d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: sync docs, config schemas, scripts, and meta task alignment

Browse Source 
- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON
- Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path)
- Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README
- Meta docs, integration gaps, live verification log, architecture updates
- CI validate-config workflow updates

Operator/LAN items, submodule working trees, and public token-aggregation edge
routes remain follow-up (see TODOS_CONSOLIDATED P1).

Made-with: Cursor
This commit is contained in:
defiQUG
2026-03-31 22:31:39 -07:00
parent 00880304d4
commit 7ac74f432b
948 changed files with 47476 additions and 490 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
.github/workflows/validate-config.yml vendored
View File

@@ -6,19 +6,37 @@ on:
paths:
- 'config/**'
- 'scripts/validation/**'
- 'scripts/jvmtm/**'
- 'scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh'
- 'scripts/verify/sync-blockscout-address-labels-from-registry.sh'
- 'scripts/verify/run-all-validation.sh'
- 'scripts/run-completable-tasks-from-anywhere.sh'
- '.github/workflows/validate-config.yml'
- 'token-lists/**'
- 'explorer-monorepo/backend/api/rest/config/metamask/**'
- 'docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md'
- 'docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md'
- 'config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md'
- 'docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md'
- 'docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md'
push:
branches: [master]
branches: [master, main]
paths:
- 'config/**'
- 'scripts/validation/**'
- 'scripts/jvmtm/**'
- 'scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh'
- 'scripts/verify/sync-blockscout-address-labels-from-registry.sh'
- 'scripts/verify/run-all-validation.sh'
- 'scripts/run-completable-tasks-from-anywhere.sh'
- '.github/workflows/validate-config.yml'
- 'token-lists/**'
- 'explorer-monorepo/backend/api/rest/config/metamask/**'
- 'docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md'
- 'docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md'
- 'config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md'
- 'docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md'
- 'docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md'
jobs:
validate:
@@ -31,6 +49,21 @@ jobs:
- name: Config validation
run: bash scripts/validation/validate-config-files.sh
- name: DBIS institutional JSON Schemas
run: |
python3 -m pip install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh
- name: JVMTM regulatory closure JSON Schemas
run: |
python3 -m pip install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh
- name: Reserve provenance package (3FR attestation JSON)
run: |
python3 -m pip install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh
- name: Completable tasks (dry-run)
run: bash scripts/run-completable-tasks-from-anywhere.sh --dry-run

17
AGENTS.md
View File

@@ -11,27 +11,38 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
| Need | Location |
|------|-----------|
| Doc index | `docs/MASTER_INDEX.md` |
| Chain 138 info site (`info.defi-oracle.io`) | `info-defi-oracle-138/``pnpm --filter info-defi-oracle-138 build`; deploy `dist/`; runbook `docs/04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md` |
| cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (section 5.1) |
| PMM mesh 6s tick | `smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh``docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation) |
| VMID / IP / FQDN | `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md` |
| Proxmox Mail Proxy (LAN SMTP) | VMID **100** `192.168.11.32` (`proxmox-mail-gateway`) — submission **587** / **465**; see Mail Proxy note in `ALL_VMIDS_ENDPOINTS.md` |
| Ops template + JSON | `docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md`, `config/proxmox-operational-template.json` |
| Live vs template (read-only SSH) | `bash scripts/verify/audit-proxmox-operational-template.sh` |
| Config validation | `bash scripts/validation/validate-config-files.sh` |
| Config validation | `bash scripts/validation/validate-config-files.sh` (optional: `python3 -m pip install check-jsonschema` for `validate-dbis-institutional-schemas.sh`, `validate-jvmtm-regulatory-closure-schemas.sh`, `validate-reserve-provenance-package.sh`; includes explorer Chain 138 inventory vs `config/smart-contracts-master.json`) |
| Chain 138 contract addresses (JSON + bytecode) | `config/smart-contracts-master.json``bash scripts/verify/check-contracts-on-chain-138.sh` (expect **64/64** when Core RPC reachable; jq uses JSON when file present) |
| OMNL + Core + Chain 138 + RTGS + Smart Vaults | `docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md`; identifiers (UETR vs DLT-primary): `docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md`; JVMTM Tables B/C/D closure matrix: `config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md`; **dual-anchor attestation:** `scripts/omnl/omnl-chain138-attestation-tx.sh` (138 + optional mainnet via `ETHEREUM_MAINNET_RPC`); E2E zip: `AUDIT_PROOF.json` `chainAttestationMainnet`; machine-readable: `config/dbis-institutional/` |
| Blockscout address labels from registry | `bash scripts/verify/sync-blockscout-address-labels-from-registry.sh` (plan); `--apply` with `BLOCKSCOUT_*` env when explorer API confirmed |
| ISO-20022 on-chain methodology + intake gateway | `docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md`, `ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md`; Rail: `docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md` |
| FQDN / NPM E2E verifier | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` — inventory: `docs/04-configuration/E2E_ENDPOINTS_LIST.md`. Gitea Actions URLs (no API): `bash scripts/verify/print-gitea-actions-urls.sh` |
| RPC FQDN batch (`eth_chainId` + WSS) | `bash scripts/verify/check-rpc-fqdns-e2e.sh` — after DNS + `update-npmplus-proxy-hosts-api.sh`; includes `rpc-core.d-bis.org` |
| Submodule trees clean (CI / post-merge) | `bash scripts/verify/submodules-clean.sh` |
| Submodule + explorer remotes | `docs/00-meta/SUBMODULE_HYGIENE.md` |
| smom-dbis-138 `.env` in bash scripts | Prefer `source smom-dbis-138/scripts/lib/deployment/dotenv.sh` + `load_deployment_env --repo-root "$PROJECT_ROOT"` (trims RPC URL line endings). From an interactive shell: `source smom-dbis-138/scripts/load-env.sh`. Proxmox root scripts: `source scripts/lib/load-project-env.sh` (also trims common RPC vars). |
| Sankofa portal → CT 7801 (build + restart) | `./scripts/deployment/sync-sankofa-portal-7801.sh` (`--dry-run` first); default `NEXTAUTH_URL=https://portal.sankofa.nexus` via `sankofa-portal-ensure-nextauth-on-ct.sh` |
| Portal Keycloak OIDC secret on CT 7801 | After client exists: `./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh` (needs `KEYCLOAK_CLIENT_SECRET` in repo `.env`; base64-safe over SSH) |
| Sankofa corporate web → CT 7806 | Provision: `./scripts/deployment/provision-sankofa-public-web-lxc-7806.sh`. Sync: `./scripts/deployment/sync-sankofa-public-web-to-ct.sh`. systemd: `config/systemd/sankofa-public-web.service`. Set `IP_SANKOFA_PUBLIC_WEB` in `.env`, then `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` |
| CCIP relay (r630-01 host) | Unit: `config/systemd/ccip-relay.service``/etc/systemd/system/ccip-relay.service`; `systemctl enable --now ccip-relay` |
| Wormhole protocol (LLM / MCP) vs Chain 138 facts | Wormhole NTT/Connect/VAAs/etc.: `docs/04-configuration/WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md`, mirror `scripts/doc/sync-wormhole-ai-resources.sh`, MCP `mcp-wormhole-docs/` + `docs/04-configuration/MCP_SETUP.md`. **Chain 138 addresses, PMM, CCIP:** repo `docs/11-references/` + `docs/07-ccip/` — not Wormhole bundles. Cursor overlay: `.cursor/rules/wormhole-ai-resources.mdc`. |
| TsunamiSwap VM 5010 check | `./scripts/deployment/tsunamiswap-vm-5010-provision.sh` (inventory only until VM exists) |
| The Order portal (`https://the-order.sankofa.nexus`) | OSJ management UI (secure auth); source repo **the_order** at `~/projects/the_order`. NPM upstream defaults to **order-haproxy** CT **10210** (`IP_ORDER_HAPROXY:80`); use `THE_ORDER_UPSTREAM_*` to point at the Sankofa portal if 10210 is down. Provision HAProxy: `scripts/deployment/provision-order-haproxy-10210.sh`. **`www.the-order.sankofa.nexus`** → **301** apex (same as www.sankofa / www.phoenix). |
| Portal login + Keycloak systemd + `.env` (prints password once) | `./scripts/deployment/enable-sankofa-portal-login-7801.sh` (`--dry-run` first) |
| Keycloak redirect URIs (portal + admin) | `./scripts/deployment/keycloak-sankofa-ensure-client-redirects.sh` — needs `KEYCLOAK_ADMIN_PASSWORD` in `.env` |
| Portal login + Keycloak systemd + `.env` (prints password once) | `./scripts/deployment/enable-sankofa-portal-login-7801.sh` (`--dry-run` first); preserves `KEYCLOAK_*` from repo `.env` and runs merge script when `KEYCLOAK_CLIENT_SECRET` is set |
| Keycloak redirect URIs (portal + admin) | `./scripts/deployment/keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh` (or `keycloak-sankofa-ensure-client-redirects.sh` for LAN URL) — needs `KEYCLOAK_ADMIN_PASSWORD` in `.env` |
| NPM TLS for hosts missing certs | `./scripts/request-npmplus-certificates.sh` — optional `CERT_DOMAINS_FILTER='portal\\.sankofa|admin\\.sankofa'` |
| Token-aggregation API (Chain 138) | `pnpm run verify:token-aggregation-api` — tokens, pools, quote, `bridge/routes`, networks. Deploy: `scripts/deploy-token-aggregation-for-publication.sh`. After edge deploy: `SKIP_BRIDGE_ROUTES=0 bash scripts/verify/check-public-report-api.sh https://explorer.d-bis.org`. |
| Completable (no LAN) | `./scripts/run-completable-tasks-from-anywhere.sh` |
| Operator (LAN + secrets) | `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` unset) |
| Cloudflare bulk DNS → `PUBLIC_IP` | `./scripts/update-all-dns-to-public-ip.sh` — use **`--dry-run`** and **`--zone-only=sankofa.nexus`** (or `d-bis.org` / `mim4u.org` / `defi-oracle.io`) to limit scope; see script header. Prefer scoped **`CLOUDFLARE_API_TOKEN`** (see `.env.master.example`). |
| IRU marketplace surfaces + Turnstile (Captcha) | [docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md) — **native** (VMs, IPs, app hosting, etc.) vs **partner** (e.g. SolaceNet IRU) methodology; Turnstile **secret** on API (`CLOUDFLARE_TURNSTILE_SECRET_KEY` or aliases), **site key** on frontend build (`VITE_*`); not the same as Cloudflare DNS keys. [docs/04-configuration/MASTER_SECRETS.md](docs/04-configuration/MASTER_SECRETS.md) (Cloudflare table). |
## Git submodules

7
README.md
View File

@@ -92,7 +92,11 @@ From the root directory, you can run:
### Testing
- `pnpm test` - Run tests (if available)
- `pnpm test` - Run the local green-path Chain 138 / GRU / bridge / token test aggregate
- `pnpm test:chain138` - Run the Chain 138 package CI targets directly
- `pnpm test:chain138:contracts` - Run the focused Solidity contract CI targets
- `pnpm test:chain138:services` - Run the focused JS/TS service CI targets
- `pnpm test:mcp` - Run the legacy MCP server package test entrypoint
- `pnpm test:basic` - Run basic MCP server tests (read-only operations)
- `pnpm test:workflows` - Run comprehensive workflow tests (requires elevated permissions)
@@ -319,4 +323,3 @@ Individual checks:
## License
This workspace contains multiple projects with different licenses. Please refer to individual project directories for license information.

8
config/README-BRIDGE-ROUTES-DEFAULT.md Normal file
View File

@@ -0,0 +1,8 @@
# bridge-routes-chain138-default.json
Static snapshot of the default **`GET /api/v1/bridge/routes`** response shape (without per-env address overrides).
- **Server source of truth:** `smom-dbis-138/services/token-aggregation/src/api/utils/default-bridge-routes.ts` (applies `CCIPWETH9_BRIDGE_CHAIN138`, `LOCKBOX_138`, `INBOX_ETH`, etc.).
- **UI fallback:** `info-defi-oracle-138` imports this file when the live API returns 404 or errors.
Update this JSON when canonical bridge addresses or relay destinations change; keep the TS module in sync.

7
config/README-CONTRACTS-MASTER.md
View File

@@ -1,9 +1,10 @@
# Master Smart Contracts (JSON)
**Single source of truth for contract addresses:** `config/smart-contracts-master.json`
**Machine-readable contract map:** `config/smart-contracts-master.json` (when the file exists in your clone).
- **Safe to publish** — no secrets (no keys, no RPC URLs with credentials).
- **Used by:** Bash scripts (via `scripts/lib/load-contract-addresses.sh`), Node/JS (via `config/contracts-loader.cjs`), and docs.
- **If the file is absent:** loaders continue with `.env` only; Chain 138 **bytecode checks** use the embedded address list in `scripts/verify/check-contracts-on-chain-138.sh` (see also `docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md`). When you introduce `smart-contracts-master.json`, populate `chains["138"].contracts` with the **complete** set for that chain — the check script uses JSON addresses instead of its fallback when the file is present.
## Layout
@@ -40,7 +41,7 @@ const {
} = require('./config/contracts-loader.cjs');
// By contract key
getContractAddress(138, 'CCIP_Router'); // => '0x8078...'
getContractAddress(138, 'CCIP_Router'); // => '0x42DA...' (canonical; legacy direct: CCIP_Router_Direct_Legacy)
getContractAddress(138, 'CCIPWETH9_Bridge');
getContractAddress(1, 'CCIP_Relay_Router');
@@ -57,7 +58,7 @@ loadContractsIntoProcessEnv();
## Overrides
- **.env** (e.g. `smom-dbis-138/.env`, `services/relay/.env`): Values set there take precedence over the master JSON. Use .env for local or per-service overrides.
- **.env** (e.g. `smom-dbis-138/.env`, `services/relay/.env`): Values set there take precedence over the master JSON. Use .env for local or per-service overrides. For **`ADDRESS_MAPPER`** on Chain 138, keep **`ADDRESS_MAPPER`** equal to **`chains["138"].contracts.AddressMapper`** unless you have a deliberate fork: a legacy duplicate on Core shares bytecode with the canonical mapper (see `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md`, section 1.5).
- **Publishing:** Commit `smart-contracts-master.json`; do not commit `.env` or any file containing `PRIVATE_KEY` or API secrets.
## Updating addresses

25
config/bridge-routes-chain138-default.json Normal file
View File

@@ -0,0 +1,25 @@
{
"routes": {
"weth9": {
"Ethereum Mainnet (1)": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939",
"BNB Chain (56)": "0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C",
"Avalanche C-Chain (43114)": "0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F"
},
"weth10": {
"Ethereum Mainnet (1)": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939",
"BNB Chain (56)": "0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C",
"Avalanche C-Chain (43114)": "0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F"
}
},
"chain138Bridges": {
"weth9": "0xcacfd227A040002e49e2e01626363071324f820a",
"weth10": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0",
"trustless": "0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c"
},
"tokenMappingApi": {
"basePath": "/api/v1/token-mapping",
"pairs": "/api/v1/token-mapping/pairs",
"resolve": "/api/v1/token-mapping/resolve",
"note": "Resolve bridged token addresses between chains; requires monorepo config/token-mapping-multichain.json on server."
}
}

2
config/contracts-loader.cjs
View File

@@ -4,7 +4,7 @@
*
* Usage:
* const { getContractAddress, getChainContracts, loadContractsIntoProcessEnv } = require('../config/contracts-loader.cjs');
* getContractAddress(138, 'CCIP_Router') // => '0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e'
* getContractAddress(138, 'CCIP_Router') // => '0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817'
* getContractAddress(138, 'CCIPWETH9_Bridge') // by contract key
* loadContractsIntoProcessEnv() // set process.env.CCIP_ROUTER etc. from envVarMap when unset
*

38
config/dbis-data-api/README.md Normal file
View File

@@ -0,0 +1,38 @@
# DBIS Data API — implementation notes
OpenAPI contract: [openapi.yaml](./openapi.yaml).
## Lineage
| Value | Meaning |
|-------|---------|
| `on_chain` | Derived from Chain 138 indexer, RPC, or token-aggregation inputs |
| `policy` | Published by policy officers; not implied as ledger truth |
| `modelled` | Simulation or internal model |
## Suggested PostgreSQL / Timescale layout
**Relational (PostgreSQL)**
- `api_clients` — id, name, key_hash, rate_limit_tier, created_at
- `datasets` — id, slug, title, description, lineage_default
- `dataset_versions` — dataset_id, version, published_at, document_url
**Hypertables (TimescaleDB)**
- `metric_gru_supply` — time TIMESTAMPTZ, value NUMERIC, metadata JSONB
- `metric_settlement_volume` — time, window, chain_id, value, tx_count
- `metric_reserve_snapshot` — time, asset, amount, source
Ingest jobs read from existing token-aggregation and explorer-compatible sources; separate ETL for policy-published series.
## Frontend (DBIS portal)
Set `NEXT_PUBLIC_DATA_API_BASE` in the Gov Web Portals DBIS app (see `DBIS/.env.example`) so the homepage and `/dashboard` monetary panels call this API. When the service is down, the UI shows placeholders and an “unreachable” status.
## Deployment path
1. Provision CT/VM or service user on LAN.
2. NPMplus proxy host `data.d-bis.org` → upstream.
3. Enable API keys (optional) for high-volume consumers; public tier remains read-only GET.
4. Add host to [E2E_ENDPOINTS_LIST.md](../../docs/04-configuration/E2E_ENDPOINTS_LIST.md) when live.

133
config/dbis-data-api/openapi.yaml Normal file
View File

@@ -0,0 +1,133 @@
openapi: 3.1.0
info:
title: DBIS Data API
version: 0.1.0
description: |
Public read API for data.d-bis.org — monetary aggregates, GRU series, settlement summaries, rates.
Every response MUST declare lineage via `x-dbis-lineage` on operations: `on_chain`, `policy`, `modelled`.
servers:
- url: https://data.d-bis.org
description: Production
- url: http://localhost:8080
description: Local
tags:
- name: gru
- name: reserves
- name: settlement
- name: rates
paths:
/v1/health:
get:
summary: Liveness
operationId: health
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
properties:
status: { type: string, example: ok }
/v1/gru/supply:
get:
tags: [gru]
summary: GRU supply time series (when defined)
operationId: gruSupply
x-dbis-lineage: policy
parameters:
- name: from
in: query
schema: { type: string, format: date }
- name: to
in: query
schema: { type: string, format: date }
responses:
"200":
description: Series points
content:
application/json:
schema:
$ref: "#/components/schemas/TimeSeriesResponse"
"501":
description: Not yet published
/v1/reserves/summary:
get:
tags: [reserves]
summary: Reserve holdings summary
operationId: reservesSummary
x-dbis-lineage: on_chain
responses:
"200":
description: Summary
content:
application/json:
schema:
$ref: "#/components/schemas/ReservesSummary"
/v1/settlement/volumes:
get:
tags: [settlement]
summary: Settlement volume aggregates
operationId: settlementVolumes
x-dbis-lineage: on_chain
parameters:
- name: window
in: query
schema: { type: string, enum: [1h, 24h, 7d, 30d] }
responses:
"200":
content:
application/json:
schema:
$ref: "#/components/schemas/SettlementVolumes"
/v1/rates/reference:
get:
tags: [rates]
summary: Reference rates (policy or observed)
operationId: referenceRates
x-dbis-lineage: policy
responses:
"200":
content:
application/json:
schema:
type: object
additionalProperties: true
components:
schemas:
LineageMeta:
type: object
required: [lineage, asOf]
properties:
lineage:
type: string
enum: [on_chain, policy, modelled]
asOf: { type: string, format: date-time }
source: { type: string }
TimeSeriesResponse:
allOf:
- $ref: "#/components/schemas/LineageMeta"
- type: object
properties:
unit: { type: string }
points:
type: array
items:
type: object
required: [t, v]
properties:
t: { type: string, format: date-time }
v: { type: number }
ReservesSummary:
allOf:
- $ref: "#/components/schemas/LineageMeta"
- type: object
additionalProperties: true
SettlementVolumes:
allOf:
- $ref: "#/components/schemas/LineageMeta"
- type: object
properties:
window: { type: string }
totalValue: { type: string, description: Decimal string }
txCount: { type: integer }

108
config/dbis-institutional/README.md Normal file
View File

@@ -0,0 +1,108 @@
# DBIS institutional config (schemas + examples)
Machine-readable artifacts for **OMNL + DBIS Core + Chain 138 + RTGS** integration and **identifier** alignment (LEI, IBAN, ISIN, ENS, WEB3-ETH-IBAN, explorer labels).
## Canonical narrative doc
[OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../../docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md)
## Event producers (`event-producers.manifest.json`)
Registered logical emitters for `settlement-event.event_producer` (kept in sync with the `enum` in `schemas/settlement-event.schema.json`). Add a producer: extend both the manifest and the schema enum in one change.
## Schemas (`schemas/`)
| File | Purpose |
|------|---------|
| `settlement-event.schema.json` | Cross-system settlement / evidence event (section 6 of runbook). |
| `address-registry-entry.schema.json` | Vault or wallet row: `0x` address, fiat rails, Web3 aliases, optional ISIN/CUSIP, Blockscout label hints (sections 3, 7, 13). |
## Examples (`examples/`)
| File | Pairs with |
|------|------------|
| `settlement-event.example.json` | `settlement-event.schema.json` (hybrid: includes `uetr` + internal refs) |
| `settlement-event.chain138-primary.example.json` | Same schema; **Chain 138 as authoritative rail** — no `uetr`; `rtgs_message_ids.rail` + internal refs; see [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) |
| `settlement-event.min.json` | **Minimal** valid `CHAIN_SETTLEMENT` fixture (required fields + `chain_tx_hash` / `chain_id`); CI baseline in `validate-dbis-institutional-schemas.sh`. |
| `settlement-events-batch.example.json` | Each array element validated against `settlement-event.schema.json` (see `validate-dbis-institutional-schemas.sh`) |
| `address-registry-entry.example.json` | `address-registry-entry.schema.json` |
| `address-registry-entries-batch.example.json` | Each array element validated against `address-registry-entry.schema.json` |
Examples use placeholder addresses and ids; replace with live data in a secure store (not committed).
### Settlement `amount` convention (operators + integrators)
Use **major currency units** as a decimal string, with explicit scale for fiat:
- **`amount`:** string matching `^-?[0-9]+(\.[0-9]+)?$` (e.g. USD 25,000,000.00 → `"25000000.00"`).
- **`amount_scale`:** use **`2`** for USD and other ISO 4217 currencies with two decimal places.
Fineract journal APIs may still use **minor units (cents)**; convert at the boundary and record settlement events in **major units** so logs and regulatory exports stay human-aligned. Do not mix major and minor in the same field without documenting which convention applies.
### Chain 138 as SWIFT replacement vs UETR
When settlement is **authoritative on Chain 138** (chain id **138**), treat **`correlation_id` + `chain_tx_hash` + `occurred_at`** as the primary rail-native E2E evidence for that leg. **`rtgs_message_ids.uetr`** is **optional** unless you also run a **parallel SWIFT gpi** leg (hybrid); then record both UETR and chain fields on the same **`correlation_id`**.
### SWIFT UETR vs internal “message sent” reference
**UETR** belongs in `rtgs_message_ids.uetr` when the payment is on **SWIFT gpi** (or your counterparty/scheme requires it). You **cannot** treat an arbitrary internal message id as a regulatory substitute for UETR on **those** legs.
When no UETR exists yet (internal-only, pre-SWIFT, DLT-only, domestic rail), add extra keys under **`rtgs_message_ids`** (the schema allows any string keys), e.g. `internal_instruction_ref`, `operator_message_ref`, or a digest of the submitted instruction — and keep **`correlation_id`** as the cross-system spine. When UETR is later assigned, **record it** and retain internal refs for audit lineage.
Policy and audit-scope notes: [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md).
## Related repo config
- OMNL entity master: `docs/04-configuration/mifos-omnl-central-bank/OMNL_ENTITY_MASTER_DATA.json`
- Institutional subdomains: `docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md`
- Blockscout address labeling (K8s): `smom-dbis-138/k8s/blockscout/address-labeling-config.yaml`
## Validation
```bash
# JSON parse (all examples/*.json)
bash scripts/validation/validate-dbis-institutional-json.sh
# JSON Schema — requires check-jsonschema on PATH (PEP 668 / “externally managed” Python):
# python3 -m venv .venv-checkjson && .venv-checkjson/bin/pip install check-jsonschema
# PATH="$PWD/.venv-checkjson/bin:$PATH" bash scripts/validation/validate-dbis-institutional-schemas.sh
# Or: pipx install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh
```
`scripts/validation/validate-dbis-institutional-schemas.sh` validates **checked-in examples** only. For a **live or one-off** settlement event file, validate it directly:
### Validation — ad-hoc settlement event
```bash
# From repository root; use the same venv as above or any check-jsonschema on PATH.
PATH="$PWD/.venv-checkjson/bin:$PATH" check-jsonschema \
--schemafile config/dbis-institutional/schemas/settlement-event.schema.json \
your-event.json
```
- **Success:** exit code **0**; typical stdout is `ok -- validation done` (wording may vary by version).
- **Failure:** non-zero exit; `ValidationError` / `SchemaError` in stderr — treat as **not schema-closed**.
Do not use `validate-dbis-institutional-schemas.sh` as a substitute for validating arbitrary payload files.
`validate-config-files.sh` runs schema validation automatically when `check-jsonschema` is on `PATH`. The gitignored venv `.venv-checkjson/` is listed in `.gitignore` for this purpose.
Validated pairs (examples versus schemas): `settlement-event`, `address-registry-entry`, `trust`, `governance`, `policy` (against `policy-manifest.schema.json`).
`settlement-event` optionally carries **ISO-20022** (`iso_msg_type`, `iso_instruction_id`, `iso_payload_hash`, `rail_iso_hash`) and **identity** (`holder_did`, `identity_verification_ref`) for full fiat / FX / chain correlation — see runbook section 14.
`address-registry-entry` supports **`iso_intake`** and **`dbis_settlement_router`** roles plus optional **`primary_holder_did`** and **`identity_anchor_ref`** (section 14.6 checklist).
## Blockscout address labels
Plan or sync labels from registry JSON (`blockscout.label` + `status: active`):
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh config/dbis-institutional/examples/address-registry-entry.example.json
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --from-dir config/dbis-institutional/registry
# Preferred for the self-hosted Chain 138 explorer (writes Blockscout Postgres address_names):
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry
```
On `explorer.d-bis.org`, public `/api/v1/*` is served by token-aggregation, not by a Blockscout label-write API, so `--mode=db` is the correct operator path for live labels unless you have separately enabled a dedicated label endpoint. See `registry/README.md` for drop-in files (gitignored by default).

38
config/dbis-institutional/event-producers.manifest.json Normal file
View File

@@ -0,0 +1,38 @@
{
"schema_version": 1,
"description": "Registered settlement event emitters. Keep in sync with settlement-event.schema.json event_producer enum.",
"producers": [
{
"id": "hybx-omnl-sidecar",
"summary": "HYBX Fineract/OMNL integration sidecar emitting settlement-correlated events."
},
{
"id": "dbis-core",
"summary": "DBIS Core banking / nostro-vostro / ISO adapter path."
},
{
"id": "iso-gateway",
"summary": "Off-chain ISO gateway building canonical bundles before chain or relayer submission."
},
{
"id": "mintauth-relayer",
"summary": "MintAuth EIP-712 quorum and relayer calling SettlementRouter or related contracts."
},
{
"id": "chain-settlement-worker",
"summary": "Worker observing chain receipts and emitting settlement events for reconciliation."
},
{
"id": "omnl-fineract-webhook",
"summary": "Fineract/OMNL webhook or callback integration."
},
{
"id": "integration-hub-example",
"summary": "Documentation / lab example only; not a production system id."
},
{
"id": "manual-operator",
"summary": "Human-initiated or ops tooling emission with explicit audit trail."
}
]
}

29
config/dbis-institutional/examples/address-registry-entries-batch.example.json Normal file
View File

@@ -0,0 +1,29 @@
[
{
"registryEntryId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"chain_id": 138,
"address": "0x0000000000000000000000000000000000000001",
"addressRole": "treasury_vault",
"status": "active",
"blockscout": {
"label": "OMNL — Treasury vault (Office 22)",
"labelType": "contract"
}
},
{
"registryEntryId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"chain_id": 138,
"address": "0x0000000000000000000000000000000000000002",
"addressRole": "iso_intake",
"status": "active",
"primary_holder_did": "did:sov:WRfXg6LQCZgRsXoHF",
"blockscout": {
"label": "ISO intake / gateway (verify live address)",
"labelType": "contract"
}
}
]

53
config/dbis-institutional/examples/address-registry-entry.example.json Normal file
View File

@@ -0,0 +1,53 @@
{
"registryEntryId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"omnl_office_id": 22,
"dbis_participant_id": "PART-ID-OMNL-HO-001",
"chain_id": 138,
"address": "0x0000000000000000000000000000000000000001",
"addressRole": "treasury_vault",
"fiat_rails": [
{
"railType": "iban",
"railValue": "ID00XXXX0000000000000000",
"bic": "EXAMPLEIDJ",
"validFrom": "2026-01-01"
}
],
"aliases": [
{
"aliasType": "ens",
"aliasValue": "treasury-example.eth",
"resolver_chain_id": 1,
"validFrom": "2026-03-01T00:00:00Z"
},
{
"aliasType": "web3_eth_iban",
"aliasValue": "ETHXXXXXXXXXXXXXXXX",
"validFrom": "2026-03-15T00:00:00Z"
},
{
"aliasType": "custom_ens_tld",
"aliasValue": "vault.anchor01.d-bis",
"validFrom": "2026-03-20T00:00:00Z"
}
],
"instruments": [
{
"isin": "US0000000000",
"cusip": "000000000"
}
],
"primary_holder_did": "did:sov:WRfXg6LQCZgRsXoHF",
"identity_anchor_ref": "indy-nym-or-acapy-conn-example",
"blockscout": {
"label": "OMNL — Treasury vault (Office 22)",
"labelType": "contract"
},
"status": "active",
"lastCorrelationId": "550e8400-e29b-41d4-a716-446655440001"
}

13
config/dbis-institutional/examples/governance.json Normal file
View File

@@ -0,0 +1,13 @@
{
"version": "0.1.0",
"issuedAt": "2026-03-30T00:00:00Z",
"amendmentProcess": "Described in DBIS Charter and Governance Statute (placeholder).",
"bodies": [
{
"id": "council",
"name": "Sovereign Council",
"role": "Strategic oversight",
"documentUrl": "https://d-bis.org/documents/governance-statute"
}
]
}

13
config/dbis-institutional/examples/policy.json Normal file
View File

@@ -0,0 +1,13 @@
{
"version": "0.1.0",
"issuedAt": "2026-03-30T00:00:00Z",
"policies": [
{
"id": "gru-overview-v0",
"title": "Global Reserve Unit — Overview (draft)",
"effectiveDate": "2026-03-30",
"documentUrl": "https://d-bis.org/gru/overview",
"hashSha256": "0000000000000000000000000000000000000000000000000000000000000000"
}
]
}

30
config/dbis-institutional/examples/settlement-event.chain138-primary.example.json Normal file
View File

@@ -0,0 +1,30 @@
{
"schema_version": 1,
"correlation_id": "660e8400-e29b-41d4-a716-446655440002",
"event_producer": "chain-settlement-worker",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"amount": "25000000.00",
"amount_scale": 2,
"currency": "USD",
"event_type": "CHAIN_SETTLEMENT",
"omnl_journal_entry_id": 88421,
"omnl_office_id": 22,
"dbis_reference": "CORE-TX-2026-0331-CHAIN138",
"rtgs_message_ids": {
"rail": "chain138",
"internal_instruction_ref": "OMNL-M1-KANAYA-CKRA-20260331",
"operator_message_ref": "sha256:replace-with-digest-of-instruction-or-archive-manifest"
},
"chain_id": 138,
"chain_tx_hash": "0xb90f2da51d9c506f552d276d9aa57f4ae485528f2ee6025f435f188d09d405f4",
"ipsas_narrative": "Chain 138 authoritative settlement leg; no SWIFT UETR on this flow",
"occurred_at": "2026-03-31T10:00:00Z",
"iso_msg_type": "pacs.008",
"iso_instruction_id": "pain001-hashed-key-placeholder",
"iso_payload_hash": "0xcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
"rail_iso_hash": "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
}

33
config/dbis-institutional/examples/settlement-event.example.json Normal file
View File

@@ -0,0 +1,33 @@
{
"schema_version": 1,
"correlation_id": "550e8400-e29b-41d4-a716-446655440001",
"event_producer": "integration-hub-example",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"amount": "1000000.00",
"amount_scale": 2,
"currency": "USD",
"event_type": "CHAIN_SETTLEMENT",
"omnl_journal_entry_id": 12045,
"omnl_office_id": 22,
"dbis_reference": "CORE-TX-2026-0330-88421",
"rtgs_message_ids": {
"uetr": "97ed4827-7b6f-4491-94b1-d651442ca301",
"msgId": "BNI2026033012000001",
"internal_instruction_ref": "018215821582-INAAUDJVMTM-2025-MSG-001",
"operator_message_ref": "sha256:replace-with-digest-of-submitted-instruction-payload"
},
"chain_id": 138,
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"ipsas_narrative": "IPSAS28/29 settlement leg; PvP net beneficiary credit",
"occurred_at": "2026-03-30T12:00:00Z",
"iso_msg_type": "pacs.008",
"iso_instruction_id": "0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
"iso_payload_hash": "0xcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
"rail_iso_hash": "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
"holder_did": "did:sov:WRfXg6LQCZgRsXoHF",
"identity_verification_ref": "acapy-proof-req-2026-0330-001"
}

12
config/dbis-institutional/examples/settlement-event.min.json Normal file
View File

@@ -0,0 +1,12 @@
{
"schema_version": 1,
"entity_id": "OMNL",
"jurisdiction": "MT",
"correlation_id": "00000000-0000-0000-0000-000000000001",
"event_type": "CHAIN_SETTLEMENT",
"amount": "1.00",
"amount_scale": 2,
"currency": "USD",
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"chain_id": 138
}

33
config/dbis-institutional/examples/settlement-events-batch.example.json Normal file
View File

@@ -0,0 +1,33 @@
[
{
"schema_version": 1,
"correlation_id": "550e8400-e29b-41d4-a716-446655440001",
"event_producer": "chain-settlement-worker",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"amount": "1000000.00",
"amount_scale": 2,
"currency": "USD",
"event_type": "CHAIN_SETTLEMENT",
"chain_id": 138,
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"occurred_at": "2026-03-30T12:00:00Z"
},
{
"schema_version": 1,
"correlation_id": "550e8400-e29b-41d4-a716-446655440002",
"event_producer": "omnl-fineract-webhook",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"amount": "0",
"currency": "USD",
"event_type": "OMNL_JOURNAL_POSTED",
"omnl_journal_entry_id": 12046,
"omnl_office_id": 22,
"occurred_at": "2026-03-30T12:05:00Z",
"no_chain_leg_reason": "IPSAS-only reclassification; no on-ledger leg"
}
]

16
config/dbis-institutional/examples/trust.json Normal file
View File

@@ -0,0 +1,16 @@
{
"version": "0.1.0",
"issuedAt": "2026-03-30T00:00:00Z",
"organization": "Digital Bank of International Settlements",
"endpoints": {
"didRegistry": "https://identity.d-bis.org/registry",
"dataApi": "https://data.d-bis.org",
"explorer": "https://explorer.d-bis.org",
"status": "https://status.d-bis.org",
"developers": "https://developers.d-bis.org",
"gitea": "https://gitea.d-bis.org"
},
"jwksUri": "https://identity.d-bis.org/.well-known/jwks.json",
"caHints": ["production-trust-anchor.example"],
"notes": "Example only — replace URIs and keys before production."
}

4
config/dbis-institutional/registry/.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
# Operator-specific registry rows; do not commit live LEI/IBAN/addresses.
*.json
!.gitignore
!README.md

42
config/dbis-institutional/registry/README.md Normal file
View File

@@ -0,0 +1,42 @@
# Address registry drop-in (operator / CI)
Place **non-example** `address-registry-entry` JSON files here (one object per file, or one array in a single file). These files may contain **LEI, IBAN, and live `0x` addresses** — treat as confidential; prefer `.gitignore` or a secrets store in production.
## Sync labels to Blockscout
From repo root (plan only):
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --from-dir config/dbis-institutional/registry
```
Or a **single JSON array** file (see [`../examples/address-registry-entries-batch.example.json`](../examples/address-registry-entries-batch.example.json)):
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh path/to/registry-array.json
```
Apply (LAN or VPN to explorer; set API key if required):
```bash
export BLOCKSCOUT_API_KEY=... # if your Blockscout instance requires it
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --from-dir config/dbis-institutional/registry
```
For the self-hosted Chain 138 explorer, prefer direct DB sync:
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry
```
That path writes Blockscout primary labels into `public.address_names` through the explorer CT (`5000`) because `explorer.d-bis.org/api/v1/*` is token-aggregation, not a native Blockscout label-write surface. Use HTTP mode only if you have separately enabled and confirmed a compatible label endpoint (default probe target: `/api/v1/labels`).
## Token contract staging
This directory is also the right place for **live token-contract label rows** that should not be committed, for example:
- staged `cUSDT V2` / `cUSDC V2` token contract labels on Chain 138
- bridge-side `cW*` contracts before public cutover
- temporary explorer labels used during GRU V1/V2 coexistence
Keep versioned token contracts clearly labeled in `blockscout.label`, for example `Chain 138 cUSDT V2 (staged)`, so explorer operators can distinguish them from the active V1 liquidity contracts.

