELAWARE-CORP-STUB",
+      "label": "US Delaware corporate stub (draft second jurisdiction)",
+      "governingLawNote": "Illustrative corporate/treasury stub — not legal advice; replace with real federal/state matrix.",
+      "regulatorsNote": "Placeholder.",
+      "activitiesInScope": ["draft_matrix_training_only"],
+      "activitiesExcluded": ["all_production_until_replaced"],
+      "complianceMatrixPath": "docs/04-configuration/compliance-matrices/US-DELAWARE-CORP-STUB/banking_v1.md",
+      "status": "draft",
+      "policyProfileIdsReferenced": []
+    }
+  ]
+}

config/master-permissioned-nodes.json

@@ -18,6 +18,8 @@
   "enode://17413a9ab0f570c72e9d7d511a856cd5b5abb58b70d0b9635524220a5354ee275429bf5d630025dbbb0d67c6ae24510e6560bf8b38a7e226e24a00cd181d6ae6@192.168.11.174:30303",
   "enode://ab7f104acbcb254ced2653122f80b2c93b541467edc8f5b4bc90c4d3794cbbb1b2cbea69f9fe5e89f848e46a158e6ce45d76901e64801669321ce62172048eb8@192.168.11.244:30303",
   "enode://237e27eb3a8738189e266615e7d613da18f86018a76080e18dbb9856baeab6454b1aebff889bc0790f2d791dd277121ee76a4fc0a0d1bc1001c2811b42518618@192.168.11.245:30303",
+  "enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
+  "enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
   "enode://89570ba8882ea1d383afb97d0d82eb3cf5d0c5fec7ae2acfe39487e5335ee91c36cd4b5e9aa05110d99b51a16b869f7531e6f89ec63476cba7f928356c437348@192.168.11.246:30303",
   "enode://0fdbda7b6916973e598b7c9ff6e4e2da6f8bcce2ca46bb11c58368a9fbcfcb303a4955a563b2f71a51a813abeed3b44da220ad1488d19c9483f733548a7b7765@192.168.11.247:30303",
   "enode://0c710ae1e4eaf7ee9d375c404798625c5165e1699a24aedadcfb69fa8fcde41c822d3576b1a180c3251aeba9782ceb43cb32c300c4e1a205905728d72b94cfe9@192.168.11.248:30303",

config/master-static-nodes.json

@@ -18,6 +18,8 @@
   "enode://17413a9ab0f570c72e9d7d511a856cd5b5abb58b70d0b9635524220a5354ee275429bf5d630025dbbb0d67c6ae24510e6560bf8b38a7e226e24a00cd181d6ae6@192.168.11.174:30303",
   "enode://ab7f104acbcb254ced2653122f80b2c93b541467edc8f5b4bc90c4d3794cbbb1b2cbea69f9fe5e89f848e46a158e6ce45d76901e64801669321ce62172048eb8@192.168.11.244:30303",
   "enode://237e27eb3a8738189e266615e7d613da18f86018a76080e18dbb9856baeab6454b1aebff889bc0790f2d791dd277121ee76a4fc0a0d1bc1001c2811b42518618@192.168.11.245:30303",
+  "enode://8a3337adcc2d177caf3aee26b3b6077d9adf126c580e12f352743ca07828f056ceb1d5fb1a06287e2dbbe19043fcc4b9bdd2ca9ae2a2c9142cf0cc3a549bfc68@192.168.11.219:30303",
+  "enode://09fe518689c54a34c3dac8aebf3c94bfc390f4bae143a80c57d92a502414df0689d12a2243ff9376c2f44a419894d934b4f47783ced31ea9668522078854e58f@192.168.11.220:30303",
   "enode://89570ba8882ea1d383afb97d0d82eb3cf5d0c5fec7ae2acfe39487e5335ee91c36cd4b5e9aa05110d99b51a16b869f7531e6f89ec63476cba7f928356c437348@192.168.11.246:30303",
   "enode://0fdbda7b6916973e598b7c9ff6e4e2da6f8bcce2ca46bb11c58368a9fbcfcb303a4955a563b2f71a51a813abeed3b44da220ad1488d19c9483f733548a7b7765@192.168.11.247:30303",
   "enode://0c710ae1e4eaf7ee9d375c404798625c5165e1699a24aedadcfb69fa8fcde41c822d3576b1a180c3251aeba9782ceb43cb32c300c4e1a205905728d72b94cfe9@192.168.11.248:30303",

config/official-protocol-integration-sources.json

@@ -0,0 +1,268 @@
+{
+  "schemaVersion": "1.0.0",
+  "updated": "2026-04-30",
+  "purpose": "Official-source registry for replacing temporary/replacement pools, wiring protocol-native liquidity, and deriving repeg/depth/unwind plans.",
+  "guardrails": [
+    "Use only official protocol documentation, official deployment registries, or protocol-maintained repositories as authority for factory/router/address imports.",
+    "Do not treat replacement MockDVMPool contracts as final protocol-native liquidity.",
+    "Prefer read-only discovery and dry-run plans before executing any pool migration, liquidity add, or unwind.",
+    "For unsupported chains, mark protocol surface as unavailable rather than fabricating addresses.",
+    "For aggregators such as 1inch, route execution must use the official API/router transaction data and chain allowlists; do not hard-code stale router addresses without a current official deployment source."
+  ],
+  "protocols": {
+    "dodo_pmm": {
+      "officialSources": [
+        {
+          "label": "DODO docs: find all pools and DVM factory addresses",
+          "url": "https://docs.dodoex.io/en/developer/data/how-to-find-all-the-dodo-pools",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "DODO docs: Ethereum contract addresses",
+          "url": "https://docs.dodoex.io/en/developer/contracts/dodo-v1-v2/contracts-address/ethereum",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "DODO docs: Base contract addresses",
+          "url": "https://docs.dodoex.io/en/developer/contracts/dodo-v1-v2/contracts-address/base",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "factoryProfile": "dodo_v2_dvm_factory",
+        "poolProfile": "dodo_v2_dvm",
+        "factoryMethods": [
+          "getDODOPool(address,address)",
+          "getDODOPoolBidirection(address,address)",
+          "getDODOPoolByUser(address)"
+        ],
+        "birthEvent": "NewDVM(address baseToken,address quoteToken,address creator,address dvm)"
+      },
+      "chainFactories": {
+        "1": {
+          "network": "Ethereum Mainnet",
+          "dvmFactory": "0x72d220cE168C4f361dD4deE5D826a01AD8598f6C",
+          "source": "DODO docs"
+        },
+        "10": {
+          "network": "Optimism",
+          "dvmFactory": "0x2B800DC6270726F7E2266cE8cD5A3F8436fe0B40",
+          "source": "DODO docs"
+        },
+        "56": {
+          "network": "BSC (BNB Chain)",
+          "dvmFactory": "0x790B4A80Fb1094589A3c0eFC8740aA9b0C1733fB",
+          "source": "DODO docs"
+        },
+        "137": {
+          "network": "Polygon",
+          "dvmFactory": "0x79887f65f83bdf15Bcc8736b5e5BcDB48fb8fE13",
+          "source": "DODO docs"
+        },
+        "42161": {
+          "network": "Arbitrum One",
+          "dvmFactory": "0xDa4c4411c55B0785e501332354A036c04833B72b",
+          "source": "DODO docs"
+        },
+        "43114": {
+          "network": "Avalanche C-Chain",
+          "dvmFactory": "0xfF133A6D335b50bDAa6612D19E1352B049A8aE6a",
+          "source": "DODO docs"
+        },
+        "8453": {
+          "network": "Base",
+          "dvmFactory": "0x0226fCE8c969604C3A0AD19c37d1FAFac73e13c2",
+          "source": "DODO docs"
+        }
+      },
+      "unsupportedOrUnverifiedChains": {
+        "25": {
+          "network": "Cronos",
+          "status": "official_dodo_dvm_factory_not_committed"
+        },
+        "100": {
+          "network": "Gnosis Chain",
+          "status": "official_dodo_dvm_factory_not_committed"
+        },
+        "42220": {
+          "network": "Celo",
+          "status": "official_dodo_dvm_factory_not_committed"
+        },
+        "651940": {
+          "network": "ALL Mainnet (Alltra)",
+          "status": "not_official_dodo_chain_use_local_official_stack_or_custom_router"
+        }
+      }
+    },
+    "uniswap_v2": {
+      "officialSources": [
+        {
+          "label": "Uniswap docs: V2 deployments",
+          "url": "https://developers.uniswap.org/docs/protocols/v2/deployments",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "factoryProfile": "uniswap_v2_factory",
+        "routerProfile": "uniswap_v2_router02",
+        "methods": [
+          "getPair(address,address)",
+          "createPair(address,address)"
+        ]
+      }
+    },
+    "uniswap_v3": {
+      "officialSources": [
+        {
+          "label": "Uniswap docs: V3 deployments",
+          "url": "https://developers.uniswap.org/docs/protocols/v3/deployments",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "Uniswap governance: official deployment guideline",
+          "url": "https://gov.uniswap.org/t/uniswap-deployment-guideline/25015",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "factoryProfile": "uniswap_v3_factory",
+        "routerProfile": "universal_router_or_swap_router02",
+        "positionManagerProfile": "nonfungible_position_manager",
+        "methods": [
+          "getPool(address,address,uint24)",
+          "createAndInitializePoolIfNecessary(address,address,uint24,uint160)"
+        ]
+      }
+    },
+    "curve_stable": {
+      "officialSources": [
+        {
+          "label": "Curve docs: deployment addresses",
+          "url": "https://curve.readthedocs.io/ref-addresses.html",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "Curve technical docs",
+          "url": "https://docs.curve.finance/",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "factoryProfile": "curve_stableswap_factory",
+        "notes": [
+          "Use Curve registry/factory addresses per chain.",
+          "Deposits and withdrawals may require zaps depending on pool type."
+        ]
+      }
+    },
+    "balancer_weighted": {
+      "officialSources": [
+        {
+          "label": "Balancer deployments repository",
+          "url": "https://github.com/balancer/balancer-deployments",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "Balancer docs: Vault",
+          "url": "https://balancer.gitbook.io/balancer-v2/products/the-vault",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "vaultProfile": "balancer_vault",
+        "factoryProfile": "weighted_pool_factory",
+        "notes": [
+          "Balancer pools are managed by the Vault; pool token balances and joins/exits must use Vault APIs."
+        ]
+      }
+    },
+    "aave_backstop": {
+      "officialSources": [
+        {
+          "label": "Aave address book repository",
+          "url": "https://github.com/bgd-labs/aave-address-book",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "Aave V3 core repository",
+          "url": "https://github.com/aave/aave-v3-core",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "addressBookProfile": "bgd_labs_aave_address_book",
+        "methods": [
+          "POOL()",
+          "POOL_ADDRESSES_PROVIDER()"
+        ]
+      }
+    },
+    "oneinch_aggregator": {
+      "officialSources": [
+        {
+          "label": "1inch aggregation protocol",
+          "url": "https://1inch.io/aggregation-protocol/",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "1inch developer portal",
+          "url": "https://portal.1inch.dev/",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "1inch Help Center: supported networks",
+          "url": "https://help.1inch.com/en/articles/5528619-how-to-use-different-networks-on-1inch",
+          "retrievedAt": "2026-04-30"
+        },
+        {
+          "label": "1inch Business: Swap API supported chains",
+          "url": "https://business.1inch.com/products/swap",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "integrationProfile": "official_api_quote_and_router_tx_data",
+        "notes": [
+          "Use 1inch official API quote/swap response for current router tx data.",
+          "Do not create pools; this protocol wires route access to external liquidity."
+        ]
+      },
+      "chainSupport": {
+        "8453": {
+          "network": "Base",
+          "status": "supported_by_official_1inch_network_list",
+          "source": "1inch Help Center / 1inch Business chain pages",
+          "supportedUse": "aggregated quote and swap route access for cW*/official stable pairs; requires token import/listing or direct contract-address query."
+        },
+        "100": {
+          "network": "Gnosis Chain",
+          "status": "supported_by_official_1inch_network_list",
+          "source": "1inch Help Center / 1inch Business chain pages",
+          "supportedUse": "aggregated quote and swap route access for cW*/official stable pairs; requires token import/listing or direct contract-address query."
+        },
+        "25": {
+          "network": "Cronos",
+          "status": "supported_by_official_1inch_business_swap_list",
+          "source": "1inch Business Swap API supported chains",
+          "supportedUse": "aggregated quote and swap route access for cW*/official stable pairs; requires token import/listing or direct contract-address query."
+        }
+      }
+    },
+    "sushiswap_v2": {
+      "officialSources": [
+        {
+          "label": "SushiSwap V2 core repository",
+          "url": "https://github.com/sushiswap/v2-core",
+          "retrievedAt": "2026-04-30"
+        }
+      ],
+      "poolDiscovery": {
+        "factoryProfile": "sushiswap_v2_factory",
+        "routerProfile": "sushiswap_v2_router",
+        "notes": [
+          "Official deployment-address source must be confirmed per chain before enabling rows."
+        ]
+      }
+    }
+  }
+}

config/proxmox-operational-template.json

@@ -47,6 +47,20 @@
       "role": "firefly_npmplus_secondary_mim4u_mifos_support",
       "ui_url": "https://192.168.11.12:8006",
       "cluster_name": "h"
+    },
+    {
+      "hostname": "r630-03",
+      "mgmt_ipv4": "192.168.11.13",
+      "role": "besu_chain138_secondary_rpc_sentry_host",
+      "ui_url": "https://192.168.11.13:8006",
+      "cluster_name": "h"
+    },
+    {
+      "hostname": "r630-04",
+      "mgmt_ipv4": "192.168.11.14",
+      "role": "besu_chain138_additional_capacity_host",
+      "ui_url": "https://192.168.11.14:8006",
+      "cluster_name": "h"
     }
   ],
   "cluster_peering": {
@@ -65,7 +79,7 @@
   },
   "besu_chain138_peering_model": {
     "chain_id": 138,
-    "summary": "Validators (1000\u20131004) \u2194 Sentries (1500\u20131506) \u2194 RPC tier (2101 core, 2201 public, 230x named, 240x thirdweb). Use canonical roles doc for allowed adjacencies and ops.",
+    "summary": "Validators (1000\u20131004) \u2194 Sentries (1500\u20131510) \u2194 RPC tier (2101,2102,2103 core/admin, 2201 public, 2301,2303\u20132308 named/private, 2400\u20132403 thirdweb, 2500\u20132505 alltra/hybx). Use canonical roles doc for allowed adjacencies and ops.",
     "p2p_port_tcp_udp": 30303,
     "doc_ref": "docs/02-architecture/CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md"
   },
@@ -1250,7 +1264,10 @@
           "port": 80
         }
       ],
-      "fqdns": []
+      "fqdns": [
+        "tsunamiswap.com",
+        "app.tsunamiswap.com"
+      ]
     },
     {
       "vmid": 10070,
@@ -1459,7 +1476,41 @@
       "vmid": 1508,
       "hostname": "besu-sentry-hybx-2",
       "ipv4": "192.168.11.245",
-      "preferred_node": "ml110",
+      "preferred_node": "r630-04",
+      "category": "besu_sentry",
+      "ports": [
+        {
+          "port": 30303
+        },
+        {
+          "port": 9545
+        }
+      ],
+      "peering_layer": "sentry_boundary",
+      "fqdns": []
+    },
+    {
+      "vmid": 1509,
+      "hostname": "besu-sentry-thirdweb-01",
+      "ipv4": "192.168.11.219",
+      "preferred_node": "r630-03",
+      "category": "besu_sentry",
+      "ports": [
+        {
+          "port": 30303
+        },
+        {
+          "port": 9545
+        }
+      ],
+      "peering_layer": "sentry_boundary",
+      "fqdns": []
+    },
+    {
+      "vmid": 1510,
+      "hostname": "besu-sentry-thirdweb-02",
+      "ipv4": "192.168.11.220",
+      "preferred_node": "r630-03",
       "category": "besu_sentry",
       "ports": [
         {
@@ -1617,7 +1668,9 @@
           "port": 80
         }
       ],
-      "fqdns": []
+      "fqdns": [
+        "tsunamiswap.com"
+      ]
     },
     {
       "vmid": 5201,

config/public-routing-coverage-matrix.json

@@ -0,0 +1,116 @@
+{
+  "schemaVersion": "1.0.0",
+  "updated": "2026-04-24",
+  "scope": "Current live Chain 138 ecosystem coverage for public stablecoins, top public assets, and near-term integration priorities.",
+  "homeChain": {
+    "chainId": 138,
+    "network": "DeFi Oracle Meta Mainnet",
+    "publicExitPrimitive": "WETH",
+    "publicExitStatus": "live_via_pmm_and_ccip"
+  },
+  "supportedBridgeDestinations": [
+    { "chainId": 1, "name": "Ethereum Mainnet", "status": "live" },
+    { "chainId": 10, "name": "Optimism", "status": "live" },
+    { "chainId": 25, "name": "Cronos", "status": "live" },
+    { "chainId": 56, "name": "BSC", "status": "live" },
+    { "chainId": 100, "name": "Gnosis", "status": "live" },
+    { "chainId": 137, "name": "Polygon", "status": "live" },
+    { "chainId": 8453, "name": "Base", "status": "live" },
+    { "chainId": 42161, "name": "Arbitrum One", "status": "live" },
+    { "chainId": 42220, "name": "Celo", "status": "live" },
+    { "chainId": 43114, "name": "Avalanche C-Chain", "status": "live" },
+    { "chainId": 651940, "name": "ALL Mainnet", "status": "bridge_live_swap_inventory_pending" },
+    { "chainId": 1111, "name": "Wemix", "status": "blocked_selector_not_supported" }
+  ],
+  "stablecoinCoverage": [
+    { "symbol": "USDT", "reachability": "strong", "mode": "direct_mirror_and_public_evm" },
+    { "symbol": "USDC", "reachability": "strong", "mode": "direct_mirror_and_public_evm" },
+    { "symbol": "DAI", "reachability": "strong", "mode": "indirect_via_weth_to_ethereum" },
+    { "symbol": "USDS", "reachability": "strong", "mode": "indirect_via_weth_to_ethereum" },
+    { "symbol": "PYUSD", "reachability": "medium", "mode": "destination_dex_dependent" },
+    { "symbol": "USDe", "reachability": "medium", "mode": "destination_dex_dependent" },
+    { "symbol": "USD1", "reachability": "medium", "mode": "destination_dex_dependent" },
+    { "symbol": "USDG", "reachability": "medium", "mode": "destination_dex_dependent" },
+    { "symbol": "RLUSD", "reachability": "medium", "mode": "destination_dex_dependent" },
+    { "symbol": "USDF", "reachability": "medium", "mode": "destination_dex_dependent" },
+    { "symbol": "BUIDL", "reachability": "low", "mode": "institutional_non_dex" },
+    { "symbol": "USYC", "reachability": "low", "mode": "institutional_non_dex" },
+    { "symbol": "JTRSY", "reachability": "low", "mode": "institutional_non_dex" },
+    { "symbol": "XAUT", "reachability": "strong", "mode": "native_gold_family_on_home_chain" },
+    { "symbol": "PAXG", "reachability": "medium", "mode": "destination_dex_dependent" }
+  ],
+  "topAssetCoverage": [
+    { "symbol": "ETH", "reachability": "strong", "mode": "direct_evm" },
+    { "symbol": "LINK", "reachability": "strong", "mode": "direct_evm" },
+    { "symbol": "AAVE", "reachability": "strong", "mode": "destination_dex_dependent" },
+    { "symbol": "UNI", "reachability": "strong", "mode": "destination_dex_dependent" },
+    { "symbol": "AVAX", "reachability": "strong", "mode": "destination_dex_dependent" },
+    { "symbol": "BNB", "reachability": "strong", "mode": "destination_dex_dependent" },
+    { "symbol": "CRO", "reachability": "strong", "mode": "destination_dex_dependent" },
+    { "symbol": "BTC", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "SOL", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "TRX", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "XRP", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "ADA", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "XMR", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "ZEC", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "XLM", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "HBAR", "reachability": "weak", "mode": "non_evm_expansion_required" },
+    { "symbol": "SUI", "reachability": "weak", "mode": "non_evm_expansion_required" }
+  ],
+  "shortIntegrationLeaps": [
+    {
+      "id": "doc-chain138-live-weth-exits",
+      "title": "Normalize docs around live Chain 138 c* -> WETH exits",
+      "status": "done_now",
+      "impact": "high"
+    },
+    {
+      "id": "publish-destination-route-registry",
+      "title": "Publish per-chain destination route registry for supported EVM stablecoins and cW* surfaces",
+      "status": "todo",
+      "impact": "high"
+    },
+    {
+      "id": "promote-additional-public-stables",
+      "title": "Promote PYUSD, USDe, RLUSD, USD1, and USDG into named route-target review",
+      "status": "todo",
+      "impact": "high"
+    },
+    {
+      "id": "canonicalize-allmainnet-swap-surface",
+      "title": "Commit canonical ALL Mainnet router/factory/pool inventory",
+      "status": "todo",
+      "impact": "high"
+    },
+    {
+      "id": "publish-top50-coverage-matrix",
+      "title": "Track top public assets by direct, indirect, wrapped-only, or unsupported status",
+      "status": "done_now",
+      "impact": "medium"
+    }
+  ],
+  "additionalComponentsRequired": [
+    {
+      "id": "non-evm-bridge-expansion",
+      "title": "Bridge and swap adapters for BTC, SOL, XRP, ADA, XLM, HBAR, SUI classes",
+      "status": "future"
+    },
+    {
+      "id": "wemix-ccip-selector-support",
+      "title": "Enable Wemix lane by resolving Chain 138 CCIP selector support",
+      "status": "blocked_external"
+    },
+    {
+      "id": "route-confidence-api",
+      "title": "Expose live route confidence in quote/build systems",
+      "status": "future"
+    }
+  ],
+  "references": {
+    "ecosystemReport": "reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md",
+    "routingStatusDoc": "docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md",
+    "stablecoinRoutesDoc": "docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md",
+    "allMainnetSurfaceConfig": "config/allmainnet-non-dodo-protocol-surface.json"
+  }
+}

