2026-02-12 15:46:57 -08:00
# Detailed List: All Tasks for Full E2E Completion
**Last Updated:** 2026-02-05
**Purpose:** Single detailed checklist of every task required for all possible end-to-end completions. Use for planning, assignment, and status tracking.
**Execution order:** [FULL_PARALLEL_EXECUTION_ORDER.md ](FULL_PARALLEL_EXECUTION_ORDER.md ) — Wave 0 → 1 → 2 → 3 → Ongoing. Within each wave, run tasks in parallel where possible.
**Sources:** TODO_TASK_LIST_MASTER.md, WAVE2_WAVE3_OPERATOR_CHECKLIST.md, PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md, REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md, NEXT_STEPS_MASTER.md, ALL_IMPROVEMENTS_AND_GAPS_INDEX.md, MISSING_CONTAINERS_LIST.md.
---
## Legend
| Symbol | Meaning |
|--------|---------|
| **Op ** | Operator (run on Proxmox/LAN/host with credentials) |
| **Auto ** | Script/automation exists; run or schedule |
| **Code ** | Code/config change required |
| **Doc ** | Documentation or design only |
| **Def ** | Deferred (backlog or external dependency) |
---
## Blockers (for tasks that do NOT require API keys)
Tasks below do **not ** depend on obtaining API keys (Li.Fi, CoinGecko, etc.). Their blockers are environment or credentials only. **If a task is not listed here, it has no blocker ** for automated/dry-run execution from this environment.
| Blocker | Affected tasks | How to clear |
|---------|----------------|--------------|
| **LAN required ** | W0-1 (NPMplus RPC fix), W0-3 (NPMplus backup — also needs NPM_PASSWORD) | Run from host on same network as NPMplus (192.168.11.x). |
| **PRIVATE_KEY + LINK approved ** | W0-2 (sendCrossChain real) | Set in .env; omit `--dry-run` from run-send-cross-chain.sh. |
| **NPM_PASSWORD + NPMplus up ** | W0-3, W1-8 (backup run) | Set NPM_PASSWORD in .env; ensure NPMplus container is running. |
| **Proxmox host (root / pct) ** | W1-1 apply, W1-2 apply, W1-19 (secure-validator-keys), W2-* (all), W3-* (all), CT-1a restore | Run scripts on Proxmox node or via SSH from LAN. |
| **Crontab (user) ** | W1-8 cron install (schedule-npmplus-backup-cron --install, schedule-daily-weekly-cron --install) | Run --install on host where cron should live. |
| **Deferred / backlog ** | W1-3, W1-4, W1-14 (dbis_core TS), W1-15–
**No blocker (can run from anywhere):** All validation commands (run-all-validation, validate-config-files, run-full-verification steps 0– –
**Unblocked run (2026-02-05, full parallel):** check-dependencies, validate-config-files, run-wave0-from-lan --dry-run, schedule-npmplus-backup-cron --show, schedule-daily-weekly-cron --show, phase4-sovereign-tenants --show-steps, run-shellcheck --optional, daily-weekly-checks daily, run-all-validation (with and without --skip-genesis), validate-genesis (smom-dbis-138), verify-end-to-end-routing (25 DNS pass, 14 HTTPS pass, 6 RPC fail until W0-1 from LAN) — all completed. run-full-verification: steps 0–
---
## Part 1 — Critical & Gate Tasks (Do First)
### 1.1 CT 2301 (besu-rpc-private-1)
| ID | Task | Type | Command / reference |
|----|------|------|---------------------|
| CT-1a | Restore from backup (if exists) | Op | `pct restore 2301 /path/to/backup.tar.zst --storage local-lvm` |
| CT-1b | Recreate container (Option B) | ✅ Done | `scripts/recreate-ct-2301.sh` (2026-02-04). [scripts/README.md ](../../scripts/README.md ) § CT 2301. |
### 1.2 Wave 0 — Gates (credentials / LAN)
| ID | Task | Type | Prerequisite | Command / note |
|----|------|------|--------------|----------------|
| **W0-1 ** | NPMplus RPC fix (405) | Op | Host on LAN | `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` — or `bash scripts/run-wave0-from-lan.sh` (omit `--skip-rpc-fix` ). |
2026-03-24 22:50:52 -07:00
| **W0-2 ** | sendCrossChain (real) | Op | PRIVATE_KEY, LINK approved for fee | `scripts/bridge/run-send-cross-chain.sh <amount> [recipient]` — omit `--dry-run` . Bridge: `0xcacfd227A040002e49e2e01626363071324f820a` . |
2026-02-12 15:46:57 -08:00
| **W0-3 ** | NPMplus backup | Op | NPM_PASSWORD in .env, NPMplus up | `bash scripts/verify/backup-npmplus.sh` . Or `scripts/run-wave0-from-lan.sh` (omit `--skip-backup` ). |
**Combined (W0-1 + W0-3):** `bash scripts/run-wave0-from-lan.sh` from LAN (options: `--dry-run` , `--skip-backup` , `--skip-rpc-fix` ).
