proxmox/docs/00-meta/E2E_COMPLETION_TASKS_DETAILED_LIST.md

Detailed List: All Tasks for Full E2E Completion

Last Updated: 2026-02-05
Purpose: Single detailed checklist of every task required for all possible end-to-end completions. Use for planning, assignment, and status tracking.
Execution order: FULL_PARALLEL_EXECUTION_ORDER.md — Wave 0 → 1 → 2 → 3 → Ongoing. Within each wave, run tasks in parallel where possible.

Sources: TODO_TASK_LIST_MASTER.md, WAVE2_WAVE3_OPERATOR_CHECKLIST.md, PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md, REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md, NEXT_STEPS_MASTER.md, ALL_IMPROVEMENTS_AND_GAPS_INDEX.md, MISSING_CONTAINERS_LIST.md.

---

Legend

Symbol	Meaning
Op	Operator (run on Proxmox/LAN/host with credentials)
Auto	Script/automation exists; run or schedule
Code	Code/config change required
Doc	Documentation or design only
Def	Deferred (backlog or external dependency)

---

Blockers (for tasks that do NOT require API keys)

Tasks below do not depend on obtaining API keys (Li.Fi, CoinGecko, etc.). Their blockers are environment or credentials only. If a task is not listed here, it has no blocker for automated/dry-run execution from this environment.

Blocker	Affected tasks	How to clear
LAN required	W0-1 (NPMplus RPC fix), W0-3 (NPMplus backup — also needs NPM_PASSWORD)	Run from host on same network as NPMplus (192.168.11.x).
PRIVATE_KEY + LINK approved	W0-2 (sendCrossChain real)	Set in .env; omit --dry-run from run-send-cross-chain.sh.
NPM_PASSWORD + NPMplus up	W0-3, W1-8 (backup run)	Set NPM_PASSWORD in .env; ensure NPMplus container is running.
Proxmox host (root / pct)	W1-1 apply, W1-2 apply, W1-19 (secure-validator-keys), W2-* (all), W3-* (all), CT-1a restore	Run scripts on Proxmox node or via SSH from LAN.
Crontab (user)	W1-8 cron install (schedule-npmplus-backup-cron --install, schedule-daily-weekly-cron --install)	Run --install on host where cron should live.
Deferred / backlog	W1-3, W1-4, W1-14 (dbis_core TS), W1-15–W1-17 (part), smom audits, BRG integrations	Assign to backlog or external owner.

No blocker (can run from anywhere): All validation commands (run-all-validation, validate-config-files, run-full-verification steps 0–2, verify-end-to-end-routing), run-wave0-from-lan.sh --dry-run, schedule-*-cron.sh --show, phase4-sovereign-tenants.sh --show-steps, run-shellcheck.sh --optional, check-dependencies, daily-weekly-checks.sh daily (RPC check may pass; explorer may SKIP off-LAN). Doc/design tasks (W1-9–W1-13) are already done or doc-only.

Unblocked run (2026-02-05, full parallel): check-dependencies, validate-config-files, run-wave0-from-lan --dry-run, schedule-npmplus-backup-cron --show, schedule-daily-weekly-cron --show, phase4-sovereign-tenants --show-steps, run-shellcheck --optional, daily-weekly-checks daily, run-all-validation (with and without --skip-genesis), validate-genesis (smom-dbis-138), verify-end-to-end-routing (25 DNS pass, 14 HTTPS pass, 6 RPC fail until W0-1 from LAN) — all completed. run-full-verification: steps 0–2 pass; step 3 (NPMplus) fails off-LAN as expected.

---

Part 1 — Critical & Gate Tasks (Do First)

1.1 CT 2301 (besu-rpc-private-1)

ID	Task	Type	Command / reference
CT-1a	Restore from backup (if exists)	Op	pct restore 2301 /path/to/backup.tar.zst --storage local-lvm
CT-1b	Recreate container (Option B)	✅ Done	scripts/recreate-ct-2301.sh (2026-02-04). scripts/README.md § CT 2301.

