diff --git a/.env.master.example b/.env.master.example index 6dfdb5ad..101e07fc 100644 --- a/.env.master.example +++ b/.env.master.example @@ -96,13 +96,16 @@ NPM_URL_MIFOS= # In info-defi-oracle-138/.env.local (not this file): VITE_TOKEN_AGGREGATION_API_BASE=https://explorer.d-bis.org/token-aggregation # --- mev.defi-oracle.io (MEV Control GUI on nginx LXC 2410 by default) --- -# MEV_ADMIN_API_HOST=192.168.11.11 # LAN host reachable from CT; mev-admin-api listen address +# MEV_ADMIN_API_HOST=192.168.11.223 # Dedicated backend CT 2421; LAN host reachable from CT # MEV_ADMIN_API_PORT=9090 # MEV_DEFI_ORACLE_WEB_VMID=2410 # MEV_DEFI_ORACLE_UPSTREAM_IP= # NPM: forward_host override (default IP_INFO_DEFI_ORACLE_WEB) # MEV_DEFI_ORACLE_UPSTREAM_PORT=80 # MEV_DEFI_ORACLE_EDGE_MODE=auto # Cloudflare DNS script (same as info: auto|tunnel|public_ip) # MEV_DEFI_ORACLE_PUBLIC_IP= # A-record mode WAN IP if not using tunnel +# Backend CT runtime env lives in config/mev-platform/mev-platform-backend-ct.env.example +# and must include: +# MEV_SUPERVISOR_URL=http://127.0.0.1:9091 # --- Keycloak Admin API (optional) --- # For scripts/deployment/keycloak-sankofa-ensure-client-redirects.sh — merge portal/admin redirect URIs. @@ -425,6 +428,7 @@ CW_CANONICAL_USDT= CW_CANONICAL_USDC= CW_USDT_RESERVE_ASSET= CW_USDC_RESERVE_ASSET= +CW_MAX_OUTSTANDING_BTC_MAINNET=2100000000000000 CW_MAX_OUTSTANDING_USDT_MAINNET=10000000000000 CW_MAX_OUTSTANDING_USDC_MAINNET=10000000000000 CW_MAX_OUTSTANDING_USDT_CRONOS= diff --git a/config/ip-addresses.conf b/config/ip-addresses.conf index 46785053..c5e648d4 100644 --- a/config/ip-addresses.conf +++ b/config/ip-addresses.conf @@ -177,9 +177,9 @@ IP_DBIS_API_2="192.168.11.156" # d-bis.org public apex — Gov Portals DBIS on VMID 7804 (same as dbis.xom-dev :3001); override when production host is pinned IP_DBIS_PUBLIC_APEX="${IP_DBIS_PUBLIC_APEX:-192.168.11.54}" DBIS_PUBLIC_APEX_PORT="${DBIS_PUBLIC_APEX_PORT:-3001}" -# core.d-bis.org — DBIS Core banking client portal; default API VM until dedicated UI (dbis_core); override in .env when UI has its own upstream -IP_DBIS_CORE_CLIENT="${IP_DBIS_CORE_CLIENT:-192.168.11.155}" -DBIS_CORE_CLIENT_PORT="${DBIS_CORE_CLIENT_PORT:-3000}" +# core.d-bis.org — DBIS Core banking client portal on the DBIS frontend host (VMID 10130) +IP_DBIS_CORE_CLIENT="${IP_DBIS_CORE_CLIENT:-192.168.11.130}" +DBIS_CORE_CLIENT_PORT="${DBIS_CORE_CLIENT_PORT:-80}" # Additional service/container IPs (for remaining script migration) IP_VALIDATOR_0="192.168.11.100" diff --git a/docs/04-configuration/GAS_NATIVE_VERIFIER_WIRING_INVENTORY_AND_REMEDIATION_PLAN.md b/docs/04-configuration/GAS_NATIVE_VERIFIER_WIRING_INVENTORY_AND_REMEDIATION_PLAN.md new file mode 100644 index 00000000..73a94b45 --- /dev/null +++ b/docs/04-configuration/GAS_NATIVE_VERIFIER_WIRING_INVENTORY_AND_REMEDIATION_PLAN.md @@ -0,0 +1,96 @@ +# Gas-Native Verifier Wiring Inventory And Remediation Plan + +This document captures the current state of the Chain 138 gas-native GRU transport lanes and the exact runtime references they still require. + +It is intentionally conservative: +- only deployed addresses evidenced in the canonical