Add Oracle Aggregator and CCIP Integration

- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.

scripts/security/formal-verification.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Formal verification script for smart contracts
+# Uses tools like Certora, K framework, or similar
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../lib/init.sh"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+CONTRACTS_DIR="${PROJECT_ROOT}/contracts"
+OUTPUT_DIR="${PROJECT_ROOT}/verification"
+
+echo "Formal Verification for Smart Contracts"
+echo "========================================"
+
+# Create output directory
+mkdir -p "$OUTPUT_DIR"
+
+# List of contracts to verify
+CONTRACTS=(
+    "oracle/Aggregator.sol"
+    "ccip/CCIPRouter.sol"
+    "ccip/CCIPSender.sol"
+    "ccip/CCIPReceiver.sol"
+)
+
+echo "Note: This script provides a framework for formal verification."
+echo "To use, integrate with a formal verification tool like:"
+echo "  - Certora Prover"
+echo "  - K Framework"
+echo "  - Dafny"
+echo "  - Why3"
+
+for contract in "${CONTRACTS[@]}"; do
+    contract_path="${CONTRACTS_DIR}/${contract}"
+    contract_name=$(basename "$contract" .sol)
+    
+    if [ -f "$contract_path" ]; then
+        echo "✓ Found: $contract"
+        echo "  - Path: $contract_path"
+        echo "  - Verification spec: $OUTPUT_DIR/${contract_name}.spec"
+    else
+        echo "✗ Not found: $contract"
+    fi
+done
+
+echo "To perform formal verification:"
+echo "1. Install a formal verification tool (e.g., Certora Prover)"
+echo "2. Create specification files for each contract"
+echo "3. Run the verification tool"
+echo "Example Certora command:"
+echo "  certoraRun contracts/oracle/Aggregator.sol \\"
+echo "    --verify Aggregator:specs/Aggregator.spec"
+

scripts/security/mythril-scan.sh

@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Mythril dynamic analysis for Solidity contracts
+# This script runs Mythril on all Solidity contracts in the project
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../lib/init.sh"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+CONTRACTS_DIR="$PROJECT_ROOT/contracts"
+OUTPUT_DIR="$PROJECT_ROOT/reports/mythril"
+
+
+log_success "Running Mythril dynamic analysis..."
+
+# Check if Mythril is installed
+if ! command -v myth &> /dev/null; then
+    log_warn "Mythril not found. Installing..."
+    pip install mythril
+fi
+
+# Create output directory
+mkdir -p "$OUTPUT_DIR"
+
+# Run Mythril on each contract file
+log_warn "Analyzing contracts in $CONTRACTS_DIR..."
+
+cd "$PROJECT_ROOT"
+
+# Find all Solidity files
+SOL_FILES=$(find contracts -name "*.sol" -type f)
+
+if [ -z "$SOL_FILES" ]; then
+    log_warn "No Solidity files found"
+    exit 0
+fi
+
+HIGH_SEVERITY_COUNT=0
+
+for file in $SOL_FILES; do
+    log_warn "Analyzing $file..."
+    
+    # Run Mythril with JSON output
+    myth analyze "$file" \
+        --solv 0.8.19 \
+        --execution-timeout 300 \
+        --max-depth 12 \
+        --json \
+        > "$OUTPUT_DIR/$(basename $file .sol).json" \
+        2>&1 || true
+    
+    # Run Mythril with human-readable output
+    myth analyze "$file" \
+        --solv 0.8.19 \
+        --execution-timeout 300 \
+        --max-depth 12 \
+        > "$OUTPUT_DIR/$(basename $file .sol).txt" \
+        2>&1 || true
+    
+    # Check for high-severity issues
+    if [ -f "$OUTPUT_DIR/$(basename $file .sol).json" ]; then
+        SEVERITY=$(jq -r '.issues[]?.severity' "$OUTPUT_DIR/$(basename $file .sol).json" 2>/dev/null | grep -c "High" || echo "0")
+        if [ "$SEVERITY" -gt 0 ]; then
+            HIGH_SEVERITY_COUNT=$((HIGH_SEVERITY_COUNT + SEVERITY))
+        fi
+    fi
+done
+
+if [ "$HIGH_SEVERITY_COUNT" -gt 0 ]; then
+    log_error "⚠️  Found $HIGH_SEVERITY_COUNT high-severity issues"
+    echo "Review reports in: $OUTPUT_DIR"
+    exit 1
+else
+    log_success "✓ No high-severity issues found"
+fi
+
+log_success "Mythril analysis complete"
+echo "Reports saved to: $OUTPUT_DIR"
+

scripts/security/penetration-testing.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Penetration testing script for smart contracts and infrastructure
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../lib/init.sh"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+echo "Penetration Testing Framework"
+echo "============================="
+
+echo "This script provides a framework for penetration testing."
+
+# Smart Contract Testing
+echo "1. Smart Contract Penetration Testing:"
+echo "   - Use tools like Mythril, Slither, or Echidna"
+echo "   - Test for common vulnerabilities:"
+echo "     * Reentrancy attacks"
+echo "     * Integer overflow/underflow"
+echo "     * Access control issues"
+echo "     * Logic errors"
+
+# Infrastructure Testing
+echo "2. Infrastructure Penetration Testing:"
+echo "   - Network security testing"
+echo "   - Kubernetes security assessment"
+echo "   - API endpoint testing"
+echo "   - Authentication/authorization testing"
+
+# Example commands
+echo "Example commands:"
+echo "# Run Mythril analysis"
+echo "mythril analyze contracts/oracle/Aggregator.sol"
+echo "# Run Slither analysis"
+echo "slither contracts/"
+echo "# Run Echidna fuzzing"
+echo "echidna-test contracts/oracle/Aggregator.sol"
+echo "# Network penetration testing"
+echo "nmap -sS <target-ip>"
+echo "nikto -h <target-url>"
+
+echo "For comprehensive penetration testing, consider:"
+echo "  - Engaging professional security firms"
+echo "  - Using automated security scanning tools"
+echo "  - Conducting regular security audits"
+