1.2 Wave 0 — Gates (credentials / LAN)

ID	Task	Type	Prerequisite	Command / note
W0-1	NPMplus RPC fix (405)	Op	Host on LAN	bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh — or bash scripts/run-wave0-from-lan.sh (omit --skip-rpc-fix).
W0-2	sendCrossChain (real)	Op	PRIVATE_KEY, LINK approved for fee	scripts/bridge/run-send-cross-chain.sh <amount> [recipient] — omit --dry-run. Bridge: 0xcacfd227A040002e49e2e01626363071324f820a.
W0-3	NPMplus backup	Op	NPM_PASSWORD in .env, NPMplus up	bash scripts/verify/backup-npmplus.sh. Or scripts/run-wave0-from-lan.sh (omit --skip-backup).

Combined (W0-1 + W0-3): bash scripts/run-wave0-from-lan.sh from LAN (options: --dry-run, --skip-backup, --skip-rpc-fix).

---

Part 2 — Wave 1 (Full Parallel: Security, Monitoring Config, Backup, Docs, Codebase)

2.1 Security (W1-1 – W1-4)

ID	Task	Type	Command / reference
W1-1	SSH key-based auth; disable password	Op	`scripts/security/setup-ssh-key-auth.sh [--dry-run
W1-2	Firewall: restrict Proxmox API 8006	Op	`scripts/security/firewall-proxmox-8006.sh [--dry-run
W1-3	smom: Security audits VLT-024, ISO-024	Def	smom backlog.
W1-4	smom: Bridge integrations BRG-VLT, BRG-ISO	Def	smom backlog.

2.2 Monitoring config (W1-5 – W1-7)

ID	Task	Type	Command / reference
W1-5	Prometheus scrape (Besu 9545); alert rules	Auto/Doc	scripts/monitoring/prometheus-besu-config.yml, smom-dbis-138/monitoring/prometheus/. export-prometheus-targets.sh.
W1-6	Grafana dashboards; Alertmanager config	Doc	smom-dbis-138/monitoring/grafana/, alertmanager/alertmanager.yml.
W1-7	Loki/Alertmanager config (no deploy)	Doc	smom-dbis-138/monitoring/loki/, alertmanager/.

2.3 Backup (W1-8)

ID	Task	Type	Command / reference
W1-8	Automated backup; NPMplus backup cron; daily/weekly cron	Op/Auto	scripts/verify/backup-npmplus.sh when NPMplus up. Cron: `scripts/maintenance/schedule-npmplus-backup-cron.sh [--install

2.4 Phase 1 optional (W1-9 – W1-10)

ID	Task	Type	Reference
W1-9	VLAN enablement: UDM Pro VLAN config; Proxmox VLAN-aware bridge design	Doc	NETWORK_ARCHITECTURE.md §3–5.
W1-10	VLAN migration plan (per-service table)	Doc	UDM_PRO_VLAN_MIGRATION_PLAN.md, MISSING_CONTAINERS_LIST.md.

2.5 Documentation (W1-11 – W1-13)

ID	Task	Type	Reference
W1-11	Doc consolidation; archive old status	Auto/Doc	ARCHIVE_CANDIDATES.md; move agreed items.
W1-12	Quick reference cards; decision trees; config templates	Doc	QUICK_REFERENCE_CARDS.md, CONFIGURATION_DECISION_TREE, 04-configuration README.
W1-13	Final IP assignments; connectivity matrix; runbooks	Doc	NETWORK_ARCHITECTURE.md §7, OPERATIONAL_RUNBOOKS.md, MISSING_CONTAINERS_LIST.

2.6 Codebase (W1-14 – W1-17)

ID	Task	Type	Reference
W1-14	dbis_core: TypeScript/Prisma fixes	Code	~1186 TS errors; parallelize by module/file.
W1-15	smom: EnhancedSwapRouter quoter; AlltraAdapter fee	Code/Def	PLACEHOLDERS_AND_TBD.md; setBridgeFee done.
W1-16	smom: IRU remaining tasks	Code/Def	Per smom backlog.
W1-17	Placeholders: canonical addresses env-only; AlltraAdapter fee; smart accounts kit; quote service Fabric 999; .bak deprecation	Code	REQUIRED_FIXES_UPDATES_GAPS.md; PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md §1.