---
## Part 2 — Wave 1 (Full Parallel: Security, Monitoring Config, Backup, Docs, Codebase)
### 2.1 Security (W1-1 –
| ID | Task | Type | Command / reference |
|----|------|------|---------------------|
| W1-1 | SSH key-based auth; disable password | Op | `scripts/security/setup-ssh-key-auth.sh [--dry-run|--apply]` . Deploy keys first; test before disabling password. [OPERATIONAL_RUNBOOKS.md ](../03-deployment/OPERATIONAL_RUNBOOKS.md ) § Access Control. |
| W1-2 | Firewall: restrict Proxmox API 8006 | Op | `scripts/security/firewall-proxmox-8006.sh [--dry-run|--apply] [CIDR]` . Restrict to admin IPs. |
| W1-3 | smom: Security audits VLT-024, ISO-024 | Def | smom backlog. |
| W1-4 | smom: Bridge integrations BRG-VLT, BRG-ISO | Def | smom backlog. |
### 2.2 Monitoring config (W1-5 –
| ID | Task | Type | Command / reference |
|----|------|------|---------------------|
| W1-5 | Prometheus scrape (Besu 9545); alert rules | Auto/Doc | `scripts/monitoring/prometheus-besu-config.yml` , `smom-dbis-138/monitoring/prometheus/` . export-prometheus-targets.sh. |
| W1-6 | Grafana dashboards; Alertmanager config | Doc | smom-dbis-138/monitoring/grafana/, alertmanager/alertmanager.yml. |
| W1-7 | Loki/Alertmanager config (no deploy) | Doc | smom-dbis-138/monitoring/loki/, alertmanager/. |
### 2.3 Backup (W1-8)
| ID | Task | Type | Command / reference |
|----|------|------|---------------------|
| W1-8 | Automated backup; NPMplus backup cron; daily/weekly cron | Op/Auto | `scripts/verify/backup-npmplus.sh` when NPMplus up. **Cron: ** `scripts/maintenance/schedule-npmplus-backup-cron.sh [--install|--show]` (daily 03:00). `scripts/maintenance/schedule-daily-weekly-cron.sh [--install|--show]` (daily 08:00, weekly Sun 09:00). `scripts/backup/automated-backup.sh [--with-npmplus]` . |
### 2.4 Phase 1 optional (W1-9 –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-9 | VLAN enablement: UDM Pro VLAN config; Proxmox VLAN-aware bridge design | Doc | NETWORK_ARCHITECTURE.md §3–
| W1-10 | VLAN migration plan (per-service table) | Doc | UDM_PRO_VLAN_MIGRATION_PLAN.md, MISSING_CONTAINERS_LIST.md. |
### 2.5 Documentation (W1-11 –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-11 | Doc consolidation; archive old status | Auto/Doc | ARCHIVE_CANDIDATES.md; move agreed items. |
| W1-12 | Quick reference cards; decision trees; config templates | Doc | QUICK_REFERENCE_CARDS.md, CONFIGURATION_DECISION_TREE, 04-configuration README. |
| W1-13 | Final IP assignments; connectivity matrix; runbooks | Doc | NETWORK_ARCHITECTURE.md §7, OPERATIONAL_RUNBOOKS.md, MISSING_CONTAINERS_LIST. |
### 2.6 Codebase (W1-14 –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-14 | dbis_core: TypeScript/Prisma fixes | Code | ~1186 TS errors; parallelize by module/file. |
| W1-15 | smom: EnhancedSwapRouter quoter; AlltraAdapter fee | Code/Def | PLACEHOLDERS_AND_TBD.md; setBridgeFee done. |
| W1-16 | smom: IRU remaining tasks | Code/Def | Per smom backlog. |
| W1-17 | Placeholders: canonical addresses env-only; AlltraAdapter fee; smart accounts kit; quote service Fabric 999; .bak deprecation | Code | REQUIRED_FIXES_UPDATES_GAPS.md; PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md §1. |
### 2.7 Quick wins & implementation checklist (W1-18 –
| ID | Task | Type | Command / reference |
|----|------|------|---------------------|
