d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3f76bc950779f8c1a4403abddb952cdbce5fa420
proxmox/docs/dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md

157 lines
14 KiB
Markdown
Raw Normal View History

chore: sync all changes to Gitea - Config, docs, scripts, and backup manifests - Submodule refs unchanged (m = modified content in submodules) Made-with: Cursor
2026-03-02 11:37:34 -08:00
# DBIS Rail and Project Completion Master — Status and Full Task List v1
**Purpose:** Single reference for (1) current project and deployment status and (2) the complete list of tasks to reach audit-ready DBIS Rail and full project completion — **including all optional items**.
**Companion:** [Audit Readiness Results v1](DBIS_RAIL_AUDIT_READINESS_RESULTS_V1.md), [Deployment Order of Operations](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md), [Complete Required/Optional/Recommended Index](../00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md).
**Implementation coordination:** Align all implementations with [Implementation Coordination with Transcript 540ae663](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md). That transcript completed PMM/DEX (pools, DODOPMMProvider), 10 compliant fiat tokens on Chain 138, GRU registration for all 12 c*, UniversalAssetRegistry upgrade, cWUSDT/cWUSDC on 9 chains, and related scripts/docs. The coordination doc maps which tasks below are already done or partial.
---
## Part 1 — Current Status
### 1.1 Chain 138 deployments (existing)
| Category | Status | Notes |
|----------|--------|------|
| **Core / genesis** | Deployed | WETH9, WETH10, Multicall pre-deployed. |
| **Core contracts** | Deployed | UniversalAssetRegistry, GovernanceController, UniversalCCIPBridge, BridgeOrchestrator, CREATE2Factory, MirrorRegistry, AlltraAdapter. |
| **CCIP** | Deployed | CCIP Router, Sender, CCIPWETH9Bridge, CCIPWETH10Bridge; relay path to mainnet. |
| **Compliance and tokens** | Deployed | ComplianceRegistry, TokenFactory, DebtRegistry, PolicyManager; cUSDT, cUSDC, plus cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT (10 extra via DeployCompliantFiatTokens). c* have **owner mint** (DBIS Rail requires router-only mint). |
| **Bridges and vault** | Deployed | Bridge Vault, Lockbox138, ReserveSystem, ReserveTokenIntegration; RegulatedEntityRegistry, VaultFactory, Ledger, Liquidation, XAU Oracle. |
| **Channels** | Deployed | PaymentChannelManager, GenericStateChannelManager, AddressMapper, MirrorManager. |
| **PMM / DEX** | Deployed | DODOPMMIntegration, DODOPMMProvider; TransactionMirror; three PMM pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC). |
| **Registry** | Deployed | ChainRegistry; UniversalAssetRegistry upgraded (registerGRUCompliantAsset); all 12 c* registered as GRU via RegisterGRUCompliantTokens. |
| **Other** | Deployed | MultiSig, Oracle Aggregator/Proxy, CCIPReceiver, Voting; MerchantSettlementRegistry, WithdrawalEscrow (alltra-lifi-settlement). |
| **Not deployed** | Pending | EnhancedSwapRouter; full trustless stack (InboxETH, BondManager, etc.) on mainnet; DBIS Rail contracts (RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController). |