2.7 Quick wins & implementation checklist (W1-18 – W1-21)

ID	Task	Type	Command / reference
W1-18	Progress indicators; config validation in CI	✅ Done	run-full-verification.sh Step 0; validate-config-files.sh.
W1-19	Secure validator key permissions (chmod 600, chown besu)	Op	On Proxmox host as root: scripts/secure-validator-keys.sh [--dry-run] (VMIDs 1000–1004).
W1-20	Secret audit; input validation; security scanning (shellcheck)	Auto	scripts/verify/run-shellcheck.sh [--optional] or run-shellcheck-docker.sh. Install shellcheck when available.
W1-21	Config validation (JSON/YAML); env standardization	Doc/Auto	validate-config-files.sh; ENV_STANDARDIZATION docs.

2.8 MetaMask / explorer optional (W1-22 – W1-26)

ID	Task	Type	Reference
W1-22	Token-aggregation hardening; CoinGecko submission	Code	COINGECKO_SUBMISSION.md.
W1-23	Chain 138 Snap: market data UI; swap quotes; bridge routes; testing & distribution	Code	metamask-integration.
W1-24	Explorer: dark mode, network selector, sync indicator	Code	explorer-monorepo.
W1-25	Paymaster deploy (optional)	Op	forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast from smom-dbis-138. SMART_ACCOUNTS_DEPLOYMENT_NOTE.
W1-26	API keys: Li.Fi, Jumper, 1inch (obtain and set in .env)	Op	reports/API_KEYS_REQUIRED.md; .env.example placeholders exist.

2.9 Improvements index 1–35 (W1-27 – W1-30)

ID	Task	Type	Reference
W1-27	ALL_IMPROVEMENTS 1–11 (Proxmox high: .env, validator keys, SSH, firewall, VLANs, metrics, backup, runbooks)	Op	Run from LAN/Proxmox per ALL_IMPROVEMENTS_AND_GAPS_INDEX.md.
W1-28	ALL_IMPROVEMENTS 12–20 (medium: error handling, logging, Loki, CI/CD)	Code/Doc
W1-29	ALL_IMPROVEMENTS 21–30 (low: auto-scale, load balancing, HSM, audit)	Code/Doc
W1-30	ALL_IMPROVEMENTS 31–35 (quick wins)	✅ Partial	Progress indicators, --dry-run, config validation, FAQ.

2.10 Improvements index 36–67 (W1-31 – W1-34)

ID	Task	Type	Reference
W1-31	Script shebang; set -euo; shellcheck	Auto	Many scripts updated; run-shellcheck when installed.
W1-32 – W1-34	Doc consolidation; security; logging; metrics; backup review	Doc/Code	ALL_IMPROVEMENTS 44–67.

2.11 Improvements index 68–91 (W1-35 – W1-38)

ID	Task	Type	Reference
W1-35	Quick ref, decision trees, config templates (68–74)	✅ Done	QUICK_REFERENCE_CARDS, CONFIGURATION_DECISION_TREE.
W1-36	Phase 1–4 design; missing containers list (75–81)	Doc	MISSING_CONTAINERS_LIST.md; NETWORK_ARCHITECTURE.
W1-37 – W1-38	smom/dbis/placeholders (82–91)	Code/Def	Same as W1-14–W1-17.

2.12 Improvements index 92–139 (W1-39 – W1-44)

ID	Task	Type	Reference
W1-39	MetaMask/explorer (92–105)	Code	pnpm install + hardhat for tests; parallel by task.
W1-40	Tezos/Etherlink/CCIP (106–121)	Code/Config	TEZOS_CCIP_REMAINING_ITEMS.md; configs and scripts.
W1-41	Besu/blockchain (122–126)	Code/Doc	docs/06-besu.
W1-42	RPC translator (127–130)	Code	rpc-translator-138.
W1-43	Orchestration portal (131–134)	Code
W1-44	Maintenance procedures (135–139)	✅ Done	OPERATIONAL_RUNBOOKS § Maintenance; daily-weekly-checks.sh; schedule-daily-weekly-cron.sh.