scripts/security/slither-scan.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Slither static analysis for Solidity contracts
+# This script runs Slither on all Solidity contracts in the project
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../lib/init.sh"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+CONTRACTS_DIR="$PROJECT_ROOT/contracts"
+OUTPUT_DIR="$PROJECT_ROOT/reports/slither"
+
+
+log_success "Running Slither static analysis..."
+
+# Check if Slither is installed
+if ! command -v slither &> /dev/null; then
+    log_warn "Slither not found. Installing..."
+    pip install slither-analyzer
+fi
+
+# Create output directory
+mkdir -p "$OUTPUT_DIR"
+
+# Run Slither on contracts
+log_warn "Analyzing contracts in $CONTRACTS_DIR..."
+
+cd "$PROJECT_ROOT"
+
+# Run Slither with JSON output
+slither . \
+    --json "$OUTPUT_DIR/slither-report.json" \
+    --exclude-dependencies \
+    --filter-paths "node_modules,lib" \
+    || true
+
+# Run Slither with human-readable output
+slither . \
+    --exclude-dependencies \
+    --filter-paths "node_modules,lib" \
+    > "$OUTPUT_DIR/slither-report.txt" \
+    || true
+
+# Check for high-severity issues
+if [ -f "$OUTPUT_DIR/slither-report.json" ]; then
+    HIGH_SEVERITY=$(jq '[.results.detectors[] | select(.impact == "High")] | length' "$OUTPUT_DIR/slither-report.json" 2>/dev/null || echo "0")
+    
+    if [ "$HIGH_SEVERITY" -gt 0 ]; then
+        log_error "⚠️  Found $HIGH_SEVERITY high-severity issues"
+        echo "Review report: $OUTPUT_DIR/slither-report.json"
+        exit 1
+    else
+        log_success "✓ No high-severity issues found"
+    fi
+fi
+
+log_success "Slither analysis complete"
+echo "Reports saved to: $OUTPUT_DIR"
+

scripts/security/verify-resource-limits.sh

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Verify all containers have resource limits
+# This script checks all Kubernetes manifests for resource limits
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../lib/init.sh"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+
+log_success "Verifying resource limits in all Kubernetes manifests..."
+
+ERRORS=0
+WARNINGS=0
+
+# Find all YAML files
+YAML_FILES=$(find "$PROJECT_ROOT/k8s" "$PROJECT_ROOT/helm" "$PROJECT_ROOT/monitoring/k8s" -name "*.yaml" -o -name "*.yml" 2>/dev/null)
+
+for file in $YAML_FILES; do
+    # Skip if file doesn't exist or is not a regular file
+    [ ! -f "$file" ] && continue
+    
+    # Check if file contains containers
+    if grep -q "containers:" "$file" || grep -q "initContainers:" "$file"; then
+        # Extract container names
+        CONTAINERS=$(grep -A 5 "containers:" "$file" | grep "name:" | awk '{print $2}' | tr -d '"' || true)
+        INIT_CONTAINERS=$(grep -A 5 "initContainers:" "$file" | grep "name:" | awk '{print $2}' | tr -d '"' || true)
+        
+        ALL_CONTAINERS="$CONTAINERS $INIT_CONTAINERS"
+        
+        for container in $ALL_CONTAINERS; do
+            if [ -z "$container" ]; then
+                continue
+            fi
+            
+            # Check if container has resources section
+            if ! grep -A 20 "name:.*$container" "$file" | grep -q "resources:"; then
+                log_error "✗ $file: Container '$container' missing resources"
+                ERRORS=$((ERRORS + 1))
+            else
+                # Check for limits
+                if ! grep -A 20 "name:.*$container" "$file" | grep -A 10 "resources:" | grep -q "limits:"; then
+                    log_warn "⚠ $file: Container '$container' missing limits"
+                    WARNINGS=$((WARNINGS + 1))
+                else
+                    # Check for requests
+                    if ! grep -A 20 "name:.*$container" "$file" | grep -A 10 "resources:" | grep -q "requests:"; then
+                        log_warn "⚠ $file: Container '$container' missing requests"
+                        WARNINGS=$((WARNINGS + 1))
+                    else
+                        log_success "✓ $file: Container '$container' has resources"
+                    fi
+                fi
+            fi
+        done
+    fi
+done
+
+log_success "Verification complete"
+echo -e "Errors: $ERRORS"
+echo -e "Warnings: $WARNINGS"
+
+if [ $ERRORS -gt 0 ]; then
+    log_error "Some containers are missing resource limits!"
+    exit 1
+fi
+
+if [ $WARNINGS -gt 0 ]; then
+    log_warn "Some containers are missing resource requests"
+    exit 0
+fi
+
+log_success "All containers have proper resource limits and requests!"
+exit 0
+