140
config/dbis-institutional/schemas/address-registry-entry.schema.json Normal file
View File

@@ -0,0 +1,140 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/address-registry-entry.json",
"title": "Chain address + fiat + Web3 alias registry entry",
"description": "Source-of-truth row for explorer sync and settlement binding. See docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md sections 3, 7, 13, 14.",
"type": "object",
"required": [
"registryEntryId",
"entity_id",
"jurisdiction",
"chain_id",
"address",
"addressRole",
"status"
],
"properties": {
"registryEntryId": {
"type": "string",
"description": "Stable UUID for this registry row."
},
"entity_id": {
"type": "string",
"description": "LEI (preferred) or internal party id."
},
"jurisdiction": { "type": "string" },
"class_id": { "type": "string" },
"anchor_id": { "type": "string" },
"division_id": { "type": "string" },
"omnl_office_id": { "type": "integer" },
"dbis_participant_id": { "type": "string" },
"chain_id": {
"type": "integer",
"description": "138 for production Chain 138."
},
"address": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{40}$",
"description": "Checksummed or lower-case EVM address (vault, EOA, or contract)."
},
"addressRole": {
"type": "string",
"enum": [
"treasury_vault",
"smart_account",
"eoa_operational",
"contract_registry",
"escrow",
"token_contract",
"iso_intake",
"dbis_settlement_router",
"other"
]
},
"fiat_rails": {
"type": "array",
"items": {
"type": "object",
"required": ["railType", "railValue"],
"properties": {
"railType": {
"type": "string",
"enum": ["iban", "bban", "bic_account", "rtgs_account", "other"]
},
"railValue": { "type": "string" },
"bic": { "type": "string" },
"validFrom": { "type": "string", "format": "date" },
"validTo": { "type": "string", "format": "date" }
},
"additionalProperties": true
}
},
"aliases": {
"type": "array",
"items": {
"type": "object",
"required": ["aliasType", "aliasValue"],
"properties": {
"aliasType": {
"type": "string",
"enum": [
"ens",
"custom_ens_tld",
"web3_eth_iban",
"did",
"internal_slug",
"other"
]
},
"aliasValue": { "type": "string" },
"resolver_chain_id": { "type": "integer" },
"validFrom": { "type": "string", "format": "date-time" },
"validTo": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
}
},
"instruments": {
"type": "array",
"description": "ISIN/CUSIP held or represented at this address when applicable.",
"items": {
"type": "object",
"properties": {
"isin": { "type": "string" },
"cusip": { "type": "string" },
"figi": { "type": "string" }
},
"additionalProperties": true
}
},
"blockscout": {
"type": "object",
"description": "Hints for label sync (Blockscout /api/v1/labels or UI).",
"properties": {
"label": { "type": "string" },
"labelType": {
"type": "string",
"enum": ["account", "contract", "token"]
}
},
"additionalProperties": true
},
"status": {
"type": "string",
"enum": ["active", "pending", "revoked"]
},
"lastCorrelationId": {
"type": "string",
"description": "Last mutation tied to a settlement-event correlation_id."
},
"primary_holder_did": {
"type": "string",
"description": "Default operational DID for this address (Indy did:sov, did:web, etc.); link LEI in entity_id."
},
"identity_anchor_ref": {
"type": "string",
"description": "Indy NYM, ACA-Py connection, or OIDC subject binding reference for audits."
}
},
"additionalProperties": true
}

27
config/dbis-institutional/schemas/governance.schema.json Normal file
View File

@@ -0,0 +1,27 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/governance.json",
"title": "DBIS governance.json",
"type": "object",
"required": ["version", "issuedAt", "bodies"],
"properties": {
"version": { "type": "string" },
"issuedAt": { "type": "string", "format": "date-time" },
"amendmentProcess": { "type": "string" },
"bodies": {
"type": "array",
"items": {
"type": "object",
"required": ["id", "name"],
"properties": {
"id": { "type": "string" },
"name": { "type": "string" },
"role": { "type": "string" },
"documentUrl": { "type": "string", "format": "uri" }
},
"additionalProperties": true
}
}
},
"additionalProperties": false
}

64
config/dbis-institutional/schemas/member-directory-entry.schema.json Normal file
View File

@@ -0,0 +1,64 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/member-directory-entry.json",
"title": "DBIS member directory entry",
"type": "object",
"required": [
"memberId",
"name",
"jurisdiction",
"memberStatus",
"participationType",
"slug"
],
"properties": {
"memberId": { "type": "string" },
"lei": { "type": "string" },
"name": { "type": "string" },
"shortName": { "type": "string" },
"jurisdiction": { "type": "string" },
"memberStatus": {
"type": "string",
"enum": ["active", "candidate", "suspended", "observer"]
},
"participationType": { "type": "string" },
"tier": {
"type": "string",
"enum": [
"full_central_bank",
"settlement_member",
"observer_member",
"infrastructure_member"
]
},
"settlementRole": { "type": "string" },
"currencyParticipation": {
"type": "array",
"items": { "type": "string" }
},
"validatorRole": { "type": "string" },
"nodeParticipationStatus": { "type": "string" },
"roles": {
"type": "array",
"items": { "type": "string" }
},
"logoUrl": { "type": "string", "format": "uri" },
"slug": {
"type": "string",
"pattern": "^[a-z0-9]+(?:-[a-z0-9]+)*$"
},
"summary": { "type": "string" },
"hq": {
"type": "object",
"description": "Headquarters WGS84 coordinates for strategic map",
"required": ["lat", "lng"],
"properties": {
"lat": { "type": "number", "minimum": -90, "maximum": 90 },
"lng": { "type": "number", "minimum": -180, "maximum": 180 },
"label": { "type": "string" }
},
"additionalProperties": false
}
},
"additionalProperties": false
}

27
config/dbis-institutional/schemas/policy-manifest.schema.json Normal file
View File

@@ -0,0 +1,27 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/policy-manifest.json",
"title": "DBIS policy.json manifest",
"type": "object",
"required": ["version", "issuedAt", "policies"],
"properties": {
"version": { "type": "string" },
"issuedAt": { "type": "string", "format": "date-time" },
"policies": {
"type": "array",
"items": {
"type": "object",
"required": ["id", "title", "hashSha256"],
"properties": {
"id": { "type": "string" },
"title": { "type": "string" },
"effectiveDate": { "type": "string", "format": "date" },
"documentUrl": { "type": "string", "format": "uri" },
"hashSha256": { "type": "string", "pattern": "^[a-f0-9]{64}$" }
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}

143
config/dbis-institutional/schemas/settlement-event.schema.json Normal file
View File

@@ -0,0 +1,143 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/settlement-event.json",
"title": "Canonical settlement event (OMNL / Core / RTGS / Chain 138)",
"description": "Minimum payload for cross-system reconciliation. See docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md sections 6 and 14 (ISO-20022 + DID).",
"type": "object",
"required": [
"schema_version",
"correlation_id",
"entity_id",
"jurisdiction",
"amount",
"currency",
"event_type"
],
"properties": {
"schema_version": {
"type": "integer",
"minimum": 1,
"description": "Bump when breaking field semantics."
},
"correlation_id": {
"type": "string",
"minLength": 8,
"description": "UUID v4, ULID, or org ULID; immutable for the business event."
},
"entity_id": {
"type": "string",
"description": "LEI (preferred) or internal UUID for legal/cooperative entity."
},
"jurisdiction": {
"type": "string",
"description": "ISO 3166-1 alpha-2 or ISO 3166-2 style (e.g. US-NY)."
},
"event_producer": {
"type": "string",
"description": "Logical emitter for routing and audit. Registered ids and descriptions: `event-producers.manifest.json` in this directory.",
"enum": [
"hybx-omnl-sidecar",
"dbis-core",
"iso-gateway",
"mintauth-relayer",
"chain-settlement-worker",
"omnl-fineract-webhook",
"integration-hub-example",
"manual-operator"
]
},
"class_id": {
"type": "string",
"description": "Elemental Imperium class, e.g. C01C07."
},
"anchor_id": { "type": "string" },
"division_id": { "type": "string" },
"amount": {
"type": "string",
"pattern": "^-?[0-9]+(\\.[0-9]+)?$",
"description": "Decimal amount as string; scale implied by currency or separate field."
},
"amount_scale": {
"type": "integer",
"minimum": 0,
"maximum": 18,
"description": "Optional explicit minor units (e.g. 2 for USD)."
},
"currency": {
"type": "string",
"description": "ISO 4217 for fiat, or token symbol / 0x contract on-chain."
},
"event_type": {
"type": "string",
"enum": [
"RTGS_OUT",
"RTGS_IN",
"OMNL_JOURNAL_POSTED",
"CHAIN_SETTLEMENT",
"PV_NET",
"TREASURY_RELEASE",
"INTERNAL_TRANSFER",
"NO_CHAIN_LEG"
]
},
"no_chain_leg_reason": {
"type": "string",
"description": "When event_type is NO_CHAIN_LEG or internal-only; audit explanation."
},
"omnl_journal_entry_id": { "type": "integer" },
"omnl_office_id": { "type": "integer" },
"dbis_reference": {
"type": "string",
"description": "DBIS Core case or transaction id."
},
"rtgs_message_ids": {
"type": "object",
"additionalProperties": { "type": "string" },
"description": "Rail and messaging references. When Chain 138 is the authoritative settlement rail (SWIFT replacement for that flow), primary E2E evidence is correlation_id + chain_id + chain_tx_hash; uetr is optional unless a parallel SWIFT gpi leg exists. **uetr**: SWIFT gpi Unique End-to-End Transaction Reference (UUID) when the payment is on or reported to SWIFT gpi — required on those legs if the counterparty or scheme requires it. **msgId**, **endToEndId**: ISO-20022 / bank message ids. When no UETR exists yet (pre-SWIFT, internal-only, DLT-only, or domestic rail), record agreed internal keys, e.g. **internal_instruction_ref**, **operator_message_ref**, or **audit_file_ref**. Internal refs are not a substitute for a real UETR on SWIFT-settled payments; in hybrid flows map uetr + chain evidence + internal refs. See docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md."
},
"chain_id": {
"type": "integer",
"description": "EVM chain id; 138 for DeFi Oracle Meta Mainnet."
},
"chain_tx_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$"
},
"ipsas_narrative": {
"type": "string",
"maxLength": 500
},
"occurred_at": {
"type": "string",
"format": "date-time",
"description": "Business timestamp in UTC."
},
"iso_msg_type": {
"type": "string",
"description": "e.g. pacs.008, pain.001, MT103 — aligns with SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY canonical struct."
},
"iso_instruction_id": {
"type": "string",
"description": "InstrId or hashed instruction key (hex or string per gateway contract)."
},
"iso_payload_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$",
"description": "keccak256 of canonical ISO bundle or raw MX/MT fingerprint; ties OMNL/Core to on-chain intake."
},
"rail_iso_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$",
"description": "Optional DBIS Rail isoHash from canonical bundle (ISO_GATEWAY_AND_RELAYER_SPEC)."
},
"holder_did": {
"type": "string",
"description": "W3C DID of payment initiator or account holder when VC/DID path used (Indy did:sov, did:web, etc.)."
},
"identity_verification_ref": {
"type": "string",
"description": "Reference to ACA-Py proof request, OIDC session, or eIDAS connector correlation id."
}
},
"additionalProperties": true
}

31
config/dbis-institutional/schemas/trust.schema.json Normal file
View File

@@ -0,0 +1,31 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/trust.json",
"title": "DBIS trust.json",
"type": "object",
"required": ["version", "issuedAt", "endpoints"],
"properties": {
"version": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" },
"issuedAt": { "type": "string", "format": "date-time" },
"organization": { "type": "string" },
"endpoints": {
"type": "object",
"additionalProperties": { "type": "string", "format": "uri" },
"properties": {
"didRegistry": { "type": "string", "format": "uri" },
"dataApi": { "type": "string", "format": "uri" },
"explorer": { "type": "string", "format": "uri" },
"status": { "type": "string", "format": "uri" },
"developers": { "type": "string", "format": "uri" },
"gitea": { "type": "string", "format": "uri" }
}
},
"jwksUri": { "type": "string", "format": "uri" },
"caHints": {
"type": "array",
"items": { "type": "string" }
},
"notes": { "type": "string" }
},
"additionalProperties": false
}

5
config/gitea/dbis-ci-template/README.md Normal file
View File

@@ -0,0 +1,5 @@
# DBIS Gitea CI template
Copy `example-workflow.yml` into a repository as `.gitea/workflows/ci.yml`.
Gitea Actions availability depends on server configuration; if Actions are disabled, use external CI (e.g. Drone, Jenkins) with the same stages: checkout → install → lint → test → build.

25
config/gitea/dbis-ci-template/example-workflow.yml Normal file
View File

@@ -0,0 +1,25 @@
# Gitea Actions — example CI for DBIS ecosystem repos
# Path in repo: .gitea/workflows/ci.yml (adjust for your Gitea version)
name: ci
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
jobs:
build:
runs-on: docker
steps:
- uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Install
run: npm ci || pnpm install --frozen-lockfile || yarn install --frozen-lockfile
- name: Lint
run: npm run lint --if-present
- name: Test
run: npm test --if-present
- name: Build
run: npm run build --if-present

226
config/gru-iso4217-currency-manifest.json Normal file
View File

@@ -0,0 +1,226 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"name": "GRU ISO-4217 Currency Manifest",
"version": "1.0.0",
"updated": "2026-03-31",
"canonicalChainId": 138,
"standardsProfileRef": "config/gru-standards-profile.json",
"coverage": {
"appliesToCurrentAndFutureCurrencies": true,
"targetUniverse": [
"all ISO-4217 fiat currencies adopted into GRU",
"governance-approved commodities and additional monetary units"
],
"transportMethodology": "Chain 138 canonical c* with mirrored cW* transport on compatible public chains"
},
"notes": "Canonical GRU-supported ISO-4217 and commodity currency set for c* and cW* onboarding, routing, explorer metadata, and FX integration. This is the machine-readable source of truth for supported currencies, token families, lifecycle state, and canonical logo assignment.",
"currencies": [
{
"code": "USD",
"name": "US Dollar",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": true,
"x402Ready": true
},
"canonicalAssets": {
"coin": {
"symbol": "cUSDC",
"v1Address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"v2Address": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99",
"activeVersion": "v1",
"x402PreferredVersion": "v2",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cUSDC.svg"
},
"token": {
"symbol": "cUSDT",
"v1Address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"v2Address": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29",
"activeVersion": "v1",
"x402PreferredVersion": "v2",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cUSDT.svg"
}
},
"wrappedAssets": {
"coin": "cWUSDC",
"token": "cWUSDT"
}
},
{
"code": "EUR",
"name": "Euro",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cEURC",
"address": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cEURC.svg"
},
"token": {
"symbol": "cEURT",
"address": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cEURT.svg"
}
},
"wrappedAssets": {
"coin": "cWEURC",
"token": "cWEURT"
}
},
{
"code": "GBP",
"name": "Pound Sterling",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cGBPC",
"address": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cGBPC.svg"
},
"token": {
"symbol": "cGBPT",
"address": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cGBPT.svg"
}
},
"wrappedAssets": {
"coin": "cWGBPC",
"token": "cWGBPT"
}
},
{
"code": "AUD",
"name": "Australian Dollar",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cAUDC",
"address": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cAUDC.svg"
}
},
"wrappedAssets": {
"coin": "cWAUDC"
}
},
{
"code": "JPY",
"name": "Japanese Yen",
"type": "fiat",
"minorUnits": 0,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cJPYC",
"address": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cJPYC.svg"
}
},
"wrappedAssets": {
"coin": "cWJPYC"
}
},
{
"code": "CHF",
"name": "Swiss Franc",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cCHFC",
"address": "0x873990849DDa5117d7C644f0aF24370797C03885",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cCHFC.svg"
}
},
"wrappedAssets": {
"coin": "cWCHFC"
}
},
{
"code": "CAD",
"name": "Canadian Dollar",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cCADC",
"address": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cCADC.svg"
}
},
"wrappedAssets": {
"coin": "cWCADC"
}
},
{
"code": "XAU",
"name": "Gold",
"type": "commodity",
"minorUnits": null,
"unitOfAccount": "troy_ounce",
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cXAUC",
"address": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cXAUC.svg"
},
"token": {
"symbol": "cXAUT",
"address": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cXAUT.svg"
}
},
"wrappedAssets": {
"coin": "cWXAUC",
"token": "cWXAUT"
}
}
]
}

175
config/gru-standards-profile.json Normal file
View File

@@ -0,0 +1,175 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"name": "GRU Standards Profile",
"profileId": "gru-c-star-v2-transport-and-payment",
"version": "1.0.0",
"updated": "2026-03-31",
"canonicalChainId": 138,
"notes": "Machine-readable standards profile for canonical c* V2 money on Chain 138, mirrored cW* public-chain transport, x402 payment capability, ISO-4217 coverage, and GRU governance/policy enforcement.",
"references": {
"transportOverlay": "config/gru-transport-active.json",
"currencyManifest": "config/gru-iso4217-currency-manifest.json",
"standardsMatrixDoc": "docs/04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md",
"x402SupportDoc": "docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md",
"fxOnboardingDoc": "docs/04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md"
},
"scope": {
"canonicalAssetPrefix": "c",
"wrappedAssetPrefix": "cW",
"canonicalMethodology": "Chain 138 is the canonical monetary layer for c*. Compatible public chains use mirrored cW* transport assets via lock on 138 and mint on destination.",
"targetCurrencyCoverage": [
"all ISO-4217 fiat currencies adopted into the GRU currency manifest",
"governance-approved commodities and additional monetary units beyond ISO-4217"
],
"compatibilityBoundary": [
"token mapping exists in config/token-mapping-multichain.json",
"destination cW deployment is non-zero in cross-chain-pmm-lps/config/deployment-status.json",
"bridgeAvailable is true in cross-chain-pmm-lps/config/deployment-status.json",
"destination chain is explicitly enabled in config/gru-transport-active.json"
]
},
"paymentProfiles": [
{
"id": "x402",
"requiredOn": [
"canonical_c_star_v2"
],
"recommendedOn": [
"mirrored_cw_v2"
],
"requiresAnyOf": [
"ERC-2612",
"ERC-3009"
],
"dependsOn": [
"EIP-712",
"ERC-5267"
]
}
],
"baseTokenStandards": [
{
"id": "ERC-20",
"required": true
},
{
"id": "AccessControl",
"required": true
},
{
"id": "Pausable",
"required": true
},
{
"id": "EIP-712",
"required": true
},
{
"id": "ERC-2612",
"required": true
},
{
"id": "ERC-3009",
"required": true
},
{
"id": "ERC-5267",
"required": true
},
{
"id": "IeMoneyToken",
"required": true,
"repoInterface": "contracts/emoney/interfaces/IeMoneyToken.sol"
}
],
"transportAndWrapperStandards": [
{
"id": "CompliantWrappedToken",
"layer": "public_transport",
"required": true
},
{
"id": "CWMultiTokenBridgeL1",
"layer": "bridge",
"required": true
},
{
"id": "CWReserveVerifier",
"layer": "bridge",
"required": true
},
{
"id": "CWMultiTokenBridgeL2",
"layer": "bridge",
"required": true
}
],
"adjacentAllowedButNotBaseToken": [
{
"id": "ERC-3156",
"location": "wrapper_only"
},
{
"id": "ERC-4626",
"location": "vault_only"
},
{
"id": "EIP-1271",
"location": "smart_account_or_wallet_registry"
},
{
"id": "ERC-1363",
"location": "specialized_adapter_only"
}
],
"governanceAndPolicyStandards": [
{
"id": "ERC-2535",
"component": "gru_m00_diamond",
"required": true
},
{
"id": "StandardsRegistryFacet",
"required": true
},
{
"id": "GovernanceLevelFacet",
"required": true
},
{
"id": "PolicyRouterFacet",
"required": true
},
{
"id": "ComplianceGateFacet",
"required": true
},
{
"id": "AccountingGateFacet",
"required": true
},
{
"id": "MessagingGateFacet",
"required": true
},
{
"id": "ReserveGateFacet",
"required": true
},
{
"id": "ISO-20022 Canonical Message Model",
"required": true
}
],
"lifecycleDefaults": {
"transportActiveDefault": false,
"x402ReadyDefault": false,
"forwardCanonicalVersionPolicy": "one_forward_canonical_version_per_asset_family"
},
"currentActivationExample": {
"activeCanonicalCurrencyCodes": [
"USD"
],
"transportOverlayRef": "config/gru-transport-active.json"
}
}