config/token-mapping-multichain.json

@@ -146,6 +146,118 @@
         }
       ]
     },
+    {
+      "fromChainId": 138,
+      "toChainId": 1,
+      "notes": "Chain 138 ↔ Ethereum Mainnet (CCIP); direct mapping; c*_cW = c* → cW* on destination",
+      "tokens": [
+        {
+          "key": "WETH9",
+          "name": "Wrapped Ether",
+          "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
+          "addressTo": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
+          "notes": "138 WETH9 → Mainnet WETH"
+        },
+        {
+          "key": "Compliant_USDT",
+          "name": "cUSDT",
+          "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
+          "addressTo": "0xdAC17F958D2ee523a2206206994597C13D831ec7",
+          "notes": "138 cUSDT → Mainnet USDT (native)"
+        },
+        {
+          "key": "Compliant_USDT_cW",
+          "name": "cUSDT→cWUSDT",
+          "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
+          "addressTo": "0xaF5017d0163ecb99D9B5D94e3b4D7b09Af44D8AE",
+          "notes": "138 cUSDT → Mainnet cWUSDT; set when deployed"
+        },
+        {
+          "key": "Compliant_USDC",
+          "name": "cUSDC",
+          "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
+          "addressTo": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+          "notes": "138 cUSDC → Mainnet USDC (native)"
+        },
+        {
+          "key": "Compliant_USDC_cW",
+          "name": "cUSDC→cWUSDC",
+          "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
+          "addressTo": "0x2de5F116bFcE3d0f922d9C8351e0c5Fc24b9284a",
+          "notes": "138 cUSDC → Mainnet cWUSDC; set when deployed"
+        },
+        {
+          "key": "Compliant_EURC_cW",
+          "name": "cEURC→cWEURC",
+          "addressFrom": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
+          "addressTo": "0xD4aEAa8cD3fB41Dc8437FaC7639B6d91B60A5e8d",
+          "notes": "138 cEURC → Mainnet cWEURC"
+        },
+        {
+          "key": "Compliant_EURT_cW",
+          "name": "cEURT→cWEURT",
+          "addressFrom": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
+          "addressTo": "0x855d74FFB6CF75721a9bAbc8B2ed35c8119241dC",
+          "notes": "138 cEURT → Mainnet cWEURT"
+        },
+        {
+          "key": "Compliant_GBPC_cW",
+          "name": "cGBPC→cWGBPC",
+          "addressFrom": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
+          "addressTo": "0xc074007dc0bfb384b1cf6426a56287ed23fe4d52",
+          "notes": "138 cGBPC → Mainnet cWGBPC"
+        },
+        {
+          "key": "Compliant_GBPT_cW",
+          "name": "cGBPT→cWGBPT",
+          "addressFrom": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
+          "addressTo": "0x1dDF9970F01c76A692Fdba2706203E6f16e0C46F",
+          "notes": "138 cGBPT → Mainnet cWGBPT"
+        },
+        {
+          "key": "Compliant_AUDC_cW",
+          "name": "cAUDC→cWAUDC",
+          "addressFrom": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
+          "addressTo": "0x5020Db641B3Fc0dAbBc0c688C845bc4E3699f35F",
+          "notes": "138 cAUDC → Mainnet cWAUDC"
+        },
+        {
+          "key": "Compliant_JPYC_cW",
+          "name": "cJPYC→cWJPYC",
+          "addressFrom": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
+          "addressTo": "0x07EEd0D7dD40984e47B9D3a3bdded1c536435582",
+          "notes": "138 cJPYC → Mainnet cWJPYC"
+        },
+        {
+          "key": "Compliant_CHFC_cW",
+          "name": "cCHFC→cWCHFC",
+          "addressFrom": "0x873990849DDa5117d7C644f0aF24370797C03885",
+          "addressTo": "0x0F91C5E6Ddd46403746aAC970D05d70FFe404780",
+          "notes": "138 cCHFC → Mainnet cWCHFC"
+        },
+        {
+          "key": "Compliant_CADC_cW",
+          "name": "cCADC→cWCADC",
+          "addressFrom": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
+          "addressTo": "0x209FE32fe7B541751D190ae4e50cd005DcF8EDb4",
+          "notes": "138 cCADC → Mainnet cWCADC"
+        },
+        {
+          "key": "Compliant_XAUC_cW",
+          "name": "cXAUC→cWXAUC",
+          "addressFrom": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
+          "addressTo": "0x572Be0fa8CA0534d642A567CEDb398B771D8a715",
+          "notes": "138 cXAUC → Mainnet cWXAUC"
+        },
+        {
+          "key": "Compliant_XAUT_cW",
+          "name": "cXAUT→cWXAUT",
+          "addressFrom": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
+          "addressTo": "0xACE1DBF857549a11aF1322e1f91F2F64b029c906",
+          "notes": "138 cXAUT → Mainnet cWXAUT"
+        }
+      ]
+    },
     {
       "fromChainId": 651940,
       "toChainId": 138,
@@ -1322,6 +1434,118 @@
         }
       ]
     },
+    {
+      "fromChainId": 138,
+      "toChainId": 42220,
+      "notes": "Chain 138 ↔ Celo (CCIP); direct mapping; c*_cW = c* → cW* on destination",
+      "tokens": [
+        {
+          "key": "WETH9",
+          "name": "Wrapped Ether",
+          "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
+          "addressTo": "0xD221812de1BD094f35587EE8E174B07B6167D9Af",
+          "notes": "138 WETH9 → Celo WETH"
+        },
+        {
+          "key": "Compliant_USDT",
+          "name": "cUSDT",
+          "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
+          "addressTo": "0x48065fbBE25f71C9282ddf5e1cD6D6A887483D5e",
+          "notes": "138 cUSDT → Celo USDT (native)"
+        },
+        {
+          "key": "Compliant_USDT_cW",
+          "name": "cUSDT→cWUSDT",
+          "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
+          "addressTo": "0x73376eB92c16977B126dB9112936A20Fa0De3442",
+          "notes": "138 cUSDT → Celo cWUSDT; set when deployed"
+        },
+        {
+          "key": "Compliant_USDC",
+          "name": "cUSDC",
+          "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
+          "addressTo": "0xcebA9300f2b948710d2653dD7B07f33A8B32118C",
+          "notes": "138 cUSDC → Celo USDC (native)"
+        },
+        {
+          "key": "Compliant_USDC_cW",
+          "name": "cUSDC→cWUSDC",
+          "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
+          "addressTo": "0x4C38F9A5ed68A04cd28a72E8c68C459Ec34576f3",
+          "notes": "138 cUSDC → Celo cWUSDC; set when deployed"
+        },
+        {
+          "key": "Compliant_EURC_cW",
+          "name": "cEURC→cWEURC",
+          "addressFrom": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
+          "addressTo": "0xb6D2f38b9015F32ccE8818509c712264E7fceeD3",
+          "notes": "138 cEURC → Celo cWEURC"
+        },
+        {
+          "key": "Compliant_EURT_cW",
+          "name": "cEURT→cWEURT",
+          "addressFrom": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
+          "addressTo": "0x7e6fB8D80f81430e560F8232b2A4fd06249d74ce",
+          "notes": "138 cEURT → Celo cWEURT"
+        },
+        {
+          "key": "Compliant_GBPC_cW",
+          "name": "cGBPC→cWGBPC",
+          "addressFrom": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
+          "addressTo": "0xE37c332a88f112F9e039C5d92D821402A89c7052",
+          "notes": "138 cGBPC → Celo cWGBPC"
+        },
+        {
+          "key": "Compliant_GBPT_cW",
+          "name": "cGBPT→cWGBPT",
+          "addressFrom": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
+          "addressTo": "0x1dBa81f91f1BeC47FFf60eC3e7DeD780ad9968E3",
+          "notes": "138 cGBPT → Celo cWGBPT"
+        },
+        {
+          "key": "Compliant_AUDC_cW",
+          "name": "cAUDC→cWAUDC",
+          "addressFrom": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
+          "addressTo": "0x2d3a2ED4Ca4d69912d217c305EE921609F7906A8",
+          "notes": "138 cAUDC → Celo cWAUDC"
+        },
+        {
+          "key": "Compliant_JPYC_cW",
+          "name": "cJPYC→cWJPYC",
+          "addressFrom": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
+          "addressTo": "0x0b39F47D2E68aB0eB18d4b637Bbd1dD8E97cFbB5",
+          "notes": "138 cJPYC → Celo cWJPYC"
+        },
+        {
+          "key": "Compliant_CHFC_cW",
+          "name": "cCHFC→cWCHFC",
+          "addressFrom": "0x873990849DDa5117d7C644f0aF24370797C03885",
+          "addressTo": "0x8142BA530B08f3950128601F00DaaA678213DFdf",
+          "notes": "138 cCHFC → Celo cWCHFC"
+        },
+        {
+          "key": "Compliant_CADC_cW",
+          "name": "cCADC→cWCADC",
+          "addressFrom": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
+          "addressTo": "0x0C242b513008Cd49C89078F5aFb237A3112251EB",
+          "notes": "138 cCADC → Celo cWCADC"
+        },
+        {
+          "key": "Compliant_XAUC_cW",
+          "name": "cXAUC→cWXAUC",
+          "addressFrom": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
+          "addressTo": "0x61D642979eD75c1325f35b9275C5A7FE97F22451",
+          "notes": "138 cXAUC → Celo cWXAUC"
+        },
+        {
+          "key": "Compliant_XAUT_cW",
+          "name": "cXAUT→cWXAUT",
+          "addressFrom": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
+          "addressTo": "0x30751782486eed825187C1EAe5DE4b4baD428AaE",
+          "notes": "138 cXAUT → Celo cWXAUT"
+        }
+      ]
+    },
     {
       "fromChainId": 651940,
       "toChainId": 42220,

config/universal-resource-activation.evidence-package.v1.schema.json

@@ -0,0 +1,64 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://d-bis.org/schemas/universal-resource-activation.evidence-package.v1.json",
+  "title": "EvidencePackage",
+  "type": "object",
+  "required": ["evidencePackageId", "resourceIds", "actionType", "reconciliationStatus"],
+  "properties": {
+    "evidencePackageId": { "type": "string", "minLength": 1 },
+    "resourceIds": {
+      "type": "array",
+      "minItems": 1,
+      "items": { "type": "string" }
+    },
+    "actionType": {
+      "type": "string",
+      "enum": [
+        "REGISTER",
+        "FUNDING_DRAW",
+        "CAP_RESERVE",
+        "MINT_AUTH",
+        "DEPLOY",
+        "ALLOCATE",
+        "REVERSAL"
+      ]
+    },
+    "initiator": { "type": "string" },
+    "timestamp": { "type": "string" },
+    "jurisdiction": { "type": "string" },
+    "lawfulBasis": { "type": "string" },
+    "policyDecisions": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "profileId": { "type": "string" },
+          "version": { "type": "string" },
+          "result": { "type": "string" },
+          "reason": { "type": "string" }
+        }
+      }
+    },
+    "complianceResults": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "check": { "type": "string" },
+          "result": { "type": "string" },
+          "ref": { "type": "string" }
+        }
+      }
+    },
+    "custodyOrSourceEvidence": { "type": "string" },
+    "accountingRef": { "type": "string" },
+    "settlementOrChainRef": { "type": "string" },
+    "deploymentRef": { "type": "string" },
+    "reconciliationStatus": {
+      "type": "string",
+      "enum": ["open", "matched", "exception"]
+    },
+    "explanation": { "type": "string" }
+  },
+  "additionalProperties": true
+}

config/universal-resource-activation.manifest.v1.schema.json

@@ -0,0 +1,29 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://d-bis.org/schemas/universal-resource-activation.manifest.v1.json",
+  "title": "UniversalResourceManifest",
+  "type": "object",
+  "required": ["schemaVersion", "resources", "evidencePackages"],
+  "properties": {
+    "schemaVersion": { "type": "string", "pattern": "^1\\." },
+    "updatedAt": { "type": "string" },
+    "resources": {
+      "type": "array"
+    },
+    "evidencePackages": {
+      "type": "array"
+    },
+    "policyProfileRefs": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "id": { "type": "string" },
+          "version": { "type": "string" }
+        },
+        "required": ["id"]
+      }
+    }
+  },
+  "additionalProperties": true
+}

config/universal-resource-activation.policy-profile-registry.v1.schema.json

@@ -0,0 +1,70 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://d-bis.org/schemas/universal-resource-activation.policy-profile-registry.v1.json",
+  "title": "PolicyProfileRegistry",
+  "type": "object",
+  "required": ["schemaVersion", "profiles"],
+  "properties": {
+    "schemaVersion": { "type": "string", "minLength": 1 },
+    "updatedAt": { "type": "string" },
+    "description": { "type": "string" },
+    "profiles": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "required": [
+          "policyProfileId",
+          "version",
+          "jurisdictions",
+          "participantClasses",
+          "resourceFamilies",
+          "minimumGruGovernanceLevel"
+        ],
+        "properties": {
+          "policyProfileId": { "type": "string", "minLength": 1 },
+          "version": { "type": "string", "minLength": 1 },
+          "effectiveFrom": { "type": "string" },
+          "effectiveTo": { "type": "string" },
+          "supersedes": { "type": "string" },
+          "jurisdictions": {
+            "type": "array",
+            "minItems": 1,
+            "items": { "type": "string" }
+          },
+          "participantClasses": {
+            "type": "array",
+            "minItems": 1,
+            "items": { "type": "string" }
+          },
+          "resourceFamilies": {
+            "type": "array",
+            "minItems": 1,
+            "items": { "type": "string" }
+          },
+          "tokenizationModesAllowed": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "ledgerModel": { "type": "string" },
+          "standards": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "minimumGruGovernanceLevel": {
+            "type": "integer",
+            "minimum": 0,
+            "maximum": 5
+          },
+          "complianceMatrixPaths": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "notes": { "type": "string" }
+        },
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": true
+}

config/universal-resource-activation.resource.v1.schema.json

@@ -0,0 +1,69 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://d-bis.org/schemas/universal-resource-activation.resource.v1.json",
+  "title": "UniversalResource",
+  "type": "object",
+  "required": ["resourceId", "schemaVersion", "family", "lifecycleState", "deployabilityState"],
+  "properties": {
+    "resourceId": { "type": "string", "minLength": 1, "description": "bytes32 hex (0x...) or UUID" },
+    "schemaVersion": { "type": "integer", "minimum": 1 },
+    "displayName": { "type": "string" },
+    "description": { "type": "string" },
+    "family": {
+      "type": "string",
+      "enum": [
+        "SKR_SAFEKEEPING",
+        "STRATEGIC_RECORD",
+        "SERVER_FUNDS",
+        "FIAT_DIGITAL",
+        "CRYPTO",
+        "COMMODITY",
+        "SECURITY",
+        "RWA_GENERIC",
+        "INFRA_CAPACITY"
+      ]
+    },
+    "subType": { "type": "string" },
+    "ownerParticipantId": { "type": "string" },
+    "jurisdiction": { "type": "string" },
+    "policyProfileId": { "type": "string" },
+    "tokenizationMode": {
+      "type": "string",
+      "enum": ["NONE", "CLAIM", "ENTITLEMENT", "TRANSFERABLE_ERC20", "RESTRICTED_SECURITY"]
+    },
+    "unitOfMeasure": { "type": "string" },
+    "quantity": { "type": "string" },
+    "valuationMethod": {
+      "type": "string",
+      "enum": ["MARK", "NAV", "AMORTIZED", "NOTIONAL", "NONE"]
+    },
+    "valuationRef": { "type": "string" },
+    "encumbranceState": {
+      "type": "string",
+      "enum": ["unencumbered", "held", "pledged", "lien", "disputed"]
+    },
+    "lifecycleState": {
+      "type": "string",
+      "enum": ["draft", "pending_validation", "active", "suspended", "closed", "void"]
+    },
+    "deployabilityState": {
+      "type": "string",
+      "enum": [
+        "informational_only",
+        "collateral_only",
+        "funding_eligible",
+        "settlement_linked",
+        "infra_allocatable",
+        "fully_deployable"
+      ]
+    },
+    "evidenceRefs": { "type": "array", "items": { "type": "string" } },
+    "custodianId": { "type": "string" },
+    "infraHostId": { "type": "string" },
+    "infraBundleId": { "type": "string" },
+    "riskTier": { "type": "integer", "minimum": 1, "maximum": 5 },
+    "createdAt": { "type": "string" },
+    "updatedAt": { "type": "string" }
+  },
+  "additionalProperties": true
+}

config/universal-resource-activation/MANIFEST_AUTOMATION_DESIGN.md

@@ -0,0 +1,37 @@
+# URA manifest — automation design
+
+**Last updated:** 2026-04-25  
+**Status:** **Implemented in-repo:** fragment merge + strict closure gate + public Phoenix read for `policy-profiles.json` + ledger/settlement fragment CLIs + [`URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md`](../../docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md). Full OMNL ETL and GRU M00 diamond remain **operator/service** work; standalone `PolicyProfileRegistry` ships under `smom-dbis-138/contracts/universal-resource/`.
+
+## Implemented
+
+| Piece | Location |
+|-------|----------|
+| Merge fragments → validated manifest | `scripts/ura/merge-manifest-fragments.mjs` · `pnpm ura:merge-manifest` |
+| Shared schema validation | `scripts/ura/lib/validate-ura-manifest.mjs` (used by `pnpm ura:validate` and merge) |
+| Production placeholder gate | `scripts/ura/validate-manifest-closure.mjs` · `pnpm ura:validate-closure` (warn) / `pnpm ura:validate-closure:strict` (fail) · optional `URA_STRICT_CLOSURE=1` in `validate-config-files.sh` |
+| Fragment drop zone | `manifest-fragments/README.md` |
+| Public API: policy profiles | `GET /api/v1/universal-resource-activation/policy-profiles` on phoenix-deploy-api |
+
+## Goals (remaining / service-bound)
+
+- Generate fragments from **approved** ops forms, ledger exports, chain receipts (outside this repo or future ETL).
+- Fail CI on **production** branches when closure rules violate (use `URA_STRICT_CLOSURE=1` on that pipeline).
+
+## Pipeline (merge)
+
+1. **Inputs:** JSON fragments under `manifest-fragments/*.json` (or another `--fragments-dir`).
+2. **Merge:** Deterministic sort; `policyProfileRefs` union; resources/evidence by id with shallow merge.
+3. **Validate:** Full JSON Schema + cross-checks (`validateUraManifestData`).
+4. **Optional:** `--out path` to write; then review and replace `manifest.json` if intended.
+
+## Non-goals
+
+- Automatic legal classification of assets (human sign-off on matrices + profiles).
+- Writing to chain or OMNL from this repo without separate deployment controls.
+
+## Related
+
+- [technical-specs/README.md](../../docs/04-configuration/universal-resource-activation/technical-specs/README.md) — normative **TS-*** specs for remaining operator work  
+- [`UNIVERSAL_RESOURCE_WIRING.md`](../../docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_WIRING.md)  
+- [`scripts/validate/validate-ura-policy-profiles.mjs`](../../scripts/validate/validate-ura-policy-profiles.mjs)

config/universal-resource-activation/POLICY_PROFILES_REGISTRY.md

@@ -0,0 +1,23 @@
+# Policy profiles registry — doc control
+
+**Last updated:** 2026-04-25  
+**Purpose:** Human-readable **change control** for rows in [`policy-profiles.json`](policy-profiles.json). Legal/risk owns interpretation; engineering owns schema conformance (`pnpm ura:validate-profiles`).
+
+| `policyProfileId` | Version in registry | `effectiveFrom` | Legal / risk sign-off | Notes |
+|-------------------|---------------------|-----------------|----------------------|-------|
+| `institutional_custody_skr_v1` | 1 | 2026-04-25 | Pending — replace when signed | ID matrix: SKR / custody path |
+| `server_funds_treasury_v1` | 1 | 2026-04-25 | Pending — replace when signed | ID matrix: server funds / OMNL |
+| `infra_capacity_ops_v1` | 1 | 2026-04-25 | Pending — replace when signed | LAN internal capacity |
+
+## Procedure
+
+1. Add or bump `version` and `effectiveFrom` in `policy-profiles.json`; update this table with sign-off reference (ticket, memo id, or “N/A — internal only”).
+2. Ensure [`manifest.json`](manifest.json) `policyProfileRefs` lists every profile used by a resource at the correct version.
+3. Run `pnpm ura:validate && pnpm ura:validate-profiles`.
+
+## Related
+
+- [`UNIVERSAL_RESOURCE_POLICY_PROFILES.md`](../../docs/04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_POLICY_PROFILES.md)  
+- [`DBIS_RAIL_JURISDICTION_TRACEABILITY.md`](../../docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md)  
+- **Public read:** `GET /api/v1/universal-resource-activation/policy-profiles` on phoenix-deploy-api (same auth rules as manifest; override via `UNIVERSAL_RESOURCE_POLICY_PROFILES_PATH`).  
+- **On-chain anchor (optional):** `smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol` — publish `contentHash` from `pnpm ura:profile-hash <policyProfileId>`; see [`GRU_REGISTRY_WIRING_CHECKLIST.md`](../../docs/runbooks/GRU_REGISTRY_WIRING_CHECKLIST.md) §6.