registry are treated as real +- `CW_ASSET_RESERVE_VERIFIER_DEPLOYED_CHAIN138` is informational until the live L1 bridge is explicitly attached +- gas-verifier envs remain unset until bridge wiring is confirmed + +## Current State + +Current public GRU preflight status: +- non-gas Mainnet lanes are now ready: + - `138-1-cBTC-cWBTC` + - `138-1-cUSDC-cWUSDC` + - `138-1-cUSDT-cWUSDT` +- remaining Mainnet gas blocker: + - `138-1-cETH-cWETH` + +The gas-native transport lanes are defined in [gru-transport-active.json](/home/intlc/projects/proxmox/config/gru-transport-active.json:774) with two reserve-verifier modes: +- `chain138-gas-strict-escrow` +- `chain138-gas-hybrid-cap` + +## Runtime Keys + +| Env key | Purpose | Current evidence | Current state | Safe action | +|---|---|---|---|---| +| `CW_GAS_STRICT_ESCROW_VERIFIER_CHAIN138` | active verifier for strict-escrow gas lanes such as `138-1-cETH-cWETH` | `CWAssetReserveVerifier` is deployed at `0xbf26a679586663f87f3bf3f52c79479b8aa8d854` | unset on published runtime by design | keep unset until live L1 bridge attachment is confirmed | +| `CW_GAS_HYBRID_CAP_VERIFIER_CHAIN138` | active verifier for hybrid-cap gas lanes such as `cETHL2 -> cWETHL2` | same deployed generic verifier exists | unset on published runtime by design | keep unset until live L1 bridge attachment is confirmed | +| `CW_GAS_ESCROW_VAULT_CHAIN138` | gas-family escrow vault for strict/hybrid gas lanes | no canonical deployed address published in contract reference | unset | inventory deployment artifacts; do not invent | +| `CW_GAS_TREASURY_SYSTEM` | treasury-side reserve accounting for hybrid-cap gas lanes | no canonical deployed address published in contract reference | unset | inventory deployment artifacts; do not invent | +| `CW_ASSET_RESERVE_VERIFIER_DEPLOYED_CHAIN138` | informational pointer to the deployed generic verifier | published in canonical registry | settable now | safe to publish as informational only | + +## Canonical Deployed Evidence + +Published in [CONTRACT_ADDRESSES_REFERENCE.md](/home/intlc/projects/proxmox/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md:77): + +| Contract | Address | Published status | +|---|---|---| +| `CWAssetReserveVerifier` | `0xbf26a679586663f87f3bf3f52c79479b8aa8d854` | deployed, not yet attached | +| `ReserveSystem` | `0x607e97cD626f209facfE48c1464815DDE15B5093` | deployed for stable reserve flows | +| `BridgeEscrowVault` | not published in canonical address reference for gas rollout | unknown for gas runtime purposes | +| `TreasurySystem` | not published in canonical address reference for gas rollout | unknown for gas runtime purposes | + +Gas-family canonical tokens and public mirrors are deployed and published, but runtime verifier wiring is still incomplete. + +## Why The Gas Lane Is Still Blocked + +The remaining blocker is not token publication and not `CW_MAX_OUTSTANDING_*`. + +The blocker is that the gas-family lane requires runtime verifier references that are intentionally left unset until bridge attachment is explicit: +- `CW_GAS_STRICT_ESCROW_VERIFIER_CHAIN138` +- `CW_GAS_HYBRID_CAP_VERIFIER_CHAIN138` +- `CW_GAS_ESCROW_VAULT_CHAIN138` +- `CW_GAS_TREASURY_SYSTEM` + +This