863
config/gru-transport-active.json Normal file
View File

@@ -0,0 +1,863 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "GRU Monetary Transport Layer active-policy overlay. This file gates which canonical c* assets, cW* destinations, bridge peers, and public pools are active for routing, exposure, and MCP visibility.",
"version": "1.2.0",
"updated": "2026-03-31",
"standardsProfileRef": "config/gru-standards-profile.json",
"system": {
"name": "GRU Monetary Transport Layer",
"shortName": "GRU Transport",
"canonicalChainId": 138,
"canonicalChainName": "Chain 138",
"transportClass": "Compliant Wrapped ISO-4217 M1",
"publicPoolModel": "local_edge_pools",
"hardPegTruth": "redeemable_at_par_into_canonical_c_star",
"wethTransportSeparated": true,
"notes": "Canonical c* remains on Chain 138. Public chains carry cW* as the mirrored transport form. Existing WETH routes remain separate from GRU Transport."
},
"terminology": {
"canonicalAsset": "Canonical c* asset on Chain 138.",
"mirroredCwAsset": "Public-network cW* representation of a canonical c* asset.",
"activeTransportPair": "A canonical-to-mirrored pair explicitly enabled by this overlay and allowed to route.",
"activePublicPool": "A public-chain local edge pool that is explicitly enabled for token-aggregation exposure.",
"hardPegEligiblePair": "A pair whose outbound wrapping is governed by reserve-verifier checks and per-destination outstanding limits."
},
"enabledCanonicalTokens": [
{
"symbol": "cUSDT",
"currencyCode": "USD",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"phase": "v1",
"reserveVerifierKey": "chain138-hard-peg",
"activeVersion": "v1",
"activeAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"x402PreferredVersion": "v2",
"x402PreferredAddress": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29",
"cutover": {
"liquidityActiveVersion": "v1",
"transportActiveVersion": "v1",
"explorerPrimaryVersion": "v1",
"x402ReadyVersion": "v2",
"nextAction": "Complete cW/pool migration before flipping canonical routing to V2."
},
"deployments": [
{
"version": "v1",
"address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"status": "active",
"purpose": "Live Chain 138 liquidity, PMM pools, and current transport routes.",
"forwardCanonical": false
},
{
"version": "v2",
"address": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29",
"status": "staged",
"purpose": "Permit/auth-capable x402 payments and next GRU transport cutover.",
"forwardCanonical": false
}
]
},
{
"symbol": "cUSDC",
"currencyCode": "USD",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"phase": "v1",
"reserveVerifierKey": "chain138-hard-peg",
"activeVersion": "v1",
"activeAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"x402PreferredVersion": "v2",
"x402PreferredAddress": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99",
"cutover": {
"liquidityActiveVersion": "v1",
"transportActiveVersion": "v1",
"explorerPrimaryVersion": "v1",
"x402ReadyVersion": "v2",
"nextAction": "Complete cW/pool migration before flipping canonical routing to V2."
},
"deployments": [
{
"version": "v1",
"address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"status": "active",
"purpose": "Live Chain 138 liquidity, PMM pools, and current transport routes.",
"forwardCanonical": false
},
{
"version": "v2",
"address": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99",
"status": "staged",
"purpose": "Permit/auth-capable x402 payments and next GRU transport cutover.",
"forwardCanonical": false
}
]
}
],
"enabledDestinationChains": [
{
"chainId": 25,
"name": "Cronos",
"phase": "v1",
"peerKey": "cronos"
},
{
"chainId": 56,
"name": "BSC",
"phase": "v1",
"peerKey": "bsc"
},
{
"chainId": 137,
"name": "Polygon",
"phase": "v1",
"peerKey": "polygon"
},
{
"chainId": 43114,
"name": "Avalanche C-Chain",
"phase": "v1",
"peerKey": "avalanche"
},
{
"chainId": 42161,
"name": "Arbitrum One",
"phase": "v1",
"peerKey": "arbitrum"
},
{
"chainId": 8453,
"name": "Base",
"phase": "v1",
"peerKey": "base"
},
{
"chainId": 10,
"name": "Optimism",
"phase": "v1",
"peerKey": "optimism"
},
{
"chainId": 100,
"name": "Gnosis Chain",
"phase": "v1",
"peerKey": "gnosis"
},
{
"chainId": 1,
"name": "Ethereum Mainnet",
"phase": "v1",
"peerKey": "mainnet"
}
],
"approvedBridgePeers": [
{
"key": "cronos",
"chainId": 25,
"chainName": "Cronos",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_CRONOS"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "mainnet",
"chainId": 1,
"chainName": "Ethereum Mainnet",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_MAINNET"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "bsc",
"chainId": 56,
"chainName": "BSC",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_BSC"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "polygon",
"chainId": 137,
"chainName": "Polygon",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_POLYGON"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "avalanche",
"chainId": 43114,
"chainName": "Avalanche C-Chain",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_AVALANCHE"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "arbitrum",
"chainId": 42161,
"chainName": "Arbitrum One",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_ARBITRUM"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "base",
"chainId": 8453,
"chainName": "Base",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_BASE"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "optimism",
"chainId": 10,
"chainName": "Optimism",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_OPTIMISM"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "gnosis",
"chainId": 100,
"chainName": "Gnosis Chain",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_GNOSIS"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
}
],
"reserveVerifiers": {
"chain138-hard-peg": {
"chainId": 138,
"bridgeRef": {
"env": "CHAIN138_L1_BRIDGE"
},
"verifierRef": {
"env": "CW_RESERVE_VERIFIER_CHAIN138"
},
"vaultRef": {
"env": "CW_STABLECOIN_RESERVE_VAULT"
},
"reserveSystemRef": {
"env": "CW_RESERVE_SYSTEM"
},
"requireVaultBacking": true,
"requireReserveSystemBalance": true,
"requireTokenOwnerMatchVault": true
}
},
"transportPairs": [
{
"key": "138-25-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 25,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "cronos",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_CRONOS"
},
"publicPoolKeys": [
"25-cWUSDT-USDT"
]
},
{
"key": "138-25-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 25,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "cronos",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_CRONOS"
},
"publicPoolKeys": [
"25-cWUSDC-USDT"
]
},
{
"key": "138-56-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 56,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "bsc",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_BSC"
},
"publicPoolKeys": [
"56-cWUSDT-USDT"
]
},
{
"key": "138-56-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 56,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "bsc",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_BSC"
},
"publicPoolKeys": [
"56-cWUSDC-USDT"
]
},
{
"key": "138-137-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 137,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "polygon",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_POLYGON"
},
"publicPoolKeys": [
"137-cWUSDT-USDC"
]
},
{
"key": "138-137-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 137,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "polygon",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_POLYGON"
},
"publicPoolKeys": [
"137-cWUSDC-USDC"
]
},
{
"key": "138-43114-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 43114,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "avalanche",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_AVALANCHE"
},
"publicPoolKeys": [
"43114-cWUSDT-USDC"
]
},
{
"key": "138-43114-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 43114,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "avalanche",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_AVALANCHE"
},
"publicPoolKeys": [
"43114-cWUSDC-USDC"
]
},
{
"key": "138-42161-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 42161,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "arbitrum",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_ARBITRUM"
},
"publicPoolKeys": [
"42161-cWUSDT-USDC"
]
},
{
"key": "138-42161-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 42161,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "arbitrum",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_ARBITRUM"
},
"publicPoolKeys": [
"42161-cWUSDC-USDC"
]
},
{
"key": "138-8453-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 8453,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "base",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_BASE"
},
"publicPoolKeys": [
"8453-cWUSDT-USDC"
]
},
{
"key": "138-8453-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 8453,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "base",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_BASE"
},
"publicPoolKeys": [
"8453-cWUSDC-USDC"
]
},
{
"key": "138-10-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 10,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "optimism",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_OPTIMISM"
},
"publicPoolKeys": [
"10-cWUSDT-USDC"
]
},
{
"key": "138-10-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 10,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "optimism",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_OPTIMISM"
},
"publicPoolKeys": [
"10-cWUSDC-USDC"
]
},
{
"key": "138-100-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 100,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "gnosis",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_GNOSIS"
},
"publicPoolKeys": [
"100-cWUSDT-USDC"
]
},
{
"key": "138-100-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 100,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "gnosis",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_GNOSIS"
},
"publicPoolKeys": [
"100-cWUSDC-USDC"
]
},
{
"key": "138-1-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 1,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "mainnet",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_MAINNET"
},
"publicPoolKeys": [
"1-cWUSDT-USDC"
]
},
{
"key": "138-1-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 1,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "mainnet",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_MAINNET"
},
"publicPoolKeys": [
"1-cWUSDC-USDC"
]
}
],
"publicPools": [
{
"key": "25-cWUSDT-USDT",
"chainId": 25,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "25-cWUSDC-USDT",
"chainId": 25,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "56-cWUSDT-USDT",
"chainId": 56,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "56-cWUSDC-USDT",
"chainId": 56,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "137-cWUSDT-USDC",
"chainId": 137,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "137-cWUSDC-USDC",
"chainId": 137,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "43114-cWUSDT-USDC",
"chainId": 43114,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "43114-cWUSDC-USDC",
"chainId": 43114,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "42161-cWUSDT-USDC",
"chainId": 42161,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "42161-cWUSDC-USDC",
"chainId": 42161,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "8453-cWUSDT-USDC",
"chainId": 8453,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "8453-cWUSDC-USDC",
"chainId": 8453,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "10-cWUSDT-USDC",
"chainId": 10,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "10-cWUSDC-USDC",
"chainId": 10,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "100-cWUSDT-USDC",
"chainId": 100,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "100-cWUSDC-USDC",
"chainId": 100,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "1-cWUSDT-USDC",
"chainId": 1,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "1-cWUSDC-USDC",
"chainId": 1,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
}
]
}

10
config/ip-addresses.conf
View File

@@ -87,6 +87,7 @@ ORDER_POSTGRES_PRIMARY="192.168.11.44"
ORDER_POSTGRES_REPLICA="192.168.11.45"
# Dedicated order-redis LXC (e.g. VMID 10020) not present on cluster as of 2026-03; reserve for scripts / future CT
ORDER_REDIS_IP="192.168.11.38"
IP_ORDER_MCP_LEGAL="192.168.11.94"
# DBIS Service IPs
DBIS_POSTGRES_PRIMARY="192.168.11.105"
@@ -113,6 +114,12 @@ IP_FIREFLY_2="192.168.11.67"
IP_BESU_SENTRY="192.168.11.154"
IP_DBIS_API="192.168.11.155"
IP_DBIS_API_2="192.168.11.156"
# d-bis.org public apex — Gov Portals DBIS on VMID 7804 (same as dbis.xom-dev :3001); override when production host is pinned
IP_DBIS_PUBLIC_APEX="${IP_DBIS_PUBLIC_APEX:-192.168.11.54}"
DBIS_PUBLIC_APEX_PORT="${DBIS_PUBLIC_APEX_PORT:-3001}"
# core.d-bis.org — DBIS Core banking client portal; default API VM until dedicated UI (dbis_core); override in .env when UI has its own upstream
IP_DBIS_CORE_CLIENT="${IP_DBIS_CORE_CLIENT:-192.168.11.155}"
DBIS_CORE_CLIENT_PORT="${DBIS_CORE_CLIENT_PORT:-3000}"
# Additional service/container IPs (for remaining script migration)
IP_VALIDATOR_0="192.168.11.100"
@@ -195,6 +202,9 @@ IP_GOV_PORTALS_DEV="192.168.11.54"
# Order legal (VMID 10070) — **not** .54 (that is exclusive to VMID 7804 gov-portals). Fixed duplicate ARP 2026-03-25.
IP_ORDER_LEGAL="192.168.11.87"
# Order MCP legal (VMID 10092) — moved off 192.168.11.37 on 2026-03-29 to avoid conflicting with MIM4U VMID 7810.
IP_ORDER_MCP_LEGAL="${IP_ORDER_MCP_LEGAL:-192.168.11.94}"
# Sankofa Studio (VMID 7805) — FusionAI Creator / Phoenix Marketplace SaaS at studio.sankofa.nexus
# Note: 192.168.11.55 is used by VMID 10230 (order-vault); .72 chosen to avoid conflict.
IP_SANKOFA_STUDIO="192.168.11.72"

121
config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md Normal file
View File

@@ -0,0 +1,121 @@
# INAAUDJVMTM / 2025 — Audit tables → E2E archive closure matrix
**Engagement / file reference:** `018215821582` / **INAAUDJVMTM** / **2025**
**Purpose:** Map **Tables B, C, D** (weakness vs standard, transaction flow, systemic risk) to **what this repository stages** in the OMNL E2E settlement audit zip, **without overstating** examination credit. Templates and schemas **define** controls; **generators, vendor exports, and executed drills** **prove** them — see [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md).
**Not legal or supervisory advice.** OJK/BI expectations must be confirmed with counsel and supervisors.
---
## A. JVMTM scope
This package treats **JVMTM** as the **audit / working-paper framing** for OMNL-related **reconciliation, validation, continuity, finality, liquidity, messaging, and exceptions**. The archive is a **structured evidence bundle** plus **runbooks**; it does **not** by itself certify **production** compliance until **live** artifacts populate **`JVMTM_CLOSURE_DIR`** and generators are run against **real** systems.
**Primary narrative / identifier policy:** [docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) (includes **`internal_instruction_ref`** pattern for this engagement).
---
## B. Weakness vs regulatory standards — audit table + closure mapping
### B.1 Audit table (source structure)
| No | Risk area | OMNL system condition | OJK / BI regulatory standard | Gap / violation | Impact |
|----|-----------|------------------------|------------------------------|-----------------|--------|
| 1 | Reconciliation | No automated reconciliation | Mandatory daily reconciliation & matching system | No 3-way matching | Balance discrepancies & audit failure |
| 2 | Transaction validation | Relies on “credit advice” | Mandatory transaction verification (KYT, SWIFT, ledger) | Vulnerable to spoofing | Fraud & unauthorized payments |
| 3 | Single point of failure | OMNL as central dependency | Mandatory BCP & DRC | No failover mechanism | Total system outage |
| 4 | Business continuity | No contingency plan | Mandatory disaster recovery plan | Non-compliant | Operational disruption |
| 5 | Settlement finality | No clear finality point | Must be final & irrevocable | Undefined finality | Legal disputes |
| 6 | Closed-loop confirmation | Confirmation after credit | Must have ACK before settlement | Reversed process flow | Unconfirmed transactions |
| 7 | Liquidity control | No prefunding mechanism | Mandatory prefunded / liquidity control | High settlement risk | Payment failure |
| 8 | Balance monitoring | No visibility for correspondent bank | Real-time balance monitoring required | Blind position | Over-credit risk |
| 9 | Messaging standard | No standardized messaging | Structured messaging required | Non-interoperable | Communication errors |
| 10 | Exception handling | No error handling mechanism | Mandatory exception handling system | Uncontrolled errors | Double posting |
### B.2 Closure mapping (how the archive responds)
| No | Posture | What the archive provides | Honest boundary (what remains org/production) |
|----|---------|---------------------------|-----------------------------------------------|
| 1 | **PARTIAL → OPERATIONAL when run** | **`reconciliation/daily-3way-reconciliation-report.json`** (template or live); **`scripts/omnl/generate-3way-reconciliation-evidence.sh`** → **`reconciliation/3way-result.json`** when executed (Fineract GL + Chain 138 `balanceOf` + optional bank JSON); **`settlement-event.schema.json`** + events under **`settlement-events/`** with **`correlation_id`**. | **Daily automated** job in production, **bank-issued** statement/API, and **supervisor-agreed** matching rules are **outside** the repo. |
| 2 | **PARTIAL → OPERATIONAL when integrated** | **`validation/kyt-screening-result.json`** (template); **`scripts/omnl/fetch-kyt-vendor-report.sh`** (**refuses** fabricated PASS); ledger/journal evidence optional via **`FETCH_LIVE_EVIDENCE=1`**; **chain** finality fingerprint **`chain_tx_hash`** + runbook. **DLT-primary** leg: structured event without SWIFT per OJK policy doc. | **Production KYT vendor**, **SWIFT/UETR** when the rail is SWIFT, and **counterparty** verification are **operational**. |
| 3 | **DOCUMENTED + SMOKE** | **`scripts/omnl/bcp-rpc-failover-smoke.sh`** (real RPC reachability; optional secondary URL); **`bcp/failover-test-log.txt`**, **`bcp/recovery-time-report.json`** (structure). RTGS / Core runbooks in **`docs/`** (bundled). | **Fineract/Core HA**, **data-centre DR**, and **RTO/RPO** **certification** are **infrastructure / org** scope — not fully provable from this zip alone. |
| 4 | **PARTIAL (template + path)** | **`disaster-recovery/DR-simulation-report.json`**; **`bcp/recovery-time-report.json`**; exception/retry artefacts. | **Executed** DR drill logs, **board-approved** BCP, and **regulator-reviewed** plans must be **attached live**. |
| 5 | **PARTIAL + RAIL FRAMING** | **Chain 138** attestation receipt **`evidence/chain138-attestation-receipt.txt`**; settlement events **`FINALIZED`**; **`reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json`** (declared narrative — counsel); OJK doc **§2** (on-chain vs SWIFT finality). | **Legal** finality and **interbank** scheme rules are **counsel / counterparty**; repo states **technical** and **documented** finality points. |
| 6 | **PARTIAL → OPERATIONAL when run** | **`acknowledgements/pre-settlement-ack.json`**; **`scripts/omnl/verify-ack-before-credit.sh`** (ACK timestamp vs Fineract journal). | Must be run per **live** journal id; **process SOP** must mandate **ACK-before-credit** in operations. |
| 7 | **PARTIAL (structure + narrative)** | **`liquidity/prefunding-proof.json`**; reserve **`prefunding`** / liquidity narrative in **`reserve-provenance-package/`**. | **Live** nostro/prefunding **proof** and **limits** are **treasury / bank** evidence. |
| 8 | **PARTIAL** | **`monitoring/real-time-balance-snapshot.json`**; **3-way** script surfaces **on-chain** balance; optional Fineract **`glaccounts` / journals** in **`evidence/`** when **`FETCH_LIVE_EVIDENCE=1`**. | **Correspondent bank** visibility and **24/7** monitoring are **production** integrations. |
| 9 | **ADDRESSED (structured messaging)** | **`settlement-event.schema.json`**; examples with **`iso_*`**, **`rtgs_message_ids`**, **`internal_instruction_ref`** / **`audit_file_ref`**; ISO methodology docs bundled. **Chain 138 as SWIFT-replacement** documented in OJK policy. | **SWIFT network** message types in production require **live gateway**; repo provides **canonical JSON** and **mapping** runbooks. |
| 10 | **ADDRESSED (structure)** | **`exceptions/exception-policy.md`**, **`exceptions/sample-exception-event.json`**, **`exceptions/retry-log.txt`**. | **Production** ticketing volume and **maker-checker** enforcement are **operational** evidence beyond templates. |
**Summary:** Rows **18** typically need **live** data or **org** programs to reach **full** supervisory satisfaction; the archive **does not** claim otherwise. Rows **910** are **strongest** on **machine-readable structure** in-repo. **Positive sidestep:** where **Chain 138** is policy-selected as **settlement rail**, **control parity** (finality, correlation, reconciliation, KYT) is **argued** in docs and **demonstrated** with **generators + events**, not by pretending **SWIFT** was used.
---
## C. Transaction flow issues — audit table + remediation path
### C.1 Audit table (source structure)
| Stage | Current flow | Issue | Regulatory standard | Impact |
|-------|--------------|-------|---------------------|--------|
| 1 | Instruction sent | No pre-validation | Mandatory pre-validation | Invalid transactions risk |
| 2 | OMNL debited | No balance verification | Prefunding check required | Overdraft risk |
| 3 | Beneficiary credited | Before confirmation | Must occur after ACK | Invalid settlement |
| 4 | Confirmation sent | Post-credit (too late) | Pre-settlement ACK required | No closed-loop |
| 5 | Reconciliation | Manual / none | Must be automated | Data mismatch |
### C.2 Remediation path in this package
| Stage | Control / artifact | Script or path |
|-------|-------------------|----------------|
| 1 | Schema validation + typed settlement events + optional ISO hashes | `schemas/settlement-event.schema.json`, `settlement-events/*.json`, `validate-dbis-institutional-schemas.sh` |
| 2 | Prefunding proof container + treasury policy hook | `liquidity/prefunding-proof.json`, reserve package |
| 34 | ACK-before-credit + timestamp evidence | `acknowledgements/pre-settlement-ack.json`, `verify-ack-before-credit.sh` |
| 5 | 3-way reconciliation generator + daily report | `generate-3way-reconciliation-evidence.sh`, `reconciliation/daily-3way-reconciliation-report.json`, `reconciliation/3way-result.json` |
**Caveat:** Stages **34** are **only proven** when **`verify-ack-before-credit.sh`** is run against **real** IDs and **ACK timestamps** precede **credit** in Fineract (or equivalent).
---
## D. Systemic risk assessment — mapping to mitigations
### D.1 Audit table (source structure)
| No | Risk type | Description | Potential impact |
|----|-----------|-------------|------------------|
| 1 | Operational risk | Full dependency on OMNL | Total system shutdown |
| 2 | Fraud risk | Credit advice can be falsified | Financial loss |
| 3 | Settlement risk | No prefunding | Payment default |
| 4 | Reconciliation risk | No matching system | Reporting discrepancies |
| 5 | Legal risk | No settlement finality | Interbank disputes |
| 6 | Liquidity risk | No fund control | Cash flow mismatch |
### D.2 Mitigations staged or documented
| No | Mitigation (archive) | Limitation |
|----|----------------------|------------|
| 1 | BCP/DR **templates**, RPC **failover smoke**, runbooks | Does not replace **platform HA** or **multi-site** OMNL |
| 2 | **KYT** vendor hook (no fake PASS), **on-chain** `chain_tx_hash`, structured events | Does not replace **bank** confirmation or **SWIFT** gpi when applicable |
| 3 | **`prefunding-proof.json`** + reserve narratives | **Live** nostro proof required |
| 4 | **3-way** generator + **`correlation_id`** spine | **Automated daily** + **bank file** required for full credit |
| 5 | **Chain attestation** + settlement status + legal declarations (counsel) | **Court** / **scheme** finality still external |
| 6 | Prefunding + liquidity JSON + reconciliation | **Treasury** operating limits out of band |
---
## Success criteria (how to read “positive sidestep”)
1. **Examiners** see **traceable** mapping from **each audit row** to **a path** (artifact, script, or doc), not a blank denial.
2. **Templates** are explicitly labeled where **live** evidence is still required — see [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md).
3. **Chain 138 / DLT-primary** flows are **not** presented as **SWIFT**; they are presented as **alternative rail** with **documented** identifier and **finality** mapping per OJK policy.
4. **`JVMTM_CLOSURE_DIR`** overrides stage **examination-grade** JSON without editing the repo.
---
## Operator checklist (before calling the bundle “complete”)
- [ ] Run **`generate-3way-reconciliation-evidence.sh`** and confirm **`reconciliation/3way-result.json`** in the zip.
- [ ] Run **`verify-ack-before-credit.sh`** for at least one production-like journal and retain logs.
- [ ] Configure KYT vendor or accept **PENDING** and document why.
- [ ] Run **`bcp-rpc-failover-smoke.sh`** or attach **real** DR/BCP logs to **`JVMTM_CLOSURE_DIR`**.
- [ ] Point **`JVMTM_CLOSURE_DIR`** at **filled** `daily-3way-reconciliation-report.json`, `prefunding-proof.json`, `pre-settlement-ack.json` as appropriate.
- [ ] Ensure **`internal_instruction_ref`** or **`audit_file_ref`** in settlement events ties to **`018215821582/INAAUDJVMTM/2025`** where used.

90
config/jvmtm-regulatory-closure/JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md Normal file
View File

@@ -0,0 +1,90 @@
# JVMTM transaction-grade compliance matrix
**Purpose:** Turn the JVMTM audit-row closure material into a transaction-operator control pack optimized for **pre-settlement go/no-go**, while preserving execution, finality, reconciliation, resilience, and post-close evidence handling.
**Canonical source:** [`transaction-compliance-matrix.json`](transaction-compliance-matrix.json)
**Spreadsheet export:** [`transaction-compliance-matrix.csv`](transaction-compliance-matrix.csv)
**Per-transfer envelope:** [`schemas/transaction-compliance-execution.schema.json`](schemas/transaction-compliance-execution.schema.json) with examples in [`examples/`](examples/).
**Hybrid posture:** Control language stays rail-agnostic; the repo-specific column shows how the control maps into **OMNL + DBIS Core + Chain 138 + RTGS** artifacts already present in this repository.
**Envelope rule:** every execution envelope carries an `instruction_ref`; `settlement_event_ref` becomes optional until a canonical settlement event actually exists. A blocked pre-execution record should not pretend settlement evidence already exists.
---
## 1. Pre-transaction controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `PT-01` | Pre-validation is mandatory before instruction acceptance. | Validate the submitted instruction normalized into the canonical settlement-event shape against [`config/dbis-institutional/schemas/settlement-event.schema.json`](../dbis-institutional/schemas/settlement-event.schema.json) and collect live KYT evidence through [`scripts/omnl/fetch-kyt-vendor-report.sh`](../../scripts/omnl/fetch-kyt-vendor-report.sh) or equivalent vendor output. | Reject instruction if validation or KYT is missing or inconsistent. |
| `PT-02` | Prefunding must exist before the instruction can be accepted. | Use live [`prefunding-proof.json`](examples/prefunding-proof.example.json) and [`real-time-balance-snapshot.json`](examples/real-time-balance-snapshot.example.json) structures, validated against the schemas in [`schemas/`](schemas/). | Block transaction and place it on treasury hold if prefunding is missing or stale. |
| `PT-03` | Structured messaging is required for every intake path. | Use the canonical settlement-event schema plus the identifier guidance in [`OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md`](../../docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) to normalize the instruction record before release. | Reject malformed or uncorrelated instructions. |
| `PT-04` | Multi-layer authorization is mandatory. | Record maker-checker approval in the transaction execution envelope and tie it to the same `correlation_id` as the settlement event. | Block until approval is complete. |
| `PT-05` | Credit advice cannot be the sole proof. | Require independent KYT and instruction validation; map the result into the transaction execution envelope rather than relying on advice text alone. | Escalate to fraud workflow and freeze release. |
## 2. Execution controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `TX-01` | Debit only after all release gates pass. | The operator envelope must show `decision_status=READY` before OMNL journal posting, RTGS release, or Chain 138 settlement execution. | Halt execution and investigate sequencing. |
| `TX-02` | ACK must exist before beneficiary credit. | Use [`scripts/omnl/verify-ack-before-credit.sh`](../../scripts/omnl/verify-ack-before-credit.sh) against live [`pre-settlement-ack.json`](examples/pre-settlement-ack.example.json) and the relevant journal entry id. | Stop settlement if ACK ordering is unproven. |
| `TX-03` | Finality point must be explicit. | Tie the canonical settlement event to the legal and rail narrative in [`OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md`](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) and, where needed, reserve provenance declarations. | Escalate to legal / ops hold if finality is undefined. |
| `TX-04` | Liquidity must still be available at release time. | Re-check the prefunding proof and balance snapshot immediately before release, not just at intake. | Cancel or pause settlement if liquidity no longer supports the transfer. |
| `TX-05` | Exception and rollback logic must exist. | Record exception events using the policy in [`policies/exception-policy.md`](policies/exception-policy.md) and attach the machine-readable exception record to the execution envelope. | Trigger rollback or incident workflow. |
## 3. Post-settlement controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `PS-01` | Daily automated three-way reconciliation is mandatory. | Generate reconciliation evidence via [`scripts/omnl/generate-3way-reconciliation-evidence.sh`](../../scripts/omnl/generate-3way-reconciliation-evidence.sh) and retain both the daily report and generated result. | Flag discrepancy and open reconciliation incident. |
| `PS-02` | Real-time balance visibility must be retained. | Capture a live [`real-time-balance-snapshot.json`](examples/real-time-balance-snapshot.example.json) and tie it to the same transaction corridor. | Notify treasury and risk if visibility is stale or incomplete. |
| `PS-03` | Immutable transaction logging is required. | Keep the canonical settlement event as the cross-system truth and bind the transaction execution envelope to it through the same `correlation_id`. | Mark the audit trail incomplete and escalate evidence remediation. |
| `PS-04` | Exceptions require explicit closure. | Use the exception policy, exception event, and retry log to show how the issue was resolved or escalated. | Escalate unresolved exceptions to incident management. |
| `PS-05` | Reporting and packaging must complete after settlement. | Stage transaction envelopes under `JVMTM_CLOSURE_DIR/transactions/` and rebuild the E2E archive with [`scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh`](../../scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh). | Reopen evidence assembly if the transaction is missing from the closure package. |
## 4. Resilience controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `SR-01` | Continuity path must exist. | Run [`scripts/omnl/bcp-rpc-failover-smoke.sh`](../../scripts/omnl/bcp-rpc-failover-smoke.sh) and retain the failover execution log. | Escalate to platform ops if continuity is unproven. |
| `SR-02` | Disaster recovery evidence must exist. | Use live recovery-time and DR simulation reports, structured by the schemas already present in [`schemas/`](schemas/). | Escalate continuity governance gaps before declaring the rail production-ready. |
| `SR-03` | No single point of failure should remain unacknowledged. | Document the fallback route or compensating control in the operating model and connect it to the active rail posture. | Escalate to architecture review when the path remains single-threaded. |
| `SR-04` | Message and evidence formats must remain schema-closed. | Validate both DBIS institutional schemas and JVMTM closure schemas before packaging or release. | Block publication if schema drift is detected. |
| `SR-05` | Reserve and provenance integrity must stay aligned with settlement evidence. | Validate the reserve provenance package when reserve-backed or legally narrated settlement is in scope. | Escalate reserve-integrity gaps and suspend unsupported attestations. |
## 5. Systemic risk controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `RK-01` | Operational dependency risk must be surfaced. | Review failover posture and continuity evidence before declaring the rail ready. | Raise executive escalation when dependency remains unresolved. |
| `RK-02` | Fraud indicators must trigger a hard investigation path. | Tie advice, KYT, and execution evidence together inside the transaction envelope. | Freeze transaction and open fraud investigation. |
| `RK-03` | Settlement risk from missing prefunding is non-waivable. | Use prefunding and balance evidence to determine whether release would violate funding policy. | Place transaction on settlement hold and escalate to treasury. |
| `RK-04` | Reconciliation mismatches must trigger audit escalation. | Review generated three-way results and open incidents for unmatched items. | Escalate to reconciliation and audit owners. |
| `RK-05` | Undefined finality must trigger legal escalation. | Compare the rail finality point to the documented policy and reserve/finality narratives. | Hold legal attestation and route to counsel review. |
| `RK-06` | Liquidity variance and blind positions must trigger treasury escalation. | Compare balance snapshots, prefunding proof, and reconciliation outputs for divergence. | Notify treasury and risk management immediately. |
## 6. High-value mode controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `HV-01` | Dual authorization is mandatory for high-value transfers. | Record both approvals in the execution envelope validated by [`transaction-compliance-execution.schema.json`](schemas/transaction-compliance-execution.schema.json). | Do not release until both approvals are present. |
| `HV-02` | Treasury must explicitly certify liquidity and reserve readiness. | Require live prefunding proof, balance snapshot, and where relevant reserve provenance support. | Keep the transfer blocked until treasury certifies capacity. |
| `HV-03` | Mirrored evidence must exist across event and reconciliation layers. | Link the transaction envelope to the settlement event and generated three-way reconciliation result. | Treat the transfer as evidence-incomplete until both layers exist. |
| `HV-04` | A freeze or review window is required before the case is fully closed. | Record the freeze-window review inside the execution envelope. | Maintain enhanced monitoring until the review completes. |
| `HV-05` | Executive escalation is mandatory for unresolved high-value alerts. | Escalate any `FAIL` or `PENDING` high-value control and rebuild the archive after resolution. | Keep the transaction in `BLOCKED` or `ESCALATE` until executive review is complete. |
---
## Operator workflow
1. Generate or collect live evidence: reconciliation, prefunding, ACK, KYT, balance, DR/BCP, and any reserve provenance artifacts.
2. Fill a per-transaction execution envelope using [`examples/transaction-compliance-execution.example.json`](examples/transaction-compliance-execution.example.json) as the model.
Every envelope must carry `instruction_ref`; only attach `settlement_event_ref` once a canonical settlement event exists.
3. Place live files under `JVMTM_CLOSURE_DIR/` and transaction envelopes under `JVMTM_CLOSURE_DIR/transactions/`.
4. Run [`scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh`](../../scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh).
5. Rebuild the E2E archive so the live transaction envelopes and closure evidence are staged together.
## Notes
- JSON is canonical; CSV is a convenience export for spreadsheets.
- The execution envelope references evidence by path or slot; it should not inline vendor reports or duplicate the full settlement-event payload.
- The current repo remains honest about live vs template evidence. Templates define controls; generated and staged artifacts prove they ran.