config/universal-resource-activation/integration/examples/ledger-snapshot.example.json

@@ -0,0 +1,8 @@
+{
+  "journalEntryId": "OMNL-JE-2026-00042",
+  "batchRef": "FINERACT-BATCH-88",
+  "postedAt": "2026-04-25T12:00:00Z",
+  "currency": "USD",
+  "amountMinor": "1000000",
+  "notes": "Illustrative export shape — replace with real OMNL/Fineract field names from your deployment."
+}

config/universal-resource-activation/integration/omnl-ledger-mapping.v1.example.json

@@ -0,0 +1,10 @@
+{
+  "schemaVersion": "1.0.0",
+  "description": "Example mapping from Fineract/OMNL export fields to URA evidence package columns. Copy to omnl-ledger-mapping.v1.json when live.",
+  "evidencePackages": [
+    {
+      "evidencePackageId": "ura:pilot:evidence-register-bootstrap",
+      "accountingRefField": "journalEntryId"
+    }
+  ]
+}

config/universal-resource-activation/integration/omnl-ledger-mapping.v1.schema.json

@@ -0,0 +1,48 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://d-bis.org/schemas/omnl-ledger-mapping.v1.json",
+  "title": "OMNLLedgerMapping",
+  "type": "object",
+  "required": ["schemaVersion", "evidencePackages"],
+  "properties": {
+    "schemaVersion": { "type": "string", "const": "1.0.0" },
+    "description": { "type": "string" },
+    "resourceUpdates": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["resourceId", "quantityField"],
+        "properties": {
+          "resourceId": { "type": "string", "minLength": 1 },
+          "quantityField": { "type": "string", "description": "Dot path in ledger snapshot for quantity string" }
+        },
+        "additionalProperties": false
+      }
+    },
+    "evidencePackages": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "required": ["evidencePackageId"],
+        "properties": {
+          "evidencePackageId": { "type": "string", "minLength": 1 },
+          "accountingRefField": {
+            "type": "string",
+            "description": "Dot path into ledger snapshot JSON for accountingRef string (e.g. journalEntryId or omnl.batchRef)"
+          },
+          "quantityField": {
+            "type": "string",
+            "description": "Optional dot path for resource quantity string"
+          },
+          "resourceIdForQuantity": {
+            "type": "string",
+            "description": "If quantityField set, which resource row to patch"
+          }
+        },
+        "additionalProperties": false
+      }
+    }
+  },
+  "additionalProperties": false
+}

config/universal-resource-activation/manifest-fragments/README.md

@@ -0,0 +1,38 @@
+# URA manifest fragments (optional)
+
+**Purpose:** Drop partial JSON files here to **merge** onto the canonical [`../manifest.json`](../manifest.json) without hand-editing the full file. Used for ops overlays, environment-specific rows, or generated snippets.
+
+## Fragment shape
+
+Each `*.json` file (sorted by filename; skip `_prefix.json`) may contain any of:
+
+| Key | Effect |
+|-----|--------|
+| `policyProfileRefs` | Union with manifest (same `id` + `version` deduped). |
+| `resources` | Add or **shallow-merge** replace by `resourceId`. |
+| `evidencePackages` | Add or **shallow-merge** replace by `evidencePackageId`. |
+
+Top-level manifest fields (`schemaVersion`, `description`, …) come **only** from the `--base` file (default: `manifest.json`).
+
+## Commands
+
+```bash
+pnpm ura:merge-manifest
+# Validate merge and print counts (dry-run; does not write)
+
+node scripts/ura/merge-manifest-fragments.mjs --out /tmp/merged.json
+# Write merged JSON; inspect and copy into manifest.json if correct
+```
+
+After any manifest edit: `pnpm ura:validate && pnpm ura:validate-profiles`.
+
+## Production gate
+
+When pilots are closed, enforce no placeholders:
+
+```bash
+pnpm ura:validate-closure:strict
+# Or: URA_STRICT_CLOSURE=1 bash scripts/validation/validate-config-files.sh
+```
+
+See [`MANIFEST_AUTOMATION_DESIGN.md`](../MANIFEST_AUTOMATION_DESIGN.md) and [`URA_PILOT_CLOSURE_RUNBOOK.md`](../../../docs/04-configuration/universal-resource-activation/URA_PILOT_CLOSURE_RUNBOOK.md).

config/universal-resource-activation/manifest.json

@@ -0,0 +1,87 @@
+{
+  "schemaVersion": "1.0.0",
+  "updatedAt": "2026-04-25T12:00:00Z",
+  "description": "Canonical in-repo store for universal resource activation (SKR, server funds, infra). Pilot-scoped resourceIds; jurisdiction ID for financial pilots per JURISDICTION_CATALOG and ID-INDONESIA matrix. Replace ura:participant:pilot-*-assign and evidence TBDs per URA_PILOT_CLOSURE_RUNBOOK.md. Run pnpm ura:validate && pnpm ura:validate-profiles in CI.",
+  "policyProfileRefs": [
+    { "id": "institutional_custody_skr_v1", "version": "1" },
+    { "id": "server_funds_treasury_v1", "version": "1" },
+    { "id": "infra_capacity_ops_v1", "version": "1" }
+  ],
+  "resources": [
+    {
+      "resourceId": "ura:pilot-1:skr-custody-record",
+      "schemaVersion": 1,
+      "displayName": "Pilot 1 — SKR / custody record",
+      "description": "PILOT-1 (Indonesia-scope): bind participant registry id, evidenceRefs, and custody evidence per URA_PILOT_CLOSURE_RUNBOOK.md and ID-INDONESIA compliance matrix.",
+      "family": "SKR_SAFEKEEPING",
+      "subType": "CUSTODY_STATEMENT",
+      "ownerParticipantId": "ura:participant:pilot-1-assign",
+      "jurisdiction": "ID",
+      "policyProfileId": "institutional_custody_skr_v1",
+      "tokenizationMode": "NONE",
+      "quantity": "0",
+      "unitOfMeasure": "USD",
+      "valuationMethod": "NOTIONAL",
+      "encumbranceState": "unencumbered",
+      "lifecycleState": "draft",
+      "deployabilityState": "informational_only",
+      "evidenceRefs": ["ura:evidence:pending-pilot-1-custody-package"]
+    },
+    {
+      "resourceId": "ura:pilot-2:server-funds-treasury-pool",
+      "schemaVersion": 1,
+      "displayName": "Pilot 2 — Server funds treasury pool",
+      "description": "PILOT-2 (Indonesia-scope): OMNL + server-funds-sidecar SoR; replace accountingRef in evidence when ledger posts per runbook.",
+      "family": "SERVER_FUNDS",
+      "subType": "TREASURY_POOL",
+      "ownerParticipantId": "ura:participant:pilot-2-assign",
+      "jurisdiction": "ID",
+      "policyProfileId": "server_funds_treasury_v1",
+      "tokenizationMode": "NONE",
+      "quantity": "0",
+      "unitOfMeasure": "USD",
+      "valuationMethod": "NOTIONAL",
+      "encumbranceState": "unencumbered",
+      "lifecycleState": "draft",
+      "deployabilityState": "funding_eligible",
+      "evidenceRefs": ["ura:evidence:pending-pilot-2-ledger-link"]
+    },
+    {
+      "resourceId": "ura:pilot-3:infra-r630-01-api-small",
+      "schemaVersion": 1,
+      "displayName": "Pilot 3 — Infra capacity (R630-01, api_small)",
+      "description": "PILOT-3: LAN ops capacity; link deploymentRef in evidence after non-prod deploy per runbook.",
+      "family": "INFRA_CAPACITY",
+      "subType": "BUNDLE",
+      "ownerParticipantId": "ura:participant:pilot-3-assign",
+      "jurisdiction": "LAN",
+      "policyProfileId": "infra_capacity_ops_v1",
+      "tokenizationMode": "NONE",
+      "infraHostId": "r630-01",
+      "infraBundleId": "api_small",
+      "encumbranceState": "unencumbered",
+      "lifecycleState": "active",
+      "deployabilityState": "infra_allocatable",
+      "evidenceRefs": ["ura:evidence:pending-pilot-3-capacity-verify"]
+    }
+  ],
+  "evidencePackages": [
+    {
+      "evidencePackageId": "ura:pilot:evidence-register-bootstrap",
+      "resourceIds": [
+        "ura:pilot-1:skr-custody-record",
+        "ura:pilot-2:server-funds-treasury-pool",
+        "ura:pilot-3:infra-r630-01-api-small"
+      ],
+      "actionType": "REGISTER",
+      "initiator": "pilot_bootstrap",
+      "timestamp": "2026-04-25T12:00:00Z",
+      "reconciliationStatus": "open",
+      "custodyOrSourceEvidence": "PILOT-1: TBD — custodian statement or attestation hash per UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md; remove when real ref linked.",
+      "accountingRef": "PILOT-2: TBD — OMNL/Fineract journal or batch id when server-funds path posts (see URA_PILOT_CLOSURE_RUNBOOK.md).",
+      "settlementOrChainRef": "PILOT-2/3: TBD — MintAuth messageId / tx hash / rail ref per DBIS_RAIL_TECHNICAL_SPEC_V1.md when settlement leg exists.",
+      "deploymentRef": "PILOT-3: TBD — VMID, FQDN, health URL after deploy per UNIVERSAL_RESOURCE_PILOT_PLAN.md.",
+      "explanation": "REGISTER package binding three pilots. Set reconciliationStatus to matched only after mandatory joins per UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md and jurisdiction matrix rows."
+    }
+  ]
+}

config/universal-resource-activation/policy-profiles.json

@@ -0,0 +1,53 @@
+{
+  "schemaVersion": "1.0.0",
+  "updatedAt": "2026-04-25T00:00:00Z",
+  "description": "Machine-readable URA policy profile registry. Manifest policyProfileRefs must reference ids listed here. See UNIVERSAL_RESOURCE_POLICY_PROFILES.md and compliance-matrices/.",
+  "profiles": [
+    {
+      "policyProfileId": "institutional_custody_skr_v1",
+      "version": "1",
+      "effectiveFrom": "2026-04-25",
+      "jurisdictions": ["*", "ID"],
+      "participantClasses": ["institutional", "sovereign"],
+      "resourceFamilies": ["SKR_SAFEKEEPING", "STRATEGIC_RECORD"],
+      "tokenizationModesAllowed": ["NONE", "CLAIM", "ENTITLEMENT"],
+      "ledgerModel": "off_chain_omnl",
+      "standards": ["ISO20022_LOGGING"],
+      "minimumGruGovernanceLevel": 2,
+      "complianceMatrixPaths": [
+        "docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md"
+      ],
+      "notes": "SKR / custody evidence-backed; conservative transfer defaults per policy doc."
+    },
+    {
+      "policyProfileId": "server_funds_treasury_v1",
+      "version": "1",
+      "effectiveFrom": "2026-04-25",
+      "jurisdictions": ["*", "ID"],
+      "participantClasses": ["institutional", "sovereign"],
+      "resourceFamilies": ["SERVER_FUNDS"],
+      "tokenizationModesAllowed": ["NONE"],
+      "ledgerModel": "hybrid",
+      "standards": ["ISO20022_LOGGING", "TRAVEL_RULE"],
+      "minimumGruGovernanceLevel": 3,
+      "complianceMatrixPaths": [
+        "docs/04-configuration/compliance-matrices/ID-INDONESIA/banking_v1.md"
+      ],
+      "notes": "Good-funds, GL mapping, holds/releases; Rail settlement when on-chain leg used."
+    },
+    {
+      "policyProfileId": "infra_capacity_ops_v1",
+      "version": "1",
+      "effectiveFrom": "2026-04-25",
+      "jurisdictions": ["*", "LAN"],
+      "participantClasses": ["institutional", "internal_ops"],
+      "resourceFamilies": ["INFRA_CAPACITY"],
+      "tokenizationModesAllowed": ["NONE", "ENTITLEMENT"],
+      "ledgerModel": "off_chain_omnl",
+      "standards": ["IPSAS"],
+      "minimumGruGovernanceLevel": 1,
+      "complianceMatrixPaths": [],
+      "notes": "Internal capacity; not a traded security by default."
+    }
+  ]
+}

config/universal-resource-activation/ura-production-ready.env.example

@@ -0,0 +1,20 @@
+# Copy to a path outside VCS (or set inline) and:
+#   export URA_PRODUCTION_ENV_FILE=/path/to/ura-production-ready.env
+#   pnpm ura:production-ready
+#   # or (staging: skips manifest strict closure; does NOT claim production evidence closure)
+#   URA_PRODUCTION_MODE=connectivity pnpm ura:production-ready
+#
+# shellcheck disable=SC2034
+
+export PHOENIX_BASE_URL="https://phoenix.example.invalid"
+export SERVER_FUNDS_SIDECAR_URL="https://server-funds-sidecar.example.invalid"
+export POLICY_PROFILE_REGISTRY_ADDRESS="0x0000000000000000000000000000000000000000"
+
+# export GRU_REQUIRED=1
+# export GRU_M00_DIAMOND_ADDRESS="0x0000000000000000000000000000000000000000"
+
+# export LEDGER_E2E_EVIDENCE_FILE="/path/to/ledger-ticket.md"
+# export SETTLEMENT_E2E_EVIDENCE_FILE="/path/to/settlement-ticket.md"
+# export REQUIRE_CUSTODY=1
+# export CUSTODY_E2E_EVIDENCE_FILE="/path/to/custody-ticket.md"
+# export COUNSEL_SIGNOFF_FILE="/path/to/counsel-signoff.pdf"

docs/00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md

@@ -0,0 +1,148 @@
+# AAVE Chain 138 and Marionette TsunamiSwap Plan
+
+**Last Updated:** 2026-04-23  
+**Status:** Active planning / operator runbook  
+**Purpose:** Canonical repo-local reference for the TsunamiSwap DEX footprint in this workspace, including deployment target, current endpoint, and the operator flow to bring the VM online.
+
+---
+
+## Scope
+
+This document covers the TsunamiSwap deployment target currently reserved in the Proxmox operational template:
+
+- **VMID:** `5010`
+- **Hostname:** `tsunamiswap`
+- **IPv4:** `192.168.11.91`
+- **Preferred node:** `r630-01`
+- **Category:** `defi`
+- **Published port in template:** `80`
+
+Canonical sources:
+
+- [docs/00-meta/OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) section `5c`
+- [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](../02-architecture/DBIS_NODE_ROLE_MATRIX.md)
+- [docs/04-configuration/ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)
+- [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json)
+- [`scripts/deployment/tsunamiswap-vm-5010-provision.sh`](../../scripts/deployment/tsunamiswap-vm-5010-provision.sh)
+
+---
+
+## Current URLs
+
+The canonical public TsunamiSwap URLs are:
+
+- **Landing page:** `https://tsunamiswap.com`
+- **Working application:** `https://app.tsunamiswap.com`
+
+The VM service target on port `80` remains the backend origin:
+
+- **Origin / backend target:** `http://192.168.11.91/`
+
+Important notes:
+
+- `https://tsunamiswap.com` is the canonical public landing page.
+- `https://app.tsunamiswap.com` is the canonical working application URL.
+- `http://192.168.11.91/` remains the internal service origin for VM `5010`.
+- Both hostnames are currently recorded against VM `5010`; if the landing page and app split onto different upstreams later, update this document and the Proxmox operational template together.
+
+---
+
+## Deployment State
+
+Current known state in this repo:
+
+- VM `5010` exists in inventory and architecture docs.
+- The helper script [`scripts/deployment/tsunamiswap-vm-5010-provision.sh`](../../scripts/deployment/tsunamiswap-vm-5010-provision.sh) is **inventory only** and explicitly says provisioning is still informational.
+- The operator checklist expects follow-up scripts such as `create-tsunamiswap-vm.sh`, `setup-tsunamiswap-vm-5010.sh`, and `deploy-tsunamiswap-to-5010.sh`, but those scripts are **not present in this workspace** today.
+- Because of that, TsunamiSwap should currently be treated as **planned / partially documented infrastructure**, not a fully repo-automated deployment.
+
+---
+
+## Operator Flow
+
+### 1. Check VM inventory status
+
+```bash
+./scripts/deployment/tsunamiswap-vm-5010-provision.sh
+```
+
+Expected behavior:
+
+- Confirms whether VMID `5010` exists on the target Proxmox host.
+- If missing, prints the intended sizing and placement.
+
+### 2. Target VM profile
+
+From the operator checklist, the intended baseline is:
+
+- `8` vCPU
+- `16 GB` RAM
+- `~160 GB` disk
+- default host `r630-01`
+- default IP `192.168.11.91`
+
+### 3. Planned post-create steps
+
+The checklist indicates this intended flow:
+
+```bash
+./scripts/create-tsunamiswap-vm.sh --dry-run
+./scripts/create-tsunamiswap-vm.sh
+./scripts/setup-tsunamiswap-vm-5010.sh --dry-run
+./scripts/setup-tsunamiswap-vm-5010.sh
+./scripts/deploy-tsunamiswap-to-5010.sh --dry-run
+./scripts/deploy-tsunamiswap-to-5010.sh
+```
+
+Current repo reality:
+
+- These commands are referenced operationally.
+- The underlying scripts are not present in this workspace right now.
+- If automation is needed, those scripts should be added in a future pass and then linked back here.
+
+---
+
+## Publish Checklist
+
+Before calling TsunamiSwap publicly live, complete all of the following:
+
+1. Confirm VM `5010` exists and serves HTTP on `192.168.11.91:80`.
+2. Confirm `tsunamiswap.com` and `app.tsunamiswap.com` are present under VM `5010` `fqdns` in `config/proxmox-operational-template.json`.
+3. Add both hostnames to the canonical endpoint inventory docs.
+4. Publish the NPMplus proxy mappings:
+   `tsunamiswap.com` for the landing page and `app.tsunamiswap.com` for the working application, both currently targeting `192.168.11.91:80`.
+5. Verify end-to-end routing with the standard E2E verifier.
+
+Suggested canonical follow-up files to update once a public hostname exists:
+
+- [docs/04-configuration/ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)
+- [docs/04-configuration/FQDN_EXPECTED_CONTENT.md](../04-configuration/FQDN_EXPECTED_CONTENT.md)
+- [docs/03-deployment/OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md)
+- [`config/proxmox-operational-template.json`](../../config/proxmox-operational-template.json)
+
+---
+
+## AAVE / Marionette Relationship
+
+This workspace currently contains the TsunamiSwap infrastructure reservation and operator references, but it does **not** yet contain a fuller in-repo specification for:
+
+- AAVE-specific market wiring
+- Marionette-specific orchestration details
+- TsunamiSwap backend architecture
+- TsunamiSwap contract inventory
+- TsunamiSwap public domain / branding decision
+
+So this document should be read as the canonical **deployment placeholder + operator reference**, not a complete product architecture spec.
+
+---
+
+## Decision
+
+The canonical public URLs for TsunamiSwap in this repo are:
+
+- `https://tsunamiswap.com`
+- `https://app.tsunamiswap.com`
+
+The corresponding internal service origin is:
+
+- `http://192.168.11.91/`

docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md

@@ -0,0 +1,29 @@
+# Gitea CD/CI — operator checklist
+
+Use this after changing **`phoenix-deploy-api/deploy-targets.json`** or adding workflows under **`config/gitea-workflow-templates/`**.
+
+## One-time per application repo (on Gitea)
+
+1. **Actions enabled** for the org/repo (Gitea settings).
+2. **Secrets** on **that repo** (not only global):
+   - **`PHOENIX_DEPLOY_URL`** — full URL for `POST` (same shape as **`d-bis/proxmox`** workflows use), typically `http://<dev-vm>:4001/api/deploy` or HTTPS equivalent.
+   - **`PHOENIX_DEPLOY_TOKEN`** — bearer token accepted by Phoenix deploy API.
+3. **Workflow file** in the repo: copy from [`config/gitea-workflow-templates/repos/README.md`](../config/gitea-workflow-templates/repos/README.md) or use the repo’s existing `.gitea/workflows/*.yml`.
+
+## Phoenix deploy host (LAN)
+
+1. **`git pull`** **proxmox** so **`deploy-targets.json`** and **`scripts/deployment/phoenix-deploy-*.sh`** match Gitea **`d-bis/proxmox`** `master` / `main`.
+2. Restart or reinstall **phoenix-deploy-api** if you manage it via systemd (see **`phoenix-deploy-api/scripts/install-systemd.sh`**).
+3. **`GITEA_TOKEN`** on that host must allow archive fetch for repos you deploy.
+
+## Verify locally (proxmox clone)
+
+```bash
+bash scripts/validation/validate-phoenix-deploy-targets.sh phoenix-deploy-api/deploy-targets.json
+bash scripts/verify/report-gitea-cd-parity.sh
+```
+
+## Canonical references
+
+- [GITEA_REPO_VM_CD_CI_MATRIX.md](../04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md)
+- [config/gitea-workflow-templates/README.md](../../config/gitea-workflow-templates/README.md)

docs/00-meta/NEXT_STEPS_ALL.md

@@ -1,10 +1,11 @@
 # All Next Steps — Consolidated List
 
-**Last Updated:** 2026-02-08  
-**Purpose:** Single ordered list of everything left to do (Dev/Codespaces + general operator).  
-**Run-order:** [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md) → [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md); completable first: `./scripts/run-completable-tasks-from-anywhere.sh`, then `./scripts/run-all-operator-tasks-from-lan.sh` from LAN.  
-**References:** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md) | [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md)  
-**Completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md)  
+**Last Updated:** 2026-04-29
+**Purpose:** Single ordered list of everything left to do (Dev/Codespaces + general operator).
+**Live snapshot:** [reports/status/live-network-check-latest.json](../reports/status/live-network-check-latest.json).
+**Run-order:** [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md) → [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md); completable first: `./scripts/run-completable-tasks-from-anywhere.sh`, then `./scripts/run-all-operator-tasks-from-lan.sh` from LAN.
+**References:** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md) | [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md)
+**Completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md)
 **Secrets & remaining actions:** [REMAINING_ITEMS_DOTENV_AND_ACTIONS.md](../04-configuration/REMAINING_ITEMS_DOTENV_AND_ACTIONS.md)
 
 ---
@@ -46,8 +47,8 @@ Installer completed (git user, SQLite, paths under /opt/gitea/data, app.ini writ
 
 ## 4. Dev/Codespaces — Rsync projects + dotenv — **DONE (partial; re-run for full sync)**
 
-Initial rsync run from repo root; large tree may need a second run from your terminal:  
-`cd ~/projects/proxmox && bash scripts/dev-vm/rsync-projects-to-dev-vm.sh`  
+Initial rsync run from repo root; large tree may need a second run from your terminal:
+`cd ~/projects/proxmox && bash scripts/dev-vm/rsync-projects-to-dev-vm.sh`
 Ensure dotenv files are under `/srv/projects` (see [DEV_CODESPACES_76_53_10_40.md § 6](../04-configuration/DEV_CODESPACES_76_53_10_40.md#6-dotenv-files-include-in-dev-vm--accessibility)).
 
 ---
@@ -68,15 +69,15 @@ Org **d-bis** and 18 repos created. **Pushed** to Gitea: proxmox (master), dbis_
 
 ## 7. General — Bridge (W0-2)
 
-**Secrets:** **PRIVATE_KEY** in **smom-dbis-138/.env**; **same wallet** holds **LINK** for bridge fees.  
-**Check:** `bash scripts/bridge/run-send-cross-chain.sh 0.01 --dry-run` (already verified).  
+**Secrets:** **PRIVATE_KEY** in **smom-dbis-138/.env**; **same wallet** holds **LINK** for bridge fees.
+**Check:** `bash scripts/bridge/run-send-cross-chain.sh 0.01 --dry-run` (already verified).
 **To run real:** `bash scripts/bridge/run-send-cross-chain.sh 0.01`
 
 ---
 
 ## 8. General — Security (W1-1, W1-2)
 
-**Check:** Ensure SSH key login works to all three hosts before --apply.  
+**Check:** Ensure SSH key login works to all three hosts before --apply.
 **Run from repo root:** `bash scripts/security/run-security-on-proxmox-hosts.sh --apply` (disables password SSH, restricts 8006 to 192.168.11.0/24). No .env secrets needed.
 
 ---

docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md

@@ -2,9 +2,11 @@
 
 > Historical note (2026-03-26): this consolidated TODO list includes superseded PMM-address references from earlier deployment phases. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
 
-**Last Updated:** 2026-03-02  
+**Last Updated:** 2026-04-29
 **Purpose:** Single checklist of all next steps and remaining tasks. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs).
 
+**Live status pointer:** [reports/status/live-network-check-latest.json](../reports/status/live-network-check-latest.json) — RPC heads, 61/61, validation, PMM script (refreshed 2026-04-29).
+
 **👉 Single list (runbooks not yet run + remaining deployments + recommendations):** this document ([NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md)).
 
 **See also:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) (full deployment order Phase 0–6 + preflight), [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md), [RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md), [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md), [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).

docs/00-meta/NEXT_STEPS_FOR_YOU.md

@@ -1,17 +1,21 @@
 # Your next steps — one place
 
-**Last Updated:** 2026-03-02  
+**Last Updated:** 2026-04-29
 **Purpose:** Single list of what **you** need to do next (no infra/automation). Everything else the repo can do has been completed or documented.
 
-**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 59/59, validation OK, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification 59/59. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0–E7 listed.
+**Live status (2026-04-29):** Automation re-checked RPCs, **61/61** on-chain inventory, full validation gate, PMM balances; snapshot [live-network-check-latest.json](../reports/status/live-network-check-latest.json). Operator LAN run with NPMplus backup succeeded same day.
 
-**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh` — all 4 steps passed (config, on-chain 59/59, validation, reconcile-env). Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv.
+**Completed (latest repo-local pass, 2026-04-23):** `run-completable-tasks-from-anywhere.sh --dry-run --json-out reports/status/run-completable-tasks-latest.json` now emits machine-readable step summaries. `run-all-validation.sh --skip-genesis --json-out reports/status/run-all-validation-latest.json` passed and refreshed advisory non-EVM status (Solana, Tron, XRPL). `run-e2e-flow-tasks-full-parallel.sh`, `run-all-next-steps-chain138.sh`, and `run-all-operator-tasks-from-lan.sh` also now support optional `--json-out` summaries. Canonical docs were synchronized to the current 61-address on-chain check and five-step no-LAN runner flow.
 
-**Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 59/59, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 59/59. Next steps index and TODOS_CONSOLIDATED updated.
+**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 61/61, validation OK, non-EVM status refresh, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification 61/61. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0–E7 listed.
+
+**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh` — the runner has since expanded to the current five-step flow (config, on-chain, validation, non-EVM status, reconcile-env). Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv.
+
+**Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 59/59 at the time, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 59/59 at the time. Next steps index and TODOS_CONSOLIDATED updated.
 
 **Completed 2026-02-27:** Chain 138 "run all next steps" script added: `./scripts/deployment/run-all-next-steps-chain138.sh` (preflight → mirror+pool → register c* as GRU → verify). Docs updated: NEXT_STEPS_INDEX, DEPLOYMENT_ORDER_OF_OPERATIONS, TODOS_CONSOLIDATED, CONTRACT_NEXT_STEPS_LIST.
 
-**Completed 2026-03-01:** Recommended next steps: `run-completable-tasks-from-anywhere.sh` (config OK, on-chain 59/59, validation OK, reconcile-env). Progress indicators added (Step 1/4–4/4). E2E flow tasks script: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]`. CONTRACT_ADDRESSES_REFERENCE and RECOMMENDATIONS_OPERATOR_CHECKLIST updated to use ADDRESS_MATRIX_AND_STATUS for correlated address matrix.
+**Completed 2026-03-01:** Recommended next steps: `run-completable-tasks-from-anywhere.sh` (config OK, on-chain 59/59 at the time, validation OK, reconcile-env). Progress indicators added, later expanded to the current five-step runner flow with elapsed-time summaries. E2E flow tasks script: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]`. CONTRACT_ADDRESSES_REFERENCE and RECOMMENDATIONS_OPERATOR_CHECKLIST updated to use ADDRESS_MATRIX_AND_STATUS for correlated address matrix.
 
 **Completed 2026-02-23:** Optional and next steps: `run-completable-tasks-from-anywhere.sh` run (config OK, on-chain 36/36, run-all-validation --skip-genesis OK, reconcile-env). Shellcheck with `--optional` now non-fatal (CI and validate pass). Validate via Proxmox SSH: `bash scripts/run-via-proxmox-ssh.sh validate [--host IP]` runs full shellcheck + genesis validation; jq/shellcheck installed on host when missing. TODOS_CONSOLIDATED and OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST updated.
 
@@ -39,9 +43,9 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led
 
 | Step | Command / action |
 |------|------------------|
-| **Run all “from anywhere” checks** | `./scripts/run-completable-tasks-from-anywhere.sh` — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, reconcile-env --print |
-| **Chain 138 next steps (all in one)** | `./scripts/deployment/run-all-next-steps-chain138.sh` — preflight → mirror+pool (or `--skip-mirror`) → register c* as GRU → verify. Use `--dry-run`; set `TRANSACTION_MIRROR_ADDRESS` if mirror exists. See [TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX](../03-deployment/TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX.md) if CreateCollision. |
-| **E2E flows (full parallel)** | `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1]` — run E2E flow tasks by wave; see [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). |
+| **Run all “from anywhere” checks** | `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]` — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, non-EVM status refresh, reconcile-env --print |
+| **Chain 138 next steps (all in one)** | `./scripts/deployment/run-all-next-steps-chain138.sh [--json-out reports/status/run-all-next-steps-chain138-latest.json]` — preflight → mirror+pool (or `--skip-mirror`) → register c* as GRU → verify. Use `--dry-run`; set `TRANSACTION_MIRROR_ADDRESS` if mirror exists. See [TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX](../03-deployment/TRANSACTION_MIRROR_CHAIN138_COLLISION_FIX.md) if CreateCollision. |
+| **E2E flows (full parallel)** | `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--wave E1] [--json-out reports/status/run-e2e-flow-tasks-latest.json]` — run E2E flow tasks by wave; see [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). |
 | **On-chain address list (no RPC)** | `./scripts/verify/check-contracts-on-chain-138.sh --dry-run` — lists addresses only (no RPC) |
 | **Config validation** | `./scripts/validation/validate-config-files.sh` or `... --dry-run` (print only) |
 | **Bridge deploy dry-run** | `./scripts/deploy-and-configure-weth9-bridge-chain138.sh --dry-run` (no keys/network) |
@@ -49,7 +53,7 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led
 | **Validate via Proxmox SSH** | `bash scripts/run-via-proxmox-ssh.sh validate [--host 192.168.11.10]` — full shellcheck + genesis validation on host; installs jq/shellcheck if missing |
 | **CCIP checklist (dry)** | `bash scripts/ccip/ccip-deploy-checklist.sh` — validates env and prints deploy order (no deploy) |
 | **Tests** | `cd smom-dbis-138 && forge test` (e2e/integration subset if full suite slow); `cd alltra-lifi-settlement && forge test && npm run test:e2e -- --forceExit` |
-| **Quick wins (code)** | Add progress indicators to scripts; add `--dry-run` to scripts that lack it; extend config validation (see [IMPLEMENTATION_CHECKLIST](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)) |
+| **Quick wins (code)** | Canonical wrapper-script quick wins are complete in this workspace: progress/timing, `--json-out` summaries, and stricter arg validation are in place on the main runners. Use [REPO_LOCAL_RECOMMENDATIONS_STATUS.md](REPO_LOCAL_RECOMMENDATIONS_STATUS.md) to distinguish remaining operator/external work from future maintenance. |
 | **Placeholders (code)** | All done or documented — see [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) §4 (canonical addresses, AlltraAdapter setBridgeFee, smart accounts env, quote FABRIC_CHAIN_ID, .bak BAK_FILES_DEPRECATION). |
 | **API keys** | Sign up at URLs in [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md); add any new keys to `.env` |
 
@@ -90,7 +94,7 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led
   ```bash
   ./scripts/verify/check-contracts-on-chain-138.sh   # uses RPC_URL_138
   ```
-  Use `--dry-run` to list addresses only (no RPC):  
+  Use `--dry-run` to list addresses only (no RPC):
   `./scripts/verify/check-contracts-on-chain-138.sh --dry-run`
 
 ---

docs/00-meta/NEXT_STEPS_INDEX.md

@@ -1,11 +1,18 @@
 # Next Steps — Index
 
-**Last Updated:** 2026-03-28  
+**Last Updated:** 2026-04-29  
 **Purpose:** Single entry point for "what to do next." Pick by audience and granularity.
 
-**Latest automation run (2026-03-28):** `./scripts/run-completable-tasks-from-anywhere.sh` completed (config validation, 61/61 on-chain, validation, reconcile print). `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` completed (NPMplus 40 hosts updated, Blockscout verification batch submitted). **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
+**Latest live status (2026-04-29 ~10:50 UTC):** Full ladder re-run: **`run-completable-tasks-from-anywhere.sh --json-out reports/status/run-completable-tasks-latest.json`** (config, **61/61**, validation, non-EVM, reconcile JSON); **`run-all-operator-tasks-from-lan.sh --json-out reports/status/operator-tasks-latest.json`** (NPMplus backup + Blockscout verification); Chain 138 CCIP WETH9/WETH10 bridges funded with +10 LINK each; **real** `run-send-cross-chain.sh 0.0001` executed from Chain 138 WETH9 bridge to Ethereum Mainnet and relayed successfully. Source tx `0x4ed5319169c33d7ab76e592a39e9741115826c1be3ae7366359d288db39e3fe4`; message `0xcbf278baaa0da8a65c2a9ce87be7a3680b8b04596a7ee933f2494399b34a13e7`; Mainnet relay tx `0x8f988ff555549b82eec9ffd53f2aca56d19dbb8ac9aadb8a436c1769f471c660`; destination bridge processed = `true`. Token-aggregation public report API is live and current publication exports were regenerated under `docs/04-configuration/coingecko/exports/` (109-token unified list).
+
+**Earlier same day (~06:29 UTC):** Full ladder in `logs/next-steps-complete-20260429T062049Z.log`: **`run-completable-tasks-from-anywhere.sh`** (config, **61/61**, validation, non-EVM, reconcile JSON); **`run-all-next-steps-chain138.sh --skip-mirror --skip-mesh --skip-register-gru`** (preflight + verify); **`run-cw-remaining-steps.sh --verify --update-mapping`**; **`run-all-operator-tasks-from-lan.sh --json-out`** (Wave0 + backup + Blockscout); **`verify-end-to-end-routing.sh --profile=all`** (**49** domains, **0** failed; report under `docs/04-configuration/verification-evidence/e2e-verification-20260428_232634/`); **`fund-ccip-bridges-with-link.sh --dry-run`** (destination chains skipped — deployer **LINK** on destinations below default top-up); **`deployer-gas-auto-route.sh`**; second **`run-all-validation.sh --skip-genesis`** OK. Snapshot: [reports/status/live-network-check-latest.json](../reports/status/live-network-check-latest.json).
+
+**Earlier same day (~06:15 UTC):** Spot checks: Core head `0x450a7d`, mainnet `0x17d3947`, PMM balance script OK.
+
+**Still external / capital-gated:** Trust/Ledger PRs, **B.1/B.2** native gas on Cronos plus low gas on BSC/Optimism/Arbitrum/Base, **B.3** fund public-chain bridges with **LINK** on each chain (Chain 138 funded; destination deployer LINK shortfalls remain), LINK relay runbook, mainnet cWUSDC/USDC TVL management, HYBX 4.995 zip. **E2E / multichain forge:** use `smom-dbis-138/scripts/forge/scope.sh` for scoped scripts. **Besu node lists:** `bash scripts/deploy-besu-node-lists-to-all.sh`; reload `bash scripts/besu/restart-besu-reload-node-lists.sh` in a window if needed.
 
 **Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation.
+**Repo-local recommendation tracker:** [REPO_LOCAL_RECOMMENDATIONS_STATUS.md](REPO_LOCAL_RECOMMENDATIONS_STATUS.md) — current slice of recommendations that can be advanced directly in this workspace.
 
 **Continue and complete (operator/LAN):** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` not set). Operator scripts load dotenv automatically.
 
@@ -15,11 +22,11 @@
 
 | # | Action | Command / doc | Status |
 |---|--------|----------------|--------|
-| 1 | From anywhere: config + on-chain + validation | `./scripts/run-completable-tasks-from-anywhere.sh` | Done 2026-03-02 |
+| 1 | From anywhere: config + on-chain + validation | `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]` | Done 2026-04-29 |
 | 2 | Before Chain 138 deploy: preflight (RPC, dotenv, nonce, cost) | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` | Done 2026-03-02 |
-| 3 | **Chain 138 next steps (all in one):** preflight → mirror+pool → register c* as GRU → verify | `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` | Done 2026-03-02 |
-| 4 | Full deployment order (Phase 0–6) | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | Remaining (Operator) |
-| 5 | Operator: Blockscout, 502 fix, backup, deploy | [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | Remaining (Operator/LAN) |
+| 3 | **Chain 138 next steps (all in one):** preflight → mirror+pool → register c* as GRU → verify | `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` | Done 2026-04-29 (preflight+verify; mirror/mesh/GRU skipped — already applied) |
+| 4 | Full deployment order (Phase 0–6) | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) | Remaining (Operator, when extending stack) |
+| 5 | Operator: Blockscout, 502 fix, backup, deploy | [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | Done 2026-04-29 (routine); add `--deploy` / `--create-vms` only when intentionally redeploying |
 | 6 | Repos & PRs (Ledger, Trust, Chainlist, on-ramps; forms pending) | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) | Remaining (External) |
 | 7 | PR-ready files (Chainlist, Trust Wallet) | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) | Remaining |
 

docs/00-meta/NEXT_STEPS_LIST.md

@@ -1,7 +1,9 @@
 # Next Steps (ordered)
 
-**Last Updated:** 2026-03-06 (completion run: reconcile CCIPWETH10, runbooks, inbound table, PLACEHOLDERS, OPERATOR_CREDENTIALS, smom-dbis-138 README .env)  
-**Context:** Phase A mint + add-liquidity completed (Pool 1 cUSDT/cUSDC has 2M/2M). Below are remaining steps in recommended order.
+**Last Updated:** 2026-04-29
+**Live check (~10:50 UTC):** Chain 138 RPC OK, mainnet RPC OK, on-chain inventory **61/61**, `validate-config-files` + `run-all-validation --skip-genesis` OK, PMM balance script OK; details [live-network-check-latest.json](../reports/status/live-network-check-latest.json). Operator full run with NPMplus backup OK 2026-04-29. Real Chain 138 -> Ethereum Mainnet WETH proof succeeded and token-aggregation public reports are live.
+
+**Context:** Phase A mint + add-liquidity completed earlier (Pool 1 cUSDT/cUSDC funded; see PMM script for current public/private totals). Mainnet UniV2 cWUSDC/USDC LP exists; pool ratio can drift with swaps—re-add or rebalance when deepening TVL. Below are remaining steps in recommended order.
 
 **Refs:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md), [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md), [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md). **Full execution (all + optional, suggested order):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md).
 