is consistent with: +- [deploy-token-aggregation-for-publication.sh](/home/intlc/projects/proxmox/scripts/deploy-token-aggregation-for-publication.sh:294) +- [print-gas-runtime-env-canonical.sh](/home/intlc/projects/proxmox/scripts/verify/print-gas-runtime-env-canonical.sh:74) +- [TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md](/home/intlc/projects/proxmox/docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md:100) + +## Remediation Sequence + +1. Confirm whether the live Chain 138 L1 bridge is already attached to the deployed generic verifier `0xbf26a679586663f87f3bf3f52c79479b8aa8d854`. +2. If attached, publish: + - `CW_GAS_STRICT_ESCROW_VERIFIER_CHAIN138` + - `CW_GAS_HYBRID_CAP_VERIFIER_CHAIN138` + using the confirmed active verifier address. +3. Confirm the deployed gas escrow vault address, if one exists, and publish: + - `CW_GAS_ESCROW_VAULT_CHAIN138` +4. Confirm the deployed gas treasury accounting contract, if one exists, and publish: + - `CW_GAS_TREASURY_SYSTEM` +5. Redeploy or restart the token-aggregation runtime. +6. Re-run: + - `bash scripts/verify/check-gru-transport-preflight.sh https://explorer.d-bis.org` + - `bash scripts/verify/check-gas-rollout-deployment-matrix.sh` + +## Known Safe Defaults + +Safe to publish now: +- `CW_ASSET_RESERVE_VERIFIER_DEPLOYED_CHAIN138=0xbf26a679586663f87f3bf3f52c79479b8aa8d854` + +Not safe to auto-publish without bridge confirmation: +- `CW_GAS_STRICT_ESCROW_VERIFIER_CHAIN138` +- `CW_GAS_HYBRID_CAP_VERIFIER_CHAIN138` +- `CW_GAS_ESCROW_VAULT_CHAIN138` +- `CW_GAS_TREASURY_SYSTEM` + +## Operational Boundary + +At the moment, the gas-native blocker is a real rollout dependency, not a broken publication script: +- non-gas caps are published and working +- token-aggregation publication is healthy +- the remaining gas lane requires confirmed bridge/verifier/vault wiring + +Treat the gas-native lane as `deployment-evidenced but runtime-incomplete` until those four envs are resolved from deployed contracts or explicit rollout policy. diff --git a/docs/04-configuration/MEV_CONTROL_DEFI_ORACLE_IO_DEPLOYMENT.md b/docs/04-configuration/MEV_CONTROL_DEFI_ORACLE_IO_DEPLOYMENT.md index 901bcacb..fbf427f1 100644 --- a/docs/04-configuration/MEV_CONTROL_DEFI_ORACLE_IO_DEPLOYMENT.md +++ b/docs/04-configuration/MEV_CONTROL_DEFI_ORACLE_IO_DEPLOYMENT.md @@ -1,6 +1,6 @@ # MEV Control GUI — mev.defi-oracle.io -**Last Updated:** 2026-04-13 +**Last Updated:** 2026-04-15 **Document Version:** 1.0 **Status:** Deployment runbook @@ -17,6 +17,14 @@ This document describes how to publish the **MEV Control** web app (`MEV_Bot/mev The browser uses **same-origin** `/api` (no CORS split). Set **`MEV_ADMIN_API_HOST`** / **`MEV_ADMIN_API_PORT`** so the nginx CT can reach the backend CT where `mev-admin-api` listens. For the current recommended split topology, keep the public GUI on CT **2410** and point `/api` to a dedicated backend CT on **`r630-04`** (current production backend: **`192.168.11.223:9090`**). Do not host the MEV backend services directly on a Proxmox node unless you are intentionally breaking the portability standard. +The backend CT runtime env