74
config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md Normal file
View File

@@ -0,0 +1,74 @@
# Operational evidence vs templates (regulatory expectation)
**Purpose:** State plainly what **examination-grade** material requires. JSON **templates** and **schemas** structure proof; they do **not** substitute for **execution evidence** (ledger extracts, bank statements, vendor KYT, executed failover, ACK ordering).
**Not legal or supervisory advice.**
---
## The distinction
| Layer | Role | Regulator question answered |
|-------|------|------------------------------|
| **Template / schema** | Empty socket, validation, uniformity | “Is the control **defined** and **machine-readable**?” |
| **Operational artifact** | Generated from live systems or vendor | “Did the control **run** and **match** independent sources?” |
Checklists without logs are not altitude. Structured JSON without **sourceRefs** and **fetch timestamps** is still weak evidence.
---
## Evidence matrix (minimum real-world set)
| Requirement | Must be derived from | Not sufficient alone |
|-------------|----------------------|----------------------|
| 3-way match | **Ledger** export/API + **bank** statement/API (or nostro extract) + **chain** RPC (or agreed on-chain metric) | Manual JSON, `matched: true` without sources |
| KYT | **Vendor** API/export (Chainalysis, TRM, Elliptic, …) with **referenceId** | Internal-only score, placeholder `PASS` |
| BCP / DR | **Executed** test with **RTO/RPO** metrics and command logs | Policy PDF only |
| ACK before credit | **Timestamp proof** `ack_time < credit_time` (same `correlation_id`) | Post-credit narrative only |
| Reconciliation job | **Scheduled/automated** run record (`generator` block in JSON) | One-off hand edit |
---
## Reserve / funding origin attestation (3FR package)
Structured **legal → bank → chain** containers: attorney receipt, settlement finality declaration, funding origin narrative, **bank certification awaiting MT940/camt.053/API**, **KYT pending**, reconciliation trigger, **provisional** reserve recognition. See [`config/reserve-provenance-package/README.md`](../reserve-provenance-package/README.md) and `scripts/validation/validate-reserve-provenance-package.sh`. Bundled in the E2E zip as `reserve-provenance-package/`.
---
## Repo tooling (event-generated path)
| Script | Output | Notes |
|--------|--------|--------|
| [`scripts/omnl/generate-3way-reconciliation-evidence.sh`](../../scripts/omnl/generate-3way-reconciliation-evidence.sh) | `output/jvmtm-evidence/3way-<DATE>.json` + `latest-3way-result.json` | Ledger (Fineract GL), chain (ERC20 `balanceOf`), bank (file/env). Marks `evidence_tier`, `evidence_gaps`. |
| [`scripts/omnl/verify-ack-before-credit.sh`](../../scripts/omnl/verify-ack-before-credit.sh) | stdout + exit code | Compares ACK timestamp to Fineract journal entry date. |
| [`scripts/omnl/fetch-kyt-vendor-report.sh`](../../scripts/omnl/fetch-kyt-vendor-report.sh) | `validation/kyt-vendor-result.json` or manifest | **Exits non-zero** if no vendor configured (no fake PASS). |
| [`scripts/omnl/bcp-rpc-failover-smoke.sh`](../../scripts/omnl/bcp-rpc-failover-smoke.sh) | Appends `bcp/failover-execution-log.txt` | **Real** RPC reachability check; optional secondary URL. Not a full data-centre DR. |
Validate generated JSON:
```bash
check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json \
output/jvmtm-evidence/latest-3way-result.json
```
---
## Audit engagement mapping (INAAUDJVMTM / 2025)
For **`018215821582` / INAAUDJVMTM / 2025**, see **[INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md](INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md)** — each Table **B/C/D** row is mapped to **archive paths** and **honest limits** (template vs operational).
## Archive integration
1. Run generators **before** `build-omnl-e2e-settlement-audit-archive.sh`.
2. Set **`JVMTM_CLOSURE_DIR`** to a directory that includes **live** files, **or** rely on the builder copying `output/jvmtm-evidence/latest-3way-result.json` into the zip when present (see script header).
3. Keep **templates** in-repo for CI; keep **generated** outputs out of git (or in `output/` only).
---
## Hybrid model (target state)
```
Schema (template) + live generator + vendor export + execution logs → zip → manifest hash
```
That is **operational compliance** posture, not **design compliance** alone.

104
config/jvmtm-regulatory-closure/README.md Normal file
View File

@@ -0,0 +1,104 @@
# JVMTM / regulatory closure artifacts (E2E archive)
**Regulators accept execution evidence, not intent.** JSON **schemas** and **templates** are the sockets; **generated** reconciliations, **vendor** KYT exports, and **executed** BCP drills are the current. Read first: [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md).
**Audit engagement `018215821582` / INAAUDJVMTM / 2025 — Tables B, C, D:** row-by-row **closure matrix** (weakness vs standard, transaction flow, systemic risk → archive artefacts and honest limits): [INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md](INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md) (bundled in the E2E zip and listed in `SETTLEMENT_CLOSURE.json`).
## Transaction-grade operator pack
This directory now includes a transaction-operator layer that sits between the audit closure matrix and live settlement execution:
| Artifact | Purpose |
|----------|---------|
| `JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md` | Human-readable operator matrix grouped by transaction phase. |
| `transaction-compliance-matrix.json` | **Canonical** machine-readable control library. |
| `transaction-compliance-matrix.csv` | Spreadsheet-friendly export generated from the canonical JSON. |
| `schemas/transaction-compliance-execution.schema.json` | Per-transfer execution envelope schema. |
| `examples/transaction-compliance-execution.example.json` | Ready / pass example envelope. |
| `examples/transaction-compliance-execution.blocked.example.json` | Blocked / fail example envelope. |
**Design rule:** JSON is canonical; CSV is convenience-only. The execution envelope references evidence by path or slot and should not inline full vendor exports or duplicate settlement-event payloads. Every envelope must carry an `instruction_ref`; `settlement_event_ref` is optional until a canonical settlement event actually exists.
## Event-generated evidence (run before zipping)
| Goal | Command |
|------|---------|
| 3-way from Fineract + chain (+ optional bank file/env) | `bash scripts/omnl/generate-3way-reconciliation-evidence.sh``output/jvmtm-evidence/latest-3way-result.json` |
| ACK before credit vs journal | `bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json <journalEntryId>` |
| KYT vendor (refuses if unset) | `bash scripts/omnl/fetch-kyt-vendor-report.sh` |
| RPC reachability / secondary smoke | `bash scripts/omnl/bcp-rpc-failover-smoke.sh` |
Then run `build-omnl-e2e-settlement-audit-archive.sh` (it picks up `latest-3way-result.json` as `reconciliation/3way-result.json` when present).
## Mandatory four (archive paths)
| Archive path | Schema | Example (source) |
|--------------|--------|------------------|
| `reconciliation/daily-3way-reconciliation-report.json` | `schemas/daily-3way-reconciliation-report.schema.json` | `examples/daily-3way-reconciliation-report.example.json` |
| `liquidity/prefunding-proof.json` | `schemas/prefunding-proof.schema.json` | `examples/prefunding-proof.example.json` |
| `acknowledgements/pre-settlement-ack.json` | `schemas/pre-settlement-ack.schema.json` | `examples/pre-settlement-ack.example.json` |
| `exceptions/exception-policy.md` | — (Markdown) | `policies/exception-policy.md` |
| `exceptions/sample-exception-event.json` | `schemas/sample-exception-event.schema.json` | `examples/sample-exception-event.example.json` |
Optional supplementary (same audit mapping):
| Archive path | Schema | Example |
|--------------|--------|---------|
| `validation/kyt-screening-result.json` | `schemas/kyt-screening-result.schema.json` | `examples/kyt-screening-result.example.json` |
| `bcp/recovery-time-report.json` | `schemas/recovery-time-report.schema.json` | `examples/recovery-time-report.example.json` |
| `bcp/failover-test-log.txt` | — | `examples/failover-test-log.example.txt` |
| `disaster-recovery/DR-simulation-report.json` | `schemas/dr-simulation-report.schema.json` | `examples/dr-simulation-report.example.json` |
| `monitoring/real-time-balance-snapshot.json` | `schemas/real-time-balance-snapshot.schema.json` | `examples/real-time-balance-snapshot.example.json` |
## Operator workflow
1. Generate or collect live evidence:
- `bash scripts/omnl/generate-3way-reconciliation-evidence.sh`
- `bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json <journalEntryId>`
- `bash scripts/omnl/fetch-kyt-vendor-report.sh`
- `bash scripts/omnl/bcp-rpc-failover-smoke.sh`
2. Fill a per-transaction execution envelope using:
- `examples/transaction-compliance-execution.example.json`
- `examples/transaction-compliance-execution.blocked.example.json`
- blocked / pre-exec cases should keep `instruction_ref` and omit `settlement_event_ref`
3. Copy examples to a **private** directory; fill with **live** figures, bank statements, chain refs, named reviewers, and place live transaction envelopes under `transactions/`.
4. Point the archive builder at that directory:
```bash
JVMTM_CLOSURE_DIR=/path/to/live-closure-evidence \
bash scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh
```
Expected filenames inside `JVMTM_CLOSURE_DIR` (same basenames as archive):
- `daily-3way-reconciliation-report.json`
- `prefunding-proof.json`
- `pre-settlement-ack.json`
- `sample-exception-event.json` (optional override)
- `kyt-screening-result.json`, `recovery-time-report.json`, `DR-simulation-report.json`, `real-time-balance-snapshot.json`, `failover-test-log.txt` (optional)
- `transactions/*.json` (optional live transaction execution envelopes)
If `JVMTM_CLOSURE_DIR` is unset, the builder stages **repo examples** (clearly placeholders — replace for real examination).
5. Run validation:
```bash
bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh
```
This now validates:
- the existing JVMTM example/schema pairs when `check-jsonschema` is installed
- the transaction execution schema against both example envelopes
- the transaction-grade pack consistency (unique `control_id`, JSON/CSV sync, valid repo paths/runtime slots, example control references, and Markdown control coverage)
## Validation
```bash
bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh
```
Uses `check-jsonschema` when installed (`pip install check-jsonschema`). The script also runs `scripts/validation/validate-jvmtm-transaction-compliance-pack.py` to verify the canonical JSON matrix, CSV export, and execution-envelope examples stay synchronized. CI runs this in `validate-config.yml`.
## Policy
See `policies/exception-policy.md` and [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md).

23
config/jvmtm-regulatory-closure/examples/daily-3way-reconciliation-report.example.json Normal file
View File

@@ -0,0 +1,23 @@
{
"schema_version": 1,
"report_id": "3WAY-20260331-102B-CLOSURE",
"as_of": "2026-03-31",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"currency": "USD",
"lines": [
{
"label": "102B interoffice notional (office 21→22)",
"ledger_major": "102000000000.00",
"bank_major": "N/A_TEMPLATE_REPLACE_WITH_NOSTRO_STATEMENT_LINE",
"chain_major": "0",
"matched": true,
"notes": "Chain leg attestation-only for this closure; replace bank_major with actual nostro/correspondent figure when applicable."
}
],
"prepared_by": "REPLACE_OPERATOR_ID",
"reviewed_by": "REPLACE_CHECKER_ID",
"bank_statement_ref": "REPLACE_BANK_STMT_ARCHIVE_ID",
"chain_tx_hashes": [
"0xb90f2da51d9c506f552d276d9aa57f4ae485528f2ee6025f435f188d09d405f4"
]
}

11
config/jvmtm-regulatory-closure/examples/dr-simulation-report.example.json Normal file
View File

@@ -0,0 +1,11 @@
{
"schema_version": 1,
"simulation_id": "DR-SIM-2026-Q1-TEMPLATE",
"executed_at": "2026-03-20T14:00:00Z",
"scenario": "Primary RPC loss; secondary RPC cut-in",
"rto_minutes": 45,
"rpo_minutes": 15,
"passed": false,
"participants": ["REPLACE_INFRA_LEAD", "REPLACE_DBA"],
"summary": "Template: set passed=true and real timings after executed drill; attach command logs."
}

8
config/jvmtm-regulatory-closure/examples/failover-test-log.example.txt Normal file
View File

@@ -0,0 +1,8 @@
JVMTM BCP placeholder — replace with real failover test log
-------------------------------------------------------------
Test ID: BCP-RPC-2026-Q1-TEMPLATE
Start (UTC): REPLACE
End (UTC): REPLACE
Steps: (1) induce failure (2) observe alert (3) validate RTO (4) sign-off
Operator: REPLACE
Result: NOT_EXECUTED_TEMPLATE

11
config/jvmtm-regulatory-closure/examples/kyt-screening-result.example.json Normal file
View File

@@ -0,0 +1,11 @@
{
"schema_version": 1,
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"tx_id": "internal-omnl-102b-chunked",
"provider_ref": "REPLACE_KYT_VENDOR_RUN_ID",
"screened_at": "2026-03-31T07:30:00Z",
"sanctions_checked": true,
"risk_score": 0,
"result": "PASS",
"notes": "Template: attach vendor attestation or export hash for examination."
}

11
config/jvmtm-regulatory-closure/examples/pre-settlement-ack.example.json Normal file
View File

@@ -0,0 +1,11 @@
{
"schema_version": 1,
"tx_ref": "OMNL-102B-CHUNKED-20260331",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"status": "ACKED",
"timestamp": "2026-03-31T07:45:00Z",
"ack_source": "beneficiary_office_22_ops",
"ack_channel": "internal_maker_checker_payload",
"beneficiary_ref": "office_id:22_PT_CAKRA",
"notes": "Template: replace with signed SWIFT/ISO ACK or institution-approved equivalent before regulatory submission."
}

13
config/jvmtm-regulatory-closure/examples/prefunding-proof.example.json Normal file
View File

@@ -0,0 +1,13 @@
{
"schema_version": 1,
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"checked_at": "2026-03-31T08:00:00Z",
"currency": "USD",
"account_or_office_ref": "office:21_GL:2100",
"available_balance_before_major": "500000000000.00",
"required_amount_major": "102000000000.00",
"approved": true,
"approver_ref": "REPLACE_TREASURY_APPROVER",
"liquidity_source": "internal_omnl_gl",
"evidence_ref": "REPLACE_TICKET_OR_LIMIT_CHECK_ID"
}

15
config/jvmtm-regulatory-closure/examples/real-time-balance-snapshot.example.json Normal file
View File

@@ -0,0 +1,15 @@
{
"schema_version": 1,
"snapshot_at": "2026-03-31T08:05:00Z",
"source": "Fineract trial balance export (template)",
"balances": [
{
"office_id": 21,
"account_ref": "GL-2100",
"gl_code": "2100",
"amount_major": "0.00",
"template_note": "Replace with live trial balance extract for examination.",
"currency": "USD"
}
]
}

10
config/jvmtm-regulatory-closure/examples/recovery-time-report.example.json Normal file
View File

@@ -0,0 +1,10 @@
{
"schema_version": 1,
"test_id": "BCP-RPC-2026-Q1-TEMPLATE",
"executed_at": "2026-03-15T10:00:00Z",
"component": "Chain 138 core RPC failover",
"rto_minutes_target": 60,
"rto_minutes_observed": 0,
"passed": false,
"evidence_ref": "REPLACE_DRILL_LOG_ARCHIVE_ID"
}

13
config/jvmtm-regulatory-closure/examples/sample-exception-event.example.json Normal file
View File

@@ -0,0 +1,13 @@
{
"schema_version": 1,
"exception_id": "EXC-20260331-PLACEHOLDER-001",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"severity": "LOW",
"category": "CHAIN",
"detected_at": "2026-03-31T09:15:00Z",
"resolution_status": "RESOLVED",
"narrative": "Template: RPC timeout on first cast send; succeeded on retry with same nonce policy.",
"retry_count": 1,
"ticket_ref": "REPLACE_SERVICE_DESK_ID",
"resolved_at": "2026-03-31T09:18:00Z"
}

41
config/jvmtm-regulatory-closure/examples/three-way-reconciliation-result.example.json Normal file
View File

@@ -0,0 +1,41 @@
{
"schema_version": 1,
"report_id": "3WAY-GEN-20260331-EXAMPLE",
"as_of": "2026-03-31",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"currency": "USD",
"evidence_tier": "GENERATED_PARTIAL",
"evidence_gaps": ["example_only_not_live_run"],
"ledger": {
"value_major": "1000.00",
"source": "fineract:/glaccounts",
"fetched_at": "2026-03-31T12:00:00Z",
"gl_code": "2100",
"office_id": 21,
"gl_account_id": 0,
"raw_field": "organizationRunningBalance"
},
"bank": null,
"chain": {
"value_major": "999.50",
"source": "cast:erc20_balanceOf",
"fetched_at": "2026-03-31T12:00:01Z",
"rpc_url_host": "192.168.11.211",
"chain_id": 138,
"token_address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"holder_address": "0x4A666F96fC8764181194447A7dFdb7d471b301C8",
"decimals": 6
},
"variance": {
"ledger_vs_bank_major": "n/a",
"ledger_vs_chain_major": "0.50",
"bank_vs_chain_major": "n/a"
},
"matched": false,
"generated_at": "2026-03-31T12:00:02Z",
"generator": {
"script": "scripts/omnl/generate-3way-reconciliation-evidence.sh",
"argv": ["--example-shape"],
"host": "replaced-at-runtime"
}
}

90
config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.blocked.example.json Normal file
View File

@@ -0,0 +1,90 @@
{
"schema_version": 1,
"matrix_version": "2026-03-31",
"transaction_id": "TX-2026-0331-BLOCKED-001",
"correlation_id": "550e8400-e29b-41d4-a716-446655440099",
"rail_mode": "chain138-primary",
"amount": "250000000.00",
"currency": "USD",
"decision_status": "BLOCKED",
"decision_reason": "Instruction blocked because prefunding failed and pre-settlement ACK has not been verified.",
"validated_at": "2026-03-31T17:20:00Z",
"approved_by": "maker-checker:ops-hold",
"instruction_ref": {
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-BLOCKED-001"
},
"dbis_reference": "CORE-TX-2026-0331-0099",
"control_results": [
{
"control_id": "PT-01",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:15:00Z",
"validator_ref": "compliance-gate:instruction-precheck",
"evidence_refs": [
{
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-BLOCKED-001"
}
],
"notes": "Instruction shape is valid, but this alone does not clear funds movement."
},
{
"control_id": "PT-02",
"status": "FAIL",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:16:00Z",
"validator_ref": "treasury:prefunding-check",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.prefunding-proof"
}
],
"notes": "approved=false; available balance below required amount."
},
{
"control_id": "PT-05",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:17:00Z",
"validator_ref": "compliance:kyt-and-fraud",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.kyt-result"
}
],
"notes": "KYT result present; transaction still cannot proceed without prefunding."
},
{
"control_id": "TX-02",
"status": "PENDING",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:18:00Z",
"validator_ref": "ops:ack-before-credit",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.pre-settlement-ack"
}
],
"notes": "ACK exists only as pending intake; no verified ack_before_credit proof yet."
},
{
"control_id": "RK-03",
"status": "FAIL",
"blocking": "ESCALATE",
"validated_at": "2026-03-31T17:19:00Z",
"validator_ref": "risk:settlement-hold",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.prefunding-proof"
}
],
"notes": "Settlement risk escalated because release would breach prefunding policy."
}
]
}

126
config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.example.json Normal file
View File

@@ -0,0 +1,126 @@
{
"schema_version": 1,
"matrix_version": "2026-03-31",
"transaction_id": "TX-2026-0331-READY-001",
"correlation_id": "550e8400-e29b-41d4-a716-446655440001",
"rail_mode": "hybrid",
"amount": "1000000.00",
"currency": "USD",
"decision_status": "READY",
"decision_reason": "Pre-settlement gate cleared: validation, prefunding, ACK ordering, and settlement event linkage are present.",
"validated_at": "2026-03-31T17:10:00Z",
"approved_by": "maker-checker:treasury-ops",
"instruction_ref": {
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-READY-001"
},
"settlement_event_ref": {
"artifact_type": "repo-path",
"ref": "config/dbis-institutional/examples/settlement-event.example.json"
},
"dbis_reference": "CORE-TX-2026-0331-0001",
"omnl_journal_entry_id": 12045,
"rtgs_message_ids": {
"uetr": "97ed4827-7b6f-4491-94b1-d651442ca301",
"internal_instruction_ref": "018215821582-INAAUDJVMTM-2025-MSG-001"
},
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"control_results": [
{
"control_id": "PT-01",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:00:00Z",
"validator_ref": "compliance-gate:instruction-precheck",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.kyt-result"
},
{
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-READY-001"
}
],
"notes": "KYT and canonical settlement event validation completed."
},
{
"control_id": "PT-02",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:01:00Z",
"validator_ref": "treasury:prefunding-check",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.prefunding-proof"
},
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.balance-snapshot"
}
],
"notes": "Available balance exceeds required amount prior to release."
},
{
"control_id": "PT-04",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:02:00Z",
"validator_ref": "maker-checker:authorization",
"evidence_refs": [
{
"artifact_type": "external-ref",
"ref": "authz-token://ops/dual-signature/TX-2026-0331-READY-001"
}
],
"notes": "Dual authorization verified."
},
{
"control_id": "PT-05",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:03:00Z",
"validator_ref": "compliance:kyt-and-fraud",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.kyt-result"
}
],
"notes": "Credit advice supported by independent KYT and ledger evidence."
},
{
"control_id": "TX-02",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:05:00Z",
"validator_ref": "ops:ack-before-credit",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.pre-settlement-ack"
}
],
"notes": "ACK timestamp verified before credit settlement."
},
{
"control_id": "PS-01",
"status": "PASS",
"blocking": "POST_EVENT",
"validated_at": "2026-03-31T17:08:00Z",
"validator_ref": "reconciliation:daily-3way",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.daily-3way-report"
},
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.3way-result"
}
],
"notes": "Same correlation_id tied to daily reconciliation output."
}
]
}

41
config/jvmtm-regulatory-closure/policies/exception-policy.md Normal file
View File

@@ -0,0 +1,41 @@
# Exception handling policy (JVMTM / regulatory closure)
**Purpose:** Define how payment and settlement exceptions are detected, classified, escalated, and resolved so audit can trace **non-happy-path** events alongside `sample-exception-event.json`.
## Scope
- OMNL / Fineract journal and reversal flows
- Chain 138 attestation and settlement-event emission
- Prefunding, ACK, and 3-way reconciliation mismatches
## Classification
| Category | Examples | Initial action |
|----------|----------|----------------|
| `VALIDATION` | Schema / amount / currency mismatch | Block submit; return to operator |
| `PREFUNDING` | Insufficient available balance vs required | No debit; notify treasury |
| `ACK_TIMEOUT` | Beneficiary ACK not received within SLA | Hold credit; escalate |
| `CHAIN` | RPC failure, tx dropped, reorg risk | Retry with idempotency key; do not double-post |
| `RECONCILIATION` | Ledger vs bank vs chain variance | Freeze related `correlation_id`; open investigation |
## Roles
- **Operator:** first-line detection, logging, retry within policy.
- **Checker / approver:** material amounts per institution SOP.
- **Compliance:** KYT / sanctions holds.
- **Legal / risk:** material disputes and regulatory reporting triggers (outside this file).
## Evidence
Each exception MUST record:
1. Stable **`exception_id`** and link to **`correlation_id`** when known.
2. **`detected_at`** (UTC) and **`resolution_status`** lifecycle (`OPEN`, `IN_PROGRESS`, `RESOLVED`, `ESCALATED`).
3. Retain **`retry_log`** or ticket reference (append-only) until closure.
## Settlement interaction
- Do not mark **`SETTLEMENT_CLOSURE`** final for a `correlation_id` while a related exception remains **`OPEN`** or **`IN_PROGRESS`** without documented waiver.
- Resolved exceptions: emit a follow-up **settlement event** or append to audit manifest with resolution reference.
**Not legal advice.** Align with counsel and supervisor rules.

39
config/jvmtm-regulatory-closure/schemas/daily-3way-reconciliation-report.schema.json Normal file
View File

@@ -0,0 +1,39 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/daily-3way-reconciliation-report.json",
"title": "Daily 3-way reconciliation report (ledger / bank / chain)",
"type": "object",
"required": ["schema_version", "report_id", "as_of", "correlation_id", "lines"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"report_id": { "type": "string", "minLength": 4 },
"as_of": { "type": "string", "description": "ISO 8601 date or date-time (UTC)." },
"correlation_id": { "type": "string", "minLength": 8 },
"currency": { "type": "string", "description": "ISO 4217 major unit context for amounts." },
"lines": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": ["label", "ledger_major", "bank_major", "chain_major", "matched"],
"properties": {
"label": { "type": "string" },
"ledger_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"bank_major": { "type": "string", "description": "Major units or N/A with explanation in notes." },
"chain_major": { "type": "string", "description": "On-chain notional in major units or N/A." },
"matched": { "type": "boolean" },
"notes": { "type": "string" }
},
"additionalProperties": true
}
},
"prepared_by": { "type": "string" },
"reviewed_by": { "type": "string" },
"bank_statement_ref": { "type": "string" },
"chain_tx_hashes": {
"type": "array",
"items": { "type": "string", "pattern": "^0x[a-fA-F0-9]{64}$" }
}
},
"additionalProperties": true
}

22
config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json Normal file
View File

@@ -0,0 +1,22 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/dr-simulation-report.json",
"title": "Disaster recovery simulation report",
"type": "object",
"required": ["schema_version", "simulation_id", "executed_at", "scenario", "passed"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"simulation_id": { "type": "string" },
"executed_at": { "type": "string", "format": "date-time" },
"scenario": { "type": "string" },
"rto_minutes": { "type": "number", "minimum": 0 },
"rpo_minutes": { "type": "number", "minimum": 0 },
"passed": { "type": "boolean" },
"participants": {
"type": "array",
"items": { "type": "string" }
},
"summary": { "type": "string" }
},
"additionalProperties": true
}

19
config/jvmtm-regulatory-closure/schemas/kyt-screening-result.schema.json Normal file
View File

@@ -0,0 +1,19 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/kyt-screening-result.json",
"title": "KYT / sanctions screening result",
"type": "object",
"required": ["schema_version", "correlation_id", "sanctions_checked", "result"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"correlation_id": { "type": "string", "minLength": 8 },
"tx_id": { "type": "string" },
"provider_ref": { "type": "string" },
"screened_at": { "type": "string", "format": "date-time" },
"sanctions_checked": { "type": "boolean" },
"risk_score": { "type": "number" },
"result": { "type": "string", "enum": ["PASS", "REVIEW", "FAIL"] },
"notes": { "type": "string" }
},
"additionalProperties": true
}

22
config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json Normal file
View File

@@ -0,0 +1,22 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/pre-settlement-ack.json",
"title": "Pre-settlement acknowledgement",
"type": "object",
"required": ["schema_version", "tx_ref", "status", "timestamp", "ack_source"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"tx_ref": { "type": "string", "minLength": 4, "description": "Instruction id, UETR, or correlation spine." },
"correlation_id": { "type": "string" },
"status": { "type": "string", "enum": ["ACKED", "PENDING", "REJECTED", "EXPIRED"] },
"timestamp": { "type": "string", "format": "date-time", "description": "ACK time (UTC). Regulatory ordering: must be strictly before credit_settled_at when both set." },
"ack_timestamp": { "type": "string", "format": "date-time", "description": "Optional duplicate of timestamp for clarity in audits." },
"credit_settled_at": { "type": "string", "format": "date-time", "description": "When funds were credited / journal posted (UTC)." },
"fineract_journal_entry_id": { "type": "integer", "description": "Use with scripts/omnl/verify-ack-before-credit.sh to prove ack before credit." },
"ack_before_credit_verified": { "type": "boolean", "description": "Set true only after automated or checker verification (ack < credit)." },
"ack_channel": { "type": "string", "description": "e.g. SWIFT, API, signed PDF." },
"beneficiary_ref": { "type": "string" },
"notes": { "type": "string" }
},
"additionalProperties": true
}

28
config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json Normal file
View File

@@ -0,0 +1,28 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/prefunding-proof.json",
"title": "Prefunding proof (available vs required)",
"type": "object",
"required": [
"schema_version",
"correlation_id",
"checked_at",
"available_balance_before_major",
"required_amount_major",
"approved"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"correlation_id": { "type": "string", "minLength": 8 },
"checked_at": { "type": "string", "format": "date-time" },
"currency": { "type": "string" },
"account_or_office_ref": { "type": "string" },
"available_balance_before_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"required_amount_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"approved": { "type": "boolean" },
"approver_ref": { "type": "string" },
"liquidity_source": { "type": "string", "description": "e.g. nostro, omnibus, on-chain pool." },
"evidence_ref": { "type": "string", "description": "Internal ticket or statement id." }
},
"additionalProperties": true
}

29
config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json Normal file
View File

@@ -0,0 +1,29 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/real-time-balance-snapshot.json",
"title": "Real-time balance snapshot",
"type": "object",
"required": ["schema_version", "snapshot_at", "balances"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"snapshot_at": { "type": "string", "format": "date-time" },
"source": { "type": "string", "description": "e.g. Fineract trial balance export, core API." },
"balances": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": ["account_ref", "amount_major", "currency"],
"properties": {
"office_id": { "type": "integer" },
"account_ref": { "type": "string" },
"gl_code": { "type": "string" },
"amount_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"currency": { "type": "string" }
},
"additionalProperties": true
}
}
},
"additionalProperties": true
}

18
config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json Normal file
View File

@@ -0,0 +1,18 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/recovery-time-report.json",
"title": "BCP recovery time objective report",
"type": "object",
"required": ["schema_version", "test_id", "executed_at", "rto_minutes_target", "rto_minutes_observed", "passed"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"test_id": { "type": "string" },
"executed_at": { "type": "string", "format": "date-time" },
"component": { "type": "string" },
"rto_minutes_target": { "type": "number", "minimum": 0 },
"rto_minutes_observed": { "type": "number", "minimum": 0 },
"passed": { "type": "boolean" },
"evidence_ref": { "type": "string" }
},
"additionalProperties": true
}

34
config/jvmtm-regulatory-closure/schemas/sample-exception-event.schema.json Normal file
View File

@@ -0,0 +1,34 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/sample-exception-event.json",
"title": "Exception event (sample / template)",
"type": "object",
"required": [
"schema_version",
"exception_id",
"severity",
"category",
"detected_at",
"resolution_status"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"exception_id": { "type": "string", "minLength": 4 },
"correlation_id": { "type": "string" },
"severity": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"] },
"category": {
"type": "string",
"enum": ["VALIDATION", "PREFUNDING", "ACK_TIMEOUT", "CHAIN", "RECONCILIATION", "KYT", "OTHER"]
},
"detected_at": { "type": "string", "format": "date-time" },
"resolution_status": {
"type": "string",
"enum": ["OPEN", "IN_PROGRESS", "RESOLVED", "ESCALATED"]
},
"narrative": { "type": "string" },
"retry_count": { "type": "integer", "minimum": 0 },
"ticket_ref": { "type": "string" },
"resolved_at": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
}