**Source:** [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [GALATIC_SUMMARY](../GALATIC_SUMMARY.md).
### 1.2 DBIS Rail status
| Layer | Status | Notes |
|-------|--------|------|
| **Documentation** | Complete | Spec, Rulebook, Threat Model, Regulator Brief, Audit Readiness Checklist, Results, Control Mapping. |
| **Contracts (code)** | Not implemented | No DBIS_RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController in repo. |
| **Mint path** | Gap | GRU/c* on 138 use owner mint (CompliantFiatToken, CompliantUSDT, CompliantUSDC). Rail requires router-only mint. |
| **Signer / ISO Gateway** | Documented only | Quorum (3-of-5, COMPLIANCE), EIP-712, accountingRef, isoHash defined in Spec/Rulebook; no on-chain signer registry or router. |
| **Validator layer** | Partial | QBFT documented; key segregation, multi-entity, monitoring, incident runbook to be confirmed in ops. |
### 1.3 Project-wide (nonDBIS Rail)
| Area | Status | Notes |
|------|--------|------|
| **Deployment order** | Phase 03 applicable | Prerequisites, core, TransactionMirror + PMM pools, provider + liquidity; Phase 46 optional. |
| **Verification** | Ongoing | check-contracts-on-chain-138.sh; Blockscout verify; address docs. |
| **Operator / Wave 03** | Partially done | NPMplus, backup, sendCrossChain, validation scripts; full Wave 2/3 and recommendations per index. |
| **Optional deployments** | Not done | EnhancedSwapRouter, trustless stack mainnet, CCIP other chains, cW* edge pools (Phase 45). |
| **Recommendations** | Many open | R1R24; ~139 items in ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST; optional VLAN, HA, MetaMask/explorer. |
---
## Part 2 — Full Task List (Required and Optional)
Every task below is to be completed; optional items are explicitly marked so prioritization (required first, then optional) is clear.
---
### A. DBIS Rail — Required (audit readiness)
| # | Task | Evidence / reference |
|---|------|----------------------|
| A1 | Implement and deploy DBIS Rail contracts (RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController) per [Technical Spec v1](DBIS_RAIL_TECHNICAL_SPEC_V1.md). | Spec §2.1, §6; [Audit Results](DBIS_RAIL_AUDIT_READINESS_RESULTS_V1.md) § Gap remediation. |
| A2 | Lock GRU/c* mint on Chain 138 to SettlementRouter only: revoke or remove owner mint for rail tokens; grant mint only to DBIS_GRU_MintController with Router as sole caller. | Audit Results §1; CompliantFiatToken.sol, CompliantUSDT, CompliantUSDC. |
| A3 | Add unit and integration tests: direct mint revert, EIP-712 and replay, quorum/category, pause, caps. | Audit Results §2, §5; Checklist §1, §2, §5. |
| A4 | Document signer key management (HSM or equivalent, key rotation) in operational runbook. | Audit Results §3; Checklist §3. |
| A5 | Add accountingRef test vector (and optionally isoHash) per Rulebook; document canonical bundle schema in ops. | Audit Results §4; Rulebook §3.2, §4.4. |
| A6 | Confirm validator layer: key segregation, multi-entity or separation of duties, monitoring, incident runbook. | Audit Results §6; Checklist §6. |
| A7 | Run emergency control drills after rail deployment (router pause, mint controller pause, participant suspension, signer revocation, corridor suspension); record results. | Audit Results §7; Checklist §7; Rulebook §7. |
| A8 | Schedule Threat Model review (e.g. within 12 months) and document review date. | Audit Results §8; Threat Model §6. |
| A9 | When rail contracts are deployed: confirm Spec version matches deployment; add Deployed section or changelog. | Audit Results §8; Checklist §8. |
---
### B. DBIS Rail — Optional (v1.5+ and institutional hardening)
| # | Task | Evidence / reference |
|---|------|----------------------|
| B1 | Implement signer effective-from and revoked-at block semantics (v1.5+); router rejects signatures outside effective window. | Rulebook §6.2; Threat Model §3.A. |
| B2 | Implement idempotency extension: allow resubmission of same messageId with duplicate-accepted event (or keep revert as default). | Spec §9; Rulebook. |