@@ -15,7 +17,7 @@
 |---|------|--------|------------|--------|
 | B.1 | **Cronos (25)** | Fund deployer ~15 CRO → set CRONOS_RPC, CCIP_ROUTER_CRONOS, WETH9_CRONOS, WETH10_CRONOS in smom-dbis-138/.env → run `deploy-bridges-config-ready-chains.sh cronos` → `complete-config-ready-chains.sh` | Need CRO (use `./scripts/deployment/acquire-cro-and-wemix-gas.sh` for aggregator links) | ⏳ Blocked |
 | B.2 | **Wemix (1111)** | Fund deployer ~0.4 WEMIX → deploy bridges → complete-config | Need WEMIX (manual/aggregator; see [WEMIX_ACQUISITION_TABLED](../03-deployment/WEMIX_ACQUISITION_TABLED.md)) | ⏳ Blocked |
-| B.3 | **Fund CCIP with LINK** | Top up LINK and gas on 138 + each destination → run `./scripts/deployment/fund-ccip-bridges-with-link.sh` (dry-run first) | Insufficient LINK or gas per lane | ⏳ Blocked (dry-run ✅ 2026-03-06) |
+| B.3 | **Fund CCIP with LINK** | Chain 138 WETH9/WETH10 bridges are funded; top up LINK and gas on destination chains → `cd smom-dbis-138 && ./scripts/deployment/fund-ccip-bridges-with-link.sh` (`--dry-run` first; use `--link N` to lower default) | **2026-04-29:** Chain 138 funded + live Mainnet WETH proof complete; destination deployer LINK on public-chain RPCs remains below default top-up | ⏳ Blocked until LINK on destination chains |
 
 ---
 
@@ -24,7 +26,7 @@
 | # | Step | Action | Status |
 |---|------|--------|--------|
 | A2 | Token-aggregation indexes DODO | Ensure CHAIN_138_DODO_PMM_INTEGRATION is set in token-aggregation env; indexer running so `GET /api/v1/quote` returns DODO quotes. | ✅ Config set (smom-dbis-138/.env); build ✅; run service with env for quotes |
-| A3 | Expose token-aggregation API | Proxy `/api/v1/*` (e.g. explorer.d-bis.org) to token-aggregation, or set GATSBY_SNAP_API_BASE_URL for Snap. | ⏳ Pending |
+| A3 | Expose token-aggregation API | Proxy `/api/v1/*` (e.g. explorer.d-bis.org) to token-aggregation, or set GATSBY_SNAP_API_BASE_URL for Snap. | ✅ Live on `explorer.d-bis.org`; CoinGecko/CMC/token-list exports regenerated 2026-04-29 |
 
 ---
 
@@ -65,7 +67,7 @@
 |---|------|--------|--------|
 | E1 | Deployer gas on other chains | `./scripts/deployment/deployer-gas-auto-route.sh` (or --dry-run). | ✅ Script + dry-run verified 2026-03-06 |
 | E2 | CRO / WEMIX manual acquisition | `./scripts/deployment/acquire-cro-and-wemix-gas.sh` for aggregator links. | ✅ Script + config (cro-wemix-swap-routes.json) ready |
-| A4 | EnhancedSwapRouter on 138 | Only after Uniswap/Balancer pools exist on 138. | ⏳ Optional |
+| A4 | EnhancedSwapRouter on 138 | V1 is deployed; configure Balancer pool IDs and dApp/service route wiring when ready. | 🔄 Partial |
 | A5 | N-hop pathfinding | Add to token-aggregation if needed. | ⏳ Optional |
 | Phase D | XAU, vaults, trustless stack | [PHASE_D_OPTIONAL_CHECKLIST](../03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md). | ⏳ Optional |
 

docs/00-meta/NEXT_STEPS_MASTER.md

@@ -1,10 +1,12 @@
 # Next Steps — Master List
 
-**Last Updated:** 2026-02-16  
-**Document Version:** 1.3  
-**Status:** Active Documentation  
+**Last Updated:** 2026-04-29
+**Document Version:** 1.3
+**Status:** Active Documentation
 **Source:** Consolidated from REMAINING_TASKS.md, PHASES_AND_TASKS_MASTER.md, IMPLEMENTATION_CHECKLIST.md, REQUIRED_FIXES_UPDATES_GAPS.md
 
+**Live network + gate snapshot:** [reports/status/live-network-check-latest.json](../reports/status/live-network-check-latest.json) — refreshed 2026-04-29; see [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md) for the latest automation paragraph.
+
 ---
 
 ## Purpose
@@ -13,11 +15,11 @@ This document is the **single source of truth** for all next steps and remaining
 
 **Consolidated checklist (all next steps + remaining TODOs):** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — single list with Operator/LAN vs in-repo marked. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). **Optional tasks only (Done / Pending):** [OPTIONAL_TASKS_CHECKLIST.md](OPTIONAL_TASKS_CHECKLIST.md).
 
-**Your next actions:** [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md) — Ledger form ✅ submitted (2026-02-13); all remaining steps optional (Blockscout, on-chain check, etc.).  
-**Remaining components, tasks, and all recommendations:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) — single list of what’s left and what to implement.  
-**Consolidated review:** [REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md](REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md).  
-**Step-by-step for each task:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) — Wave 0–3, cron, API keys; "Can be accomplished now" and completion note (2026-02-05).  
-**Single reference (all tasks + detailed steps):** [ALL_TASKS_DETAILED_STEPS.md](ALL_TASKS_DETAILED_STEPS.md) — index, blockers, and exact steps per task (2026-02-12).  
+**Your next actions:** [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md) — Ledger form ✅ submitted (2026-02-13); all remaining steps optional (Blockscout, on-chain check, etc.).
+**Remaining components, tasks, and all recommendations:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) — single list of what’s left and what to implement.
+**Consolidated review:** [REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md](REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md).
+**Step-by-step for each task:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) — Wave 0–3, cron, API keys; "Can be accomplished now" and completion note (2026-02-05).
+**Single reference (all tasks + detailed steps):** [ALL_TASKS_DETAILED_STEPS.md](ALL_TASKS_DETAILED_STEPS.md) — index, blockers, and exact steps per task (2026-02-12).
 **Execution order (full maximum parallel):** [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) — run all items in the same wave concurrently (Wave 0 → 1 → 2 → 3).
 
 ---
@@ -213,7 +215,7 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed;
 
 ## Master TODO Task List
 
-**[TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md)** — Single-file checklist (high/medium/LAN/low/external/phases/validation).  
+**[TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md)** — Single-file checklist (high/medium/LAN/low/external/phases/validation).
 **[TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md)** — Consolidated fixes, enhancements, gas steps, known issues, and recommendations (1–139).
 
 ---
@@ -229,6 +231,6 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed;
 
 ---
 
-**Last Updated:** 2026-03-02  
-**Maintained By:** Infrastructure Team  
+**Last Updated:** 2026-03-02
+**Maintained By:** Infrastructure Team
 **Entry point:** Use [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md) as the single entry for "what to do next"; this document is the expanded master list.

docs/00-meta/NEXT_STEPS_OPERATOR.md

@@ -1,8 +1,10 @@
 # Next Steps — Operator Runbook
 
-**Last Updated:** 2026-03-26  
+**Last Updated:** 2026-04-29
 **Purpose:** Single runbook of copy-paste commands for all remaining operator/LAN/creds steps. Use after automated steps are done.
 
+**Latest operator pass (2026-04-29):** `run-all-operator-tasks-from-lan.sh` (no `--skip-backup`) — NPMplus **40** proxy hosts updated, **0** failed; NPMplus backup to `backups/npmplus/`; Blockscout verification batch. Live RPC + 61/61 + CI gates: [live-network-check-latest.json](../reports/status/live-network-check-latest.json).
+
 **References:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md), [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md), [INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md](../03-deployment/INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md). **Single fixes checklist (required + optional):** [FIXES_PREPARED.md](../04-configuration/FIXES_PREPARED.md). **Full fixes (validators, block/tx, Sentries, RPCs, network, optional):** [FULL_FIXES_PREPARED.md](../04-configuration/FULL_FIXES_PREPARED.md). **All next steps (consolidated):** [NEXT_STEPS_ALL.md](NEXT_STEPS_ALL.md). **Dev/Codespaces (76.53.10.40):** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md). **Dev/Codespaces completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md).
 
 ---
@@ -243,7 +245,7 @@ From **LAN** (SSH to Proxmox + reach NPMplus):
 ## After running "complete all next steps"
 
 1. **Automated (workspace):** `bash scripts/run-all-next-steps.sh` — report in `docs/04-configuration/verification-evidence/NEXT_STEPS_RUN_*.md`.
-2. **Validators + tx-pool:** `bash scripts/fix-all-validators-and-txpool.sh` (requires SSH to .10, .11).
+2. **Validators + tx-pool:** `bash scripts/fix-all-validators-and-txpool.sh` then `bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh` then `bash scripts/clear-all-transaction-pools.sh` (requires SSH to .11, .12, .13, .14).
 3. **Flush stuck tx (if any):** `bash scripts/flush-stuck-tx-rpc-and-validators.sh --full` (clears RPC 2101 + validators 1000–1004).
 4. **Verify from LAN:** From a host on 192.168.11.x run `bash scripts/monitoring/monitor-blockchain-health.sh` and `bash scripts/skip-stuck-transactions.sh`. See [NEXT_STEPS_COMPLETION_RUN_20260208.md](../04-configuration/verification-evidence/NEXT_STEPS_COMPLETION_RUN_20260208.md) § Verify from LAN.
 

docs/00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md

@@ -19,6 +19,7 @@
 | **RPC_URL_138** (Chain 138 Core) | Deploy, verify, on-chain check | e.g. `http://192.168.11.211:8545` in `.env` |
 | **NPM_PASSWORD** | NPMplus backup, proxy host updates (502 fix) | `smom-dbis-138/.env` or root `.env`; from NPMplus UI |
 | **SSH to Proxmox** (e.g. root@192.168.11.10) | run-all-maintenance-via-proxmox-ssh, VM/CT creation, token-aggregation fix | SSH key or password to Proxmox host |
+| **SSH to dev VM** (CT 5700, `192.168.11.59`) | Gitea runner, `phoenix-deploy-api`, remote operator / automation (e.g. Devin) | LAN, VPN, UDM `76.53.10.40:22` allowlist, or [Cloudflare Tunnel + Access](../04-configuration/DEV_VM_SSH_REMOTE_ACCESS.md) |
 | **LINK** (on Chain 138 for bridge) | sendCrossChain (real); CCIP fees | Deployer wallet must hold LINK and approve bridge |
 | **Native gas (ETH/138)** | All Chain 138 deploys and txs | Deployer `0x4A66...` funded on 138 |
 | **Per-chain RPC + gas (Celo, Wemix, Gnosis)** | CCIP bridges deploy | CELO ~0.1, WEMIX ~0.4; RPC URLs in .env |

docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md

@@ -0,0 +1,80 @@
+# Operator Handoff — 2026-04-24
+
+Purpose: concise handoff for the Chain 138 Besu hardening, repo cleanup, and Git/Gitea recovery work completed on 2026-04-24.
+
+## What changed
+
+- Chain 138 block production and validator peer health were restored and hardened.
+- Strict future-txpool handling is now part of the standard incident path.
+- Duplicate legacy Besu RPC CTs were first retired, then destroyed after the canonical fleet was verified healthy.
+- Besu inventory was reconciled across all 5 Proxmox nodes, including `r630-03` and `r630-04`.
+- `1509` and `1510` were promoted into the canonical Besu inventory and checked-in allowlists/templates.
+- A cluster-wide Besu inventory audit was added so host-placement ambiguity is caught mechanically.
+- Surgical repo cleanup was completed, nested repos were cleaned and pushed, and the parent repo was reconciled across Gitea and GitHub.
+- `gitea.d-bis.org` TLS was repaired after an expired certificate blocked HTTPS pushes.
+
+## Current live status
+
+As of the final 2026-04-24 checks:
+
+- `bash scripts/monitoring/monitor-blockchain-health.sh`
+  - block production active
+  - all 5 validators active
+  - RPC peer count healthy
+  - global txpool empty
+  - overall status `HEALTHY`
+- `bash scripts/verify/check-cluster-besu-inventory.sh --json`
+  - all 5 Proxmox nodes online
+  - `missing_canonical_vmids = []`
+  - `unexpected_besu_resources = []`
+
+## Canonical Chain 138 incident sequence
+
+Use this exact sequence when block production stalls, pending hashes keep reappearing, or future-nonce residue survives a normal txpool clear:
+
+```bash
+bash scripts/fix-all-validators-and-txpool.sh
+bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh
+bash scripts/clear-all-transaction-pools.sh
+bash scripts/monitoring/monitor-blockchain-health.sh
+```
+
+## Gitea TLS follow-up
+
+The immediate HTTPS push blocker was an expired certificate on `gitea.d-bis.org`. The certificate was renewed and reattached through NPMplus #4, and the endpoint now verifies cleanly again.
+
+Root cause of the short warning window: the live NPMplus certbot renewal config for `npm-7` included `required_profile = shortlived`, which forced a 7-day Let's Encrypt certificate instead of the normal 90-day issuance.
+
+That live config was corrected on 2026-04-24 and `gitea.d-bis.org` was reissued successfully. The current live certificate now expires on `2026-07-24`.
+
+Use this to check expiry before it becomes an outage:
+
+```bash
+bash scripts/verify/check-gitea-certificate-expiry.sh
+WARN_DAYS=30 bash scripts/verify/check-gitea-certificate-expiry.sh
+bash scripts/maintenance/schedule-gitea-cert-check-cron.sh --install
+```
+
+## Checkpoint commits
+
+Key parent-repo commits in the final reconciliation chain:
+
+- `a4738c1` merge of `gitea/master` into cleaned local `master`
+- `c23fdf4` explorer submodule alignment to a remote-backed commit
+- `7e2d9c5` the-order hook fix pointer update
+- `a1eacd3` duplicate Besu CT destruction + cluster inventory audit
+- `780648a` thirdweb sentries added to checked-in allowlists/templates
+- `219247b` Besu verifier gaps and monitor noise cleanup
+
+Key nested-repo commits:
+
+- `cross-chain-pmm-lps` `1cf845c`
+- `explorer-monorepo` remote already contained the equivalent live deploy workflow
+- `smom-dbis-138` `f3d2961`
+- `the-order` `702a836`
+
+## Recommended operator habits
+
+- Run `bash scripts/verify/check-cluster-besu-inventory.sh --json` after major topology or host-placement changes.
+- Run `bash scripts/verify/check-gitea-certificate-expiry.sh` periodically or wire it into a cron/monitoring path.
+- Keep parent-repo submodule pointer pushes behind successful child-repo pushes so no local-only hashes leak into the parent history.

docs/00-meta/OPERATOR_READY_CHECKLIST.md

@@ -15,6 +15,10 @@
 
 **Current live execution path:** [LIVE_SESSION_CRONOS_AND_TIER1_PHASE_C.md](../03-deployment/LIVE_SESSION_CRONOS_AND_TIER1_PHASE_C.md) — close Cronos config + LINK, then activate Tier 1 Phase C on Gnosis, Polygon, and BSC. **Current priority docs:** [FULLY_OPERATIONAL_EXECUTION_CHECKLIST.md](FULLY_OPERATIONAL_EXECUTION_CHECKLIST.md), [PHASE_C_PROFIT_FIRST_PRIORITY.md](../03-deployment/PHASE_C_PROFIT_FIRST_PRIORITY.md), [PHASE_C_TIER1_EXECUTION_TASK_SHEET.md](../03-deployment/PHASE_C_TIER1_EXECUTION_TASK_SHEET.md).
 
+**Chain 138 txpool incident standard path:** `bash scripts/fix-all-validators-and-txpool.sh` then `bash scripts/maintenance/apply-chain138-strict-future-tx-pool.sh` then `bash scripts/clear-all-transaction-pools.sh` then `bash scripts/monitoring/monitor-blockchain-health.sh`. Use this sequence when block production stalls, pending hashes keep reappearing, or future-nonce residue survives a normal txpool clear.
+
+**Gitea HTTPS push safeguard:** `bash scripts/verify/check-gitea-certificate-expiry.sh` (optional: `WARN_DAYS=30 bash scripts/verify/check-gitea-certificate-expiry.sh`). Use this when Git over HTTPS starts failing, or run it proactively before major push/deploy windows. To keep it checked automatically: `bash scripts/maintenance/schedule-gitea-cert-check-cron.sh --install`.
+
 ---
 
 ## Completed in this session (2026-03-26)

docs/00-meta/REMAINING_SUMMARY.md

@@ -1,7 +1,7 @@
 # Remaining Work — Summary
 
-**Last Updated:** 2026-02-27  
-**Purpose:** Single place for what remains. All in-repo runnable tasks are **complete**; remaining work is **operator/LAN** or **external**.
+**Last Updated:** 2026-04-29
+**Purpose:** Single place for what remains. In-repo gates and live checks are **green** (61/61 on-chain, validation, PMM balance script); the Chain 138 -> Ethereum Mainnet WETH relay path has a successful live 0.0001 WETH proof; remaining work is **capital** (public-chain gas/LINK/TVL), **operator/LAN extensions**, or **external**.
 
 ---
 
@@ -9,15 +9,19 @@
 
 To complete all automatable steps from this repo:
 
-1. **From anywhere (no LAN):**  
-   `./scripts/run-completable-tasks-from-anywhere.sh`  
-   — Config validation, on-chain 59/59 check, run-all-validation --skip-genesis, reconcile-env.
+1. **From anywhere (no LAN):**
+   `./scripts/run-completable-tasks-from-anywhere.sh`
+   — Config validation, on-chain 61/61 check, run-all-validation --skip-genesis, reconcile-env.
 
-2. **From LAN (with dotenv):**  
-   `./scripts/run-all-operator-tasks-from-lan.sh`  
+2. **From LAN (with dotenv):**
+   `./scripts/run-all-operator-tasks-from-lan.sh`
    — Loads dotenv from repo `.env` and `smom-dbis-138/.env` automatically. Runs NPMplus RPC fix, backup (if NPM_PASSWORD set), Blockscout verification. Add `--deploy` or `--create-vms` as needed.
 
-Optional: `--skip-backup` if NPM_PASSWORD not set; `--dry-run` to print steps only.
+Optional: `--skip-backup` if NPM_PASSWORD not set; `--dry-run` to print steps only. **2026-04-29:** full operator with backup verified OK.
+
+**2026-04-29 live bridge proof:** Chain 138 CCIP WETH9/WETH10 bridge LINK balances were topped up by +10 LINK each. A real WETH9 bridge send completed Chain 138 -> Ethereum Mainnet: source tx `0x4ed5319169c33d7ab76e592a39e9741115826c1be3ae7366359d288db39e3fe4`, message `0xcbf278baaa0da8a65c2a9ce87be7a3680b8b04596a7ee933f2494399b34a13e7`, Mainnet relay tx `0x8f988ff555549b82eec9ffd53f2aca56d19dbb8ac9aadb8a436c1769f471c660`, destination processed = `true`.
+
+**2026-04-29 publication proof:** token-aggregation public reports are reachable through `https://explorer.d-bis.org/api/v1/report/*`; fresh CoinGecko, CMC, token-list, and cross-chain exports were regenerated in `docs/04-configuration/coingecko/exports/` with a 109-token unified list.
 