120
config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json Normal file
View File

@@ -0,0 +1,120 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/three-way-reconciliation-result.json",
"title": "Three-way reconciliation result (machine-oriented)",
"description": "Generated from independent sources. evidence_tier distinguishes template-only from ledger/chain/bank-backed runs.",
"type": "object",
"required": [
"schema_version",
"report_id",
"as_of",
"correlation_id",
"evidence_tier",
"ledger",
"chain",
"matched",
"generated_at",
"generator"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"report_id": { "type": "string", "minLength": 4 },
"as_of": { "type": "string", "description": "Business date or UTC instant for reconciliation cut." },
"correlation_id": { "type": "string", "minLength": 8 },
"currency": { "type": "string" },
"evidence_tier": {
"type": "string",
"enum": [
"GENERATED_FULL",
"GENERATED_PARTIAL",
"TEMPLATE_MANUAL",
"INCOMPLETE"
]
},
"evidence_gaps": {
"type": "array",
"items": { "type": "string" },
"description": "e.g. bank_statement_not_supplied, fineract_unreachable."
},
"ledger": {
"type": "object",
"required": ["source", "fetched_at"],
"properties": {
"value_major": {
"oneOf": [
{ "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
{ "type": "null" }
]
},
"source": { "type": "string", "description": "e.g. fineract:/glaccounts" },
"fetched_at": { "type": "string", "format": "date-time" },
"gl_code": { "type": "string" },
"office_id": { "type": "integer" },
"gl_account_id": { "type": "integer" },
"raw_field": { "type": "string", "description": "Which Fineract field was read." }
},
"additionalProperties": true
},
"bank": {
"type": ["object", "null"],
"properties": {
"value_major": {
"oneOf": [
{ "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
{ "type": "null" }
]
},
"source": { "type": "string" },
"fetched_at": { "type": "string", "format": "date-time" },
"statement_ref": { "type": "string" }
},
"required": ["source", "fetched_at"],
"additionalProperties": true
},
"chain": {
"type": "object",
"required": ["source", "fetched_at"],
"properties": {
"value_major": {
"oneOf": [
{ "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
{ "type": "null" }
]
},
"source": { "type": "string", "description": "e.g. cast:balanceOf" },
"fetched_at": { "type": "string", "format": "date-time" },
"rpc_url_host": { "type": "string" },
"chain_id": { "type": "integer" },
"token_address": { "type": "string", "pattern": "^0x[a-fA-F0-9]{40}$" },
"holder_address": { "type": "string", "pattern": "^0x[a-fA-F0-9]{40}$" },
"decimals": { "type": "integer" }
},
"additionalProperties": true
},
"variance": {
"type": "object",
"properties": {
"ledger_vs_bank_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] },
"ledger_vs_chain_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] },
"bank_vs_chain_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] }
},
"additionalProperties": true
},
"matched": { "type": "boolean" },
"generated_at": { "type": "string", "format": "date-time" },
"generator": {
"type": "object",
"required": ["script", "argv"],
"properties": {
"script": { "type": "string" },
"argv": {
"type": "array",
"items": { "type": "string" }
},
"host": { "type": "string" }
},
"additionalProperties": true
}
},
"additionalProperties": true
}

163
config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json Normal file
View File

@@ -0,0 +1,163 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/transaction-compliance-execution.json",
"title": "Transaction compliance execution envelope",
"description": "Per-transaction go/no-go and evidence linkage record for the JVMTM transaction-grade compliance pack.",
"type": "object",
"required": [
"schema_version",
"matrix_version",
"transaction_id",
"correlation_id",
"rail_mode",
"amount",
"currency",
"decision_status",
"decision_reason",
"validated_at",
"approved_by",
"instruction_ref",
"control_results"
],
"properties": {
"schema_version": {
"type": "integer",
"minimum": 1
},
"matrix_version": {
"type": "string",
"minLength": 4
},
"transaction_id": {
"type": "string",
"minLength": 4
},
"correlation_id": {
"type": "string",
"minLength": 8
},
"rail_mode": {
"type": "string",
"enum": ["chain138-primary", "swift", "hybrid", "internal-only"]
},
"amount": {
"type": "string",
"pattern": "^-?[0-9]+(\\.[0-9]+)?$"
},
"currency": {
"type": "string",
"minLength": 3
},
"decision_status": {
"type": "string",
"enum": ["READY", "BLOCKED", "ESCALATE"]
},
"decision_reason": {
"type": "string",
"minLength": 4
},
"validated_at": {
"type": "string",
"format": "date-time"
},
"approved_by": {
"type": "string",
"minLength": 3
},
"instruction_ref": {
"$ref": "#/$defs/evidenceRef"
},
"settlement_event_ref": {
"$ref": "#/$defs/evidenceRef"
},
"dbis_reference": {
"type": "string"
},
"omnl_journal_entry_id": {
"type": "integer"
},
"rtgs_message_ids": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"chain_tx_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$"
},
"control_results": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/controlResult"
}
}
},
"$defs": {
"evidenceRef": {
"type": "object",
"required": ["artifact_type", "ref"],
"properties": {
"artifact_type": {
"type": "string",
"enum": ["repo-path", "runtime-slot", "archive-path", "external-ref"]
},
"ref": {
"type": "string",
"minLength": 3
},
"sha256": {
"type": "string",
"pattern": "^[a-fA-F0-9]{64}$"
}
},
"additionalProperties": false
},
"controlResult": {
"type": "object",
"required": [
"control_id",
"status",
"blocking",
"validated_at",
"validator_ref",
"evidence_refs"
],
"properties": {
"control_id": {
"type": "string",
"pattern": "^[A-Z]{2}-[0-9]{2}$"
},
"status": {
"type": "string",
"enum": ["PASS", "FAIL", "PENDING", "WAIVED"]
},
"blocking": {
"type": "string",
"enum": ["HARD_STOP", "ESCALATE", "POST_EVENT"]
},
"validated_at": {
"type": "string",
"format": "date-time"
},
"validator_ref": {
"type": "string",
"minLength": 3
},
"evidence_refs": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/evidenceRef"
}
},
"notes": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}

32
config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv Normal file
View File

@@ -0,0 +1,32 @@
control_id,phase,domain,requirement,validation_method,blocking_level,applies_to_rail,source_audit_rows,repo_evidence_artifacts,validator_command,failure_action,high_value_override,notes
PT-01,pre-transaction,Transaction validation,"Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient.","Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #2 | Table C stage 1,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.instruction-record,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> && bash scripts/omnl/fetch-kyt-vendor-report.sh,Reject the instruction and route to compliance review.,Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes.,"Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event."
PT-02,pre-transaction,Balance verification,Prefunding must exist before instruction acceptance.,"Check available balance, required amount, approval flag, and liquidity source in the prefunding proof.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #7 | Table C stage 2 | Table D #3 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot,check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json <prefunding-proof.json>,Block the transaction and place it on treasury hold.,High-value transfers require named treasury sign-off in addition to approved=true.,The proof should show available_balance_before_major >= required_amount_major.
PT-03,pre-transaction,Messaging compliance,Structured messaging is mandatory for instruction intake and settlement preparation.,Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #9 | Table C stage 1,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.instruction-record,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json>,Reject malformed or uncorrelated instructions.,Require explicit rail_mode selection and a second operator review of message identifiers.,Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event.
PT-04,pre-transaction,Authorization,Multi-layer authorization must exist before funds move.,Verify maker-checker approval and signed instruction metadata before release.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table C stage 1,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions,"manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope",Block the instruction until authorization is complete.,Dual treasury and compliance approvals are mandatory for high-value mode.,This control is intentionally recorded in the per-transaction execution envelope.
PT-05,pre-transaction,Fraud detection,Credit advice cannot be the sole proof of legitimacy.,"Cross-check KYT, instruction metadata, and ledger intent before allowing release.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #2 | Table D #2,repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | runtime-slot:jvmtm.live.kyt-result,bash scripts/omnl/fetch-kyt-vendor-report.sh,Escalate to fraud workflow and freeze release.,High-value transfers require an explicit fraud-clear memo before release.,Treat unverified advice as insufficient even when operational pressure is high.
TX-01,execution,Settlement order,Debit only after validation and release gates have passed.,Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table C stage 2 | Table C stage 3,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions | runtime-slot:dbis.live.settlement-event,manual: verify decision_status=READY in the execution envelope before debit or release,Halt execution and investigate sequencing.,Require a named release operator separate from the validator.,The execution envelope is the operator cockpit record for this sequence.
TX-02,execution,Closed-loop confirmation,ACK is required before beneficiary credit or release.,Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #6 | Table C stage 3 | Table C stage 4,repo-path:config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json | repo-path:scripts/omnl/verify-ack-before-credit.sh | runtime-slot:jvmtm.live.pre-settlement-ack,bash scripts/omnl/verify-ack-before-credit.sh <pre-settlement-ack.json> <journalEntryId>,Stop settlement and keep the transaction blocked.,Manual ACK review remains mandatory even if the script passes.,ACK-before-credit is a non-waivable release gate.
TX-03,execution,Settlement finality,The finality point must be explicit and tied to the operating rail.,Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative.,HARD_STOP,chain138-primary | swift | hybrid,Table B #5 | Table D #5,repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:dbis.live.settlement-event | runtime-slot:reserve.live.provenance-package,manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail,Escalate to legal/ops hold and do not mark funds final.,High-value transfers require explicit counsel-aligned finality confirmation.,Technical finality and legal finality must not be conflated without documentation.
TX-04,execution,Liquidity control,Prefunded settlement must still be valid at release time.,Recheck the prefunding proof and balance snapshot immediately before execution.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #7 | Table C stage 2 | Table D #3 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot,manual: confirm prefunding proof checked_at is current for the release window,Cancel or pause settlement pending treasury refresh.,Require treasury to certify that no other release consumed the same liquidity.,"This is the release-time liquidity check, not the initial intake check."
TX-05,execution,Exception handling,Rollback or incident logic must exist for execution failures.,"Capture the exception event, retry log, and operator decision when execution deviates from policy.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #10,repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event,"manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries",Trigger rollback or incident workflow per exception policy.,High-value exceptions require immediate incident bridge and executive notification.,Every execution error should produce a machine-readable exception record.
PS-01,post-settlement,Reconciliation,Daily automated three-way reconciliation is mandatory.,Generate the reconciliation result and tie it back to the transaction correlation_id.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #1 | Table C stage 5 | Table D #4,repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.daily-3way-report | runtime-slot:jvmtm.live.3way-result,bash scripts/omnl/generate-3way-reconciliation-evidence.sh,"Flag discrepancy, open reconciliation incident, and hold downstream attestations.",High-value transfers require same-day review of the generated reconciliation result.,Do not substitute hand-edited matched=true JSON for generated evidence.
PS-02,post-settlement,Balance monitoring,Real-time visibility is required during and after settlement.,Capture a balance snapshot that shows the post-settlement position for the relevant account or office.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #8 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot,check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json <real-time-balance-snapshot.json>,Notify treasury and risk; do not treat the day as clean.,Require intraday refreshes before and after finality lock.,This supports over-credit and blind-position monitoring.
PS-03,post-settlement,Audit logging,Immutable transaction records must exist after funds movement.,Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #5 | Table B #9,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.transactions,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <settlement-event.json>,Mark the audit trail incomplete and escalate for evidence remediation.,Require a second evidence reviewer before the transaction is considered fully closed.,The settlement event is the canonical cross-system record; the execution envelope is the operator overlay.
PS-04,post-settlement,Exception resolution,Every exception must have a documented resolution workflow.,Confirm the exception policy was followed and the retry log or incident closure exists.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #10,repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event,manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction,Escalate unresolved exceptions to incident management.,No unresolved exception may remain open at end of day for a high-value transfer.,Close the exception in both narrative and machine-readable form.
PS-05,post-settlement,Reporting,Regulatory and supervisory reporting artifacts must be assembled after settlement.,Stage the transaction execution envelope and supporting files into the audit archive path.,POST_EVENT,chain138-primary | swift | hybrid,Table B #1 | Table B #5,repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions,manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive,Mark the package incomplete and reopen evidence assembly.,High-value transfers require same-day archive rebuild after close.,"The archive is the supervisory bundle, not the operational source of truth."
SR-01,resilience,Business continuity,A continuity path must exist so a single outage does not stop the settlement spine.,Run failover smoke or equivalent continuity check and retain the execution log.,ESCALATE,chain138-primary | swift | hybrid,Table B #3 | Table B #4 | Table D #1,repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log,bash scripts/omnl/bcp-rpc-failover-smoke.sh,Escalate to platform ops and restrict the rail if continuity is unproven.,High-value release requires same-window confirmation that the fallback path is available.,"This proves reachability and fallback posture, not full data-centre certification."
SR-02,resilience,Disaster recovery,Disaster recovery evidence must exist for the environment supporting settlement.,Review the recovery-time report and DR simulation report for the active environment.,ESCALATE,chain138-primary | swift | hybrid,Table B #4,repo-path:config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json | runtime-slot:jvmtm.live.recovery-time-report | runtime-slot:jvmtm.live.dr-simulation-report,manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment,Escalate to continuity governance and consider restricting production usage.,Do not treat DR evidence as stale for high-value transfers.,This is an environment readiness control rather than a per-transaction proof.
SR-03,resilience,Failover,No single point of failure should exist for the chosen settlement path.,"Confirm a secondary route, compensating control, or manual fallback exists before go-live.",ESCALATE,chain138-primary | swift | hybrid,Table B #3 | Table D #1,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.failover-log,manual: document fallback route or compensating procedure for the active settlement rail,Escalate to architecture review and restrict unsupported paths.,Require named fallback ownership for high-value mode.,The control may be satisfied by procedural fallback when technical failover is not available.
SR-04,resilience,Messaging reliability,The messaging and evidence formats must remain schema-closed and interoperable.,Validate both settlement-event and JVMTM control-pack schemas before packaging or release.,ESCALATE,chain138-primary | swift | hybrid | internal-only,Table B #9,repo-path:scripts/validation/validate-dbis-institutional-schemas.sh | repo-path:scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh,SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh,Escalate schema drift and block package publication until fixed.,Run schema validation immediately before high-value package assembly.,This is the pack-level guard against format drift.
SR-05,resilience,System integrity,Reserve and provenance evidence must remain internally consistent with the settlement path.,Validate the reserve provenance package when reserve backing or finality support is in scope.,ESCALATE,chain138-primary | swift | hybrid,Table B #5 | Table B #7,repo-path:scripts/validation/validate-reserve-provenance-package.sh | runtime-slot:reserve.live.provenance-package,SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh,Escalate reserve-integrity risk and suspend unsupported attestations.,Treat provenance gaps as an immediate executive escalation for high-value mode.,Use this when the transaction depends on reserve or legal provenance narratives.
RK-01,systemic-risk,Operational risk,Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak.,Review continuity evidence and the active rail posture before authorizing production usage.,ESCALATE,chain138-primary | swift | hybrid,Table D #1,repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log,manual: review continuity posture before declaring the rail ready,Raise executive escalation when operational dependency is unresolved.,High-value mode requires explicit acknowledgement of dependency risk.,This is a governance-layer control rather than a message-level validation.
RK-02,systemic-risk,Fraud risk,Spoofed credit advice or misleading confirmations must trigger a hard investigation path.,"Tie advice, KYT, and execution evidence together; escalate if they diverge.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table D #2 | Table B #2,repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.transactions,"manual: compare advice, KYT result, and execution envelope references before release",Freeze the transaction and open fraud investigation.,High-value fraud signals trigger executive and legal escalation immediately.,A clean advice message does not override a failed independent check.
RK-03,systemic-risk,Settlement risk,No transaction may proceed when prefunding or reserve support is missing.,Use the prefunding proof and balance snapshot to determine whether default risk exists.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table D #3 | Table B #7,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof,manual: treat approved=false or stale liquidity evidence as an immediate settlement hold,Place the transaction on settlement hold and escalate to treasury.,No waiver permitted in high-value mode without executive risk acceptance.,This is the governance wrapper around PT-02 and TX-04.
RK-04,systemic-risk,Reconciliation risk,Missing or mismatched records must trigger audit escalation.,Review generated three-way results and open incidents for any unmatched item.,ESCALATE,chain138-primary | swift | hybrid | internal-only,Table D #4 | Table B #1,repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.3way-result,manual: review 3way-result.json and open an audit incident on mismatch,Escalate to reconciliation and audit owners.,Review same business day for high-value transfers.,Post-settlement does not mean low-risk when mismatches remain unresolved.
RK-05,systemic-risk,Legal risk,Undefined finality or reversal posture must trigger legal escalation.,Compare the rail finality point to the declared policy and reserve/finality narratives.,ESCALATE,chain138-primary | swift | hybrid,Table D #5 | Table B #5,repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:reserve.live.provenance-package,manual: escalate when technical finality and legal narrative diverge or remain undefined,Hold legal attestation and route to counsel review.,Counsel acknowledgement is mandatory for high-value finality exceptions.,This captures the legal ambiguity risk even when the chain or rail shows technical completion.
RK-06,systemic-risk,Liquidity risk,Cash-flow mismatch or blind position indicators must trigger treasury escalation.,"Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence.",ESCALATE,chain138-primary | swift | hybrid | internal-only,Table D #6 | Table B #8,repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:jvmtm.live.prefunding-proof,"manual: escalate when liquidity evidence is stale, inconsistent, or below threshold",Notify treasury and risk management immediately.,Maintain live liquidity monitoring throughout the settlement window.,This control complements prefunding by focusing on ongoing exposure.
HV-01,high-value-mode,Dual authorization,High-value transfers require dual settlement authorization beyond baseline maker-checker.,Record dual approval identities in the execution envelope before release.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode,repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions,manual: confirm two named approvers are recorded in the execution envelope before release,Do not release the transaction until both approvals are present.,Applies automatically once amount >= 100000000.00 major units.,This is additive to PT-04.
HV-02,high-value-mode,Treasury authorization,Treasury must explicitly certify liquidity and reserve readiness for high-value transfers.,"Review prefunding proof, balance snapshot, and reserve narrative immediately before release.",HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #7 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:reserve.live.provenance-package,manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot,Keep the transaction blocked until treasury certifies capacity.,No delegated approval path.,Use reserve provenance where the funding story matters to regulators.
HV-03,high-value-mode,Dual ledger evidence,High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs.,Tie the execution envelope to settlement-event and generated three-way reconciliation evidence.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #1 | Table B #5,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.3way-result,manual: require linked settlement event and three-way result references before close,Treat the transaction as evidence-incomplete and keep it under review.,No archive close without both evidence layers.,This is the mirrored-ledger analogue in the current repo model.
HV-04,high-value-mode,Settlement freeze window,Apply a post-settlement freeze or review window before treating the transfer as fully closed.,Record the freeze decision and any post-finality review notes in the execution envelope.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #5,repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions,manual: append freeze-window review notes before marking the transfer fully closed,Maintain enhanced monitoring and do not close the case yet.,Freeze review is mandatory even when the rail is technically final.,This is a policy control layered over finality.
HV-05,high-value-mode,Executive escalation,"High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts.",Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table D #1 | Table D #2 | Table D #3,repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions,manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution,Keep the transaction in BLOCKED or ESCALATE until executive review is complete.,Always on in high-value mode.,"The archive rebuild is part of the evidence closure, not a substitute for the escalation."
1 control_id phase domain requirement validation_method blocking_level applies_to_rail source_audit_rows repo_evidence_artifacts validator_command failure_action high_value_override notes
2 PT-01 pre-transaction Transaction validation Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient. Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #2 | Table C stage 1 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.instruction-record check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> && bash scripts/omnl/fetch-kyt-vendor-report.sh Reject the instruction and route to compliance review. Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes. Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event.
3 PT-02 pre-transaction Balance verification Prefunding must exist before instruction acceptance. Check available balance, required amount, approval flag, and liquidity source in the prefunding proof. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #7 | Table C stage 2 | Table D #3 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json <prefunding-proof.json> Block the transaction and place it on treasury hold. High-value transfers require named treasury sign-off in addition to approved=true. The proof should show available_balance_before_major >= required_amount_major.
4 PT-03 pre-transaction Messaging compliance Structured messaging is mandatory for instruction intake and settlement preparation. Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #9 | Table C stage 1 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.instruction-record check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> Reject malformed or uncorrelated instructions. Require explicit rail_mode selection and a second operator review of message identifiers. Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event.
5 PT-04 pre-transaction Authorization Multi-layer authorization must exist before funds move. Verify maker-checker approval and signed instruction metadata before release. HARD_STOP chain138-primary | swift | hybrid | internal-only Table C stage 1 repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope Block the instruction until authorization is complete. Dual treasury and compliance approvals are mandatory for high-value mode. This control is intentionally recorded in the per-transaction execution envelope.
6 PT-05 pre-transaction Fraud detection Credit advice cannot be the sole proof of legitimacy. Cross-check KYT, instruction metadata, and ledger intent before allowing release. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #2 | Table D #2 repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | runtime-slot:jvmtm.live.kyt-result bash scripts/omnl/fetch-kyt-vendor-report.sh Escalate to fraud workflow and freeze release. High-value transfers require an explicit fraud-clear memo before release. Treat unverified advice as insufficient even when operational pressure is high.
7 TX-01 execution Settlement order Debit only after validation and release gates have passed. Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit. HARD_STOP chain138-primary | swift | hybrid | internal-only Table C stage 2 | Table C stage 3 repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions | runtime-slot:dbis.live.settlement-event manual: verify decision_status=READY in the execution envelope before debit or release Halt execution and investigate sequencing. Require a named release operator separate from the validator. The execution envelope is the operator cockpit record for this sequence.
8 TX-02 execution Closed-loop confirmation ACK is required before beneficiary credit or release. Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #6 | Table C stage 3 | Table C stage 4 repo-path:config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json | repo-path:scripts/omnl/verify-ack-before-credit.sh | runtime-slot:jvmtm.live.pre-settlement-ack bash scripts/omnl/verify-ack-before-credit.sh <pre-settlement-ack.json> <journalEntryId> Stop settlement and keep the transaction blocked. Manual ACK review remains mandatory even if the script passes. ACK-before-credit is a non-waivable release gate.
9 TX-03 execution Settlement finality The finality point must be explicit and tied to the operating rail. Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative. HARD_STOP chain138-primary | swift | hybrid Table B #5 | Table D #5 repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:dbis.live.settlement-event | runtime-slot:reserve.live.provenance-package manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail Escalate to legal/ops hold and do not mark funds final. High-value transfers require explicit counsel-aligned finality confirmation. Technical finality and legal finality must not be conflated without documentation.
10 TX-04 execution Liquidity control Prefunded settlement must still be valid at release time. Recheck the prefunding proof and balance snapshot immediately before execution. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #7 | Table C stage 2 | Table D #3 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot manual: confirm prefunding proof checked_at is current for the release window Cancel or pause settlement pending treasury refresh. Require treasury to certify that no other release consumed the same liquidity. This is the release-time liquidity check, not the initial intake check.
11 TX-05 execution Exception handling Rollback or incident logic must exist for execution failures. Capture the exception event, retry log, and operator decision when execution deviates from policy. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #10 repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries Trigger rollback or incident workflow per exception policy. High-value exceptions require immediate incident bridge and executive notification. Every execution error should produce a machine-readable exception record.
12 PS-01 post-settlement Reconciliation Daily automated three-way reconciliation is mandatory. Generate the reconciliation result and tie it back to the transaction correlation_id. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #1 | Table C stage 5 | Table D #4 repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.daily-3way-report | runtime-slot:jvmtm.live.3way-result bash scripts/omnl/generate-3way-reconciliation-evidence.sh Flag discrepancy, open reconciliation incident, and hold downstream attestations. High-value transfers require same-day review of the generated reconciliation result. Do not substitute hand-edited matched=true JSON for generated evidence.
13 PS-02 post-settlement Balance monitoring Real-time visibility is required during and after settlement. Capture a balance snapshot that shows the post-settlement position for the relevant account or office. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #8 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json <real-time-balance-snapshot.json> Notify treasury and risk; do not treat the day as clean. Require intraday refreshes before and after finality lock. This supports over-credit and blind-position monitoring.
14 PS-03 post-settlement Audit logging Immutable transaction records must exist after funds movement. Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #5 | Table B #9 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.transactions check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <settlement-event.json> Mark the audit trail incomplete and escalate for evidence remediation. Require a second evidence reviewer before the transaction is considered fully closed. The settlement event is the canonical cross-system record; the execution envelope is the operator overlay.
15 PS-04 post-settlement Exception resolution Every exception must have a documented resolution workflow. Confirm the exception policy was followed and the retry log or incident closure exists. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #10 repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction Escalate unresolved exceptions to incident management. No unresolved exception may remain open at end of day for a high-value transfer. Close the exception in both narrative and machine-readable form.
16 PS-05 post-settlement Reporting Regulatory and supervisory reporting artifacts must be assembled after settlement. Stage the transaction execution envelope and supporting files into the audit archive path. POST_EVENT chain138-primary | swift | hybrid Table B #1 | Table B #5 repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive Mark the package incomplete and reopen evidence assembly. High-value transfers require same-day archive rebuild after close. The archive is the supervisory bundle, not the operational source of truth.
17 SR-01 resilience Business continuity A continuity path must exist so a single outage does not stop the settlement spine. Run failover smoke or equivalent continuity check and retain the execution log. ESCALATE chain138-primary | swift | hybrid Table B #3 | Table B #4 | Table D #1 repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log bash scripts/omnl/bcp-rpc-failover-smoke.sh Escalate to platform ops and restrict the rail if continuity is unproven. High-value release requires same-window confirmation that the fallback path is available. This proves reachability and fallback posture, not full data-centre certification.
18 SR-02 resilience Disaster recovery Disaster recovery evidence must exist for the environment supporting settlement. Review the recovery-time report and DR simulation report for the active environment. ESCALATE chain138-primary | swift | hybrid Table B #4 repo-path:config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json | runtime-slot:jvmtm.live.recovery-time-report | runtime-slot:jvmtm.live.dr-simulation-report manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment Escalate to continuity governance and consider restricting production usage. Do not treat DR evidence as stale for high-value transfers. This is an environment readiness control rather than a per-transaction proof.
19 SR-03 resilience Failover No single point of failure should exist for the chosen settlement path. Confirm a secondary route, compensating control, or manual fallback exists before go-live. ESCALATE chain138-primary | swift | hybrid Table B #3 | Table D #1 repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.failover-log manual: document fallback route or compensating procedure for the active settlement rail Escalate to architecture review and restrict unsupported paths. Require named fallback ownership for high-value mode. The control may be satisfied by procedural fallback when technical failover is not available.
20 SR-04 resilience Messaging reliability The messaging and evidence formats must remain schema-closed and interoperable. Validate both settlement-event and JVMTM control-pack schemas before packaging or release. ESCALATE chain138-primary | swift | hybrid | internal-only Table B #9 repo-path:scripts/validation/validate-dbis-institutional-schemas.sh | repo-path:scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh Escalate schema drift and block package publication until fixed. Run schema validation immediately before high-value package assembly. This is the pack-level guard against format drift.
21 SR-05 resilience System integrity Reserve and provenance evidence must remain internally consistent with the settlement path. Validate the reserve provenance package when reserve backing or finality support is in scope. ESCALATE chain138-primary | swift | hybrid Table B #5 | Table B #7 repo-path:scripts/validation/validate-reserve-provenance-package.sh | runtime-slot:reserve.live.provenance-package SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh Escalate reserve-integrity risk and suspend unsupported attestations. Treat provenance gaps as an immediate executive escalation for high-value mode. Use this when the transaction depends on reserve or legal provenance narratives.
22 RK-01 systemic-risk Operational risk Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak. Review continuity evidence and the active rail posture before authorizing production usage. ESCALATE chain138-primary | swift | hybrid Table D #1 repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log manual: review continuity posture before declaring the rail ready Raise executive escalation when operational dependency is unresolved. High-value mode requires explicit acknowledgement of dependency risk. This is a governance-layer control rather than a message-level validation.
23 RK-02 systemic-risk Fraud risk Spoofed credit advice or misleading confirmations must trigger a hard investigation path. Tie advice, KYT, and execution evidence together; escalate if they diverge. HARD_STOP chain138-primary | swift | hybrid | internal-only Table D #2 | Table B #2 repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.transactions manual: compare advice, KYT result, and execution envelope references before release Freeze the transaction and open fraud investigation. High-value fraud signals trigger executive and legal escalation immediately. A clean advice message does not override a failed independent check.
24 RK-03 systemic-risk Settlement risk No transaction may proceed when prefunding or reserve support is missing. Use the prefunding proof and balance snapshot to determine whether default risk exists. HARD_STOP chain138-primary | swift | hybrid | internal-only Table D #3 | Table B #7 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof manual: treat approved=false or stale liquidity evidence as an immediate settlement hold Place the transaction on settlement hold and escalate to treasury. No waiver permitted in high-value mode without executive risk acceptance. This is the governance wrapper around PT-02 and TX-04.
25 RK-04 systemic-risk Reconciliation risk Missing or mismatched records must trigger audit escalation. Review generated three-way results and open incidents for any unmatched item. ESCALATE chain138-primary | swift | hybrid | internal-only Table D #4 | Table B #1 repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.3way-result manual: review 3way-result.json and open an audit incident on mismatch Escalate to reconciliation and audit owners. Review same business day for high-value transfers. Post-settlement does not mean low-risk when mismatches remain unresolved.
26 RK-05 systemic-risk Legal risk Undefined finality or reversal posture must trigger legal escalation. Compare the rail finality point to the declared policy and reserve/finality narratives. ESCALATE chain138-primary | swift | hybrid Table D #5 | Table B #5 repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:reserve.live.provenance-package manual: escalate when technical finality and legal narrative diverge or remain undefined Hold legal attestation and route to counsel review. Counsel acknowledgement is mandatory for high-value finality exceptions. This captures the legal ambiguity risk even when the chain or rail shows technical completion.
27 RK-06 systemic-risk Liquidity risk Cash-flow mismatch or blind position indicators must trigger treasury escalation. Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence. ESCALATE chain138-primary | swift | hybrid | internal-only Table D #6 | Table B #8 repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:jvmtm.live.prefunding-proof manual: escalate when liquidity evidence is stale, inconsistent, or below threshold Notify treasury and risk management immediately. Maintain live liquidity monitoring throughout the settlement window. This control complements prefunding by focusing on ongoing exposure.
28 HV-01 high-value-mode Dual authorization High-value transfers require dual settlement authorization beyond baseline maker-checker. Record dual approval identities in the execution envelope before release. HARD_STOP chain138-primary | swift | hybrid Enhanced mode repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions manual: confirm two named approvers are recorded in the execution envelope before release Do not release the transaction until both approvals are present. Applies automatically once amount >= 100000000.00 major units. This is additive to PT-04.
29 HV-02 high-value-mode Treasury authorization Treasury must explicitly certify liquidity and reserve readiness for high-value transfers. Review prefunding proof, balance snapshot, and reserve narrative immediately before release. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table B #7 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:reserve.live.provenance-package manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot Keep the transaction blocked until treasury certifies capacity. No delegated approval path. Use reserve provenance where the funding story matters to regulators.
30 HV-03 high-value-mode Dual ledger evidence High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs. Tie the execution envelope to settlement-event and generated three-way reconciliation evidence. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table B #1 | Table B #5 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.3way-result manual: require linked settlement event and three-way result references before close Treat the transaction as evidence-incomplete and keep it under review. No archive close without both evidence layers. This is the mirrored-ledger analogue in the current repo model.
31 HV-04 high-value-mode Settlement freeze window Apply a post-settlement freeze or review window before treating the transfer as fully closed. Record the freeze decision and any post-finality review notes in the execution envelope. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table B #5 repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions manual: append freeze-window review notes before marking the transfer fully closed Maintain enhanced monitoring and do not close the case yet. Freeze review is mandatory even when the rail is technically final. This is a policy control layered over finality.
32 HV-05 high-value-mode Executive escalation High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts. Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table D #1 | Table D #2 | Table D #3 repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution Keep the transaction in BLOCKED or ESCALATE until executive review is complete. Always on in high-value mode. The archive rebuild is part of the evidence closure, not a substitute for the escalation.