| B3 | Add periodic Merkle root of SettlementRecorded events for external proof exports / proof-of-reserves-style attestations. | Threat Model §3.C (recommendation); Spec. |
| B4 | Implement on-chain validator governance (rotation + emergency pause) or document operational governance and timelock path. | Spec §0, §3.2; Regulator Brief §2; Threat Model §3.E. |
| B5 | Publish DBIS Rail — Public Overview (23 page PDF) for business development and counterparties. | Prior conversation: optional, high signal. |
| B6 | Expand control mapping to full SOC 2 / ISO 27001style matrix (control ID, control objective, evidence, owner). | [Control Mapping v1](DBIS_RAIL_CONTROL_MAPPING_V1.md); Checklist. |
| B7 | Commission independent code audit of DBIS Rail contracts after deployment. | Audit Results; institutional readiness. |
---
### C. Project deployment — Required (Chain 138 and verification)
| # | Task | Evidence / reference |
|---|------|----------------------|
| C1 | Ensure Phase 0 prerequisites: RPC 2101 writable, deployer funded, .env correct, POOL_MANAGER_ROLE, no stuck txs, forge build, test all contracts before deploy. | [DEPLOYMENT_ORDER_OF_OPERATIONS](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 0. **Partial:** preflight, run-before-deploy-checks, test-all-contracts exist ([coordination](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md)). |
| C2 | Complete Phase 2 if not done: TransactionMirror, all three PMM pools, register c* as GRU; set addresses in .env. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 2. **Done** per [coordination](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md). |
| C3 | Complete Phase 3: DODOPMMProvider deploy and pool registration; token-aggregation env; optional liquidity and MCP allowlist. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 3. **Done** per [coordination](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md). |
docs: update master documentation and push to Gitea (2026-03-06) - MASTER_INDEX: Last Updated 2026-03-06; status 59/59 contracts; add NEXT_STEPS_LIST, CONTRACT_NEXT_STEPS_LIST - docs/README, NEXT_STEPS_INDEX, 06-besu/MASTER_INDEX: Last Updated 2026-03-06 - Contract check script: 59 addresses (PMM, vault/reserve, CompliantFiatTokens); canonical CCIP/router - New docs: EXECUTION_CHECKLIST, NEXT_STEPS_LIST, DOTENV_AUDIT, ADDITIONAL_PATHS, deployer gas runbook, WEMIX_ACQUISITION_TABLED, etc. - Config: deployer-gas-routes, cro-wemix-swap-routes, routing-registry, token-mapping - Scripts: check-contracts-on-chain-138, check-pmm-pool-balances-chain138, deployer-gas-auto-route, acquire-cro-and-wemix-gas - Operator rule: operator-lan-access-check.mdc Made-with: Cursor
2026-03-06 19:11:25 -08:00
| C4 | Run on-chain verification: `./scripts/verify/check-contracts-on-chain-138.sh`; target 59/59 when applicable (check-contracts-on-chain-138.sh). | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 6.1. |
chore: sync all changes to Gitea - Config, docs, scripts, and backup manifests - Submodule refs unchanged (m = modified content in submodules) Made-with: Cursor
2026-03-02 11:37:34 -08:00
| C5 | Run Blockscout verification: `./scripts/verify/run-contract-verification-with-proxy.sh`; update CONTRACT_ADDRESSES_REFERENCE and LIQUIDITY_POOLS_MASTER_MAP. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 6.26.3; R1R3. |
| C6 | Reconcile Multicall vs Oracle Aggregator at `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506` on explorer and document in CONTRACT_ADDRESSES_REFERENCE. | CONTRACT_ADDRESSES_REFERENCE note. |
---
### D. Project deployment — Optional (Phase 46 and beyond)
| # | Task | Evidence / reference |
|---|------|----------------------|
| D1 | Deploy EnhancedSwapRouter (Chain 138) when Uniswap V3 / Balancer pools exist; configure post-deploy. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.1; GALATIC_SUMMARY. |
| D2 | Deploy trustless stack (Lockbox138 + Mainnet): InboxETH, BondManager, etc.; set INBOX_ETH, BOND_MANAGER in config. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.2; OPTIONAL_DEPLOYMENTS_START_HERE. |