---

Part 3 — Wave 2 (Infra / Deploy; Parallel by Host or Component)

ID	Task	Type	Parallelize by	Command / reference
W2-1	Deploy monitoring stack (Prometheus, Grafana, Loki, Alertmanager)	Op	By component	smom-dbis-138/monitoring/; scripts/monitoring/. phase2-observability.sh (config exists).
W2-2	Grafana via Cloudflare Access; alerts configured	Op	After W2-1	Alertmanager routes; Cloudflare Access.
W2-3	VLAN enablement: UDM Pro VLAN config; Proxmox bridge; migrate services	Op	By VLAN/host	NETWORK_ARCHITECTURE.md §3–5; UDM_PRO_VLAN_* docs.
W2-4	Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN script expansion	Op	Ops first, then NAT, then scripts	scripts/ccip/ccip-deploy-checklist.sh. CCIP_DEPLOYMENT_SPEC.md.
W2-5	Phase 4: Sovereign tenant VLANs; isolation; access control	Op	By tenant/VLAN	`scripts/deployment/phase4-sovereign-tenants.sh [--show-steps
W2-6	Missing containers: 2506, 2507, 2508 only	Op	By VMID/host	MISSING_CONTAINERS_LIST.md. Create besu-rpc-luis, besu-rpc-putu (x2) per spec.
W2-7	DBIS services (10100–10151); Hyperledger	Op	By host	Per deployment runbooks.
W2-8	NPMplus HA (Keepalived, 10234)	Op	Optional	NPMPLUS_HA_SETUP_GUIDE.md.

---

Part 4 — Wave 3 (After Wave 2)

ID	Task	Type	Depends on	Command / reference
W3-1	CCIP Fleet: 16 commit (5410-5425), 16 execute (5440-5455), 7 RMN (5470-5476)	Op	W2-4 (Ops/Admin, NAT)	CCIP_DEPLOYMENT_SPEC.md.
W3-2	Phase 4 tenant isolation enforcement; access control	Op	W2-3 / W2-5	Firewall rules; ACLs; deny east-west.

---

Part 5 — Ongoing (No Wave)

ID	Task	Type	Frequency	Command / reference
O-1	Monitor explorer sync	Auto	Daily	scripts/maintenance/daily-weekly-checks.sh daily. Cron: schedule-daily-weekly-cron.sh --install.
O-2	Monitor RPC 2201	Auto	Daily	Same script.
O-3	Config API uptime	Auto	Weekly	scripts/maintenance/daily-weekly-checks.sh weekly.
O-4	Review explorer logs	Op	Weekly	Runbook: OPERATIONAL_RUNBOOKS § Maintenance [138].
O-5	Update token list	Op	As needed	token-list.json / explorer config; runbook [139].

---

Part 6 — Placeholders & Code Completions (for E2E)

6.1 smom-dbis-138

Item	Location	Action
Canonical addresses env-only	token-aggregation canonical-tokens.ts	Document required env or add fallback (config/DB).
AlltraAdapter fee	AlltraAdapter.sol	Set actual ALL Mainnet fee via setBridgeFee after verification.
Smart accounts kit	DeploySmartAccountsKit.s.sol	Deploy EntryPoint, AccountFactory, Paymaster; set in .env.
Quote service Fabric	quote-service.ts	Set FABRIC_CHAIN_ID or keep 999 until Fabric integrated.
EnhancedSwapRouter / DODOPMMProvider	EnhancedSwapRouter.sol, DODOPMMProvider.sol	Replace placeholder fee/size logic when oracle/pool ready.
WETH bridges mainnet receiver	DeployWETHBridges.s.sol	Set MAINNET_WETH9_BRIDGE_ADDRESS, MAINNET_WETH10_BRIDGE_ADDRESS in env.
.bak restoration/deprecation	Various	BAK_FILES_DEPRECATION.md.

6.2 dbis_core

Item	Action
Prometheus/Redis/PagerDuty/AS4	Wire when monitoring stack deployed; implement Redis client, PagerDuty API.
TypeScript errors	Fix ~1186 TS errors by module (deferred).

6.3 the-order (legal-documents)

Item	Action
E-signature	Integrate DocuSign/Adobe Sign; set E_SIGNATURE_BASE_URL.
Court e-filing	Integrate court e-filing system; E_FILING_ENABLED.
Document security/export	PDF watermarking, redaction, export (pdfkit/docx).
Security routes	Implement watermarking/redaction handlers.