must also include: + +```bash +MEV_SUPERVISOR_URL=http://127.0.0.1:9091 +``` + +Without that value, `mev-admin-api` cannot proxy `/api/control/*` to `mev-supervisor`, and the worker fleet will not recover correctly after boot or restart. + ## Prerequisites 1. **info** nginx LXC exists and nginx works (VMID **2410** by default): see [INFO_DEFI_ORACLE_IO_DEPLOYMENT.md](INFO_DEFI_ORACLE_IO_DEPLOYMENT.md). @@ -76,7 +84,7 @@ If you intentionally carry **MEV** traffic on the same Cloudflare tunnel stack a |----------|--------------------------------------------|---------| | `MEV_DEFI_ORACLE_WEB_VMID` | `2410` | Target LXC | | `MEV_DEFI_ORACLE_WEB_ROOT` | `/var/www/mev.defi-oracle.io/html` | Web root | -| `MEV_ADMIN_API_HOST` | `192.168.11.11` shared default; override to the backend CT IP (recommended `192.168.11.223`) for the contained split topology | mev-admin-api bind host (from CT) | +| `MEV_ADMIN_API_HOST` | `192.168.11.223` | mev-admin-api bind host (from CT) | | `MEV_ADMIN_API_PORT` | `9090` | mev-admin-api port | | `MEV_DEFI_ORACLE_UPSTREAM_IP` | `IP_INFO_DEFI_ORACLE_WEB` | NPM forward target | | `MEV_DEFI_ORACLE_UPSTREAM_PORT` | `80` | NPM forward port | @@ -88,6 +96,8 @@ curl -fsS -H 'Host: mev.defi-oracle.io' "http://${IP_INFO_DEFI_ORACLE_WEB:-192.1 # expect: mev-gui-healthy curl -fsSI "https://mev.defi-oracle.io/" | head -5 +curl -fsS "https://mev.defi-oracle.io/api/infra" | jq . +curl -fsS "https://mev.defi-oracle.io/api/health" | jq . ``` After TLS is live, open **https://mev.defi-oracle.io/intel** for in-app framing docs; **/login** if `MEV_ADMIN_API_KEY` is enabled on the API. diff --git a/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md b/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md index e4cc409e..72c370be 100644 --- a/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md +++ b/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md @@ -1,6 +1,6 @@ # MEV Control LAN Bring-Up Checklist -**Last Updated:** 2026-04-12 +**Last Updated:** 2026-04-15 **Status:** Operator checklist for the current Proxmox / Sankofa LAN This runbook turns the current MEV Control deployment into a working LAN stack for **`https://mev.defi-oracle.io`**. @@ -9,8 +9,9 @@ It is based on the repo's current assumptions: - Public GUI static assets are served from **VMID 2410** (`192.168.11.218`) via nginx. - The GUI proxies **same-origin** `/api/*` to **`MEV_ADMIN_API_HOST:MEV_ADMIN_API_PORT`**. -- The shared repo default upstream is still **`192.168.11.11:9090`** in [config/ip-addresses.conf](../../config/ip-addresses.conf), but for this deployment we intentionally override it to a dedicated backend CT on `r630-04`. +- The repo default upstream is the dedicated backend CT on **`192.168.11.223:9090`** in [config/ip-addresses.conf](../../config/ip-addresses.conf). - The admin API expects the pipeline health ports **8080-8087** and graph API **9082** to be reachable on **localhost**. +- The backend CT runtime env must include **`MEV_SUPERVISOR_URL=http://127.0.0.1:9091`** or `/api/control/*` will return `supervisor not configured` and the worker fleet will not start after boot. Because of that localhost assumption, the