 ---
 
@@ -26,10 +30,10 @@ Optional: `--skip-backup` if NPM_PASSWORD not set; `--dry-run` to print steps on
 | Item | Status |
 |------|--------|
 | Config validation | ✅ `validate-config-files.sh` passed |
-| On-chain check (Chain 138) | ✅ 59/59 contracts present |
-| run-all-validation (--skip-genesis) | ✅ Passed |
+| On-chain check (Chain 138) | ✅ **61/61** contracts present (canonical script) |
+| run-all-validation (--skip-genesis) | ✅ Passed (2026-04-29) |
 | Preflight (dotenv, RPC, nonce) | ✅ Passed |
-| run-all-next-steps-chain138 | ✅ Preflight; mirror/pool present; 12 c* GRU-registered; 59/59 verify |
+| run-all-next-steps-chain138 | ✅ Preflight; mirror/pool present; 12 c* GRU-registered; **61/61** verify |
 | run-completable-tasks-from-anywhere | ✅ All 4 steps passed |
 | MCP plan upgrades (8 items) | ✅ Implemented (multi-chain, Uniswap, bot_state, webhook, merge script, limits, audit, router stub) |
 | Optional docs/runbooks | ✅ Explorer Wallet link runbook; optional tasks checklist; merge allowlist script |
@@ -60,12 +64,12 @@ Optional: `--skip-backup` if NPM_PASSWORD not set; `--dry-run` to print steps on
 |---|------|----------------|
 | 1 | Full deployment order (Phase 0–6) | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) |
 | 2 | Add liquidity (PMM pools), ensure DODOPMMProvider registered | [PRE_DEPLOYMENT_CHECKLIST](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md), [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) |
-| 3 | Blockscout verify, 502 fix, NPMplus backup, optional deploy | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]` · [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) |
+| 3 | Blockscout verify, 502 fix, NPMplus backup, optional deploy | ✅ Routine run completed 2026-04-29. Re-run with `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]` only when intentionally deploying new surfaces. |
 | 4 | E2E 502 fix | `./scripts/maintenance/address-all-remaining-502s.sh [--run-besu-fix] [--e2e]` · [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md) |
-| 5 | Gnosis / Celo / Wemix CCIP bridges | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) |
+| 5 | Gnosis / Celo / Wemix / other public-chain CCIP bridge top-ups and final E2E sends | Chain 138 bridge LINK is funded; destination-chain LINK and gas remain capital-gated. See [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). |
 | 6 | LINK support on Mainnet relay | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) |
 | 7 | E2E flow waves E1–E7 (liquidity, CCIP fund, token-aggregation, Blockscout, L2 PMM, bridge UI) | `./scripts/run-e2e-flow-tasks-full-parallel.sh` · [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md) |
-| 8 | Token-aggregation DB + deploy | `./scripts/apply-token-aggregation-fix.sh` (VMID 5000; may need postgres) |
+| 8 | Token-aggregation DB + deploy/public proxy | ✅ Public report API verified and publication exports regenerated 2026-04-29. Use `./scripts/apply-token-aggregation-fix.sh` only if the VM DB health regresses. |
 | 9 | Explorer Wallet link (add to navbar) | [EXPLORER_WALLET_LINK_QUICK_WIN.md](../04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md) — run on explorer VM |
 
 ---

docs/00-meta/REPO_LOCAL_RECOMMENDATIONS_STATUS.md

@@ -0,0 +1,70 @@
+# Repo-Local Recommendations Status
+
+**Purpose:** Track the recommendations that can be advanced directly in this repo without requiring LAN-only access, private credentials, or third-party approvals.
+
+**Canonical sources:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md), [ADDITIONAL_RECOMMENDATIONS_TABLE.md](ADDITIONAL_RECOMMENDATIONS_TABLE.md), [RECOMMENDATIONS_AND_SUGGESTIONS.md](../10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md).
+
+**Interpretation rule:** This page is only for **repo-local execution**. Operator/LAN tasks and external/vendor tasks stay in their own runbooks and checklists.
+
+---
+
+## Recently advanced in this workspace
+
+| Area | Recommendation thread | Repo-local progress |
+|---|---|---|
+| Script UX | Progress indicators / execution visibility | `scripts/run-completable-tasks-from-anywhere.sh` and `scripts/verify/run-all-validation.sh` now print start time, per-step timing, and total elapsed time. |
+| Metrics collection | Machine-readable run summaries | `scripts/lib/run-summary.sh` now backs optional `--json-out` summaries for the two main no-LAN runners, writing per-step status/timing JSON under `reports/status/` when requested. |
+| Wrapper consistency | Shared summary coverage on orchestration entry points | The E2E, Chain 138 next-steps, and LAN operator wrappers now also expose optional `--json-out` summaries using the same shared helper. |
+| Monitoring / health checks | Public non-EVM reachability + lane status | Added `scripts/verify/check-non-evm-network-health.sh`, `scripts/verify/build-non-evm-lane-status.py`, and generated outputs under `reports/status/`. |
+| Documentation accuracy | Keep docs aligned with current runner behavior | Stale `Step 1/4–4/4` references were refreshed to the current five-step runner behavior. |
+| Documentation discoverability | Cross-links from canonical entry points | Added non-EVM health/lane references to `MASTER_INDEX.md`, `NEXT_STEPS_INDEX.md`, and `scripts/verify/README.md`. |
+
+---
+
+## Repo-local recommendation buckets
+
+### 1. In progress now
+
+| Recommendation | Status | Current repo state |
+|---|---|---|
+| Progress indicators in scripts | Completed for canonical high-use wrappers | Main no-LAN runners plus the E2E, Chain 138 orchestration, and LAN operator wrappers now show clear execution progress and timing. |
+| Improve troubleshooting and quick-reference discoverability | Advanced | Existing quick-reference and troubleshooting docs are present; index coverage is being improved incrementally instead of creating duplicates. |
+| Script header consistency | Partially addressed | New scripts follow the header pattern; older scripts still vary. Use [SCRIPT_HEADER_TEMPLATE.md](../10-best-practices/SCRIPT_HEADER_TEMPLATE.md) when touching them. |
+| Documentation accuracy review | Ongoing | Current pass fixed runner-step drift and added new reference links; broader stale-status review remains ongoing. |
+
+### 2. Ready for more repo-local work
+
+| Recommendation | Why it is still repo-local | Suggested next move |
+|---|---|---|
+| Script header/template normalization | Completed for touched canonical wrappers | High-use wrapper scripts edited in this pass now follow the current header/help/argument-validation pattern. |
+| Input validation in scripts | Completed for touched canonical wrappers | The main wrapper scripts now reject unknown args and validate `--wave` / `--json-out` input rather than silently accepting drift. |
+| Structured logging for scripts | Advanced | Shared timing/summary behavior is centralized in `scripts/lib/run-summary.sh`; deeper log-level normalization outside the canonical wrappers is no longer part of the active repo-local backlog. |
+| Developer documentation / standards | Completed for current canonical flows | Canonical docs now reflect current five-step/no-LAN flow, current 61-address on-chain checks, and summary JSON support. |
+| Metrics collection for script execution | Completed for canonical wrappers | Main no-LAN, E2E, Chain 138, and LAN operator wrappers now support optional `--json-out` summaries with per-step status/timing. |
+
+### 3. Not repo-local in this workspace
+
+| Recommendation | Reason |
+|---|---|
+| Blockscout verification settlement, Proxmox firewall changes, SSH hardening, validator key permissions | Requires LAN/host access and sometimes secrets. |
+| CoinGecko / CMC / Ledger / Trust Wallet / Consensys / Chainlist submissions | Requires external accounts, outreach, or third-party review. |
+| Real bridge sends, operator backups, Proxmox VM provisioning | Requires private keys, LAN, or live infrastructure changes. |
+
+---
+
+## Current repo-local completion state
+
+The currently identified **repo-local** recommendation backlog in the canonical trackers has been advanced to completion for the main wrapper scripts, validation runners, and index docs. What remains is either:
+
+1. operator/LAN execution,
+2. secrets-required live actions,
+3. third-party/vendor follow-through,
+4. or future maintenance when script behavior changes again.
+
+---
+
+## Pointers
+
+- For **all** recommendations: [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md)
+- For **operator / LAN** actions: [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md)
+- For **next-step routing**: [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md)

docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md

@@ -97,7 +97,7 @@ Commands run from repo root on operator/LAN host. Use as baseline; re-run when e
 
 | Item | Status | Script / notes |
 |------|--------|----------------|
-| **EnhancedSwapRouter** | Not deployed | Deploy when Uniswap/Balancer pools exist on 138; set quoter/poolId. |
+| **EnhancedSwapRouter V1** | Deployed | `0xE6Cc7643ae2A4C720A28D8263BC4972905d7DE0f`; Paris bytecode; Stack-A DODO wiring. **Phase 3j (on-chain):** cBTC/cUSDT, cBTC/cUSDC, and cBTC/cXAUC pools registered bidirectionally in `dodoPoolAddresses`. **Remaining:** Balancer `setBalancerPoolId` per pair; atomic-swap dApp route registry (`?useEnhancedRouter=1` legs); **wallet UX:** batch approve + swap (and similar) via **EIP-5792** `wallet_sendCalls` where the wallet/RPC supports it — see [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) (EIP-5792 subsection). |
 | **Add liquidity to PMM pools** | Pending | Use [ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK](../03-deployment/ADD_LIQUIDITY_PMM_CHAIN138_RUNBOOK.md); set ADD_LIQUIDITY_* in .env; approve and addLiquidity per pool. |
 | **Optional cCADT** | Not deployed | Add to DeployCompliantFiatTokens.s.sol if Tether-style CAD needed. |
 | **cAUSDT** | Not deployed | No script in repo; deploy when Alltra compliant USD token is defined. |

docs/00-meta/TODOS_CONSOLIDATED.md

@@ -1,16 +1,18 @@
 # TODOs — Consolidated Task List
 
-**Last Updated:** 2026-03-28  
-**Last verification run:** 2026-03-28 — completable ✅ (61/61 on-chain), operator `--skip-backup` ✅ (NPMplus 40 hosts updated, Blockscout verify batch). Prior 2026-03-06 run: validate-config ✅, check-contracts, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, E2E routing ✅ (37 domains, 0 failed). **Mint + add-liquidity** 2026-03-06: 1M each minted, 500k each added. **Next-steps check:** [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md); B.1/B.2/B.3 partially blocked (WEMIX tabled; LINK relay runbook pending).  
+**Last Updated:** 2026-04-29  
+**Last verification run:** 2026-04-29 ~13:30 UTC (Cursor session) — **`run-completable-tasks-from-anywhere.sh`** ✅ (config + **61/61** on-chain + `run-all-validation --skip-genesis` + non-EVM + reconcile print) → [run-completable-tasks-latest.json](../reports/status/run-completable-tasks-latest.json); **`run-all-operator-tasks-from-lan.sh --skip-backup --json-out`** ✅ (NPMplus **40** hosts updated, **0** failed; W0-3 backup skipped; Blockscout verify submissions incl. DODOPMMIntegration / DODOPMMProvider / TransactionMirror); **`run-all-next-steps-chain138.sh --skip-mirror`** ✅ (PMM desired-state 24/24; GRU registration + **61/61** verify; total ~12m incl. cold forge compile) → [run-all-next-steps-chain138-latest.json](../reports/status/run-all-next-steps-chain138-latest.json); **`verify-end-to-end-routing.sh --profile=all`** ✅ **49** domains, **0** failed → `docs/04-configuration/verification-evidence/e2e-verification-20260429_062941/`; **`check-gitea-certificate-expiry.sh`** ✅ (~**85** days); **`smom-dbis-138/scripts/deployment/fund-ccip-bridges-with-link.sh --dry-run`** — chains **skipped** (deployer **LINK** below default **10 LINK** per bridge on listed RPCs; Mainnet balance below threshold); **`deployer-gas-auto-route.sh`** ✅; **`run-send-cross-chain.sh 0.0001 --dry-run`** ✅ (prints cast; confirm fee/LINK before non-dry broadcast); **`submodules-clean.sh`** ❌ **dirty** `atomic-swap-dapp`, `explorer-monorepo`, `smom-dbis-138` (local WIP — commit/stash or discard before CI submodule gate). **Still blocked:** B.3 fund bridges with LINK, real W0-2 send until economics verified, HYBX manual artifacts, submodule hygiene for green `submodules-clean`.  
 **Purpose:** Single checklist of all next steps and remaining tasks. **Indonesia / HYBX-BATCH-001 zip (4.995 ship-ready):** [HYBX-BATCH-001 — transaction package ship-ready](#hybx-batch-001--transaction-package-ship-ready-4995) below. **Full execution order (multiple routes + liquidity):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md). **Additional paths (registry, LiFi/Jumper, Etherlink, 13×13):** [ADDITIONAL_PATHS_AND_EXTENSIONS.md](../04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md). **Dotenv/markdown audit (required info, gaps, recommendations):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md). Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). **Routing / swap / cross-chain:** [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md) (A1–A5, B1–B8, C1–C8, D1–D3, E1–E2). **Verified list (LAN/Operator):** [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) — run bash/curl to confirm; doc updated 2026-03-03.
 
-**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md).
+**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh [--json-out reports/status/run-completable-tasks-latest.json]`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify] [--json-out reports/status/run-all-next-steps-chain138-latest.json]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms] [--json-out reports/status/run-all-operator-tasks-latest.json]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run] [--json-out reports/status/run-e2e-flow-tasks-latest.json]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md).
 
 **Full deployment order:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — Phase 0–6. **Remaining for full network coverage:** [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) — A: mint + add liquidity (138) → B–D. **Status to continue (before Phase A mint):** [REMAINING_DEPLOYMENTS § Status to continue](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) and [CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS §7](../04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md) — restart validator 1004, clear tx pool, then mint. **Phase execution 2026-03-04:** A.1 attempted (tx timeout); A.2 pending; B.1 Celo ✅; B.2 Wemix blocked; B.3 fund-ccip ready; Phase C/D runbooks. **Full plan:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
 
-**Last completable run (2026-03-02):** Config validation OK; on-chain 59/59; run-all-validation --skip-genesis OK; reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool present; 12 c* already GRU-registered; verification 59/59. Documentation: MASTER_INDEX, README, RUNBOOKS_MASTER_INDEX created; deprecated list and consolidation plan updated. Progress indicators (Step 1/4–4/4) in run-completable-tasks-from-anywhere.sh. E2E flow tasks script and doc updates (ADDRESS_MATRIX_AND_STATUS, RECOMMENDATIONS R2, NEXT_STEPS_FOR_YOU) completed. **Optional completed (2026-02-27 / 2026-03-01):** DeployCompliantFiatTokens (10 tokens); Blockscout verification; MCP allowlist-138; add-liquidity runbook; token-aggregation fallbacks + ENV_EXAMPLE_CONTENT; E2E routing verification; PMM_DEX_ROUTING_STATUS + REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS updated; cCADT line (commented) in DeployCompliantFiatTokens.s.sol. **Within-scope list (2026-02-27):** CompliantWrappedToken.sol; DeployCompliantFiatTokensForChain.s.sol (c* any chain); DeployCWTokens.s.sol (cWUSDT/cWUSDC); deploy-tokens-and-weth-all-chains-skip-canonical.sh extended with --deploy-c, --deploy-cw, 651940 env validation; TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS §6 implemented; ENV_EXAMPLE_CONTENT c*/cW*/651940 vars. **2026-02-27:** Deployment order doc, preflight script, deployment safety added; todos synced.
+**Latest repo-local automation refresh (2026-04-23):** `run-all-validation.sh --skip-genesis --json-out reports/status/run-all-validation-latest.json` passed; advisory non-EVM reachability refreshed (Solana slot 415173228, Tron block 82099136 / chain id 728126428, XRPL validated ledger 103760578). The canonical wrapper scripts now support optional machine-readable run summaries via `--json-out`: `run-completable-tasks-from-anywhere.sh`, `run-e2e-flow-tasks-full-parallel.sh`, `run-all-next-steps-chain138.sh`, and `run-all-operator-tasks-from-lan.sh`.
 
-**Verified (LAN/Operator) 2026-03-06:** Preflight ✅; Core RPC 192.168.11.211:8545 ✅; deployer balance script ✅ (native ETH OK; WETH/cUSDT/cUSDC = 0 → add liquidity blocked); on-chain 59/59 ✅; config validation ✅; token-aggregation build ✅; E2E 502s fixed (address-all-remaining-502s + NPM; E2E 37 domains 0 failed); operator script run ✅ (NPMplus RPC fix, Blockscout verify). **Earlier:** 2026-03-03–04 deployer balance, on-chain, DODOPMMIntegration canonical cUSDT/cUSDC — [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8.
+**Last completable run (current canonical flow):** Config validation OK; on-chain 61/61; run-all-validation --skip-genesis OK; non-EVM status refresh OK; reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool present; 12 c* already GRU-registered; verification 61/61. Documentation: MASTER_INDEX, README, RUNBOOKS_MASTER_INDEX created; deprecated list and consolidation plan updated. Progress indicators and summary JSON support were added across the canonical wrapper scripts. **Optional completed (2026-02-27 / 2026-03-01):** DeployCompliantFiatTokens (10 tokens); Blockscout verification; MCP allowlist-138; add-liquidity runbook; token-aggregation fallbacks + ENV_EXAMPLE_CONTENT; E2E routing verification; PMM_DEX_ROUTING_STATUS + REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS updated; cCADT line (commented) in DeployCompliantFiatTokens.s.sol. **Within-scope list (2026-02-27):** CompliantWrappedToken.sol; DeployCompliantFiatTokensForChain.s.sol (c* any chain); DeployCWTokens.s.sol (cWUSDT/cWUSDC); deploy-tokens-and-weth-all-chains-skip-canonical.sh extended with --deploy-c, --deploy-cw, 651940 env validation; TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS §6 implemented; ENV_EXAMPLE_CONTENT c*/cW*/651940 vars. **2026-02-27:** Deployment order doc, preflight script, deployment safety added; todos synced.
+
+**Verified (LAN/Operator) 2026-03-06:** Preflight ✅; Core RPC 192.168.11.211:8545 ✅; deployer balance script ✅ (native ETH OK; WETH/cUSDT/cUSDC = 0 → add liquidity blocked); on-chain 59/59 at the time ✅; config validation ✅; token-aggregation build ✅; E2E 502s fixed (address-all-remaining-502s + NPM; E2E 37 domains 0 failed); operator script run ✅ (NPMplus RPC fix, Blockscout verify). **Current canonical on-chain check:** 61/61. **Earlier:** 2026-03-03–04 deployer balance, on-chain, DODOPMMIntegration canonical cUSDT/cUSDC — [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8.
 
 **Operator copy-paste commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — one page with exact commands for every pending todo.
 
@@ -65,7 +67,7 @@
 
 ## First (before any Chain 138 deploy)
 
-Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSDT/cUSDC = 0), config validation ✅, on-chain 59/59 ✅. Re-run 0a/0/0c before each deploy.
+Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSDT/cUSDC = 0), config validation ✅, on-chain 59/59 at the time ✅. Current canonical on-chain check: 61/61. Re-run 0a/0/0c before each deploy.
 
 | # | Task | Owner | Ref |
 |---|------|--------|-----|

docs/02-architecture/CLIENT_DIVISION_TERMINOLOGY.md

@@ -0,0 +1,147 @@
+# Client And Division Terminology
+
+**Last Updated:** 2026-04-22  
+**Status:** Canonical terminology baseline for Phoenix, Sankofa, and Gitea alignment  
+**Related:** [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md), [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [SERVICE_DESCRIPTIONS.md](SERVICE_DESCRIPTIONS.md), [../04-configuration/PHOENIX_DEPLOY_API_GITEA_INTEGRATION.md](../04-configuration/PHOENIX_DEPLOY_API_GITEA_INTEGRATION.md)
+
+---
+
+## Purpose
+
+Define the canonical vocabulary for the **commercial / governance layer** and keep it distinct from:
+
+- **technical tenancy**
+- **identity provider terminology**
+- **network / infrastructure placement terminology**
+- **Mifos / Fineract business-model terminology**
+
+Use these terms consistently in docs, APIs, config, and UI copy unless a client requires a more specific business label.
+
+---
+
+## Canonical mappings
+
+| Canonical term | Equivalent / current implementation | Use |
+|----------------|--------------------------------------|-----|
+| **Client** | GitHub **Enterprise**; Azure **billing profile**; current Gitea **Organization** | Top-level commercial / governance account |
+| **Division** | Client-specific subdivision | Generic umbrella term below Client |
+| **Division type** | `realm`, `nexus`, `department`, `program`, `legal_entity`, `region`, `office`, `workspace`, etc. | Technical normalization of how a client structures divisions |
+| **Tenant** | Phoenix / Kubernetes / app isolation unit | Technical tenancy only |
+| **Site** | Proxmox / network / physical location | Infrastructure placement only |
+
+**Rule:** when the repo needs a neutral term, prefer **Client** and **Division**.
+
+---
+
+## Current clients
+
+These are the canonical Phoenix client records and should be treated as the top governance / commercial layer:
+
+- `DBIS`
+- `ICCC`
+- `OMNL`
+- `XOM`
+- `AR`
+- `EI`
+- `PANDA`
+- `SAID`
+
+In current Gitea implementation, each of these maps to an **Organization**.  
+In Phoenix product language, each of these maps to a **Client**.
+
+---
+
+## Division model
+
+Each client may implement subdivisions differently. Phoenix must remain flexible enough to support:
+
+- business labels that are client-specific
+- multiple subdivision types under one client
+- optional mapping from business divisions to technical tenants
+
+Recommended normalized model:
+
+```text
+Client
+  Division
+    Repository / App / Service / Workspace / Environment
+```
+
+Examples:
+
+- `AR`
+  - divisions labeled **Realms**
+  - divisions labeled **Nexus**
+- `OMNL`
+  - divisions labeled **legal entities**
+  - divisions labeled **programs**
+  - divisions labeled **regional offices**
+- `DBIS`
+  - divisions labeled **departments**
+  - divisions labeled **member institutions**
+  - divisions labeled **programs**
+
+---
+
+## Reserved words and collision policy
+
+The following words already carry specific meanings in the repo and should **not** be used as the global neutral replacement for Division.
+
+| Term | Reserved meaning | Why it is not the generic business term |
+|------|------------------|------------------------------------------|
+| **Realm** | Keycloak / OIDC identity boundary; also AR-specific business label | Would collide with both identity and AR business language |
+| **Tenant** | Technical isolation boundary in Phoenix / Kubernetes / app models | Already used for namespaces, RBAC, and multi-tenant platform semantics |
+| **Site** | Physical / infrastructure placement (Proxmox, network, datacenter) | Already means location / topology |
+| **Office** | Org-chart / Fineract / institutional office structure | Too domain-specific for use as the global subdivision primitive |
+| **Nexus** | Sankofa / Phoenix branding and AR-specific division label | Strong branding meaning; not stable as a generic structural term |
+
+---
+
+## Implementation guidance
+
+### Docs
+
+- Use **Client** for the top account layer.
+- Use **Division** when discussing subdivisions generically.
+- Use the client-native label only when the business context needs it.
+  - Example: “AR division type: `realm`”
+  - Example: “Keycloak realm”
+
+### UI
+
+- Internal platform/admin UI may display:
+  - `Client`
+  - `Division`
+- Client-facing UI may replace `Division` with the client’s native label.
+  - Example: `Realm`
+  - Example: `Program Office`
+  - Example: `Legal Entity`
+
+### API / config
+
+- Prefer normalized fields such as:
+  - `clientId`
+  - `divisionId`
+  - `divisionType`
+  - `tenantId`
+  - `siteId`
+
+- Avoid overloading:
+  - `realm`
+  - `tenant`
+  - `site`
+
+unless that exact platform-specific meaning is intended.
+
+---
+
+## Interpretation guide
+
+When reading older docs in this repo:
+
+- “organization” in Gitea context usually means **Client**
+- “tenant” in Phoenix platform context usually means **technical tenant**, not client
+- “realm” in identity docs means **Keycloak realm**
+- “site” means **infrastructure location**
+
+If a document mixes these layers, update it toward this terminology baseline.