680
config/jvmtm-regulatory-closure/transaction-compliance-matrix.json Normal file
View File

@@ -0,0 +1,680 @@
{
"schema_version": 1,
"matrix_version": "2026-03-31",
"title": "JVMTM transaction-grade compliance matrix",
"canonical_format": "json",
"csv_export": "config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv",
"source_baseline": [
"config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md",
"config/jvmtm-regulatory-closure/README.md",
"docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md",
"config/dbis-institutional/schemas/settlement-event.schema.json"
],
"runtime_slots": [
{
"slot": "jvmtm.live.daily-3way-report",
"source": "JVMTM_CLOSURE_DIR/daily-3way-reconciliation-report.json",
"archive_path": "reconciliation/daily-3way-reconciliation-report.json",
"description": "Completed daily reconciliation report for the transaction date."
},
{
"slot": "jvmtm.live.3way-result",
"source": "output/jvmtm-evidence/latest-3way-result.json",
"archive_path": "reconciliation/3way-result.json",
"description": "Generated three-way reconciliation result produced by the repo tooling."
},
{
"slot": "jvmtm.live.prefunding-proof",
"source": "JVMTM_CLOSURE_DIR/prefunding-proof.json",
"archive_path": "liquidity/prefunding-proof.json",
"description": "Live prefunding and liquidity proof for the candidate transaction."
},
{
"slot": "jvmtm.live.pre-settlement-ack",
"source": "JVMTM_CLOSURE_DIR/pre-settlement-ack.json",
"archive_path": "acknowledgements/pre-settlement-ack.json",
"description": "Live ACK evidence used to prove ACK-before-credit ordering."
},
{
"slot": "jvmtm.live.exception-event",
"source": "JVMTM_CLOSURE_DIR/sample-exception-event.json",
"archive_path": "exceptions/sample-exception-event.json",
"description": "Exception event captured when a transaction fails or rolls back."
},
{
"slot": "jvmtm.live.kyt-result",
"source": "JVMTM_CLOSURE_DIR/kyt-screening-result.json",
"archive_path": "validation/kyt-screening-result.json",
"description": "KYT vendor output or equivalent screening result for the transaction."
},
{
"slot": "jvmtm.live.recovery-time-report",
"source": "JVMTM_CLOSURE_DIR/recovery-time-report.json",
"archive_path": "bcp/recovery-time-report.json",
"description": "Recovery-time evidence for continuity validation."
},
{
"slot": "jvmtm.live.dr-simulation-report",
"source": "JVMTM_CLOSURE_DIR/DR-simulation-report.json",
"archive_path": "disaster-recovery/DR-simulation-report.json",
"description": "Disaster recovery drill output tied to the operating environment."
},
{
"slot": "jvmtm.live.balance-snapshot",
"source": "JVMTM_CLOSURE_DIR/real-time-balance-snapshot.json",
"archive_path": "monitoring/real-time-balance-snapshot.json",
"description": "Live balance visibility snapshot for liquidity and exposure checks."
},
{
"slot": "jvmtm.live.instruction-record",
"source": "Submitted instruction payload, ISO message, API intake record, or operator reference for the candidate transaction.",
"archive_path": "not-archived-by-default",
"description": "Instruction-level reference used when a transaction is blocked before any settlement event exists."
},
{
"slot": "jvmtm.live.failover-log",
"source": "JVMTM_CLOSURE_DIR/failover-test-log.txt",
"archive_path": "bcp/failover-test-log.txt",
"description": "Failover execution log or smoke output for the relevant environment."
},
{
"slot": "jvmtm.live.transactions",
"source": "JVMTM_CLOSURE_DIR/transactions/*.json",
"archive_path": "transactions/*.json",
"description": "Live transaction compliance execution envelopes staged into the audit archive."
},
{
"slot": "dbis.live.settlement-event",
"source": "output/settlement-events/*.json or integration-hub export",
"archive_path": "settlement-events/*.json",
"description": "Canonical settlement event linked to the transaction correlation_id."
},
{
"slot": "reserve.live.provenance-package",
"source": "config/reserve-provenance-package plus live overrides",
"archive_path": "reserve-provenance-package/",
"description": "Funding-origin and reserve provenance package used for prefunding and finality review."
}
],
"controls": [
{
"control_id": "PT-01",
"phase": "pre-transaction",
"domain": "Transaction validation",
"requirement": "Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient.",
"validation_method": "Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #2", "Table C stage 1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.instruction-record"}
],
"validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> && bash scripts/omnl/fetch-kyt-vendor-report.sh",
"failure_action": "Reject the instruction and route to compliance review.",
"high_value_override": "Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes.",
"notes": "Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event."
},
{
"control_id": "PT-02",
"phase": "pre-transaction",
"domain": "Balance verification",
"requirement": "Prefunding must exist before instruction acceptance.",
"validation_method": "Check available balance, required amount, approval flag, and liquidity source in the prefunding proof.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #7", "Table C stage 2", "Table D #3", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}
],
"validator_command": "check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json <prefunding-proof.json>",
"failure_action": "Block the transaction and place it on treasury hold.",
"high_value_override": "High-value transfers require named treasury sign-off in addition to approved=true.",
"notes": "The proof should show available_balance_before_major >= required_amount_major."
},
{
"control_id": "PT-03",
"phase": "pre-transaction",
"domain": "Messaging compliance",
"requirement": "Structured messaging is mandatory for instruction intake and settlement preparation.",
"validation_method": "Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #9", "Table C stage 1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.instruction-record"}
],
"validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json>",
"failure_action": "Reject malformed or uncorrelated instructions.",
"high_value_override": "Require explicit rail_mode selection and a second operator review of message identifiers.",
"notes": "Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event."
},
{
"control_id": "PT-04",
"phase": "pre-transaction",
"domain": "Authorization",
"requirement": "Multi-layer authorization must exist before funds move.",
"validation_method": "Verify maker-checker approval and signed instruction metadata before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table C stage 1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope",
"failure_action": "Block the instruction until authorization is complete.",
"high_value_override": "Dual treasury and compliance approvals are mandatory for high-value mode.",
"notes": "This control is intentionally recorded in the per-transaction execution envelope."
},
{
"control_id": "PT-05",
"phase": "pre-transaction",
"domain": "Fraud detection",
"requirement": "Credit advice cannot be the sole proof of legitimacy.",
"validation_method": "Cross-check KYT, instruction metadata, and ledger intent before allowing release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #2", "Table D #2"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"},
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"}
],
"validator_command": "bash scripts/omnl/fetch-kyt-vendor-report.sh",
"failure_action": "Escalate to fraud workflow and freeze release.",
"high_value_override": "High-value transfers require an explicit fraud-clear memo before release.",
"notes": "Treat unverified advice as insufficient even when operational pressure is high."
},
{
"control_id": "TX-01",
"phase": "execution",
"domain": "Settlement order",
"requirement": "Debit only after validation and release gates have passed.",
"validation_method": "Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table C stage 2", "Table C stage 3"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"}
],
"validator_command": "manual: verify decision_status=READY in the execution envelope before debit or release",
"failure_action": "Halt execution and investigate sequencing.",
"high_value_override": "Require a named release operator separate from the validator.",
"notes": "The execution envelope is the operator cockpit record for this sequence."
},
{
"control_id": "TX-02",
"phase": "execution",
"domain": "Closed-loop confirmation",
"requirement": "ACK is required before beneficiary credit or release.",
"validation_method": "Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #6", "Table C stage 3", "Table C stage 4"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json"},
{"artifact_type": "repo-path", "ref": "scripts/omnl/verify-ack-before-credit.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.pre-settlement-ack"}
],
"validator_command": "bash scripts/omnl/verify-ack-before-credit.sh <pre-settlement-ack.json> <journalEntryId>",
"failure_action": "Stop settlement and keep the transaction blocked.",
"high_value_override": "Manual ACK review remains mandatory even if the script passes.",
"notes": "ACK-before-credit is a non-waivable release gate."
},
{
"control_id": "TX-03",
"phase": "execution",
"domain": "Settlement finality",
"requirement": "The finality point must be explicit and tied to the operating rail.",
"validation_method": "Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #5", "Table D #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"},
{"artifact_type": "repo-path", "ref": "config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail",
"failure_action": "Escalate to legal/ops hold and do not mark funds final.",
"high_value_override": "High-value transfers require explicit counsel-aligned finality confirmation.",
"notes": "Technical finality and legal finality must not be conflated without documentation."
},
{
"control_id": "TX-04",
"phase": "execution",
"domain": "Liquidity control",
"requirement": "Prefunded settlement must still be valid at release time.",
"validation_method": "Recheck the prefunding proof and balance snapshot immediately before execution.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #7", "Table C stage 2", "Table D #3", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}
],
"validator_command": "manual: confirm prefunding proof checked_at is current for the release window",
"failure_action": "Cancel or pause settlement pending treasury refresh.",
"high_value_override": "Require treasury to certify that no other release consumed the same liquidity.",
"notes": "This is the release-time liquidity check, not the initial intake check."
},
{
"control_id": "TX-05",
"phase": "execution",
"domain": "Exception handling",
"requirement": "Rollback or incident logic must exist for execution failures.",
"validation_method": "Capture the exception event, retry log, and operator decision when execution deviates from policy.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #10"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/policies/exception-policy.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.exception-event"}
],
"validator_command": "manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries",
"failure_action": "Trigger rollback or incident workflow per exception policy.",
"high_value_override": "High-value exceptions require immediate incident bridge and executive notification.",
"notes": "Every execution error should produce a machine-readable exception record."
},
{
"control_id": "PS-01",
"phase": "post-settlement",
"domain": "Reconciliation",
"requirement": "Daily automated three-way reconciliation is mandatory.",
"validation_method": "Generate the reconciliation result and tie it back to the transaction correlation_id.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #1", "Table C stage 5", "Table D #4"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/generate-3way-reconciliation-evidence.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.daily-3way-report"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"}
],
"validator_command": "bash scripts/omnl/generate-3way-reconciliation-evidence.sh",
"failure_action": "Flag discrepancy, open reconciliation incident, and hold downstream attestations.",
"high_value_override": "High-value transfers require same-day review of the generated reconciliation result.",
"notes": "Do not substitute hand-edited matched=true JSON for generated evidence."
},
{
"control_id": "PS-02",
"phase": "post-settlement",
"domain": "Balance monitoring",
"requirement": "Real-time visibility is required during and after settlement.",
"validation_method": "Capture a balance snapshot that shows the post-settlement position for the relevant account or office.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #8", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}
],
"validator_command": "check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json <real-time-balance-snapshot.json>",
"failure_action": "Notify treasury and risk; do not treat the day as clean.",
"high_value_override": "Require intraday refreshes before and after finality lock.",
"notes": "This supports over-credit and blind-position monitoring."
},
{
"control_id": "PS-03",
"phase": "post-settlement",
"domain": "Audit logging",
"requirement": "Immutable transaction records must exist after funds movement.",
"validation_method": "Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #5", "Table B #9"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <settlement-event.json>",
"failure_action": "Mark the audit trail incomplete and escalate for evidence remediation.",
"high_value_override": "Require a second evidence reviewer before the transaction is considered fully closed.",
"notes": "The settlement event is the canonical cross-system record; the execution envelope is the operator overlay."
},
{
"control_id": "PS-04",
"phase": "post-settlement",
"domain": "Exception resolution",
"requirement": "Every exception must have a documented resolution workflow.",
"validation_method": "Confirm the exception policy was followed and the retry log or incident closure exists.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #10"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/policies/exception-policy.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.exception-event"}
],
"validator_command": "manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction",
"failure_action": "Escalate unresolved exceptions to incident management.",
"high_value_override": "No unresolved exception may remain open at end of day for a high-value transfer.",
"notes": "Close the exception in both narrative and machine-readable form."
},
{
"control_id": "PS-05",
"phase": "post-settlement",
"domain": "Reporting",
"requirement": "Regulatory and supervisory reporting artifacts must be assembled after settlement.",
"validation_method": "Stage the transaction execution envelope and supporting files into the audit archive path.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #1", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive",
"failure_action": "Mark the package incomplete and reopen evidence assembly.",
"high_value_override": "High-value transfers require same-day archive rebuild after close.",
"notes": "The archive is the supervisory bundle, not the operational source of truth."
},
{
"control_id": "SR-01",
"phase": "resilience",
"domain": "Business continuity",
"requirement": "A continuity path must exist so a single outage does not stop the settlement spine.",
"validation_method": "Run failover smoke or equivalent continuity check and retain the execution log.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #3", "Table B #4", "Table D #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/bcp-rpc-failover-smoke.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"}
],
"validator_command": "bash scripts/omnl/bcp-rpc-failover-smoke.sh",
"failure_action": "Escalate to platform ops and restrict the rail if continuity is unproven.",
"high_value_override": "High-value release requires same-window confirmation that the fallback path is available.",
"notes": "This proves reachability and fallback posture, not full data-centre certification."
},
{
"control_id": "SR-02",
"phase": "resilience",
"domain": "Disaster recovery",
"requirement": "Disaster recovery evidence must exist for the environment supporting settlement.",
"validation_method": "Review the recovery-time report and DR simulation report for the active environment.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #4"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json"},
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.recovery-time-report"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.dr-simulation-report"}
],
"validator_command": "manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment",
"failure_action": "Escalate to continuity governance and consider restricting production usage.",
"high_value_override": "Do not treat DR evidence as stale for high-value transfers.",
"notes": "This is an environment readiness control rather than a per-transaction proof."
},
{
"control_id": "SR-03",
"phase": "resilience",
"domain": "Failover",
"requirement": "No single point of failure should exist for the chosen settlement path.",
"validation_method": "Confirm a secondary route, compensating control, or manual fallback exists before go-live.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #3", "Table D #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"}
],
"validator_command": "manual: document fallback route or compensating procedure for the active settlement rail",
"failure_action": "Escalate to architecture review and restrict unsupported paths.",
"high_value_override": "Require named fallback ownership for high-value mode.",
"notes": "The control may be satisfied by procedural fallback when technical failover is not available."
},
{
"control_id": "SR-04",
"phase": "resilience",
"domain": "Messaging reliability",
"requirement": "The messaging and evidence formats must remain schema-closed and interoperable.",
"validation_method": "Validate both settlement-event and JVMTM control-pack schemas before packaging or release.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #9"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/validation/validate-dbis-institutional-schemas.sh"},
{"artifact_type": "repo-path", "ref": "scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh"}
],
"validator_command": "SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh",
"failure_action": "Escalate schema drift and block package publication until fixed.",
"high_value_override": "Run schema validation immediately before high-value package assembly.",
"notes": "This is the pack-level guard against format drift."
},
{
"control_id": "SR-05",
"phase": "resilience",
"domain": "System integrity",
"requirement": "Reserve and provenance evidence must remain internally consistent with the settlement path.",
"validation_method": "Validate the reserve provenance package when reserve backing or finality support is in scope.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #5", "Table B #7"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/validation/validate-reserve-provenance-package.sh"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh",
"failure_action": "Escalate reserve-integrity risk and suspend unsupported attestations.",
"high_value_override": "Treat provenance gaps as an immediate executive escalation for high-value mode.",
"notes": "Use this when the transaction depends on reserve or legal provenance narratives."
},
{
"control_id": "RK-01",
"phase": "systemic-risk",
"domain": "Operational risk",
"requirement": "Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak.",
"validation_method": "Review continuity evidence and the active rail posture before authorizing production usage.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table D #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/bcp-rpc-failover-smoke.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"}
],
"validator_command": "manual: review continuity posture before declaring the rail ready",
"failure_action": "Raise executive escalation when operational dependency is unresolved.",
"high_value_override": "High-value mode requires explicit acknowledgement of dependency risk.",
"notes": "This is a governance-layer control rather than a message-level validation."
},
{
"control_id": "RK-02",
"phase": "systemic-risk",
"domain": "Fraud risk",
"requirement": "Spoofed credit advice or misleading confirmations must trigger a hard investigation path.",
"validation_method": "Tie advice, KYT, and execution evidence together; escalate if they diverge.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #2", "Table B #2"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: compare advice, KYT result, and execution envelope references before release",
"failure_action": "Freeze the transaction and open fraud investigation.",
"high_value_override": "High-value fraud signals trigger executive and legal escalation immediately.",
"notes": "A clean advice message does not override a failed independent check."
},
{
"control_id": "RK-03",
"phase": "systemic-risk",
"domain": "Settlement risk",
"requirement": "No transaction may proceed when prefunding or reserve support is missing.",
"validation_method": "Use the prefunding proof and balance snapshot to determine whether default risk exists.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #3", "Table B #7"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"}
],
"validator_command": "manual: treat approved=false or stale liquidity evidence as an immediate settlement hold",
"failure_action": "Place the transaction on settlement hold and escalate to treasury.",
"high_value_override": "No waiver permitted in high-value mode without executive risk acceptance.",
"notes": "This is the governance wrapper around PT-02 and TX-04."
},
{
"control_id": "RK-04",
"phase": "systemic-risk",
"domain": "Reconciliation risk",
"requirement": "Missing or mismatched records must trigger audit escalation.",
"validation_method": "Review generated three-way results and open incidents for any unmatched item.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #4", "Table B #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/generate-3way-reconciliation-evidence.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"}
],
"validator_command": "manual: review 3way-result.json and open an audit incident on mismatch",
"failure_action": "Escalate to reconciliation and audit owners.",
"high_value_override": "Review same business day for high-value transfers.",
"notes": "Post-settlement does not mean low-risk when mismatches remain unresolved."
},
{
"control_id": "RK-05",
"phase": "systemic-risk",
"domain": "Legal risk",
"requirement": "Undefined finality or reversal posture must trigger legal escalation.",
"validation_method": "Compare the rail finality point to the declared policy and reserve/finality narratives.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table D #5", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"},
{"artifact_type": "repo-path", "ref": "config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "manual: escalate when technical finality and legal narrative diverge or remain undefined",
"failure_action": "Hold legal attestation and route to counsel review.",
"high_value_override": "Counsel acknowledgement is mandatory for high-value finality exceptions.",
"notes": "This captures the legal ambiguity risk even when the chain or rail shows technical completion."
},
{
"control_id": "RK-06",
"phase": "systemic-risk",
"domain": "Liquidity risk",
"requirement": "Cash-flow mismatch or blind position indicators must trigger treasury escalation.",
"validation_method": "Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #6", "Table B #8"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"}
],
"validator_command": "manual: escalate when liquidity evidence is stale, inconsistent, or below threshold",
"failure_action": "Notify treasury and risk management immediately.",
"high_value_override": "Maintain live liquidity monitoring throughout the settlement window.",
"notes": "This control complements prefunding by focusing on ongoing exposure."
},
{
"control_id": "HV-01",
"phase": "high-value-mode",
"domain": "Dual authorization",
"requirement": "High-value transfers require dual settlement authorization beyond baseline maker-checker.",
"validation_method": "Record dual approval identities in the execution envelope before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: confirm two named approvers are recorded in the execution envelope before release",
"failure_action": "Do not release the transaction until both approvals are present.",
"high_value_override": "Applies automatically once amount >= 100000000.00 major units.",
"notes": "This is additive to PT-04."
},
{
"control_id": "HV-02",
"phase": "high-value-mode",
"domain": "Treasury authorization",
"requirement": "Treasury must explicitly certify liquidity and reserve readiness for high-value transfers.",
"validation_method": "Review prefunding proof, balance snapshot, and reserve narrative immediately before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table B #7", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot",
"failure_action": "Keep the transaction blocked until treasury certifies capacity.",
"high_value_override": "No delegated approval path.",
"notes": "Use reserve provenance where the funding story matters to regulators."
},
{
"control_id": "HV-03",
"phase": "high-value-mode",
"domain": "Dual ledger evidence",
"requirement": "High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs.",
"validation_method": "Tie the execution envelope to settlement-event and generated three-way reconciliation evidence.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table B #1", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"}
],
"validator_command": "manual: require linked settlement event and three-way result references before close",
"failure_action": "Treat the transaction as evidence-incomplete and keep it under review.",
"high_value_override": "No archive close without both evidence layers.",
"notes": "This is the mirrored-ledger analogue in the current repo model."
},
{
"control_id": "HV-04",
"phase": "high-value-mode",
"domain": "Settlement freeze window",
"requirement": "Apply a post-settlement freeze or review window before treating the transfer as fully closed.",
"validation_method": "Record the freeze decision and any post-finality review notes in the execution envelope.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: append freeze-window review notes before marking the transfer fully closed",
"failure_action": "Maintain enhanced monitoring and do not close the case yet.",
"high_value_override": "Freeze review is mandatory even when the rail is technically final.",
"notes": "This is a policy control layered over finality."
},
{
"control_id": "HV-05",
"phase": "high-value-mode",
"domain": "Executive escalation",
"requirement": "High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts.",
"validation_method": "Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table D #1", "Table D #2", "Table D #3"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution",
"failure_action": "Keep the transaction in BLOCKED or ESCALATE until executive review is complete.",
"high_value_override": "Always on in high-value mode.",
"notes": "The archive rebuild is part of the evidence closure, not a substitute for the escalation."
}
]
}

99
config/production/dbis-identity-public-did-package.example.json Normal file
View File

@@ -0,0 +1,99 @@
{
"schemaVersion": "1.0",
"programId": "dbis-rtgs-identity",
"packageStatus": "draft",
"ariesAgent": {
"adminUrl": "http://192.168.11.88:8031",
"didcommUrl": "http://192.168.11.88:8030",
"walletType": "askar-anoncreds",
"adminAuthMode": "insecure",
"adminApiKeyEnv": "ARIES_ADMIN_API_KEY"
},
"ledger": {
"type": "indy",
"targetNetwork": "dbis-local-indy-pool",
"trustScope": "sovereign-internal-first",
"poolName": "dbis-local-pool",
"genesisSource": "/opt/aries/ledger/pool_transactions_genesis",
"didMethod": "sov",
"nymWriteMode": "endorser"
},
"governance": {
"governanceVersion": "1.0",
"changeControlRef": "DBIS-ID-GOV-2026-001",
"changeControlFormat": "DBIS-ID-GOV-YYYY-NNN",
"operatorOwner": "DBIS Identity Operations Division",
"approvalOwner": "DBIS Governance Authority",
"endorserGovernanceModel": {
"type": "procedural-multisig",
"quorum": "3-of-5",
"custodians": [
"DBIS Governance Authority",
"DBIS Identity Operations Division",
"Independent Oversight Authority",
"OMNL Authority (future slot reserved)",
"ICCC Authority (future slot reserved)"
],
"singleKeyDidControl": "multisig-governance-around-single-key-did",
"currentPhase": "phase-1-procedural",
"futurePhases": [
"phase-2-hsm-custody",
"phase-3-mpc-threshold-signing"
]
},
"notes": "Governance structure frozen prior to formal endorser designation. Recommended default remains author-plus-endorser rather than a seed-only path."
},
"roles": {
"author": {
"alias": "dbis-issuer-author",
"publicDid": "<fill-me-public-did-or-leave-empty-until-created>",
"verkey": "<fill-me-verkey-or-evidence-ref>",
"connectionIdEnv": "AUTHOR_CONNECTION_ID"
},
"endorser": {
"alias": "dbis-root-endorser",
"did": "<fill-me-endorser-did>",
"connectionIdEnv": "ENDORSER_CONNECTION_ID"
}
},
"anoncreds": {
"schemas": [
{
"id": "institution-admission-v1",
"name": "InstitutionAdmission",
"version": "1.0.0",
"issuerRole": "complete-credential",
"credentialDefinitionTag": "default",
"supportRevocation": false,
"attributes": [
"institutionId",
"institutionName",
"jurisdiction",
"participantClass",
"admissionDate"
]
}
],
"verificationProfiles": [
{
"id": "smoa-basic-admission-check",
"verifierRole": "smoa",
"requestedAttributes": [
"institutionId",
"participantClass",
"jurisdiction"
]
}
]
},
"evidence": {
"outputDir": "reports/identity-completion",
"requiredArtifacts": [
"public-did.json",
"schema-publication.json",
"creddef-publication.json",
"issuance-result.json",
"verification-result.json"
]
}
}

99
config/production/dbis-identity-public-did-package.json Normal file
View File

@@ -0,0 +1,99 @@
{
"schemaVersion": "1.0",
"programId": "dbis-rtgs-identity",
"packageStatus": "awaiting-external-endorser",
"ariesAgent": {
"adminUrl": "http://192.168.11.88:8031",
"didcommUrl": "http://192.168.11.88:8030",
"walletType": "askar-anoncreds",
"adminAuthMode": "insecure",
"adminApiKeyEnv": "ARIES_ADMIN_API_KEY"
},
"ledger": {
"type": "indy",
"targetNetwork": "dbis-local-indy-pool",
"trustScope": "sovereign-internal-first",
"poolName": "dbis-local-pool",
"genesisSource": "/opt/aries/ledger/pool_transactions_genesis",
"didMethod": "sov",
"nymWriteMode": "endorser"
},
"governance": {
"governanceVersion": "1.0",
"changeControlRef": "DBIS-ID-GOV-2026-001",
"changeControlFormat": "DBIS-ID-GOV-YYYY-NNN",
"operatorOwner": "DBIS Identity Operations Division",
"approvalOwner": "DBIS Governance Authority",
"endorserGovernanceModel": {
"type": "procedural-multisig",
"quorum": "3-of-5",
"custodians": [
"DBIS Governance Authority",
"DBIS Identity Operations Division",
"Independent Oversight Authority",
"OMNL Authority (future slot reserved)",
"ICCC Authority (future slot reserved)"
],
"singleKeyDidControl": "multisig-governance-around-single-key-did",
"currentPhase": "phase-1-procedural",
"futurePhases": [
"phase-2-hsm-custody",
"phase-3-mpc-threshold-signing"
]
},
"notes": "Governance structure is pre-frozen prior to formal endorser designation. Remaining gaps are external designation, endorser DID, connection ID, and author promotion outputs."
},
"roles": {
"author": {
"alias": "dbis-issuer-author",
"publicDid": "",
"verkey": "",
"connectionIdEnv": "AUTHOR_CONNECTION_ID"
},
"endorser": {
"alias": "dbis-root-endorser",
"did": "",
"connectionIdEnv": "ENDORSER_CONNECTION_ID"
}
},
"anoncreds": {
"schemas": [
{
"id": "institution-admission-v1",
"name": "InstitutionAdmission",
"version": "1.0.0",
"issuerRole": "complete-credential",
"credentialDefinitionTag": "default",
"supportRevocation": false,
"attributes": [
"institutionId",
"institutionName",
"jurisdiction",
"participantClass",
"admissionDate"
]
}
],
"verificationProfiles": [
{
"id": "smoa-basic-admission-check",
"verifierRole": "smoa",
"requestedAttributes": [
"institutionId",
"participantClass",
"jurisdiction"
]
}
]
},
"evidence": {
"outputDir": "reports/identity-completion",
"requiredArtifacts": [
"public-did.json",
"schema-publication.json",
"creddef-publication.json",
"issuance-result.json",
"verification-result.json"
]
}
}

21
config/production/dbis-identity-public-did-secrets.example.env Normal file
View File

@@ -0,0 +1,21 @@
# Copy to:
# config/production/dbis-identity-public-did-secrets.env
#
# Keep this file out of commits when populated with real values.
ARIES_ADMIN_API_KEY="<fill-me-admin-api-key>"
# Optional author-side connection reference if a separate author connection is used.
AUTHOR_CONNECTION_ID="<fill-me-author-connection-id>"
# Required for the recommended author + endorser publication model.
ENDORSER_CONNECTION_ID="<fill-me-endorser-connection-id>"
# Optional references for governance / operator evidence.
DBIS_IDENTITY_APPROVAL_TICKET="<fill-me-ticket-id>"
DBIS_IDENTITY_APPROVER="<fill-me-approver-name>"
DBIS_IDENTITY_PUBLIC_DID="<fill-me-public-did>"
DBIS_IDENTITY_PUBLIC_DID_VERKEY="<fill-me-public-did-verkey>"
# Optional path or reference to an externally supplied NYM / endorsement payload.
DBIS_IDENTITY_NYM_TXN_REF="<fill-me-path-or-ticket-ref>"

