d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md

137 lines
5.1 KiB
Markdown
Raw Permalink Normal View History

chore: sync all changes to Gitea - Config, docs, scripts, and backup manifests - Submodule refs unchanged (m = modified content in submodules) Made-with: Cursor
2026-03-02 11:37:34 -08:00
# All Recommendations — High-Priority Only
**Purpose:** Filtered view of high-priority and critical items from the canonical list.
**Canonical source:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (~139 items, 20 sections).
---
## 1. Proxmox / Validated Set (High) — Items 111
| # | Recommendation | Notes |
|---|----------------|------|
| 1 | Secure .env file permissions | `chmod 600 ~/.env` |
| 2 | Secure validator key permissions | chmod 600, chown besu |
| 3 | SSH key-based authentication (disable password) | |
| 4 | Firewall rules for Proxmox API (port 8006) | Restrict to specific IPs |
| 5 | Network segmentation (VLANs) | VLAN enablement phase |
| 6 | Basic metrics collection (Prometheus, Besu 9545) | |
| 7 | Health check monitoring + alerting | |
| 8 | Automated backup script + encrypted validator keys | |
| 9 | Backup configuration files + version control | |
| 10 | Integration tests for deployment scripts | |
| 11 | Runbooks (add/remove validator, upgrade Besu, key rotation, recovery, consensus) | |
---
## 2. Code quality & scripts (High) — Items 3637
| # | Recommendation | Priority |
|---|----------------|----------|
| 36 | Script shebang: standardize on `#!/usr/bin/env bash` | Medium |
| 37 | Error handling: standardize on `set -euo pipefail` + traps | **High** |
---
## 3. Documentation (High) — Items 68, 70
| # | Recommendation | Priority |
|---|----------------|----------|
| 68 | Quick reference cards (network, VMID, commands, troubleshooting) | High |
| 70 | Configuration templates (ER605, Proxmox, Cloudflare, Besu) | High |
---
## 4. Security — Items 4852
| # | Recommendation | Priority |
|---|----------------|----------|
| 48 | Secret management audit (no hardcoded secrets, rotation, CI scanning) | High |
| 49 | Input validation in all scripts | High |
| 50 | Security scanning automation (CI, container image scanning) | High |
| 51 | Access control review (RBAC, least privilege) | Medium |
| 52 | Configuration validation (JSON/YAML schema, pre-deploy) | High |
---
## 5. Configuration, testing & DX (High) — Item 67
| # | Recommendation | Priority |
|---|----------------|----------|
| 67 | Backup & recovery review and testing | High |
---
## 6. Infrastructure & deployment (High) — Items 7981
| # | Recommendation | Notes |
|---|----------------|------|
| 79 | Besu RPC — 25062508 destroyed 2026-02-08; replaced by new VMID structure; RPC 25002505 only. See MISSING_CONTAINERS_LIST.md | Done (doc) |
| 80 | Hyperledger (Firefly, Cacti, Fabric, Indy) containers | High/Medium |
| 81 | Blockscout (5000) container | High |
---
## 7. Codebase & placeholders (Critical/High) — Items 8286
| # | Recommendation | Priority |
|---|----------------|----------|
| 82 | Security audits (VLT-024, ISO-024) | **Critical** |
| 83 | Bridge integrations (BRG-VLT, BRG-ISO) | High |
| 84 | CCIP AMB full implementation | High |
| 85 | dbis_core TypeScript/Prisma fixes (~1186 errors) | High |
| 86 | IRU remaining tasks | High |
---
## 8. RPC translator — Items 128129
| # | Recommendation | Priority |
|---|----------------|----------|
| 128 | Client-side retry logic (exponential backoff, 502) | High |
| 129 | Set up monitoring/alerting | High |
---
## 9. Orchestration portal (P0) — Item 131
| # | Recommendation | Priority |
|---|----------------|----------|
| 131 | P0: Auth, state, real-time, error handling, security headers, validation, testing, CI/CD | Must have |
---
## 10. dbis_core (Critical)
| Recommendation | Priority |
|----------------|----------|
| HSM Integration | Critical |
| Zero-Trust Authentication | Critical |
| Database Backups | Critical |
| Post-Quantum Cryptography Migration | Critical |
| Data Retention Policies | Critical |
**Source:** [dbis_core/docs/RECOMMENDATIONS.md](../../dbis_core/docs/RECOMMENDATIONS.md)
---
## 11. Operator checklist (R1R24)
Full operator actions: **[RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md)** and **[OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md)**.
| # | Action |
|---|--------|
| R1R3 | Verify contracts on Blockscout; keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated; run check-contracts-on-chain-138.sh |
| R4R7 | Use 0x971c... CCIPWETH9Bridge only; no .env/keys in repo; restrict deployer/RPC access |
| R8R11 | RPC_URL_138; GAS_PRICE on 138; phased deploy; nonce/tx stuck runbooks |
| R12R16 | Keep runbooks in sync; document addresses per chain; run verification after deploy; env per env |
| R17R20 | Monitor bridges; Blockscout up; forge test pre-deploy; NatSpec |
| R21R24 | The Order NPMplus; blocks #2#6; script progress/dry-run/validation; token-mapping.json source of truth |
---
## Where to read more
- **Full list (all priorities):** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md)
- **Operator-only checklist:** [ALL_RECOMMENDATIONS_OPERATOR_ONLY.md](ALL_RECOMMENDATIONS_OPERATOR_ONLY.md)
- **Implementation checkboxes:** [10-best-practices/IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)
Reference in New Issue Copy Permalink