docs/02-architecture/DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md

@@ -0,0 +1,273 @@
+# DBIS Ecosystem Technical Master Plan
+
+**Last Updated:** 2026-04-24  
+**Audience:** Engineering, operators, architecture owners, and program owners  
+**Mode:** Execution-oriented umbrella root for the live and planned DBIS ecosystem
+
+## 1. Purpose And Decision Rules
+
+This document is the canonical ecosystem root for the DBIS stack across the main repo and materially relevant submodules. It does not replace the narrower plans. It sits above them, normalizes status and terminology, and defines which source wins when specialized documents disagree.
+
+### Canonical source priority
+
+When two documents disagree, use this order:
+
+1. machine-readable config and trackers
+2. implementation and validation scripts
+3. specialized canonical docs and runbooks
+4. older narrative plans
+
+### Status vocabulary
+
+- `live`: repo, operator runtime, and current evidence all support production use
+- `partially live`: some production components are live, but important slices are still missing or constrained
+- `repo-implemented`: implemented in repo or submodule, but not yet fully promoted operator-live
+- `operator-only`: present or recoverable in runtime, but not fully codified in repo truth yet
+- `planned`: intentionally designed, but not yet implemented enough to rely on
+- `blocked external`: progress depends on vendor, network, institutional, or third-party inputs
+- `retired`: no longer part of the target system except as history or compatibility residue
+
+### Subordinate source plans
+
+This umbrella root governs these narrower artifacts:
+
+- [dbis_chain_138_technical_master_plan.md](/home/intlc/projects/proxmox/dbis_chain_138_technical_master_plan.md): Chain 138 infrastructure and runtime sub-plan
+- [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md): institutional settlement execution tracker
+- [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md): policy and activation control-plane tracker
+
+## 2. Current Live Ecosystem Baseline
+
+### Baseline status map
+
+| Subsystem | Current state | Status | Primary workstream | Canonical references |
+|---|---|---:|---:|---|
+| Besu / Chain 138 topology | 5 validators, canonical sentries and RPC tiers reconciled, duplicate legacy RPC CTs retired, cluster-wide inventory audit added | `live` | `W1` | [BESU_NODE_CONFIGURATION_MAP_20260424.md](/home/intlc/projects/proxmox/docs/06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md), [check-cluster-besu-inventory.sh](/home/intlc/projects/proxmox/scripts/verify/check-cluster-besu-inventory.sh) |
+| DODO PMM / routing / public bridge surface | Chain 138 PMM core live; public routing surface codified; stablecoin and top-asset coverage documented, but route confidence is not yet first-class in quote APIs | `partially live` | `W2` | [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md](/home/intlc/projects/proxmox/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md), [public-routing-coverage-matrix.json](/home/intlc/projects/proxmox/config/public-routing-coverage-matrix.json) |
+| Explorer / RPC / public ingress | Explorer, RPC, and public ingress surfaces exist and are operator-usable; current runtime is healthy | `live` | `W1` | [RPC_ENDPOINTS_MASTER.md](/home/intlc/projects/proxmox/docs/04-configuration/RPC_ENDPOINTS_MASTER.md), [verify-end-to-end-routing.sh](/home/intlc/projects/proxmox/scripts/verify/verify-end-to-end-routing.sh) |
+| Phoenix deploy API / deployment control | Phoenix deploy API, deploy targets, and repo validation are codified; broader control-plane integration is still being expanded | `partially live` | `W3` | [phoenix-deploy-api/server.js](/home/intlc/projects/proxmox/phoenix-deploy-api/server.js), [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json) |
+| URA manifest / policy profile flow | Manifest, policy profiles, registry hooks, merge/validate/smoke scripts, and ops-readiness surfaces exist in repo | `repo-implemented` | `W4` | [README.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/README.md), [manifest.json](/home/intlc/projects/proxmox/config/universal-resource-activation/manifest.json), [policy-profiles.json](/home/intlc/projects/proxmox/config/universal-resource-activation/policy-profiles.json) |
+| RTGS / DBIS Rail / OMNL / sidecars | execution trackers, catalogs, and first-slice architecture are substantial; some sidecar and institutional paths remain gated by operator work and external parties | `partially live` | `W5` | [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md), [DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md](/home/intlc/projects/proxmox/docs/dbis-rail/DBIS_RAIL_SETTLEMENT_EVENT_SOURCES.md) |
+| Hyperledger / identity / workflow stack | runtime status, identity decisions, and interoperability docs exist, but this is not yet a fully operator-live sovereign stack | `planned` | `W7` | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) |
+| Proxmox / NPMplus / operator automation | Proxmox topology, audits, NPMplus/Gitea TLS checks, operator wrappers, and evidence scripts are live and actively used | `live` | `W8` | [PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](/home/intlc/projects/proxmox/docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md), [proxmox-operational-template.json](/home/intlc/projects/proxmox/config/proxmox-operational-template.json), [monitor-blockchain-health.sh](/home/intlc/projects/proxmox/scripts/monitoring/monitor-blockchain-health.sh) |
+
+### Baseline summary by subsystem
+
+#### Besu / Chain 138 topology and role model
+
+The canonical Besu fleet now spans all current Proxmox cluster hosts, with reconciled validators, sentries, RPC classes, and an explicit cluster inventory audit. The current baseline supports healthy block production, empty txpool checks, and host-placement reconciliation as operator truth.
+
+#### DODO PMM / routing / public-network bridge surface
+
+Chain 138 has live PMM infrastructure, stablecoin and compliant asset inventory, and a documented path from Chain 138 assets through `WETH` to supported public EVM surfaces. Public coverage is now documented, but route selection still lacks a native confidence and policy gate.
+
+#### Explorer / RPC / public ingress
+
+Public ingress, explorer surfaces, and RPC endpoint classes are live enough for current operator use. The topology is healthier and more explicit than before, but still benefits from further control-plane normalization.
+
+#### Phoenix deploy API / deployment control surfaces
+
+Phoenix has codified deploy targets, API routes, and validation gates. It is already a real deployment surface, but not yet the full policy-aware orchestration layer for route, institution, and activation decisions.
+
+#### URA manifest and policy-profile flow
+
+URA now has repo-native manifests, policy profiles, validation scripts, smoke tests, and a growing ops-readiness surface. The on-chain `PolicyProfileRegistry` in `smom-dbis-138` gives this stack a credible path from docs/config into enforceable control-plane state.
+
+#### RTGS / DBIS Rail / OMNL / settlement sidecar baseline
+
+The institutional settlement stack has real architecture, trackers, and execution references, including sidecar and OMNL evidence structures. It is substantial and strategically important, but still mixed between repo-implemented, operator-only, and blocked-external slices.
+
+#### Hyperledger / identity / workflow runtime status
+
+Identity and workflow architecture is clearly represented, but it remains more of a governed design direction than a fully promoted live runtime slice today.
+
+#### Proxmox / NPMplus / operator automation baseline
+
+The operator layer is one of the strongest current pieces: Proxmox inventory, Besu fleet audits, cert checks, validation wrappers, and deployment scripts now create a meaningful operational backbone for the ecosystem.
+
+## 3. Target-State Architecture
+
+### Sovereign compute and network topology
+
+The target state is a multi-host sovereign Proxmox fabric with explicit node-class ownership, reconciled cluster inventory, deterministic Besu topology, and auditable ingress/control paths. Live runtime and checked-in template truth should converge, with cluster-resource discovery replacing host-blind assumptions.
+
+### Settlement and routing plane
+
+The routing plane should unify Chain 138 PMM liquidity, public EVM bridge exits, ALL Mainnet venue surface, and destination-chain liquidity into one evidence-backed routing layer. The target is not merely “can bridge” or “can swap,” but “can produce a policy-permitted route with current evidence and measurable confidence.”
+
+### Policy and activation control plane
+
+The canonical next-generation control plane is:
+
+`URA manifest + policy profiles + PolicyProfileRegistry + route confidence`
+
+This pattern should govern what is activated, where it is allowed, how it is quoted, and what evidence is required. It should integrate Phoenix deploy/control APIs, jurisdiction matrices, DBIS Rail gating, and on-chain publication where needed.
+
+### Institutional RTGS / DBIS Rail / custody plane
+
+The target institutional layer is a composable RTGS and DBIS Rail stack with explicit custody models, sidecar boundaries, settlement event sources, and compliance traceability. It should be capable of supporting first-slice operator reality while leaving room for more sovereign custody and settlement controls over time.
+
+### Deployment and orchestration plane
+
+Phoenix, operator wrappers, deploy manifests, and machine-readable trackers should converge into a single orchestration layer that knows what can be deployed, under what policy profile, and with what acceptance evidence.
+
+### Identity / workflow / interoperability plane
+
+Hyperledger, workflow, and identity systems should evolve from strategic design documents into explicitly gated environment slices with clear runtime ownership, integration boundaries, and promotion criteria.
+
+### Observability / evidence / audit plane
+
+The ecosystem should continuously produce validation outputs, cluster inventory, route coverage, and operator readiness evidence. The goal is for production gates to consume machine-readable proof, not just narrative claims.
+
+## 4. Execution Workstreams
+
+### W1. Besu / Chain 138 infrastructure and RPC topology
+
+| Field | Value |
+|---|---|
+| Objective | Keep Chain 138 and the Besu fleet healthy, reconciled, and template-aligned across all cluster hosts |
+| In-scope components | validators, sentries, RPC tiers, allowlists, generated node configs, Proxmox/Besu inventory and audits |
+| Dependencies | Proxmox inventory truth, host placement, generated Besu configs, operator runbooks |
+| Production gate | healthy block production, empty txpool or explained pending state, no canonical Besu inventory gaps |
+| Evidence / output artifact | [check-cluster-besu-inventory.sh](/home/intlc/projects/proxmox/scripts/verify/check-cluster-besu-inventory.sh), [monitor-blockchain-health.sh](/home/intlc/projects/proxmox/scripts/monitoring/monitor-blockchain-health.sh) |
+| Owner class | `mixed` |
+
+### W2. Liquidity, PMM, bridge, and public routing coverage
+
+| Field | Value |
+|---|---|
+| Objective | Turn current PMM and bridge capability into explicit, evidence-backed public routing coverage |
+| In-scope components | DODO PMM, wrapped/public inventory, bridge receiver mapping, public routing matrix, destination DEX coverage |
+| Dependencies | Chain 138 liquidity, bridge configs, destination-chain liquidity discovery, routing docs |
+| Production gate | route coverage matrix current, bridge destination support explicit, stablecoin and top-asset tiers documented |
+| Evidence / output artifact | [public-routing-coverage-matrix.json](/home/intlc/projects/proxmox/config/public-routing-coverage-matrix.json), [LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md](/home/intlc/projects/proxmox/reports/status/LIVE_ECOSYSTEM_FINANCIAL_INVENTORY_AND_ROUTING_GAPS_20260424.md) |
+| Owner class | `mixed` |
+
+### W3. Phoenix deploy/control-plane integration
+
+| Field | Value |
+|---|---|
+| Objective | Make Phoenix the reliable orchestration and exposure surface for deployable ecosystem services |
+| In-scope components | `phoenix-deploy-api`, deploy targets, deploy validation, public-sector and URA API surfaces |
+| Dependencies | deploy-target accuracy, validation scripts, environment readiness, Gitea/Cloudflare/NPMplus stability |
+| Production gate | deploy targets validate, Phoenix routes expose canonical manifests and control-plane surfaces, operator handoff remains current |
+| Evidence / output artifact | [validate-config-files.sh](/home/intlc/projects/proxmox/scripts/validation/validate-config-files.sh), [phoenix-deploy-api/openapi.yaml](/home/intlc/projects/proxmox/phoenix-deploy-api/openapi.yaml) |
+| Owner class | `mixed` |
+
+### W4. URA manifest, policy profiles, registry, and route confidence
+
+| Field | Value |
+|---|---|
+| Objective | Promote URA and policy profiles into the canonical activation and routing control plane |
+| In-scope components | URA manifest, profile registry, merge/validate tooling, `PolicyProfileRegistry.sol`, route-confidence scoring, policy-aware quote/build interfaces |
+| Dependencies | URA schemas, profile validation, Phoenix integration, DBIS Rail policy mapping, route evidence |
+| Production gate | manifest and profiles validate, registry paths are coherent, route-confidence schema exists, quote/build surfaces can consume policy state |
+| Evidence / output artifact | [URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/04-configuration/universal-resource-activation/URA_MANIFEST_AUTOMATION_IMPLEMENTATION_TRACKER.md), [PolicyProfileRegistry.sol](/home/intlc/projects/proxmox/smom-dbis-138/contracts/universal-resource/PolicyProfileRegistry.sol) |
+| Owner class | `repo` |
+
+### W5. DBIS RTGS / DBIS Rail / OMNL / settlement sidecars
+
+| Field | Value |
+|---|---|
+| Objective | Convert the institutional settlement stack from fragmented plans into a staged production program |
+| In-scope components | RTGS first slice, DBIS Rail, OMNL mappings, settlement event sources, custody and sidecar boundaries |
+| Dependencies | policy profiles, jurisdiction traceability, institutional onboarding, external counterparties |
+| Production gate | first-slice controls and sidecar boundaries explicit, evidence sources mapped, operator runbooks and checklists current |
+| Evidence / output artifact | [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md), [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](/home/intlc/projects/proxmox/docs/dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md) |
+| Owner class | `mixed` |
+
+### W6. Jurisdiction / compliance and onboarding matrices
+
+| Field | Value |
+|---|---|
+| Objective | Turn compliance and jurisdiction documentation into executable governance inputs for the ecosystem |
+| In-scope components | jurisdiction catalog, compliance matrices, onboarding charter/playbook, DBIS Rail traceability links |
+| Dependencies | policy profiles, RTGS/DBIS Rail architecture, institution onboarding references |
+| Production gate | jurisdiction catalog current, matrix docs mapped to policy profiles, onboarding outputs traceable to control-plane requirements |
+| Evidence / output artifact | [config/jurisdictions/catalog.v1.json](/home/intlc/projects/proxmox/config/jurisdictions/catalog.v1.json), [compliance-matrices/README.md](/home/intlc/projects/proxmox/docs/04-configuration/compliance-matrices/README.md) |
+| Owner class | `repo` |
+
+### W7. Identity / Hyperledger / interoperability stack
+
+| Field | Value |
+|---|---|
+| Objective | Mature identity and interoperability architecture into a staged runtime program |
+| In-scope components | Hyperledger runtime decisions, identity stack, workflow runtime, interoperability surfaces |
+| Dependencies | sovereign compute readiness, institutional workstreams, policy controls, operator ownership |
+| Production gate | runtime topology, ownership, and promotion criteria explicit enough to move from design into implementation slices |
+| Evidence / output artifact | [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](/home/intlc/projects/proxmox/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) |
+| Owner class | `planned` |
+
+### W8. Observability, verification, evidence, and operator readiness
+
+| Field | Value |
+|---|---|
+| Objective | Ensure the ecosystem can prove readiness and health through machine-readable evidence and operator workflows |
+| In-scope components | validation wrappers, cluster audits, cert checks, route/readiness evidence, operator handoffs, deployment readiness artifacts |
+| Dependencies | stable inventories, maintained runbooks, validation scripts, current indexes |
+| Production gate | operator wrappers current, key cert/health checks automated, evidence docs indexed, validation gates passing |
+| Evidence / output artifact | [run-all-validation.sh](/home/intlc/projects/proxmox/scripts/verify/run-all-validation.sh), [OPERATOR_HANDOFF_2026_04_24.md](/home/intlc/projects/proxmox/docs/00-meta/OPERATOR_HANDOFF_2026_04_24.md) |
+| Owner class | `mixed` |
+
+## 5. Near-Term Roadmap (0–12 Months)
+
+### 0–3 months
+
+- keep W1 healthy and template-aligned across all current cluster hosts
+- finish promoting W4 from repo-implemented to operator-usable for manifest, policy profile, and registry paths
+- wire route confidence into the same machine-readable family as URA and public routing coverage
+- keep Phoenix deploy/control surfaces aligned with current manifests and deploy targets
+
+### 3–6 months
+
+- promote W2 from documented routing potential to policy-aware route coverage
+- advance W5 first-slice institutional settlement and sidecar gates with evidence-backed operator readiness
+- formalize W6 so jurisdiction and onboarding matrices act as real control inputs, not passive references
+
+### 6–12 months
+
+- integrate URA + policy profiles + route confidence into Phoenix/API quote/build surfaces
+- make W8 evidence and operator readiness outputs sufficient for routine promotion gates
+- move selected W7 identity/interoperability pieces from design status into repo-implemented slices where source-of-truth and ownership are explicit
+
+## 6. Longer-Horizon Roadmap (12–36 Months)
+
+- deepen sovereignization of compute, control, and settlement dependencies
+- expand beyond the current EVM-heavy bridge/routing surface into non-EVM lanes where evidence and policy can be enforced cleanly
+- mature DBIS Rail, RTGS, and custody-sidecar systems into richer institutional operating models
+- promote additional identity, workflow, and interoperability systems into governed runtime slices
+- converge route-confidence, policy profiles, and settlement policy into one end-to-end institutional control plane
+
+## 7. Open Blockers And External Dependencies
+
+### Repo-solvable
+
+- route-confidence schema and quote/build integration are not yet first-class
+- Phoenix control-plane surfaces are not yet fully policy-aware
+- some institutional and identity tracks remain split across multiple narrower docs without enough shared machine-readable state
+
+### Operator-solvable
+
+- some planned control-plane and settlement flows still depend on operator activation and deployment rather than fully codified automation
+- runtime promotion for URA, sidecars, and some institutional slices still needs explicit environment rollout work
+
+### External / vendor / network blockers
+
+- counterparties, institutional integrations, and some network-specific dependencies remain outside repo control
+- certain public-network and destination-liquidity expansions depend on third-party bridge, exchange, or ecosystem realities
+- Wemix and other externally constrained paths remain subject to network or vendor-specific blockers
+
+## Recommended Architectural Direction
+
+The strongest near-term strategic recommendation is to adopt this as the canonical next-generation control-plane pattern:
+
+`URA manifest + Policy Profile Registry + route confidence`
+
+That pattern should be the bridge between:
+
+- Phoenix deploy and control APIs
+- jurisdiction and compliance matrices
+- DBIS Rail and RTGS policy enforcement
+- Besu/routing evidence and route selection
+- on-chain publication of approved policy-profile state in `smom-dbis-138`
+
+This is not distant speculation. It is the most important near-term architecture move because the repo already contains the beginnings of every major piece.