22
config/proxmox-operational-template.json
View File

@@ -135,8 +135,9 @@
"vmid": 100,
"hostname": "proxmox-mail-gateway",
"ipv4": "192.168.11.32",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"purpose": "Proxmox Mail Proxy / LAN SMTP relay for apps (dbis_core, alerts); Postfix 25+587+465 live on CT (2026-03-30)",
"ports": [
{
"port": 25,
@@ -145,6 +146,10 @@
{
"port": 587,
"name": "submission"
},
{
"port": 465,
"name": "smtps"
}
],
"fqdns": []
@@ -153,7 +158,7 @@
"vmid": 101,
"hostname": "proxmox-datacenter-manager",
"ipv4": "192.168.11.33",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"ports": [
{
@@ -167,7 +172,7 @@
"vmid": 103,
"hostname": "omada",
"ipv4": "192.168.11.30",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"ports": [
{
@@ -181,7 +186,7 @@
"vmid": 104,
"hostname": "gitea",
"ipv4": "192.168.11.31",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"ports": [
{
@@ -199,7 +204,7 @@
"vmid": 105,
"hostname": "nginxproxymanager",
"ipv4": "192.168.11.26",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "legacy_proxy",
"ports": [
{
@@ -934,6 +939,7 @@
"ipv4": "192.168.11.155",
"preferred_node": "r630-01",
"category": "dbis",
"purpose": "Reserved for dbis_core API; live CT runs python http.server placeholder; /tmp/smtp.env.example for SMTP when Node deployed",
"ports": [
{
"port": 3000
@@ -949,6 +955,7 @@
"ipv4": "192.168.11.156",
"preferred_node": "r630-01",
"category": "dbis",
"purpose": "Same as 10150: placeholder static server until dbis_core Node API deployed",
"ports": [
{
"port": 3000
@@ -1783,11 +1790,12 @@
{
"vmid": 10092,
"hostname": "order-mcp-legal",
"ipv4": "192.168.11.37",
"ipv4": "192.168.11.94",
"preferred_node": "r630-01",
"category": "order",
"ports": [],
"fqdns": []
"fqdns": [],
"notes": "Moved off 192.168.11.37 on 2026-03-29 after ARP conflict with VMID 7810 mim-web-1. Use IP_ORDER_MCP_LEGAL in ip-addresses.conf."
},
{
"vmid": 10200,

62
config/reserve-provenance-package/README.md Normal file
View File

@@ -0,0 +1,62 @@
# Reserve provenance and settlement attestation (staged package)
**Purpose:** Structured artifacts that connect **legal / funding narrative** to **operational reconciliation** (ledger, bank export, chain) without claiming bank or KYT completion where evidence is still pending.
**Not legal advice.** Entity names, amounts, and references mirror the **3FR / Titan / FIDES** funding narrative you supplied; **counsel must review** before any regulatory submission. Replace or redact for other deals.
## Truthfulness rules (supervisory posture)
| Artifact | Declares complete? |
|----------|-------------------|
| Attorney receipt attestation | Legal **form** only — does not replace bank confirmation |
| Settlement finality declaration | **Declared** finality per your workflow — not universal legal finality |
| Funding origin chain | Structured **narrative** from documentation review |
| Bank balance certification | **AWAITING_BANK_EXPORT** until MT940 / camt.053 / API |
| KYT execution record | **PENDING** until vendor integration |
| Reconciliation trigger | **INITIATED** — run `generate-3way-reconciliation-evidence.sh` for machine output |
| Reserve recognition | **PROVISIONAL_RESERVE** — bank + KYT still pending |
| Reserve monetary linkage | **PROVISIONAL_LINKAGE_NARRATIVE** — ties MT103, composition, SIS refs, custody cite; EO/DCID = **investigative standard reference**, not government endorsement; reconcile magnitudes to originals |
| Regulatory stack (HYBX / OMNL / DBIS) | **DECLARED_ARCHITECTURE** — OMNL **LEI** (GLEIF); OMNL charter **EO + DCID standard references** (12829/12968/10450 + DCID 6/4, parallel) in docs — **not** U.S. endorsement; DBIS **SMOMOSJ**; populate `regulatoryEvidence` for HYBX registration and executed charters |
| Reserve hosting map | **PROVISIONALLY_STRUCTURED** — links reserve composition to declared entity layers; verify AUSTRAC registration before AML/CTF claims |
**Keystone (you must still obtain):** **Bank-issued** MT940, camt.053, or API export. The repo MT940 `.txt` is a **structural specimen** — not a substitute for custodian certification, signatures, or seals.
**Operator attachment (out of band):** Place the **real** MT103 hard-copy scan as `MT103_HARDCOPY.pdf` (or your naming standard) in secure storage; do not commit privileged PDFs to git unless policy allows.
**Original signatures:** When physical hard copies (or PDF scans that faithfully reproduce them) bear **original** authorized signatures, those artifacts are normally the **primary** supervisory evidence for execution and intent. The JSON and MT940 **specimens** in this repo remain **format and workflow** aids; they do not duplicate or replace custodied originals. Record **custody** (where originals live, who certified scans, optional file hashes) per your evidence policy.
## Layout (package root relative)
| Path | Role |
|------|------|
| `legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json` | Counsel receipt anchor |
| `settlement/SETTLEMENT_FINALITY_DECLARATION.json` | Instruction / receipt / credit flow declaration |
| `provenance/FUNDING_ORIGIN_CHAIN_3FR.json` | Bond → sale → transfer → allocation chain |
| `bank/JVMTM_BANK_BALANCE_JSON.json` | Certification **container** pending **bank-issued** MT940/camt.053 |
| `bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt` | **Specimen only** — MT940 layout for bank request & archival; not certified |
| `bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt` | **Specimen only** — same as above plus reserve / SIS / custody **narrative blocks** (not bank SWIFT text); use for traceability, not as issued statement |
| `bank/README_BANK_REQUEST_MT940_CAMT053.md` | Wording to request **official** MT940 or camt.053 |
| `bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json` | Example parse for `JVMTM_BANK_BALANCE_JSON` env (3-way generator); not bank-issued |
| `kyt/KYT_EXECUTION_RECORD.json` | KYT **container** pending vendor |
| `reconciliation/3WAY_RECONCILIATION_TRIGGER.json` | Links to ledger / bank file / chain records |
| `reserve/RESERVE_RECOGNITION_DECLARATION.json` | Provisional reserve classification |
| `reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json` | Machine-readable linkage: funding event + composition + SIS standard refs + custody cite (provisional) |
| `reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json` | Reserve composition + Titan custody cite mapped to HYBX / OMNL / DBIS declared roles |
| `governance/REGULATORY_STACK_DECLARATION.json` | Three-entity stack: commercial vs monetary vs sovereign risk domains; hosting relationship |
| `governance/REGULATORY_STACK_NARRATIVE.txt` | Human-readable mirror of the stack for auditors (verify against primary evidence) |
## Validation
```bash
bash scripts/validation/validate-reserve-provenance-package.sh
```
## Archive integration
`scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh` copies this tree into the zip under **`reserve-provenance-package/`** (alongside `settlement-events/`, `audit-proof/`, etc.).
## Related repo tooling
- Operational 3-way: `scripts/omnl/generate-3way-reconciliation-evidence.sh` — point `JVMTM_BANK_BALANCE_JSON` at a **filled** bank JSON when MT940/API is available.
- KYT: `scripts/omnl/fetch-kyt-vendor-report.sh` — refuses to fabricate PASS.
- JVMTM templates: `config/jvmtm-regulatory-closure/`.

26
config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_JSON.json Normal file
View File

@@ -0,0 +1,26 @@
{
"schema_version": 1,
"documentType": "BankBalanceCertification",
"institution": "Titan Financial Holdings, LLC",
"accountHolder": "3FR, LLC",
"statementSource": "Pending_MT940_or_API",
"balanceSnapshot": {
"availableBalance": "UNCONFIRMED",
"ledgerBalance": "UNCONFIRMED"
},
"status": "AWAITING_BANK_EXPORT",
"mt103CrossReference": {
"reference": "MERE-71-FIDES-5463-3892-01",
"declaredCreditUsdMajor": "645000000000.00",
"receivingAccountSpecimen": "WMGT202011580",
"note": "MT103 hard copy must reconcile to bank-issued MT940/camt.053 on same reference, amount, and account."
},
"specimensInRepo": {
"mt940FormatSpecimen": "bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt",
"bankRequestTemplate": "bank/README_BANK_REQUEST_MT940_CAMT053.md",
"parsedJsonExampleForGenerator": "bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json"
},
"integration": {
"forThreeWayGenerator": "Export bank-issued statement to JSON with value_major, statement_ref, fetched_at (see .example.json), then: JVMTM_BANK_BALANCE_JSON=<path> bash scripts/omnl/generate-3way-reconciliation-evidence.sh"
}
}

16
config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json Normal file
View File

@@ -0,0 +1,16 @@
{
"_comment": "EXAMPLE ONLY — replace with fields parsed from bank-ISSUED MT940 or camt.053. For generate-3way-reconciliation-evidence.sh use value_major + statement_ref + fetched_at.",
"bank": "Titan Financial Holdings, LLC",
"accountHolder": "3FR, LLC",
"accountNumber": "WMGT202011580",
"currency": "USD",
"openingBalance": "0.00",
"closingBalance": "645000000000.00",
"availableBalance": "645000000000.00",
"transactionReference": "MERE-71-FIDES-5463-3892-01",
"valueDate": "2023-12-14",
"value_major": "645000000000.00",
"statement_ref": "REPLACE_WITH_BANK_MT940_SEQUENCE_OR_CAMT_MSG_ID",
"fetched_at": "2023-12-18T00:00:00Z",
"source": "operator:parsed_from_bank_issued_MT940"
}

80
config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt Normal file
View File

@@ -0,0 +1,80 @@
================================================================================
NON-AUTHORITATIVE SPECIMEN — NOT BANK-ISSUED
================================================================================
This file is a **structural template / request specification** for SWIFT MT940
(hard-copy or digital) aligned to reference MERE-71-FIDES-5463-3892-01.
**Only the custodian bank may issue an authoritative MT940** (or camt.053).
Do not present this specimen as a certified bank statement. Officer names,
signatures, and seals must come from the bank only.
Classification: BANK STATEMENT MESSAGE — SWIFT MT940 FORMAT — SPECIMEN FOR REQUEST & ARCHIVAL LAYOUT
================================================================================
-----------------------------------------------
SWIFT MESSAGE TYPE: MT940
BANK TO CUSTOMER STATEMENT
-----------------------------------------------
:20:TRXREF-MERE-71-FIDES-5463-3892-01
:25:ACCOUNT-NO-WMGT202011580
ACCOUNT HOLDER: 3FR, LLC
BANK: TITAN FINANCIAL HOLDINGS, LLC
:28C:00001/001
:60F:C231214USD000000000000,00
OPENING BALANCE
DATE: 14 DECEMBER 2023
CURRENCY: USD
BALANCE: 0.00
:61:231214C645000000000,00NTRFNONREF
VALUE DATE: 14 DECEMBER 2023
ENTRY DATE: 14 DECEMBER 2023
CREDIT
AMOUNT: 645,000,000,000.00 USD
:86:
TRANSACTION DETAILS:
ORIGIN BANK: FIDES GESTION FINANCIERA, S.A.P.I. DE C.V.
BENEFICIARY: 3FR, LLC
REFERENCE: MERE-71-FIDES-5463-3892-01
PAYMENT TYPE: SINGLE CUSTOMER CREDIT TRANSFER
METHOD: MANUAL MT103 DELIVERY
LEGAL STATUS: IRREVOCABLE
:62F:C231214USD645000000000,00
CLOSING BALANCE
DATE: 14 DECEMBER 2023
CURRENCY: USD
BALANCE: 645,000,000,000.00
:64:C231214USD645000000000,00
AVAILABLE BALANCE
-----------------------------------------------
END OF MESSAGE
-----------------------------------------------
BANK CERTIFICATION (TO BE COMPLETED BY BANK ONLY — DO NOT FILL IN REPO COPY)
Institution:
Titan Financial Holdings, LLC
Authorized Officer:
______________________________
Title:
Bank Operations Officer
Date:
______________________________
Official Seal:
______________________________
================================================================================
END SPECIMEN
================================================================================

168
config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt Normal file
View File

@@ -0,0 +1,168 @@
================================================================================
SPECIMEN / WORKFLOW TEMPLATE — NOT BANK-ISSUED — NOT SWIFT-VALIDATED
================================================================================
This file is a STRUCTURAL and NARRATIVE specimen for packaging, bank requests,
and archival layout. It is NOT an authoritative MT940 from Titan or any bank.
- Only the custodian bank may issue a certified MT940 (or camt.053 / API).
- Sections below labeled RESERVE / DUE DILIGENCE / CUSTODIAL are NARRATIVE
overlays for traceability to your deal file; they are NOT standard SWIFT
:86: subfields and would not appear this way on a real bank export unless
the bank explicitly formats them so.
- Executive Order and DCID citations describe an INVESTIGATIVE / DUE DILIGENCE
standard reference used in documentation — NOT a U.S. government endorsement,
regulatory clearance, or prudential approval of reserves.
- RECONCILE all magnitudes (especially custodial totals) to executed originals;
reserve summary (~1.545T USD) and a 15-digit custody line may conflict — fix
against source PDFs before any submission.
================================================================================
-----------------------------------------------
SWIFT MESSAGE TYPE: MT940 (SPECIMEN)
BANK TO CUSTOMER STATEMENT
RESERVE-LINKED BALANCE RECORD (NARRATIVE SPECIMEN ONLY)
-----------------------------------------------
:20:TRXREF-MERE-71-FIDES-5463-3892-01
:25:ACCOUNT-NO-WMGT202011580
ACCOUNT HOLDER: 3FR, LLC
BANK: TITAN FINANCIAL HOLDINGS, LLC
:28C:00001/001
-----------------------------------------------
OPENING BALANCE
-----------------------------------------------
:60F:C231214USD000000000000,00
DATE: 14 DECEMBER 2023
CURRENCY: USD
OPENING BALANCE: 0.00
-----------------------------------------------
PRIMARY CREDIT ENTRY
-----------------------------------------------
:61:231214C645000000000,00NTRFNONREF
VALUE DATE: 14 DECEMBER 2023
ENTRY DATE: 14 DECEMBER 2023
CREDIT AMOUNT:
645,000,000,000.00 USD
-----------------------------------------------
TRANSACTION DETAIL
-----------------------------------------------
:86:
ORIGINATING INSTITUTION:
FIDES GESTION FINANCIERA, S.A.P.I. DE C.V.
BENEFICIARY:
3FR, LLC
TRANSFER TYPE:
SINGLE CUSTOMER CREDIT TRANSFER
REFERENCE:
MERE-71-FIDES-5463-3892-01
METHOD:
MANUAL MT103 DELIVERY
LEGAL STATUS:
IRREVOCABLE TRANSFER
-----------------------------------------------
RESERVE STRUCTURE REFERENCE (NARRATIVE — NOT BANK SWIFT TEXT)
-----------------------------------------------
SUPPORTING RESERVE COMPONENT:
M00 RESERVE VALUE:
309,000,000,000.00 USD
M0 EXPANDED VALUE:
900,000,000,000.00 USD
RESERVE CLASSIFICATION:
GOLD-BACKED MONETARY SUPPORT (AS DESCRIBED IN DEAL DOCUMENTATION)
SUPPORT SOURCE:
CLEARWATER PREMIERE PERPETUAL MASTER, LLC
-----------------------------------------------
CLOSING BALANCE
-----------------------------------------------
:62F:C231214USD645000000000,00
DATE: 14 DECEMBER 2023
CLOSING BALANCE:
645,000,000,000.00 USD
-----------------------------------------------
AVAILABLE BALANCE
-----------------------------------------------
:64:C231214USD645000000000,00
AVAILABLE BALANCE:
645,000,000,000.00 USD
-----------------------------------------------
DUE DILIGENCE REFERENCE (NARRATIVE — NOT BANK SWIFT TEXT)
-----------------------------------------------
CLEARANCE PROVIDER:
Strategic Intelligence Service (SIS)
INVESTIGATIVE / DUE DILIGENCE STANDARD REFERENCES (NOT GOVERNMENT ENDORSEMENT):
- Executive Order 12829
- Executive Order 12968
- Executive Order 10450
- DCID 6/4
DOCUMENTATION CHARACTERIZATION (AS STATED IN DEAL FILE — VERIFY):
Funds described as verified clean and unencumbered per SIS letter
-----------------------------------------------
CUSTODIAL BALANCE CONFIRMATION (NARRATIVE — NOT BANK SWIFT TEXT)
-----------------------------------------------
REFERENCE DOCUMENT:
Titan Financial custodial balance sheet (as cited in deal file — page reference
in counsel bundle)
DECLARED TOTAL ASSET BASE (AS TRANSCRIBED FROM PAGE 5 NARRATIVE — RECONCILE):
1,545,000,000,000,000.00 USD
SPECIMEN NOTE: If reserve composition summary uses ~1.545 trillion USD, this
15-digit figure may be a transcription error — confirm against executed PDF.
-----------------------------------------------
END OF MESSAGE (SPECIMEN)
-----------------------------------------------
BANK CERTIFICATION (PLACEHOLDER ONLY — REAL BANK COMPLETES)
Institution:
Titan Financial Holdings, LLC
Authorized Officer:
______________________________
Title:
Bank Operations Officer
Date:
______________________________
Official Seal:
______________________________

42
config/reserve-provenance-package/bank/README_BANK_REQUEST_MT940_CAMT053.md Normal file
View File

@@ -0,0 +1,42 @@
# Requesting the authoritative statement (MT940 or camt.053)
Use this language when asking the **custodian bank** for the record that anchors **MT103 → ledger balance → reconciliation**.
## Request (copy/paste)
**Subject:** Official customer statement export — MT940 or ISO 20022 camt.053
**Body:**
Request: **Official MT940 Statement Export** (or **camt.053** if your core issues ISO 20022 instead of SWIFT Fin).
- **Account:** WMGT202011580 (or current account identifier)
- **Account holder:** 3FR, LLC
- **Institution:** Titan Financial Holdings, LLC (or actual booking entity)
- **Date range:** 14 December 2023 (adjust to cover value date of credit **MERE-71-FIDES-5463-3892-01**)
**Required:**
- Format: **SWIFT MT940** *or* **ISO 20022 camt.053** (banks standard)
- **Hard copy and digital** (as your policy allows)
- **Signed and certified** by an **authorized bank officer** (names, titles, seals are **bank-only** — do not fabricate in-repo specimens)
## Reconciliation alignment
The bank-issued statement must be **deterministic** with your MT103 hard copy:
| Check | Must match |
|-------|------------|
| Reference | MERE-71-FIDES-5463-3892-01 (or banks :20: / equivalent) |
| Credit amount | USD 645,000,000,000.00 (per your executed transfer) |
| Receiving account | WMGT202011580 / 3FR, LLC (per bank books) |
## After receipt
1. Archive **bank-original** PDF/XML/txt (hash if required by policy).
2. Parse closing/available balance into a JSON file consumable by `JVMTM_BANK_BALANCE_JSON` / `generate-3way-reconciliation-evidence.sh` — see `JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json`.
3. Update `JVMTM_BANK_BALANCE_JSON.json` certification container status from `AWAITING_BANK_EXPORT` to reflect **bank-issued** evidence (separate commit / secure store).
## Specimen on disk
`MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt` is a **format model** only — see file header.

88
config/reserve-provenance-package/governance/REGULATORY_STACK_DECLARATION.json Normal file
View File

@@ -0,0 +1,88 @@
{
"schema_version": 1,
"documentType": "RegulatoryStackDeclaration",
"stackStructure": [
{
"entity": "HYBX",
"classification": "Commercial Financial Services Provider",
"regulatoryStatus": {
"licenseType": [
"AUSTRAC Financial Services Provider (FSP)",
"Digital Currency Exchange (DCE)"
],
"jurisdiction": "Australia"
},
"functionalRole": [
"Liquidity Processing",
"Transaction Routing",
"Digital Asset Exchange Infrastructure"
],
"riskDomain": "Commercial"
},
{
"entity": "OMNL",
"classification": "Central Bank",
"identifiers": {
"lei": "98450070C57395F6B906",
"leiStandard": "ISO 17442"
},
"leiProvenance": "Mirrored from docs/04-configuration/mifos-omnl-central-bank/OMNL_ENTITY_MASTER_DATA.json (Head Office, clientNumber 1). Confirm current status in GLEIF before supervisory or counterparty reliance.",
"regulatoryStatus": {
"designation": "Monetary Authority",
"jurisdiction": "Central Banking Authority"
},
"functionalRole": [
"Monetary Issuance",
"Reserve Custody",
"Settlement Oversight"
],
"riskDomain": "Monetary",
"charterAcknowledgment": {
"describedInDealDocumentation": "OMNL charter acknowledged under U.S. Executive Order and DCID clearance / due-diligence standards (parallel reference lists)",
"executiveOrdersReferenced": [
"Executive Order 12829",
"Executive Order 12968",
"Executive Order 10450"
],
"dcidStandardsReferenced": ["DCID 6/4"],
"characterization": "investigative_and_due_diligence_standard_reference",
"notGovernmentEndorsementOfCharter": true,
"notSubstituteForExecutedCharter": true,
"note": "Citations describe documentation context — not U.S. government approval, validation, or prudential recognition of the charter. Attach executed charter and legal opinions out of band."
}
},
{
"entity": "DBIS",
"classification": "Sovereign Governmental Monetary Authority",
"regulatoryStatus": {
"designation": "Sovereign governmental body",
"sovereignFramework": "SMOM — OSJ",
"jurisdiction": "Sovereign governmental (under SMOMOSJ)"
},
"functionalRole": [
"Reserve Governance",
"Policy Authority",
"International Monetary Coordination"
],
"riskDomain": "Sovereign"
}
],
"hostingRelationship": {
"hostEntity": "HYBX",
"hostedEntities": ["OMNL", "DBIS"],
"hostingModel": "Regulated Infrastructure Hosting"
},
"regulatorySeparationStatement": {
"statement": "Each entity is described here under distinct declared regulatory authority and functional mandate, supporting separation of commercial, monetary, and governmental risk domains for documentation and supervisory dialogue."
},
"regulatoryEvidence": {
"hybxAustracDceRegistrationNumber": null,
"omnlLeiGleifVerificationRequired": true,
"omnlCharterOrEstablishmentReference": null,
"dbisGovernmentCharterReference": null,
"dbisSmomOsjEstablishmentReference": null,
"evidenceNote": "OMNL LEI — verify in GLEIF. OMNL charter: EO and DCID references above are contextual only; executed charter still required in primary evidence. HYBX FSP/DCE and DBIS/SMOMOSJ charter references null until primary-source artifacts attached."
},
"disclaimer": "Declared operational and jurisdictional posture for architecture documentation — not legal advice, not a regulator determination, and not substitute for verified licenses, charters, or supervisory recognition.",
"timestamp": "2023-12-18T00:00:00Z"
}

50
config/reserve-provenance-package/governance/REGULATORY_STACK_NARRATIVE.txt Normal file
View File

@@ -0,0 +1,50 @@
================================================================================
HUMAN-READABLE DECLARATION — VERIFY AGAINST LICENSES, CHARTERS, AND SUPERVISORS
================================================================================
This text mirrors governance/REGULATORY_STACK_DECLARATION.json for auditors who
read narratives first. It is not legal advice and does not assert government or
prudential approval. AUSTRAC FSP/DCE claims require verified registration
evidence; central-bank and sovereign roles require charter or establishment
documentation as applicable.
================================================================================
REGULATORY STRUCTURE DECLARATION
This financial infrastructure is described as operating across three distinct
declared entities for jurisdictional and risk-domain separation:
1. HYBX operates as a licensed Financial Services Provider (FSP) and Digital
Currency Exchange (DCE) under AUSTRAC regulatory authority (Australia).
HYBX is described as the commercial transaction infrastructure host.
2. OMNL functions as a Central Bank entity responsible for monetary issuance,
reserve management, and settlement authority functions. OMNL is identified
for interoperability using Legal Entity Identifier (LEI) ISO 17442, currently
mirrored from OMNL_ENTITY_MASTER_DATA.json — verify in GLEIF before reliance.
Deal documentation describes the OMNL charter as acknowledged under U.S.
Executive Order standards (12829, 12968, 10450) and DCID 6/4, in parallel, in
a clearance / due-diligence context; that framing is a standard reference, not
U.S. government endorsement of the charter — retain executed charter and
counsel review as primary evidence.
3. The Digital Bank of International Settlements (DBIS) is described as a
sovereign governmental monetary authority under the SMOMOSJ framework,
responsible for sovereign monetary governance and international financial
coordination. Map this description to primary establishment / charter
documentation out of band.
These three entities are intended to maintain regulatory separation across:
- Commercial Operations (HYBX)
- Monetary Authority (OMNL)
- Sovereign Policy (DBIS)
HYBX is described as providing regulated infrastructure hosting services to
OMNL and DBIS while maintaining operational segregation and compliance with
applicable financial regulations.
This structure is presented to clarify separation of commercial, monetary,
and sovereign financial risk domains in documentation. Supervisors and counsel
should map each claim to primary-source evidence (registration numbers, charters,
legal opinions) before reliance.

15
config/reserve-provenance-package/kyt/KYT_EXECUTION_RECORD.json Normal file
View File

@@ -0,0 +1,15 @@
{
"schema_version": 1,
"documentType": "KYTExecutionRecord",
"provider": "PendingVendorIntegration",
"screeningStatus": "PENDING",
"transactionReference": "MERE-71-FIDES-5463-3892-01",
"riskEvaluation": {
"sanctionsCheck": "PENDING",
"riskScore": "UNAVAILABLE"
},
"integration": {
"script": "scripts/omnl/fetch-kyt-vendor-report.sh",
"note": "Do not mark PASS without vendor-issued record; merge vendor export into this container or sibling file under validation/."
}
}

34
config/reserve-provenance-package/legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json Normal file
View File

@@ -0,0 +1,34 @@
{
"schema_version": 1,
"documentType": "AttorneyReceiptAttestation",
"attestingParty": {
"role": "Receiving Attorney",
"entity": "Titan Financial Holdings, LLC",
"jurisdiction": "Wyoming, USA"
},
"transactionReference": {
"mt103Reference": "MERE-71-FIDES-5463-3892-01",
"originInstitution": "FIDES Gestion Financiera, S.A.P.I. de C.V.",
"beneficiary": "3FR, LLC"
},
"receiptDetails": {
"attestationType": "FundsReceiptConfirmation",
"method": "Manual MT103 Deposit",
"declaredAmount": "645000000000.00 USD",
"receiptAcknowledged": true,
"attestationBasis": [
"MT103 hard copy",
"transfer confirmation records",
"supporting financial statements"
]
},
"legalDeclaration": {
"statement": "Funds referenced herein were received under authority of the receiving counsel and recorded as delivered into the beneficiary structure.",
"status": "ATTESTED"
},
"evidenceStaging": {
"counselReviewRequired": true,
"notSubstituteForBankConfirmation": true
},
"timestamp": "2023-12-18T00:00:00Z"
}

38
config/reserve-provenance-package/provenance/FUNDING_ORIGIN_CHAIN_3FR.json Normal file
View File

@@ -0,0 +1,38 @@
{
"schema_version": 1,
"documentType": "FundingOriginNarrative",
"originChain": [
{
"stage": 1,
"event": "Bond Transfer",
"entity": "Global Infrastructure Finance & Development Authority, Inc.",
"date": "2022-03-29"
},
{
"stage": 2,
"event": "Bond Sale",
"buyer": "OCHO L.B., S.A. de C.V.",
"invoice": "CPPM-23-6-001",
"date": "2023-07-10"
},
{
"stage": 3,
"event": "Funds Transfer",
"amount": "75000000000.00 USD",
"destination": "Clearwater Premiere Perpetual Master, LLC",
"date": "2023-07-11"
},
{
"stage": 4,
"event": "Security Allocation",
"amount": "17000000000.00 USD",
"destination": "Integrated Transport Security",
"date": "2023-07-11"
}
],
"sourceIntegrity": {
"status": "CHAIN_CONTINUOUS",
"verificationMethod": "Legal Documentation Review",
"note": "Structured lineage from funding package narrative; corroborate with executed instruments and bank records."
}
}

45
config/reserve-provenance-package/reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json Normal file
View File

@@ -0,0 +1,45 @@
{
"schema_version": 1,
"documentType": "ReserveHostingAndJurisdictionMap",
"primaryReserve": {
"reserveType": "Monetary Reserve",
"monetaryComposition": {
"cashComponentUsd": "92000000000.00",
"m00ComponentUsd": "309000000000.00",
"expandedM0EquivalentUsd": "900000000000.00"
},
"custodyLayer": {
"custodian": "Titan Financial Holdings, LLC",
"reportedAssetBaseTranscribedFromCustodyNarrativeUsd": "1545000000000000.00",
"scaleReconciliationNote": "Reconcile to executed custody documents and to reserve composition summary (~1.545T USD) before supervisory use — see RESERVE_MONETARY_LINKAGE_DECLARATION.json."
}
},
"jurisdictionalControl": {
"commercialInfrastructure": {
"entity": "HYBX",
"regulatoryStatusDeclared": "AUSTRAC Licensed FSP and DCE (verify registration)",
"role": "Operational Infrastructure Provider"
},
"monetaryAuthority": {
"entity": "OMNL",
"classification": "Central Bank",
"role": "Reserve Authority",
"lei": "98450070C57395F6B906",
"leiSource": "OMNL_ENTITY_MASTER_DATA.json (Head Office); verify GLEIF",
"charterContext": "Described as acknowledged under EO 12829/12968/10450 and DCID 6/4 (parallel) in documentation — not government endorsement; see REGULATORY_STACK_DECLARATION.json"
},
"sovereignAuthority": {
"entity": "DBIS",
"classification": "Sovereign governmental body under SMOMOSJ",
"role": "Policy Governance Authority"
}
},
"operationalHierarchy": [
"DBIS — Sovereign policy layer",
"OMNL — Monetary authority layer",
"HYBX — Commercial infrastructure layer"
],
"reserveRecognitionStatus": "PROVISIONALLY_STRUCTURED",
"disclaimer": "Maps declared entities to reserve narrative only; does not establish prudential reserve recognition, custodian confirmation, or verified regulatory standing.",
"timestamp": "2023-12-18T00:00:00Z"
}

39
config/reserve-provenance-package/reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json Normal file
View File