| D3 | CCIP other chains (Gnosis, Celo, Wemix): deploy WETH bridges per chain; add 138↔chain; fund LINK. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.3. |
| D4 | LINK on Mainnet relay: add LINK support per relay runbook. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.4. |
| D5 | Phase 5 — cW* edge pools: per-chain RPC/env; deploy or bridge cW* tokens; create and fund PMM pools per pool-matrix (11 public chains). | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 5. **Partial:** cWUSDT/cWUSDC deployed on 9 chains; mapping and runbook in place ([coordination](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md)). |
| D6 | Execute full recommendations R1R24 and update address docs, runbooks, monitoring, testing, token mapping. | [RECOMMENDATIONS_OPERATOR_CHECKLIST](../00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md); Phase 6.4. |
| D7 | Optional: run full recommendations list (~139 items) per ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST; OPERATOR_READY_CHECKLIST for copy-paste commands. | [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST](../00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md); Phase 6.5. |
---
### E. Project operational — Optional (Wave 03 and infra)
| # | Task | Evidence / reference |
|---|------|----------------------|
| E1 | Wave 0: NPMplus RPC fix (405), sendCrossChain (real), NPMplus backup when LAN/creds available. | [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX](../00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md); run-wave0-from-lan.sh. |
| E2 | Wave 1: Run validation (run-all-validation.sh, validate-config-files.sh); complete "Can Be Accomplished Now" steps. | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX; REMAINING_WORK_DETAILED_STEPS. |
| E3 | Wave 2 / Wave 3: Operator checklist (Proxmox, CCIP, Blockscout, maintenance, liquidity). | [WAVE2_WAVE3_OPERATOR_CHECKLIST](../00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md). |
| E4 | Optional infrastructure: Phase 1 VLAN; NPMplus HA; optional containers. | OPTIONAL_RECOMMENDATIONS_INDEX; NPMPLUS_HA_SETUP_GUIDE. |
| E5 | Optional docs/tooling: documentation consolidation; Paymaster deploy when ready. | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX. |
| E6 | Optional MetaMask/explorer: token-aggregation, CoinGecko submission, Snap features, explorer enhancements. | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX; COINGECKO_SUBMISSION. |
| E7 | Still-not-done execution: operator/LAN, dbis_core TS (deferred), security-audit, external (Ledger, CoinGecko), maintenance. | [STILL_NOT_DONE_EXECUTION_CHECKLIST](../00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md). |
| E8 | Schedule and install daily/weekly cron for maintenance (schedule-daily-weekly-cron.sh --install). | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX. |
---
### F. Identity and chain metadata — Optional
| # | Task | Evidence / reference |
|---|------|----------------------|
| F1 | Update chain metadata so "DBIS Mainnet (Chain 138)" is the authoritative public identity (e.g. eip155-138.json, ChainList, explorer branding, token list name). | Regulator Brief; prior DBIS identity discussion. |
| F2 | Publish Regulator Brief (or Public Overview) as standalone PDF for examiners and counterparties. | Regulator Brief v1; optional Public Overview. |
---
## Part 3 — Suggested execution order
1. **DBIS Rail required (A1A9):** Unblocks audit readiness; A1A2 are prerequisites for A3, A7.
2. **Project deployment required (C1C6):** Ensures Chain 138 and verification are current.
3. **DBIS Rail optional (B1B7):** v1.5+ and institutional hardening as capacity allows.
4. **Project deployment optional (D1D7):** Phase 46 and full recommendations.
5. **Project operational optional (E1E8):** Wave 03, infra, MetaMask/explorer, still-not-done.
6. **Identity optional (F1F2):** Chain naming and PDF publication.
---
## Document control
| Field | Value |
|-------|--------|
| Title | DBIS Rail and Project Completion Master — Status and Full Task List v1 |
| Version | 1 |
| Status | Active |
Reference in New Issue Copy Permalink