| W1-18 | Progress indicators; config validation in CI | ✅ Done | run-full-verification.sh Step 0; validate-config-files.sh. |
| W1-19 | Secure validator key permissions (chmod 600, chown besu) | Op | On Proxmox host as root: `scripts/secure-validator-keys.sh [--dry-run]` (VMIDs 1000–
| W1-20 | Secret audit; input validation; security scanning (shellcheck) | Auto | `scripts/verify/run-shellcheck.sh [--optional]` or `run-shellcheck-docker.sh` . Install shellcheck when available. |
| W1-21 | Config validation (JSON/YAML); env standardization | Doc/Auto | validate-config-files.sh; ENV_STANDARDIZATION docs. |
### 2.8 MetaMask / explorer optional (W1-22 –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-22 | Token-aggregation hardening; CoinGecko submission | Code | COINGECKO_SUBMISSION.md. |
| W1-23 | Chain 138 Snap: market data UI; swap quotes; bridge routes; testing & distribution | Code | metamask-integration. |
| W1-24 | Explorer: dark mode, network selector, sync indicator | Code | explorer-monorepo. |
| W1-25 | Paymaster deploy (optional) | Op | `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` from smom-dbis-138. SMART_ACCOUNTS_DEPLOYMENT_NOTE. |
| W1-26 | API keys: Li.Fi, Jumper, 1inch (obtain and set in .env) | Op | reports/API_KEYS_REQUIRED.md; .env.example placeholders exist. |
### 2.9 Improvements index 1– –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-27 | ALL_IMPROVEMENTS 1–
| W1-28 | ALL_IMPROVEMENTS 12–
| W1-29 | ALL_IMPROVEMENTS 21–
| W1-30 | ALL_IMPROVEMENTS 31–
### 2.10 Improvements index 36– –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-31 | Script shebang; set -euo; shellcheck | Auto | Many scripts updated; run-shellcheck when installed. |
| W1-32 – –
### 2.11 Improvements index 68– –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-35 | Quick ref, decision trees, config templates (68–
| W1-36 | Phase 1– –
| W1-37 – – –
### 2.12 Improvements index 92– –
| ID | Task | Type | Reference |
|----|------|------|-----------|
| W1-39 | MetaMask/explorer (92–
| W1-40 | Tezos/Etherlink/CCIP (106–
| W1-41 | Besu/blockchain (122–
| W1-42 | RPC translator (127–
| W1-43 | Orchestration portal (131–
| W1-44 | Maintenance procedures (135–
---
## Part 3 — Wave 2 (Infra / Deploy; Parallel by Host or Component)
| ID | Task | Type | Parallelize by | Command / reference |
|----|------|------|----------------|---------------------|
| **W2-1 ** | Deploy monitoring stack (Prometheus, Grafana, Loki, Alertmanager) | Op | By component | smom-dbis-138/monitoring/; scripts/monitoring/. phase2-observability.sh (config exists). |
| **W2-2 ** | Grafana via Cloudflare Access; alerts configured | Op | After W2-1 | Alertmanager routes; Cloudflare Access. |
| **W2-3 ** | VLAN enablement: UDM Pro VLAN config; Proxmox bridge; migrate services | Op | By VLAN/host | NETWORK_ARCHITECTURE.md §3–
| **W2-4 ** | Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN script expansion | Op | Ops first, then NAT, then scripts | `scripts/ccip/ccip-deploy-checklist.sh` . [CCIP_DEPLOYMENT_SPEC.md ](../07-ccip/CCIP_DEPLOYMENT_SPEC.md ). |
| **W2-5 ** | Phase 4: Sovereign tenant VLANs; isolation; access control | Op | By tenant/VLAN | `scripts/deployment/phase4-sovereign-tenants.sh [--show-steps|--dry-run]` . OPERATIONAL_RUNBOOKS § Phase 4; UDM_PRO_FIREWALL_MANUAL_CONFIGURATION. |