6.4 OMNIS

Item	Action
Sankofa Phoenix SDK	Integrate when available for post-Azure parity.

6.5 multi-chain-execution / Tezos

Item	Action
TezosRelayService	Add native Tezos mint/transfer relay when implemented.

---

Part 7 — API Keys & Secrets (Obtain and Set)

Full list: reports/API_KEYS_REQUIRED.md. All variable names are in .env.example; obtain values and set in .env.

Category	Variables	Where used
Cross-chain/DeFi	LIFI_API_KEY, JUMPER_API_KEY, ONEINCH_API_KEY	alltra-lifi-settlement, chain138-quote.service
Fiat ramp	MOONPAY_*, RAMP_NETWORK_API_KEY, ONRAMPER_API_KEY	metamask-integration/ramps
E-signature	E_SIGNATURE_BASE_URL + provider API key	the-order/legal-documents
Alerts	SLACK_WEBHOOK_URL, PAGERDUTY_INTEGRATION_KEY, EMAIL_ALERT_*	dbis_core alert.service
Explorers/price	ETHERSCAN_API_KEY, COINGECKO_API_KEY, COINMARKETCAP_API_KEY	Verification, token-aggregation
OTC	CRYPTO_COM_API_KEY, CRYPTO_COM_API_SECRET	dbis_core
Bridge (optional)	LayerZero, Wormhole	When integrating

---

Part 8 — Phases Summary (Infrastructure)

Phase	Required	Tasks
Phase 1	Optional	UDM Pro VLAN config; VLAN-aware bridge Proxmox; migrate services to VLANs.
Phase 2	Required	Deploy Prometheus, Grafana, Loki, Alertmanager; Grafana via Cloudflare Access; configure alerts.
Phase 3	Required	CCIP Ops/Admin (5400-5401); 16 commit, 16 execute, 7 RMN; NAT pools.
Phase 4	Required	Sovereign VLANs 200–203; tenant isolation; access control.

---

Part 9 — Validation & Verification Commands

Check	Command
All validation (CI)	bash scripts/verify/run-all-validation.sh [--skip-genesis]
Full verification (6 steps)	bash scripts/verify/run-full-verification.sh
E2E routing only	bash scripts/verify/verify-end-to-end-routing.sh
Config files	bash scripts/validation/validate-config-files.sh
Genesis (smom-dbis-138)	bash smom-dbis-138/scripts/validation/validate-genesis.sh
Wave 0 from LAN	bash scripts/run-wave0-from-lan.sh [--dry-run] [--skip-backup] [--skip-rpc-fix]
NPMplus backup cron	`bash scripts/maintenance/schedule-npmplus-backup-cron.sh [--install
Daily/weekly cron	`bash scripts/maintenance/schedule-daily-weekly-cron.sh [--install

---

Part 10 — Reference Documents

Doc	Purpose
FULL_PARALLEL_EXECUTION_ORDER.md	Wave order; run in parallel within each wave.
WAVE2_WAVE3_OPERATOR_CHECKLIST.md	Operator checklist for W0, W2, W3, Ongoing.
TODO_TASK_LIST_MASTER.md	Consolidated TODO with validation commands.
PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md	Placeholders and required additions.
ALL_IMPROVEMENTS_AND_GAPS_INDEX.md	Items 1–139 detail.
MISSING_CONTAINERS_LIST.md	Canonical missing VMIDs: 2506, 2507, 2508.
OPERATIONAL_RUNBOOKS.md	Procedures and maintenance.
CCIP_DEPLOYMENT_SPEC.md	Phase 3 CCIP fleet.
reports/API_KEYS_REQUIRED.md	API keys and sign-up URLs.

---

Completion rule: All tasks in Parts 1–7 that are not Deferred (Def) must be done or explicitly accepted as optional for E2E. Wave 0 gates unblock many verifications; Wave 2/3 unblock full CCIP and tenant isolation. Ongoing (Part 5) runs indefinitely.

Detailed steps for each remaining task: REMAINING_WORK_DETAILED_STEPS.md — step-by-step instructions for W0, W1, W2, W3, Ongoing, cron installs, CT-1a, API keys, and placeholders.