docs/02-architecture/GOVERNMENT_TREASURY_EMI_WALLET_MASTER_PLAN.md

@@ -0,0 +1,282 @@
+# Government Treasury, EMI, Digital Wallet and Regulated Settlement Master Plan
+
+**Last updated:** 2026-04-28  
+**Audience:** Program owners, legal/compliance, treasury and banking ops, architecture, engineering  
+**Purpose:** Single umbrella plan for integrating **Electronic Money Institutions (EMIs)**, **digital wallets**, **virtual accounts** (including vendor patterns such as Tatum Virtual Accounts), **government treasuries**, **central banks / RTGS**, **fully licensed participants**, and **DBIS on-chain settlement and liquidity**—without conflating regulated fiat finality with blockchain authorization or DeFi-style liquidity.
+
+**Non-goal:** This document is not legal advice. Counsel owns statute interpretation; this frames **artifacts**, **roles**, **system boundaries**, and **implementation gates**.
+
+---
+
+## 1. Executive Summary
+
+DBIS already separates concerns correctly at the architectural core:
+
+- **Regulated domain:** Fiat/e-money finality, accounting, sanctions/AML, institutional onboarding, evidence vaults, OMNL/Fineract postings, ISO-20022 evidence bundles.
+- **Chain 138 domain:** Authorization integrity, participant/signer policy, replay protection, immutable settlement references, GRU mint gating—**not** “bank decides finality on-chain.”
+
+See [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md) §0–§5 (design principle: *the chain never decides fiat finality*).
+
+This master plan:
+
+1. Places **EMIs**, **virtual accounts**, and **wallet APIs** in the regulated + ledger layers, with explicit mapping to URA families and policy profiles.
+2. Treats **Tatum-style virtual accounts** as an **optional vendor pattern** for off-chain crypto/fiat ledgers parallel to public chains; **Chain 138** remains **custom-RPC / self-hosted** per [smom-dbis-138/docs/api/TATUM_SDK.md](../../smom-dbis-138/docs/api/TATUM_SDK.md).
+3. Aligns **government treasury** and **central-bank-grade** narratives with [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) truth: many institutional rows are **Partial** or **Planned**—the master plan labels gaps by owner type (counsel, implementation, operator, vendor).
+4. Preserves **liquidity honesty**: [config/allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json) explicitly distinguishes bridge-live status from **same-chain swap inventory**—regulated claims must not treat pending DEX inventory as institutional liquidity.
+
+---
+
+## 2. Source-of-Truth Hierarchy
+
+Per [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md) §1, when artifacts disagree:
+
+| Priority | Kind | Examples |
+|----------|------|----------|
+| 1 | Machine-readable config + trackers | `config/universal-resource-activation/manifest.json`, `config/jurisdictions/catalog.v1.json`, pool matrices, deployment-status JSON |
+| 2 | Validation / implementation scripts | `scripts/verify/*`, `pnpm ura:*`, forge scoped tests |
+| 3 | Specialized canonical docs | DBIS Rail specs, RTGS matrix, onboarding charter |
+| 4 | Older narrative | Historical plans; use only if reconciled |
+
+**Regulatory vs technical claims:** A statement may be “true in policy design” (Rail rulebook) but **not yet Complete** in [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md). External communications must distinguish **intent** from **production gate**.
+
+---
+
+## 3. Participant and Legal Taxonomy
+
+Use consistent labels across onboarding, URA `ownerParticipantId`, DBIS Rail participant registry, and compliance matrices.
+
+| Role | Typical licenses / regimes | DBIS alignment |
+|------|----------------------------|----------------|
+| **Government treasury** | Sovereign issuer / fiscal agent rules | Institution + jurisdiction-specific matrix rows; OMNL/treasury accounts |
+| **Central bank / RTGS** | Central banking law, RTGS participation | Off-chain finality + ISO evidence; not “RTGS on Chain 138” unless contractually true |
+| **Commercial bank** | Banking license, deposit-taking | FI participant; nostro/vostro; safeguarding vs deposits per jurisdiction |
+| **EMI / E-money issuer** | EU EMI, UK EMI, analogous | `FIAT_DIGITAL`, safeguarding ledger, virtual IBAN patterns |
+| **Payment institution** | PSD2-style, MSB-adjacent | Payment initiation / execution; evidence for good funds |
+| **MSB / money transmitter** | FinCEN state overlays | MSB participant class in Rail spec |
+| **CASP / VASP** | MiCA, national crypto regimes | Policy profiles for transferable vs restricted tokens |
+| **Custodian / CSD** | Custody, CSD regulation | `SKR_SAFEKEEPING`, depository model in RTGS docs |
+| **Wallet / tech provider** | Contractual + outsourcing | Not issuer of money unless licensed; keys + API custody boundaries |
+| **Liquidity provider / PMM** | Market conduct, licensing per venue | PMM inventory **outside** customer e-money perimeter unless proven |
+
+Definitions for **institution**, **jurisdiction**, **policy profile**, **complete**: [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md).
+
+---
+
+## 4. Money Model
+
+### 4.1 Layers of money (conceptual)
+
+| Layer | Examples | System-of-record |
+|-------|----------|-------------------|
+| Sovereign | CBDC, reserves at central bank | RTGS / CBDC operator |
+| Bank money | Deposits, settlement balances | Bank core / correspondent |
+| E-money | EMI-issued redeemable electronic money | EMI safeguarding + ledger |
+| Ledger balances | Virtual accounts, app wallets | Operator ledger + reconciliation |
+| Tokenized claims | Deposit tokens, fiat-backed stablecoins, GRU tiers | Issuer + attestation + chain contracts |
+| PMM / DEX inventory | LP positions, pool reserves | **Market-making inventory**—not customer deposits unless segregated |
+
+URA families anchor this: [UNIVERSAL_RESOURCE_ONTOLOGY.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_ONTOLOGY.md) (`FIAT_DIGITAL`, `SERVER_FUNDS`, `SKR_SAFEKEEPING`, etc.).
+
+### 4.2 Non-confusion rule
+
+**Customer safeguarded e-money** must never be silently modeled as **AMM inventory**. Treasury execution using PMM must pass **policy**, **limits**, and **segregation** controls documented under Rail + RTGS liquidity sections.
+
+---
+
+## 5. Ledger, Virtual Account, and Wallet Hierarchy
+
+### 5.1 Regulated-domain ledger (target)
+
+- **Omnibus / safeguarding** bank accounts (where jurisdiction requires).
+- **Virtual accounts** (customer sub-ledgers): references mapped to OMNL/Fineract **accounts**, deterministic **`accountingRef`**, optional **vIBAN/UETR** correlation—pattern only until frozen with banking partners.
+- **ISO-20022** message IDs feeding **MintAuth** (`messageId`, `isoHash`, `accountingRef`) per [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md).
+
+### 5.2 Virtual account integration (functional requirements)
+
+| Requirement | Notes |
+|-------------|--------|
+| Single currency per logical pocket | Align with vendor patterns (e.g. Tatum VA: one currency per VA); multi-currency UX via customer grouping |
+| Internal transfers | Instant ledger moves; no chain fee; full audit trail |
+| Deposit mapping | Blockchain deposit address ↔ VA balance updates where custodial **public** chains use vendor indexing; **Chain 138** requires **self-hosted** indexer or gateway-fed events |
+| Withdrawal | Ledger debit → chain payout from **treasury/pooled** on-chain inventory; operator-visible vs customer-visible segregation documented |
+| Reconciliation | Daily tie-out: VA sum ↔ omnibus ↔ Chain 138 treasury wallets |
+
+### 5.3 Chain-domain (Chain 138)
+
+- **Operational wallets** for participants (allowlisted where Rail requires).
+- **SettlementRouter / GRU** paths—authorization only after off-chain gates.
+- **No fiat finality on-chain**—see Rail spec design principle.
+
+### 5.4 Tatum and similar vendors
+
+- **Tatum SDK + custom RPC** on Chain 138: raw JSON-RPC only; cloud Notifications/Data **do not** apply to unsupported/private chains—[TATUM_SDK.md](../../smom-dbis-138/docs/api/TATUM_SDK.md).
+- **Tatum Virtual Accounts** (product pattern): off-chain ledger + deposit addresses + periodic sync to chain—see vendor docs (`docs.tatum.io/docs/virtual-accounts`). Access/pricing constraints are vendor-imposed; treat as **integration option** for **supported public chains**, not as Chain 138’s regulated ledger.
+- **Alternative:** Self-hosted VA ledger + OMNL as SoR + DBIS Rail MintAuth for token legs.
+
+### 5.5 Wallet API custody tiers
+
+| Tier | Typical stack | Regulatory touch |
+|------|----------------|-------------------|
+| Non-custodial | User keys | Gateway still does Travel Rule / sanctions as required |
+| Custodial hot | Server/HSM | EMI client-money rules, safeguarding |
+| MPC / institutional | Fireblocks-class | Custody agreements + attestations |
+| Embedded / AA | thirdweb Engine etc. | Policy profiles + sponsor gas + limits |
+
+Refs: [CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md](../04-configuration/CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md), [THIRDWEB_WALLETS_INTEGRATION.md](../04-configuration/THIRDWEB_WALLETS_INTEGRATION.md), [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](../04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md).
+
+---
+
+## 6. ISO, Evidence, and Mint Authorization Flow
+
+End-to-end intent (see Rail technical spec §5):
+
+1. ISO Gateway ingests messages → canonical bundle → `isoHash`, `messageId`.
+2. Funds status: `ON_LEDGER_FINAL` vs `OFF_LEDGER_FINAL`.
+3. Double-entry accounting → **`accountingRef`**.
+4. Compliance gates → threshold signatures → **MintAuth** → SettlementRouter → GRU mint.
+
+Evidence vault, 4.995-style packages, Indonesia pilot: [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md), [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md).
+
+---
+
+## 7. Compliance and Licensing Model (EU / UK / US Anchors)
+
+### 7.1 Repository anchors
+
+| Mechanism | Path |
+|-----------|------|
+| Institution onboarding | [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md), [INSTITUTION_ONBOARDING_PLAYBOOK.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md) |
+| Jurisdiction catalog | [JURISDICTION_CATALOG.md](../04-configuration/jurisdictions/JURISDICTION_CATALOG.md), [config/jurisdictions/catalog.v1.json](../../config/jurisdictions/catalog.v1.json) |
+| Policy profiles | [UNIVERSAL_RESOURCE_POLICY_PROFILES.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_POLICY_PROFILES.md), [policy-profiles.json](../../config/universal-resource-activation/policy-profiles.json) |
+| Rail controls | [DBIS_RAIL_JURISDICTION_TRACEABILITY.md](../dbis-rail/DBIS_RAIL_JURISDICTION_TRACEABILITY.md), [DBIS_RAIL_CONTROL_MAPPING_V1.md](../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md) |
+| Stablecoin / conversion policy | [DBIS_RAIL_STABLECOIN_POLICY_V1_5.md](../dbis-rail/DBIS_RAIL_STABLECOIN_POLICY_V1_5.md), [DBIS_RAIL_CONVERSION_ROUTER_SPEC_V1_5.md](../dbis-rail/DBIS_RAIL_CONVERSION_ROUTER_SPEC_V1_5.md) |
+
+### 7.2 Jurisdiction expansion (gap)
+
+Slice-1 charter expects **Indonesia** pilot matrix + stubs; **EU/UK/US** banking matrices must be extended beyond stubs for anchor claims—implementation task for compliance + counsel ([INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md) exit criteria).
+
+### 7.3 External regime pointers (non-canonical; counsel verifies)
+
+- **EU:** MiCA (ART/EMT), PSD2/e-money frameworks for payment vs issuance—map obligations into compliance matrices.
+- **UK:** FCA/BoE stablecoin and payments agenda—monitor regulator publications (e.g. sandbox cohorts for issuance experiments).
+- **US:** Money transmission, BSA/AML, sponsor-bank models, federal/state stablecoin developments—matrix rows per activity.
+
+### 7.4 Counsel sign-off points
+
+- First marketing claim implying **national RTGS participation**, **CBDC**, or **government guarantee**.
+- Any **Travel Rule** / **data residency** cross-border flow.
+- Token taxonomy for **retail** vs **wholesale** and **security-like** instruments (`RESTRICTED_SECURITY` in ontology).
+
+---
+
+## 8. Liquidity, PMM, Bridges, and Market Integrity
+
+- **Chain 138 PMM / routing:** [PMM_DEX_ROUTING_STATUS.md](../11-references/PMM_DEX_ROUTING_STATUS.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md](../11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md).
+- **Route confidence / policy-aware quoting:** Not yet first-class in public quote APIs—see baseline status in [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md) (DODO PMM / routing workstream). Do not imply regulator-grade route selection from wallet or aggregator UX alone.
+- **Cross-chain PMM graph:** `cross-chain-pmm-lps/config/deployment-status.json` (home chain 138).
+- **ALL Mainnet:** [allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json)—**bridge live** does not imply **swap inventory published** (`sameChainSwapInventoryPublished` remains **`false`** until promoted); submodule doc [smom-dbis-138/docs/deployment/ALL_MAINNET_CONFIGURATION.md](../../smom-dbis-138/docs/deployment/ALL_MAINNET_CONFIGURATION.md) must stay aligned with this file.
+- **Pool lifecycle:** [all-mainnet-pool-creation-matrix.json](../../config/all-mainnet-pool-creation-matrix.json)—operational gates vs regulated settlement.
+
+**Rule:** PMM LP inventory is **treasury/market** risk unless explicitly structured as **customer-segregated** with legal and operational proof.
+
+---
+
+## 9. Artifact Mapping (Master Plan Section → Canonical Repo Files)
+
+| Master plan topic | Primary artifacts |
+|-------------------|-------------------|
+| Fiat finality vs chain | [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md), [DBIS_RAIL_RULEBOOK_V1.md](../dbis-rail/DBIS_RAIL_RULEBOOK_V1.md), [DBIS_RAIL_REGULATOR_BRIEF_V1.md](../dbis-rail/DBIS_RAIL_REGULATOR_BRIEF_V1.md) |
+| RTGS / OMNL / sidecars | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md), [DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](../03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md), [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](../03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) |
+| Institution onboarding | [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md), [INSTITUTION_ONBOARDING_PLAYBOOK.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_PLAYBOOK.md) |
+| URA / ontology | [UNIVERSAL_RESOURCE_ONTOLOGY.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_ONTOLOGY.md), [UNIVERSAL_RESOURCE_SERVER_FUNDS_LANE.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_SERVER_FUNDS_LANE.md), [manifest.json](../../config/universal-resource-activation/manifest.json) |
+| Chain 138 wallets / APIs | [TATUM_SDK.md](../../smom-dbis-138/docs/api/TATUM_SDK.md), [CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md](../04-configuration/CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md), [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](../04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md) |
+| Token / explorer truth | [EXPLORER_TOKEN_LIST_CROSSCHECK.md](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md), [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) |
+| E-money / ISO execution hooks (contracts + runbook) | [MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md](../runbooks/MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md) |
+| GRU M1 instruments, listings, disclosure framing | [GRU_M1_MASTER_IMPLEMENTATION_PLAN.md](../gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md), [GRU_M1_LISTING_VALIDATION.md](../compliance/GRU_M1_LISTING_VALIDATION.md) |
+| Identity stack vs RTGS / Travel Rule scale | [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](../03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) (Aries / AnonCreds rows) |
+| Explorer UI legal templates (non-canonical vs Rail) | [LEGAL_COMPLIANCE_REQUIREMENTS.md](../../explorer-monorepo/docs/LEGAL_COMPLIANCE_REQUIREMENTS.md) — harmonize marketing/legal copy with [DBIS_RAIL_RULEBOOK_V1.md](../dbis-rail/DBIS_RAIL_RULEBOOK_V1.md) / counsel; not a substitute for Rail regulator brief |
+| Public sector / credentials | [PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md), [COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md) |
+| ALL Mainnet CI (surface JSON + chains flags) | [check-allmainnet-protocol-surface.sh](../../scripts/verify/check-allmainnet-protocol-surface.sh), [check-allmainnet-chains-flags.sh](../../scripts/verify/check-allmainnet-chains-flags.sh), [validate-config-files.sh](../../scripts/validation/validate-config-files.sh) |
+| Umbrella ecosystem | [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md), [MASTER_INDEX.md](../MASTER_INDEX.md) |
+
+---
+
+## 10. Gap Register (by Owner Type)
+
+| Gap | Owner | Notes |
+|-----|--------|------|
+| EU/UK/US compliance matrices beyond stubs | Counsel + Compliance | Charter slice-1 exit criteria |
+| HYBX treasury / participant model frozen | Banking architecture + Ops | RTGS matrix: HYBX participant/treasury **Planned** |
+| Virtual account ↔ OMNL chart of accounts | Implementation | Deterministic `accountingRef` |
+| Tatum VA on public chains vs Chain 138 split | Architecture | RPC-only on 138 per TATUM_SDK |
+| Identity stack (Aries/AnonCreds) for Travel Rule scale | Identity lead | RTGS matrix **Planned** |
+| Correspondent / BNI live contracts | Operator + external bank | Matrix rows Partial/Planned |
+| ALL Mainnet swap inventory | Ops + validation | `sameChainSwapInventoryPublished: false` until promoted; CI: [`scripts/verify/check-allmainnet-protocol-surface.sh`](../../scripts/verify/check-allmainnet-protocol-surface.sh) + [`check-allmainnet-chains-flags.sh`](../../scripts/verify/check-allmainnet-chains-flags.sh) via [`validate-config-files.sh`](../../scripts/validation/validate-config-files.sh) |
+
+---
+
+## 11. Phased Roadmap Gates
+
+### Slice 1 — Government treasury & licensed participant (foundation)
+
+**Goal:** End-to-end **regulated** path: ISO evidence → accounting → MintAuth → Chain 138 settlement record → audit package.
+
+**Gates:**
+
+- [ ] OMNL tenant/auth **frozen** for canonical rail ([DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) priorities).
+- [ ] At least one **Complete** jurisdiction matrix + institution onboarding **Complete** per charter.
+- [ ] DBIS Rail MintAuth path exercised with evidence vault reproducibility.
+- [ ] No external claim of “RTGS production parity” until checklist rows are **Complete**.
+
+### Slice 2 — EMI / virtual account / digital wallet
+
+**Goal:** Customer **VA ledger** + safeguarding reconciliation + wallet UX; optional Tatum VA for **supported** public chains; Chain 138 via **gateway + self-hosted** signing.
+
+**Gates:**
+
+- [ ] Customer ledger ↔ omnibus reconciliation **daily** with exception queue.
+- [ ] Policy profiles for retail vs institutional wallets (`policyProfileId` on URA rows).
+- [ ] Withdrawal path: ledger debit → treasury wallet → chain tx with limits and sanctions.
+
+### Slice 3 — Cross-border correspondent & FX
+
+**Goal:** Nostro/vostro, correspondent messaging, FX booking per [DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](../03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md).
+
+**Gates:**
+
+- [ ] FX pricing/dealing engine contract **frozen** (matrix: currently **Planned**).
+- [ ] SWIFT/ISO endpoint contracts documented for at least one corridor.
+
+### Slice 4 — Tokenized reserves & policy-aware liquidity
+
+**Goal:** GRU/reserve attestations + **explicit** use of PMM/bridge for **treasury** execution—not commingled with customer e-money.
+
+**Gates:**
+
+- [ ] ReserveOracle / attestation cadence aligned with [DBIS_RAIL_STABLECOIN_POLICY_V1_5.md](../dbis-rail/DBIS_RAIL_STABLECOIN_POLICY_V1_5.md).
+- [ ] PMM inventory labeled **non-customer** in ops runbooks.
+- [ ] ALL Mainnet: promote protocols in [allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json) only after committed addresses + verification.
+
+---
+
+## 12. Related Documents
+
+- [DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md](DBIS_ECOSYSTEM_TECHNICAL_MASTER_PLAN.md)
+- [DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md](../03-deployment/DBIS_RTGS_MASTER_PLAN_IMPLEMENTATION_TRACKER.md)
+- [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md)
+- [INSTITUTION_ONBOARDING_CHARTER.md](../04-configuration/compliance-matrices/INSTITUTION_ONBOARDING_CHARTER.md)
+- [UNIVERSAL_RESOURCE_ONTOLOGY.md](../04-configuration/universal-resource-activation/UNIVERSAL_RESOURCE_ONTOLOGY.md)
+- [MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md](../runbooks/MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md)
+- [GRU_M1_MASTER_IMPLEMENTATION_PLAN.md](../gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md)
+- [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](../03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md)
+- [ALL_MAINNET_CONFIGURATION.md](../../smom-dbis-138/docs/deployment/ALL_MAINNET_CONFIGURATION.md) — must stay aligned with [allmainnet-non-dodo-protocol-surface.json](../../config/allmainnet-non-dodo-protocol-surface.json)
+
+---
+
+## Document history
+
+| Date | Change |
+|------|--------|
+| 2026-04-28 | Initial publication: regulated treasury wallet master plan integrating EMI, wallets, VA patterns, Rail, RTGS, URA, liquidity boundaries. |
+| 2026-04-28 | ALL Mainnet doc drift note + artifact links: ISO20022 e-money runbook, GRU M1, identity decision, explorer legal caveat, ecosystem route-confidence baseline; Related Documents expanded. |
+| 2026-04-28 | ALL Mainnet verification scripts committed (`check-allmainnet-protocol-surface.sh`, `check-allmainnet-chains-flags.sh`); integrated into `validate-config-files.sh`; `run-all-validation.sh` duplicate 1c/1d block removed; `ALL_MAINNET_VERIFICATION_COMPLETE.md` addendum for swap inventory vs bridge verification. |