| **W2-6 ** | Missing containers: 2506, 2507, 2508 only | Op | By VMID/host | [MISSING_CONTAINERS_LIST.md ](../03-deployment/MISSING_CONTAINERS_LIST.md ). Create besu-rpc-luis, besu-rpc-putu (x2) per spec. |
| **W2-7 ** | DBIS services (10100–
| **W2-8 ** | NPMplus HA (Keepalived, 10234) | Op | Optional | NPMPLUS_HA_SETUP_GUIDE.md. |
---
## Part 4 — Wave 3 (After Wave 2)
| ID | Task | Type | Depends on | Command / reference |
|----|------|------|------------|---------------------|
| **W3-1 ** | CCIP Fleet: 16 commit (5410-5425), 16 execute (5440-5455), 7 RMN (5470-5476) | Op | W2-4 (Ops/Admin, NAT) | CCIP_DEPLOYMENT_SPEC.md. |
| **W3-2 ** | Phase 4 tenant isolation enforcement; access control | Op | W2-3 / W2-5 | Firewall rules; ACLs; deny east-west. |
---
## Part 5 — Ongoing (No Wave)
| ID | Task | Type | Frequency | Command / reference |
|----|------|------|-----------|---------------------|
| **O-1 ** | Monitor explorer sync | Auto | Daily | `scripts/maintenance/daily-weekly-checks.sh daily` . Cron: schedule-daily-weekly-cron.sh --install. |
| **O-2 ** | Monitor RPC 2201 | Auto | Daily | Same script. |
| **O-3 ** | Config API uptime | Auto | Weekly | `scripts/maintenance/daily-weekly-checks.sh weekly` . |
| O-4 | Review explorer logs | Op | Weekly | Runbook: OPERATIONAL_RUNBOOKS § Maintenance [138]. |
| O-5 | Update token list | Op | As needed | token-list.json / explorer config; runbook [139]. |
---
## Part 6 — Placeholders & Code Completions (for E2E)
### 6.1 smom-dbis-138
| Item | Location | Action |
|------|----------|--------|
| Canonical addresses env-only | token-aggregation canonical-tokens.ts | Document required env or add fallback (config/DB). |
| AlltraAdapter fee | AlltraAdapter.sol | Set actual ALL Mainnet fee via setBridgeFee after verification. |
| Smart accounts kit | DeploySmartAccountsKit.s.sol | Deploy EntryPoint, AccountFactory, Paymaster; set in .env. |
| Quote service Fabric | quote-service.ts | Set FABRIC_CHAIN_ID or keep 999 until Fabric integrated. |
| EnhancedSwapRouter / DODOPMMProvider | EnhancedSwapRouter.sol, DODOPMMProvider.sol | Replace placeholder fee/size logic when oracle/pool ready. |
| WETH bridges mainnet receiver | DeployWETHBridges.s.sol | Set MAINNET_WETH9_BRIDGE_ADDRESS, MAINNET_WETH10_BRIDGE_ADDRESS in env. |
| .bak restoration/deprecation | Various | BAK_FILES_DEPRECATION.md. |
### 6.2 dbis_core
| Item | Action |
|------|--------|
| Prometheus/Redis/PagerDuty/AS4 | Wire when monitoring stack deployed; implement Redis client, PagerDuty API. |
| TypeScript errors | Fix ~1186 TS errors by module (deferred). |
### 6.3 the-order (legal-documents)
| Item | Action |
|------|--------|
| E-signature | Integrate DocuSign/Adobe Sign; set E_SIGNATURE_BASE_URL. |
| Court e-filing | Integrate court e-filing system; E_FILING_ENABLED. |
| Document security/export | PDF watermarking, redaction, export (pdfkit/docx). |
| Security routes | Implement watermarking/redaction handlers. |
### 6.4 OMNIS
| Item | Action |
|------|--------|
| Sankofa Phoenix SDK | Integrate when available for post-Azure parity. |
### 6.5 multi-chain-execution / Tezos
| Item | Action |
|------|--------|
| TezosRelayService | Add native Tezos mint/transfer relay when implemented. |
---
## Part 7 — API Keys & Secrets (Obtain and Set)
**Full list:** [reports/API_KEYS_REQUIRED.md ](../../reports/API_KEYS_REQUIRED.md ). All variable names are in .env.example; obtain values and set in .env.