cleanest contained split topology for this deployment is: @@ -166,6 +167,7 @@ Notes: - `config.dev.toml` expects **Postgres on port `5434`**, Redis on `6379`, and NATS on `4222`. - This is the easiest way to match the included `docker-compose.yml`. - If you later promote this to a dedicated Chain 138 config, update `MEV_CONFIG` in the env file and restart `mev-supervisor` and `mev-admin-api`. +- Keep **`MEV_SUPERVISOR_URL=http://127.0.0.1:9091`** in `/etc/mev-platform/backend.env`. This is functionally required, not optional, for boot-time worker recovery. ## 7. Build binaries inside the backend CT diff --git a/scripts/deploy-token-aggregation-for-publication.sh b/scripts/deploy-token-aggregation-for-publication.sh index 23572304..83c52787 100755 --- a/scripts/deploy-token-aggregation-for-publication.sh +++ b/scripts/deploy-token-aggregation-for-publication.sh @@ -115,6 +115,28 @@ try { } catch (_) { process.exit(0); } + +derive_repo_example_env_value() { + local env_key="$1" + local env_file="$REPO_ROOT/.env.master.example" + + [[ -f "$env_file" ]] || return 0 + + node - <<'NODE' "$env_file" "$env_key" +const fs = require('fs'); +const file = process.argv[2]; +const key = process.argv[3]; +try { + const line = fs + .readFileSync(file, 'utf8') + .split(/\r?\n/) + .find((entry) => entry.startsWith(`${key}=`)); + if (!line) process.exit(0); + const value = line.slice(key.length + 1).trim(); + if (value) process.stdout.write(value); +} catch (_) { + process.exit(0); +} NODE } @@ -169,6 +191,9 @@ NODE ;; CW_MAX_OUTSTANDING_*) derived_value="$(derive_gru_transport_policy_amount "$key" || true)" + if [[ -z "$derived_value" ]]; then + derived_value="$(derive_repo_example_env_value "$key" || true)" + fi value="${!key:-$derived_value}" ;; CW_GAS_OUTSTANDING_*|CW_GAS_ESCROWED_*|CW_GAS_TREASURY_BACKED_*|CW_GAS_TREASURY_CAP_*) diff --git a/scripts/deployment/push-token-aggregation-bundle-to-explorer.sh b/scripts/deployment/push-token-aggregation-bundle-to-explorer.sh index 4e832756..4b4935a7 100755 --- a/scripts/deployment/push-token-aggregation-bundle-to-explorer.sh +++ b/scripts/deployment/push-token-aggregation-bundle-to-explorer.sh @@ -19,6 +19,8 @@ set -euo pipefail BUNDLE_ROOT="${1:?Usage: $0 /path/to/token-aggregation-build}" SERVICE_SRC="$BUNDLE_ROOT/smom-dbis-138/services/token-aggregation" +CONFIG_SRC="$BUNDLE_ROOT/config" +PMM_CONFIG_SRC="$BUNDLE_ROOT/cross-chain-pmm-lps/config" EXPLORER_SSH="${EXPLORER_SSH:-root@192.168.11.140}" REMOTE_DIR="${REMOTE_DIR:-/opt/token-aggregation}" REMOTE_SERVICE="${REMOTE_SERVICE:-token-aggregation}" @@ -28,6 +30,10 @@ if [[ ! -d "$SERVICE_SRC" || ! -f "$SERVICE_SRC/dist/index.js" ]]; then echo "Expected built service at $SERVICE_SRC (run deploy-token-aggregation-for-publication.sh first)." >&2 exit 1 fi +if [[ ! -d "$CONFIG_SRC" || ! -d "$PMM_CONFIG_SRC" ]]; then + echo "Expected bundle config directories at $CONFIG_SRC and $PMM_CONFIG_SRC." >&2 + exit 1 +fi echo "Rsync $SERVICE_SRC/ → ${EXPLORER_SSH}:${REMOTE_DIR}/" rsync_args=( @@ -46,6 +52,16 @@ fi RSYNC_RSH="ssh -o BatchMode=yes" rsync "${rsync_args[@]}" \ "$SERVICE_SRC/" "${EXPLORER_SSH}:${REMOTE_DIR}/" +echo "Rsync $CONFIG_SRC/ → ${EXPLORER_SSH}:${REMOTE_DIR}/config/" +RSYNC_RSH="ssh -o BatchMode=yes" rsync -avz --delete \ + "$CONFIG_SRC/" "${EXPLORER_SSH}:${REMOTE_DIR}/config/" + +echo "Rsync $PMM_CONFIG_SRC/ → ${EXPLORER_SSH}:${REMOTE_DIR}/cross-chain-pmm-lps/config/" +ssh -o BatchMode=yes "$EXPLORER_SSH" \ + "mkdir -p '${REMOTE_DIR}/cross-chain-pmm-lps/config'" +RSYNC_RSH="ssh -o BatchMode=yes" rsync -avz --delete \ + "$PMM_CONFIG_SRC/" "${EXPLORER_SSH}:${REMOTE_DIR}/cross-chain-pmm-lps/config/" + if [[ -n "$REMOTE_SERVICE" ]]; then echo "Restart ${REMOTE_SERVICE} on ${EXPLORER_SSH}..." ssh -o BatchMode=yes "$EXPLORER_SSH" "systemctl restart '${REMOTE_SERVICE}'" || { diff --git a/scripts/deployment/run-mainnet-public-dodo-cw-swap.sh b/scripts/deployment/run-mainnet-public-dodo-cw-swap.sh index 25449de2..2e73c3da 100755 --- a/scripts/deployment/run-mainnet-public-dodo-cw-swap.sh +++ b/scripts/deployment/run-mainnet-public-dodo-cw-swap.sh @@ -380,6 +380,19 @@ if [[ -z "$tx_hash" ]]; then exit 1 fi +receipt_output="$(cast receipt "$tx_hash" --rpc-url "$RPC_URL" 2>&1 || true)" +receipt_status="$(printf '%s\n' "$receipt_output" | awk '/^status[[:space:]]/ {print $2; exit}')" +if [[ -z "$receipt_status" ]]; then + echo "[fail] could not determine transaction receipt status for $tx_hash" >&2 + printf '%s\n' "$receipt_output" >&2 + exit 1 +fi +if [[ "$receipt_status" != "1" ]]; then + echo "[fail] transaction reverted on-chain for ${tx_mode}: txHash=$tx_hash status=$receipt_status" >&2 + printf '%s\n' "$receipt_output" >&2 + exit 1 +fi + balance_in_after="$(cast call "$TOKEN_IN" 'balanceOf(address)(uint256)' "$DEPLOYER" --rpc-url "$RPC_URL" | awk '{print $1}')" balance_out_after="$(cast call "$TOKEN_OUT" 'balanceOf(address)(uint256)' "$DEPLOYER" --rpc-url "$RPC_URL" | awk '{print $1}')" amount_out_delta=$((balance_out_after - balance_out_before)) @@ -409,6 +422,7 @@ echo "minOut=$MIN_OUT" echo "tokenIn=$TOKEN_IN" echo "tokenOut=$TOKEN_OUT" echo "txHash=$tx_hash" +echo "txReceiptStatus=$receipt_status" echo "tokenInBalanceBefore=$balance_in_before" echo "tokenInBalanceAfter=$balance_in_after" echo "tokenOutBalanceBefore=$balance_out_before" diff --git a/scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh b/scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh index 2d89119e..0fe30e5f 100755 --- a/scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh +++ b/scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh @@ -157,7 +157,7 @@ PATCH_CMD+=(--apply) CT_VERIFY_CMD=$(cat </dev/null || true)" if [[ -z "$code" || "$code" == "0x" ]]; then - warn "UniversalAssetRegistry has an active GRU entry with no bytecode: $address" + if printf '%s\n' "${KNOWN_REGISTRY_ORPHANS[@]}" | grep -Fqx "$address"; then + note "UniversalAssetRegistry still contains the known orphaned GRU entry from the interrupted 2026-04-03 rollout: $address" + else + warn "UniversalAssetRegistry has an active GRU entry with no bytecode: $address" + fi fi done } @@ -220,7 +229,7 @@ if [[ "$RUN_LOCAL_TESTS" == "1" ]]; then run_local_suite ok "Local CompliantFiatTokenV2 suite passed." else - warn "Skipping local Foundry suite. Re-run with --run-local-tests or RUN_LOCAL_TESTS=1 to include it." + note "Skipping local Foundry suite. Re-run with --run-local-tests or RUN_LOCAL_TESTS=1 to include it." fi check_token "cUSDT V2" "$CUSDT_V2" "cUSDT" "USD" @@ -228,9 +237,17 @@ check_token "cUSDC V2" "$CUSDC_V2" "cUSDC" "USD" audit_registry_orphans printf '\n=== Summary ===\n' +printf 'Notes: %s\n' "${#NOTES[@]}" printf 'Warnings: %s\n' "${#WARNINGS[@]}" printf 'Blockers: %s\n' "${#BLOCKERS[@]}" +if [[ "${#NOTES[@]}" -gt 0 ]]; then + printf '\nNotes:\n' + for item in "${NOTES[@]}"; do + printf ' - %s\n' "$item" + done +fi + if [[ "${#WARNINGS[@]}" -gt 0 ]]; then printf '\nWarnings:\n' for item in "${WARNINGS[@]}"; do diff --git a/scripts/verify/check-mev-execution-readiness.sh b/scripts/verify/check-mev-execution-readiness.sh index b30fdd96..5a72ab17 100755 --- a/scripts/verify/check-mev-execution-readiness.sh +++ b/scripts/verify/check-mev-execution-readiness.sh @@ -180,6 +180,13 @@ if submit_disabled.strip().lower() in truthy: else: add_row("MEV_SUBMIT_DISABLED", str(env_path), submit_disabled or "0", "ok") +supervisor_url = os.environ.get("MEV_SUPERVISOR_URL") or env_values.get("MEV_SUPERVISOR_URL", "") +if supervisor_url: + add_row("MEV_SUPERVISOR_URL", str(env_path), supervisor_url, "ok") +else: + add_row("MEV_SUPERVISOR_URL", str(env_path), "(missing)", "missing") + issues.append("MEV_SUPERVISOR_URL is not configured") + if chain is None: add_row(f"chains.{chain_key}", str(config_path), "(missing chain section)", "missing") issues.append(f"chains.{chain_key} section is missing") diff --git a/scripts/verify/check-token-aggregation-chain138-api.sh b/scripts/verify/check-token-aggregation-chain138-api.sh index f77697d1..2c06298c 100755 --- a/scripts/verify/check-token-aggregation-chain138-api.sh +++ b/scripts/verify/check-token-aggregation-chain138-api.sh @@ -14,6 +14,12 @@ WETH10="0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f" USDT="0x004b63A7B5b0E06f6bB6adb4a5F9f590BF3182D1" USDC="0x71D6687F38b93CCad569Fa6352c876eea967201b" +ROOT_V1_CODE="000" +TOKEN_AGG_V1_CODE="000" +V2_CAPS_CODE="000" +V2_PLAN_CODE="000" +V2_INTERNAL_PLAN_CODE="000" + try_path() { local prefix="$1" local path="$2" @@ -77,12 +83,36 @@ echo "" echo "== planner-v2 checks ==" echo "" echo "-- prefix: /token-aggregation (published v2 path) --" -try_path "/token-aggregation" "/api/v2/providers/capabilities?chainId=138" +V2_CAPS_CODE=$(curl -sS -o /tmp/ta-check.json -w "%{http_code}" -m 25 \ + "${BASE_URL}/token-aggregation/api/v2/providers/capabilities?chainId=138" 2>/dev/null || echo "000") +echo " $V2_CAPS_CODE /token-aggregation/api/v2/providers/capabilities?chainId=138" +if [[ "$V2_CAPS_CODE" == "200" ]]; then + head -c 220 /tmp/ta-check.json + echo +fi if [[ -f /tmp/ta-check.json ]] && head -c 20 /tmp/ta-check.json | grep -qi '/dev/null || echo "000") +echo " $V2_PLAN_CODE POST /token-aggregation/api/v2/routes/plan" +if [[ "$V2_PLAN_CODE" == "200" || "$V2_PLAN_CODE" == "400" ]]; then + head -c 260 /tmp/ta-check.json + echo +fi +V2_INTERNAL_PLAN_CODE=$(curl -sS -o /tmp/ta-check.json -w "%{http_code}" -m 25 \ + -H "content-type: application/json" \ + -X POST \ + --data "{\"sourceChainId\":138,\"tokenIn\":\"${WETH10}\",\"tokenOut\":\"${USDT}\",\"amountIn\":\"100000000000000000\"}" \ + "${BASE_URL}/token-aggregation/api/v2/routes/internal-execution-plan" 2>/dev/null || echo "000") +echo " $V2_INTERNAL_PLAN_CODE POST /token-aggregation/api/v2/routes/internal-execution-plan" +if [[ "$V2_INTERNAL_PLAN_CODE" == "200" || "$V2_INTERNAL_PLAN_CODE" == "400" ]]; then + head -c 260 /tmp/ta-check.json + echo +fi echo "" echo "== DODO stable depth sanity ==" @@ -140,7 +170,32 @@ echo " - gas-registry 404: redeploy token-aggregation from repo (implements GET echo " - Health: curl -s http://127.0.0.1:3001/health on explorer VM (not always proxied as /health)." echo " - planner-v2 publishes under /token-aggregation/api/v2/* so it does not collide with Blockscout /api/v2/* on explorer.d-bis.org." echo " - Apex https://explorer.d-bis.org/api/v1/* returns 400 while /token-aggregation/api/v1/* works: add HTTP+HTTPS location /api/v1/ → token-aggregation (scripts/fix-explorer-http-api-v1-proxy.sh on explorer VM)." -echo " - POST /token-aggregation/api/v2/* returns 405: insert v2 proxy block (scripts/fix-explorer-token-aggregation-api-v2-proxy.sh on VMID 5000)." +echo " - If POST /token-aggregation/api/v2/* returns 405 or HTML instead of JSON, insert the v2 proxy block (scripts/fix-explorer-token-aggregation-api-v2-proxy.sh on VMID 5000)." echo " - Fresh binary + PMM env: bash scripts/deploy-token-aggregation-for-publication.sh then rsync dist/node_modules/.env to /opt/token-aggregation; systemctl restart token-aggregation (see TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md)." echo " - DODO v3 pilot routes should return provider=dodo_v3, routePlanPresent=true, and an internal-execution-plan object targeting EnhancedSwapRouterV2 when CHAIN138_ENABLE_DODO_V3_EXECUTION is live." echo " - The funded canonical cUSDC/USDC DODO pool should report non-zero route-tree depth on Chain 138; if it falls back to near-zero TVL again, check the DODO valuation path and the canonical PMM integration address." + +ROOT_V1_CODE=$(curl -sS -o /tmp/ta-root-v1.json -w "%{http_code}" -m 25 \ + "${BASE_URL}/api/v1/tokens?chainId=138&limit=1" 2>/dev/null || echo "000") +TOKEN_AGG_V1_CODE=$(curl -sS -o /tmp/ta-tokenagg-v1.json -w "%{http_code}" -m 25 \ + "${BASE_URL}/token-aggregation/api/v1/tokens?chainId=138&limit=1" 2>/dev/null || echo "000") + +echo "" +echo "== summary ==" +echo "root_v1=$ROOT_V1_CODE token_aggregation_v1=$TOKEN_AGG_V1_CODE v2_caps=$V2_CAPS_CODE v2_plan=$V2_PLAN_CODE v2_internal_plan=$V2_INTERNAL_PLAN_CODE" + +if [[ "$V2_CAPS_CODE" != "200" || "$V2_PLAN_CODE" != "200" || "$V2_INTERNAL_PLAN_CODE" != "200" ]]; then + echo "[fail] planner-v2 publication is unhealthy" >&2 + exit 1 +fi + +if [[ "$TOKEN_AGG_V1_CODE" == "502" || "$TOKEN_AGG_V1_CODE" == "000" ]]; then + echo "[fail] published /token-aggregation/api/v1 surface is unhealthy" >&2 + exit 1 +fi + +if [[ "$ROOT_V1_CODE" == "400" ]]; then + echo "[warn] apex /api/v1 remains routed to Blockscout and not token-aggregation; use /token-aggregation/api/v1 or add the dedicated apex proxy if required." >&2 +fi + +echo "[OK] token-aggregation planner-v2 is healthy; published v1 surface is reachable."