| Category | Variables | Where used |
|----------|-----------|------------|
| Cross-chain/DeFi | LIFI_API_KEY, JUMPER_API_KEY, ONEINCH_API_KEY | alltra-lifi-settlement, chain138-quote.service |
| Fiat ramp | MOONPAY_*, RAMP_NETWORK_API_KEY, ONRAMPER_API_KEY | metamask-integration/ramps |
| E-signature | E_SIGNATURE_BASE_URL + provider API key | the-order/legal-documents |
| Alerts | SLACK_WEBHOOK_URL, PAGERDUTY_INTEGRATION_KEY, EMAIL_ALERT_* | dbis_core alert.service |
| Explorers/price | ETHERSCAN_API_KEY, COINGECKO_API_KEY, COINMARKETCAP_API_KEY | Verification, token-aggregation |
| OTC | CRYPTO_COM_API_KEY, CRYPTO_COM_API_SECRET | dbis_core |
| Bridge (optional) | LayerZero, Wormhole | When integrating |
---
## Part 8 — Phases Summary (Infrastructure)
| Phase | Required | Tasks |
|-------|----------|-------|
| **Phase 1 ** | Optional | UDM Pro VLAN config; VLAN-aware bridge Proxmox; migrate services to VLANs. |
| **Phase 2 ** | Required | Deploy Prometheus, Grafana, Loki, Alertmanager; Grafana via Cloudflare Access; configure alerts. |
| **Phase 3 ** | Required | CCIP Ops/Admin (5400-5401); 16 commit, 16 execute, 7 RMN; NAT pools. |
| **Phase 4 ** | Required | Sovereign VLANs 200–
---
## Part 9 — Validation & Verification Commands
| Check | Command |
|-------|---------|
| All validation (CI) | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` |
| Full verification (6 steps) | `bash scripts/verify/run-full-verification.sh` |
| E2E routing only | `bash scripts/verify/verify-end-to-end-routing.sh` |
| Config files | `bash scripts/validation/validate-config-files.sh` |
| Genesis (smom-dbis-138) | `bash smom-dbis-138/scripts/validation/validate-genesis.sh` |
| Wave 0 from LAN | `bash scripts/run-wave0-from-lan.sh [--dry-run] [--skip-backup] [--skip-rpc-fix]` |
| NPMplus backup cron | `bash scripts/maintenance/schedule-npmplus-backup-cron.sh [--install|--show]` |
| Daily/weekly cron | `bash scripts/maintenance/schedule-daily-weekly-cron.sh [--install|--show]` |
---
## Part 10 — Reference Documents
| Doc | Purpose |
|-----|---------|
| [FULL_PARALLEL_EXECUTION_ORDER.md ](FULL_PARALLEL_EXECUTION_ORDER.md ) | Wave order; run in parallel within each wave. |
| [WAVE2_WAVE3_OPERATOR_CHECKLIST.md ](WAVE2_WAVE3_OPERATOR_CHECKLIST.md ) | Operator checklist for W0, W2, W3, Ongoing. |
| [TODO_TASK_LIST_MASTER.md ](TODO_TASK_LIST_MASTER.md ) | Consolidated TODO with validation commands. |
| [PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md ](PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md ) | Placeholders and required additions. |
| [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md ](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md ) | Items 1–
| [MISSING_CONTAINERS_LIST.md ](../03-deployment/MISSING_CONTAINERS_LIST.md ) | Canonical missing VMIDs: 2506, 2507, 2508. |
| [OPERATIONAL_RUNBOOKS.md ](../03-deployment/OPERATIONAL_RUNBOOKS.md ) | Procedures and maintenance. |
| [CCIP_DEPLOYMENT_SPEC.md ](../07-ccip/CCIP_DEPLOYMENT_SPEC.md ) | Phase 3 CCIP fleet. |
| [reports/API_KEYS_REQUIRED.md ](../../reports/API_KEYS_REQUIRED.md ) | API keys and sign-up URLs. |
---
**Completion rule:** All tasks in Parts 1–
**Detailed steps for each remaining task:** [REMAINING_WORK_DETAILED_STEPS.md ](REMAINING_WORK_DETAILED_STEPS.md ) — step-by-step instructions for W0, W1, W2, W3, Ongoing, cron installs, CT-1a, API keys, and placeholders.