@@ -0,0 +1,39 @@
{
"schema_version": 1,
"documentType": "ReserveMonetaryLinkageDeclaration",
"primaryFundingEvent": {
"mt103Reference": "MERE-71-FIDES-5463-3892-01",
"settlementAmountUsd": "645000000000.00",
"note": "Transfer amount as in MT103 / attorney attestation narrative; bank statement must match reference, account, and amount."
},
"reserveStructure": {
"cashComponentUsd": "92000000000.00",
"m00ComponentUsd": "309000000000.00",
"expandedM0EquivalentUsd": "900000000000.00",
"totalAssetBaseApproxUsd": "1545000000000.00",
"compositionSource": "Reserve composition summary (deal file page 1 narrative — verify against executed originals)",
"supportEntityNamedInDocumentation": "Clearwater Premiere Perpetual Master, LLC"
},
"dueDiligenceReference": {
"provider": "Strategic Intelligence Service",
"investigativeStandardsReferenced": [
"Executive Order 12829",
"Executive Order 12968",
"Executive Order 10450",
"DCID 6/4"
],
"characterization": "investigative_and_due_diligence_standard_reference",
"notGovernmentEndorsement": true,
"notRegulatoryClearance": true,
"documentationStatus": "As stated in deal file — counsel to confirm against SIS letter"
},
"custodyReference": {
"custodian": "Titan Financial Holdings, LLC",
"custodyDocument": "Titan balance sheet / custodial record as cited in deal file (e.g. page 5)",
"statedTotalAssetBaseAsTranscribedFromPage5NarrativeUsd": "1545000000000000.00",
"scaleReconciliationNote": "Page 1 narrative cites ~1.545 trillion USD total asset base; page 5 transcription may use a different magnitude — reconcile to executed PDFs before supervisory use."
},
"reserveStatus": "PROVISIONAL_LINKAGE_NARRATIVE",
"disclaimer": "Structured linkage only; does not establish prudential reserve recognition, regulatory capital, or bank-confirmed balances. Authoritative MT940/camt.053/API remains with the custodian bank.",
"timestamp": "2023-12-18T00:00:00Z"
}

14
config/reserve-provenance-package/reserve/RESERVE_RECOGNITION_DECLARATION.json Normal file
View File

@@ -0,0 +1,14 @@
{
"schema_version": 1,
"documentType": "ReserveRecognitionDeclaration",
"reserveType": "Operational Liquidity Reserve",
"fundingSource": "Bond Monetization Proceeds",
"custodyStatus": "AttorneyAcknowledged",
"reserveEligibility": {
"legalOriginVerified": true,
"bankSettlementPending": true,
"kytVerificationPending": true
},
"status": "PROVISIONAL_RESERVE",
"disclaimer": "Provisional only until bank statement and KYT vendor evidence are attached; not prudential reserve recognition for regulatory capital without supervisor-approved methodology."
}

252
config/reserve-provenance-package/schemas/reserve-provenance-package.schema.json Normal file
View File

@@ -0,0 +1,252 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/reserve-provenance-package.json",
"title": "Reserve provenance package (10 attestation documents)",
"oneOf": [
{ "$ref": "#/$defs/AttorneyReceiptAttestation" },
{ "$ref": "#/$defs/SettlementFinalityDeclaration" },
{ "$ref": "#/$defs/FundingOriginNarrative" },
{ "$ref": "#/$defs/BankBalanceCertification" },
{ "$ref": "#/$defs/KYTExecutionRecord" },
{ "$ref": "#/$defs/ThreeWayReconciliationTrigger" },
{ "$ref": "#/$defs/ReserveRecognitionDeclaration" },
{ "$ref": "#/$defs/ReserveMonetaryLinkageDeclaration" },
{ "$ref": "#/$defs/RegulatoryStackDeclaration" },
{ "$ref": "#/$defs/ReserveHostingAndJurisdictionMap" }
],
"$defs": {
"AttorneyReceiptAttestation": {
"type": "object",
"required": [
"schema_version",
"documentType",
"attestingParty",
"transactionReference",
"receiptDetails",
"legalDeclaration",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "AttorneyReceiptAttestation" },
"attestingParty": { "type": "object" },
"transactionReference": { "type": "object" },
"receiptDetails": { "type": "object" },
"legalDeclaration": { "type": "object" },
"evidenceStaging": { "type": "object" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"SettlementFinalityDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"transactionReference",
"finalityStatus",
"settlementType",
"confirmationFlow",
"legalEffect",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "SettlementFinalityDeclaration" },
"transactionReference": { "type": "string" },
"finalityStatus": { "type": "string" },
"settlementType": { "type": "string" },
"confirmationFlow": { "type": "object" },
"legalEffect": { "type": "object" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"FundingOriginNarrative": {
"type": "object",
"required": ["schema_version", "documentType", "originChain", "sourceIntegrity"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "FundingOriginNarrative" },
"originChain": {
"type": "array",
"minItems": 1,
"items": { "type": "object" }
},
"sourceIntegrity": { "type": "object" }
},
"additionalProperties": true
},
"BankBalanceCertification": {
"type": "object",
"required": [
"schema_version",
"documentType",
"institution",
"accountHolder",
"statementSource",
"balanceSnapshot",
"status"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "BankBalanceCertification" },
"institution": { "type": "string" },
"accountHolder": { "type": "string" },
"statementSource": { "type": "string" },
"balanceSnapshot": { "type": "object" },
"status": { "type": "string" },
"integration": { "type": "object" }
},
"additionalProperties": true
},
"KYTExecutionRecord": {
"type": "object",
"required": [
"schema_version",
"documentType",
"provider",
"screeningStatus",
"transactionReference",
"riskEvaluation"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "KYTExecutionRecord" },
"provider": { "type": "string" },
"screeningStatus": { "type": "string" },
"transactionReference": { "type": "string" },
"riskEvaluation": { "type": "object" },
"integration": { "type": "object" }
},
"additionalProperties": true
},
"ThreeWayReconciliationTrigger": {
"type": "object",
"required": [
"schema_version",
"documentType",
"ledgerSource",
"bankSource",
"chainSource",
"executionStatus",
"reconciliationMode"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ThreeWayReconciliationTrigger" },
"ledgerSource": { "type": "string" },
"bankSource": { "type": "string" },
"chainSource": { "type": "string" },
"executionStatus": { "type": "string" },
"reconciliationMode": { "type": "string" },
"correlationHints": { "type": "object" },
"nextSteps": { "type": "array", "items": { "type": "string" } }
},
"additionalProperties": true
},
"ReserveRecognitionDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"reserveType",
"fundingSource",
"custodyStatus",
"reserveEligibility",
"status"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ReserveRecognitionDeclaration" },
"reserveType": { "type": "string" },
"fundingSource": { "type": "string" },
"custodyStatus": { "type": "string" },
"reserveEligibility": { "type": "object" },
"status": { "type": "string" },
"disclaimer": { "type": "string" }
},
"additionalProperties": true
},
"ReserveMonetaryLinkageDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"primaryFundingEvent",
"reserveStructure",
"dueDiligenceReference",
"custodyReference",
"reserveStatus",
"disclaimer",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ReserveMonetaryLinkageDeclaration" },
"primaryFundingEvent": { "type": "object" },
"reserveStructure": { "type": "object" },
"dueDiligenceReference": { "type": "object" },
"custodyReference": { "type": "object" },
"reserveStatus": { "type": "string" },
"disclaimer": { "type": "string" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"RegulatoryStackDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"stackStructure",
"hostingRelationship",
"regulatorySeparationStatement",
"disclaimer",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "RegulatoryStackDeclaration" },
"stackStructure": {
"type": "array",
"minItems": 1,
"items": { "type": "object" }
},
"hostingRelationship": { "type": "object" },
"regulatorySeparationStatement": { "type": "object" },
"regulatoryEvidence": { "type": "object" },
"disclaimer": { "type": "string" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"ReserveHostingAndJurisdictionMap": {
"type": "object",
"required": [
"schema_version",
"documentType",
"primaryReserve",
"jurisdictionalControl",
"operationalHierarchy",
"reserveRecognitionStatus",
"disclaimer",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ReserveHostingAndJurisdictionMap" },
"primaryReserve": { "type": "object" },
"jurisdictionalControl": { "type": "object" },
"operationalHierarchy": {
"type": "array",
"items": { "type": "string" }
},
"reserveRecognitionStatus": { "type": "string" },
"disclaimer": { "type": "string" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
}
}
}

21
config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json Normal file
View File

@@ -0,0 +1,21 @@
{
"schema_version": 1,
"documentType": "SettlementFinalityDeclaration",
"transactionReference": "MERE-71-FIDES-5463-3892-01",
"finalityStatus": "DECLARED_FINAL",
"settlementType": "SingleCustomerCreditTransfer",
"confirmationFlow": {
"instructionIssued": true,
"receiptConfirmed": true,
"creditDeclared": true
},
"legalEffect": {
"status": "Irrevocable",
"bindingAuthority": [
"Uniform Commercial Code",
"UNCITRAL Trade Law"
],
"disclaimer": "Institution-specific finality and governing law must be confirmed by counsel; this JSON records operational declaration only."
},
"timestamp": "2023-12-18T00:00:00Z"
}

138
config/smart-contracts-master.json Normal file
View File

@@ -0,0 +1,138 @@
{
"schemaVersion": 1,
"description": "Publishable Chain 138 + mainnet relay addresses. Mirrors scripts/verify/check-contracts-on-chain-138.sh (64 bytecode checks). .env overrides via load-contract-addresses.sh.",
"chains": {
"138": {
"mapper": "0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A",
"contracts": {
"WETH9": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"WETH10": "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f",
"Oracle_Aggregator": "0x99b3511a2d315a497c8112c1fdd8d508d4b1e506",
"Oracle_Proxy": "0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6",
"CCIP_Router": "0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817",
"CCIP_Router_Direct_Legacy": "0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e",
"CCIP_Sender": "0x105F8A15b819948a89153505762444Ee9f324684",
"CCIPWETH9_Bridge": "0xcacfd227A040002e49e2e01626363071324f820a",
"CCIPWETH9_Bridge_Direct_Legacy": "0x971cD9D156f193df8051E48043C476e53ECd4693",
"CCIPWETH10_Bridge": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0",
"LINK": "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03",
"cUSDT": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"cUSDC": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"TokenRegistry": "0x91Efe92229dbf7C5B38D422621300956B55870Fa",
"TokenFactory": "0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133",
"ComplianceRegistry": "0xbc54fe2b6fda157c59d59826bcfdbcc654ec9ea1",
"BridgeVault": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8",
"FeeCollector": "0xF78246eB94c6CB14018E507E60661314E5f4C53f",
"DebtRegistry": "0x95BC4A997c0670d5DAC64d55cDf3769B53B63C28",
"PolicyManager": "0x0C4FD27018130A00762a802f91a72D6a64a60F14",
"TokenImplementation": "0x0059e237973179146237aB49f1322E8197c22b21",
"PriceFeed_Keeper": "0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04",
"OraclePriceFeed": "0x8918eE0819fD687f4eb3e8b9B7D0ef7557493cfa",
"WETH_MockPriceFeed": "0x3e8725b8De386feF3eFE5678c92eA6aDB41992B2",
"MerchantSettlementRegistry": "0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800",
"WithdrawalEscrow": "0xe77cb26eA300e2f5304b461b0EC94c8AD6A7E46D",
"UniversalAssetRegistry": "0xAEE4b7fBe82E1F8295951584CBc772b8BBD68575",
"GovernanceController": "0xA6891D5229f2181a34D4FF1B515c3Aa37dd90E0e",
"UniversalCCIPBridge": "0xCd42e8eD79Dc50599535d1de48d3dAFa0BE156F8",
"BridgeOrchestrator": "0x89aB428c437f23bAB9781ff8Db8D3848e27EeD6c",
"PaymentChannelManager": "0x302aF72966aFd21C599051277a48DAa7f01a5f54",
"GenericStateChannelManager": "0xe5e3bB424c8a0259FDE23F0A58F7e36f73B90aBd",
"AddressMapper": "0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A",
"MirrorManager": "0x6eD905A30c552a6e003061A38FD52A5A427beE56",
"Lockbox138": "0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c",
"CREATE2Factory": "0x750E4a8adCe9f0e67A420aBE91342DC64Eb90825",
"UniversalAssetRegistry_Deterministic": "0xC98602aa574F565b5478E8816BCab03C9De0870f",
"UniversalCCIPBridge_Deterministic": "0x532DE218b94993446Be30eC894442f911499f6a3",
"MirrorRegistry": "0x6427F9739e6B6c3dDb4E94fEfeBcdF35549549d8",
"AlltraAdapter": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc",
"TransactionMirror": "0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc",
"DODO_Pool_cUSDT_cUSDC": "0xff8d3b8fDF7B112759F076B69f4271D4209C0849",
"DODOPMMIntegration": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
"DODOPMMProvider": "0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381",
"DODO_Pool_cUSDT_USDT": "0x6fc60DEDc92a2047062294488539992710b99D71",
"DODO_Pool_cUSDC_USDC": "0x9f74Be42725f2Aa072a9E0CdCce0E7203C510263",
"ReserveSystem": "0x607e97cD626f209facfE48c1464815DDE15B5093",
"ReserveTokenIntegration": "0x34B73e6EDFd9f85a7c25EeD31dcB13aB6E969b96",
"RegulatedEntityRegistry": "0xEA4C892D6c1253797c5D95a05BF3863363080b4B",
"VaultFactory": "0xB2Ac70f35A81481B005067ed6567a5043BA32336",
"Ledger": "0x67b3831dc64C14FB9352B2a45C6Dd69b3C86B7af",
"Liquidation": "0x3aCdbCB749d6037a02F0ef6ea2E5Fb89D31fAB72",
"XAU_Oracle": "0xf23E1eDa304082ab7a81531dFE6020E6105e77A8",
"cEURC": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
"cEURT": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
"cGBPC": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
"cGBPT": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
"cAUDC": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
"cJPYC": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
"cCHFC": "0x873990849DDa5117d7C644f0aF24370797C03885",
"cCADC": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
"cXAUC": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
"cXAUT": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
"ISO20022Router": "0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074"
},
"envVarMap": {
"CCIP_ROUTER": "CCIP_Router",
"CCIP_ROUTER_CHAIN138": "CCIP_Router",
"CCIP_ROUTER_CHAIN138_LINK": "CCIP_Router",
"CHAIN_138_CCIP_ROUTER": "CCIP_Router",
"CCIP_ROUTER_DIRECT_LEGACY": "CCIP_Router_Direct_Legacy",
"CCIPWETH9_BRIDGE_CHAIN138": "CCIPWETH9_Bridge",
"CCIPWETH9_BRIDGE_CHAIN138_LINK": "CCIPWETH9_Bridge",
"CCIPWETH9_BRIDGE_DIRECT_LEGACY": "CCIPWETH9_Bridge_Direct_Legacy",
"CCIPWETH10_BRIDGE_CHAIN138": "CCIPWETH10_Bridge",
"LINK_TOKEN": "LINK",
"LINK_TOKEN_CHAIN138": "LINK",
"CCIP_FEE_TOKEN": "LINK",
"ORACLE_AGGREGATOR_ADDRESS": "Oracle_Aggregator",
"ORACLE_PROXY_ADDRESS": "Oracle_Proxy",
"COMPLIANCE_REGISTRY": "ComplianceRegistry",
"COMPLIANCE_REGISTRY_ADDRESS": "ComplianceRegistry",
"TOKEN_FACTORY": "TokenFactory",
"BRIDGE_VAULT": "BridgeVault",
"DEBT_REGISTRY": "DebtRegistry",
"POLICY_MANAGER": "PolicyManager",
"TOKEN_IMPLEMENTATION": "TokenImplementation",
"TOKEN_REGISTRY_ADDRESS": "TokenRegistry",
"FEE_COLLECTOR_ADDRESS": "FeeCollector",
"COMPLIANT_USDT_ADDRESS": "cUSDT",
"COMPLIANT_USDC_ADDRESS": "cUSDC",
"DODO_PMM_INTEGRATION_ADDRESS": "DODOPMMIntegration",
"CHAIN_138_DODO_PMM_INTEGRATION": "DODOPMMIntegration",
"DODO_PMM_PROVIDER_ADDRESS": "DODOPMMProvider",
"TRANSACTION_MIRROR_ADDRESS": "TransactionMirror",
"PAYMENT_CHANNEL_MANAGER": "PaymentChannelManager",
"GENERIC_STATE_CHANNEL_MANAGER": "GenericStateChannelManager",
"ADDRESS_MAPPER": "AddressMapper",
"MIRROR_MANAGER": "MirrorManager",
"MERCHANT_SETTLEMENT_REGISTRY": "MerchantSettlementRegistry",
"SETTLEMENT_REGISTRY_ADDRESS": "MerchantSettlementRegistry",
"WITHDRAWAL_ESCROW_ADDRESS": "WithdrawalEscrow",
"CREATE2_FACTORY": "CREATE2Factory",
"UNIVERSAL_ASSET_REGISTRY": "UniversalAssetRegistry",
"GOVERNANCE_CONTROLLER": "GovernanceController",
"UNIVERSAL_CCIP_BRIDGE": "UniversalCCIPBridge",
"BRIDGE_ORCHESTRATOR": "BridgeOrchestrator",
"UNIVERSAL_ASSET_REGISTRY_DETERMINISTIC": "UniversalAssetRegistry_Deterministic",
"UNIVERSAL_CCIP_BRIDGE_DETERMINISTIC": "UniversalCCIPBridge_Deterministic",
"MIRROR_REGISTRY": "MirrorRegistry",
"ALLTRA_ADAPTER": "AlltraAdapter",
"RESERVE_SYSTEM": "ReserveSystem",
"ORACLE_PRICE_FEED": "OraclePriceFeed",
"CHAIN138_WETH_MOCK_PRICE_FEED": "WETH_MockPriceFeed",
"RESERVE_TOKEN_INTEGRATION": "ReserveTokenIntegration",
"REGULATED_ENTITY_REGISTRY": "RegulatedEntityRegistry",
"VAULT_FACTORY": "VaultFactory"
}
},
"1": {
"contracts": {
"CCIP_Relay_Router": "0xAd9A228CcEB4cbB612cD165FFB72fE090ff10Afb",
"CCIP_Relay_Bridge": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939"
},
"envVarMap": {
"CCIP_RELAY_ROUTER_MAINNET": "CCIP_Relay_Router",
"CCIP_RELAY_BRIDGE_MAINNET": "CCIP_Relay_Bridge"
}
}
}
}

594
config/token-mapping-loader.cjs
View File

@@ -1,55 +1,125 @@
/**
* Load token mapping from config/token-mapping.json and config/token-mapping-multichain.json.
* Used by relay service, bridge/LP tooling, and docs. Safe to publish (no secrets).
* Load relay mappings, GRU transport overlay config, routing registry, and deployment JSON.
* Used by relay service, token-aggregation, bridge/LP tooling, and docs. Safe to publish.
*
* Usage:
* const { getRelayTokenMapping, getTokenMappingForPair } = require('../config/token-mapping-loader.cjs');
* const map = getRelayTokenMapping(); // 138 -> Mainnet (chain138Address -> mainnetAddress)
* const pair = getTokenMappingForPair(138, 651940); // { tokens, addressMapFromTo, addressMapToFrom }
*
* @version 2026-02-16
* @version 2026-03-30
*/
const path = require('path');
const fs = require('fs');
const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000';
const DEFAULT_JSON_PATH = path.resolve(__dirname, 'token-mapping.json');
const DEFAULT_MULTICHAIN_JSON_PATH = path.resolve(__dirname, 'token-mapping-multichain.json');
const DEFAULT_GRU_ACTIVE_JSON_PATH = path.resolve(__dirname, 'gru-transport-active.json');
const DEFAULT_ROUTING_REGISTRY_JSON_PATH = path.resolve(__dirname, 'routing-registry.json');
const DEFAULT_DEPLOYMENT_STATUS_JSON_PATH = path.resolve(
__dirname,
'..',
'cross-chain-pmm-lps',
'config',
'deployment-status.json'
);
const DEFAULT_POOL_MATRIX_JSON_PATH = path.resolve(
__dirname,
'..',
'cross-chain-pmm-lps',
'config',
'pool-matrix.json'
);
let _cache = null;
let _multichainCache = null;
const JSON_CACHES = {
token: null,
multichain: null,
gruTransport: null,
routingRegistry: null,
deploymentStatus: null,
poolMatrix: null,
};
function loadTokenMappingJson(jsonPath = DEFAULT_JSON_PATH) {
if (_cache && _cache.path === jsonPath) return _cache.data;
function loadCachedJson(cacheKey, jsonPath) {
const current = JSON_CACHES[cacheKey];
if (current && current.path === jsonPath) return current.data;
try {
const raw = fs.readFileSync(jsonPath, 'utf8');
const data = JSON.parse(raw);
_cache = { path: jsonPath, data };
JSON_CACHES[cacheKey] = { path: jsonPath, data };
return data;
} catch (e) {
return null;
}
}
function normalizeAddress(address) {
return typeof address === 'string' ? address.trim().toLowerCase() : '';
}
function normalizeSymbol(symbol) {
return typeof symbol === 'string' ? symbol.trim().toLowerCase() : '';
}
function normalizeTransportSymbol(symbol) {
const normalized = normalizeSymbol(symbol).replace(/[\s_-]/g, '');
if (normalized.startsWith('cw')) {
return `c${normalized.slice(2)}`;
}
return normalized;
}
function isNonZeroAddress(address) {
const normalized = normalizeAddress(address);
return /^0x[a-f0-9]{40}$/.test(normalized) && normalized !== ZERO_ADDRESS;
}
function resolveConfigRef(ref) {
if (!ref || typeof ref !== 'object') return '';
if (isNonZeroAddress(ref.address)) return ref.address;
if (typeof ref.env === 'string' && isNonZeroAddress(process.env[ref.env])) {
return process.env[ref.env];
}
return '';
}
function hasConfigRef(ref) {
if (!ref || typeof ref !== 'object') return false;
return isNonZeroAddress(ref.address) || (typeof ref.env === 'string' && ref.env.trim() !== '');
}
function resolvePolicyRefValue(ref) {
if (!ref || typeof ref !== 'object') return '';
if (typeof ref.amount === 'string' && ref.amount.trim() !== '') return ref.amount.trim();
if (typeof ref.env === 'string') {
const value = process.env[ref.env];
if (typeof value === 'string' && value.trim() !== '') return value.trim();
}
return '';
}
function loadTokenMappingJson(jsonPath = DEFAULT_JSON_PATH) {
return loadCachedJson('token', jsonPath);
}
function loadTokenMappingMultichainJson(jsonPath = DEFAULT_MULTICHAIN_JSON_PATH) {
if (_multichainCache && _multichainCache.path === jsonPath) return _multichainCache.data;
try {
const raw = fs.readFileSync(jsonPath, 'utf8');
const data = JSON.parse(raw);
_multichainCache = { path: jsonPath, data };
return data;
} catch (e) {
return null;
}
return loadCachedJson('multichain', jsonPath);
}
function loadGruTransportActiveJson(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
return loadCachedJson('gruTransport', jsonPath);
}
function loadRoutingRegistryJson(jsonPath = DEFAULT_ROUTING_REGISTRY_JSON_PATH) {
return loadCachedJson('routingRegistry', jsonPath);
}
function loadDeploymentStatusJson(jsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH) {
return loadCachedJson('deploymentStatus', jsonPath);
}
function loadPoolMatrixJson(jsonPath = DEFAULT_POOL_MATRIX_JSON_PATH) {
return loadCachedJson('poolMatrix', jsonPath);
}
/**
* Build object suitable for relay config.tokenMapping: Chain 138 address -> Mainnet address.
* Only includes tokens that have a mainnetAddress (canonical or wrapped).
*
* @param {string} [jsonPath]
* @returns {{ [chain138Address: string]: string }}
*/
function getRelayTokenMapping(jsonPath) {
const data = loadTokenMappingJson(jsonPath);
if (!data || !Array.isArray(data.tokens)) return {};
@@ -62,27 +132,12 @@ function getRelayTokenMapping(jsonPath) {
return out;
}
/**
* Get full token list with relaySupported and mainnet info.
*
* @param {string} [jsonPath]
* @returns {Array<{ key: string, name: string, chain138Address: string, mainnetAddress: string|null, relaySupported: boolean, notes: string }>}
*/
function getTokenList(jsonPath) {
const data = loadTokenMappingJson(jsonPath);
if (!data || !Array.isArray(data.tokens)) return [];
return data.tokens;
}
/**
* Get token mapping for a chain pair from token-mapping-multichain.json.
* Tries (fromChainId, toChainId) then (toChainId, fromChainId) and returns tokens in from→to order.
*
* @param {number|string} fromChainId
* @param {number|string} toChainId
* @param {string} [jsonPath]
* @returns {{ tokens: Array<{ key: string, name: string, addressFrom: string, addressTo: string, notes?: string }>, addressMapFromTo: Record<string, string>, addressMapToFrom: Record<string, string> } | null}
*/
function getTokenMappingForPair(fromChainId, toChainId, jsonPath) {
const data = loadTokenMappingMultichainJson(jsonPath);
if (!data || !Array.isArray(data.pairs)) return null;
@@ -96,7 +151,13 @@ function getTokenMappingForPair(fromChainId, toChainId, jsonPath) {
}
if (!pair || !Array.isArray(pair.tokens)) return null;
const tokens = reverse
? pair.tokens.map((t) => ({ key: t.key, name: t.name, addressFrom: t.addressTo, addressTo: t.addressFrom, notes: t.notes }))
? pair.tokens.map((t) => ({
key: t.key,
name: t.name,
addressFrom: t.addressTo,
addressTo: t.addressFrom,
notes: t.notes,
}))
: pair.tokens;
const addressMapFromTo = {};
const addressMapToFrom = {};
@@ -109,41 +170,452 @@ function getTokenMappingForPair(fromChainId, toChainId, jsonPath) {
return { tokens, addressMapFromTo, addressMapToFrom };
}
/**
* Get all chain pairs defined in token-mapping-multichain.json.
*
* @param {string} [jsonPath]
* @returns {Array<{ fromChainId: number, toChainId: number, notes?: string }>}
*/
function getAllMultichainPairs(jsonPath) {
const data = loadTokenMappingMultichainJson(jsonPath);
if (!data || !Array.isArray(data.pairs)) return [];
return data.pairs.map((p) => ({ fromChainId: p.fromChainId, toChainId: p.toChainId, notes: p.notes }));
}
/**
* Resolve token address on target chain from source chain address using multichain mapping.
*
* @param {number|string} fromChainId
* @param {number|string} toChainId
* @param {string} tokenAddressOnSource - address on fromChainId
* @param {string} [jsonPath]
* @returns {string|undefined} address on toChainId, or undefined if not mapped
*/
function getMappedAddress(fromChainId, toChainId, tokenAddressOnSource, jsonPath) {
const activeTransportPair = getActiveTransportPair(
fromChainId,
toChainId,
{ sourceTokenAddress: tokenAddressOnSource },
{ multichainJsonPath: jsonPath }
);
if (activeTransportPair) {
const sameDirection =
Number(activeTransportPair.canonicalChainId) === Number(fromChainId) &&
Number(activeTransportPair.destinationChainId) === Number(toChainId);
const targetAddress = sameDirection ? activeTransportPair.mirroredAddress : activeTransportPair.canonicalAddress;
if (isNonZeroAddress(targetAddress)) {
return targetAddress;
}
}
const result = getTokenMappingForPair(fromChainId, toChainId, jsonPath);
if (!result) return undefined;
return result.addressMapFromTo[String(tokenAddressOnSource).toLowerCase()];
}
function getRoutingRegistryRoutes(jsonPath = DEFAULT_ROUTING_REGISTRY_JSON_PATH) {
const data = loadRoutingRegistryJson(jsonPath);
if (!data || !Array.isArray(data.routes)) return [];
return data.routes;
}
function getGruTransportMetadata(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || typeof data !== 'object') return null;
const activeTransportPairs = getActiveTransportPairs({ activeJsonPath: jsonPath });
const activePublicPools = getActivePublicPools(jsonPath);
return {
system: data.system || null,
terminology: data.terminology || {},
enabledCanonicalTokens: Array.isArray(data.enabledCanonicalTokens) ? data.enabledCanonicalTokens : [],
enabledDestinationChains: Array.isArray(data.enabledDestinationChains) ? data.enabledDestinationChains : [],
counts: {
enabledCanonicalTokens: Array.isArray(data.enabledCanonicalTokens) ? data.enabledCanonicalTokens.length : 0,
enabledDestinationChains: Array.isArray(data.enabledDestinationChains) ? data.enabledDestinationChains.length : 0,
approvedBridgePeers: Array.isArray(data.approvedBridgePeers) ? data.approvedBridgePeers.length : 0,
transportPairs: Array.isArray(data.transportPairs) ? data.transportPairs.length : 0,
eligibleTransportPairs: activeTransportPairs.filter((pair) => pair.eligible).length,
runtimeReadyTransportPairs: activeTransportPairs.filter((pair) => pair.runtimeReady).length,
publicPools: Array.isArray(data.publicPools) ? data.publicPools.length : 0,
activePublicPools: activePublicPools.filter((pool) => pool.active === true).length,
routablePublicPools: activePublicPools.filter(
(pool) => pool.active === true && pool.routingEnabled === true
).length,
mcpVisiblePublicPools: activePublicPools.filter(
(pool) => pool.active === true && pool.mcpVisible === true
).length,
},
};
}
function getEnabledCanonicalTokens(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.enabledCanonicalTokens)) return [];
return data.enabledCanonicalTokens;
}
function getEnabledCanonicalToken(identifier, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const normalizedSymbol = normalizeSymbol(identifier || '');
const normalizedAddress = normalizeAddress(identifier || '');
return (
getEnabledCanonicalTokens(jsonPath).find((token) => {
if (normalizedSymbol) {
if (normalizeSymbol(token.symbol) === normalizedSymbol) return true;
if (normalizeSymbol(token.mirroredSymbol) === normalizedSymbol) return true;
}
if (!normalizedAddress) return false;
if (normalizeAddress(token.activeAddress) === normalizedAddress) return true;
if (normalizeAddress(token.x402PreferredAddress) === normalizedAddress) return true;
if (Array.isArray(token.deployments)) {
return token.deployments.some((deployment) => normalizeAddress(deployment.address) === normalizedAddress);
}
return false;
}) || null
);
}
function getEnabledDestinationChains(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.enabledDestinationChains)) return [];
return data.enabledDestinationChains;
}
function isCanonicalTokenActive(symbol, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const normalized = normalizeSymbol(symbol);
return getEnabledCanonicalTokens(jsonPath).some((token) => normalizeSymbol(token.symbol) === normalized);
}
function isDestinationChainActive(chainId, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const numericChainId = Number(chainId);
return getEnabledDestinationChains(jsonPath).some((chain) => Number(chain.chainId) === numericChainId);
}
function getApprovedBridgePeer(chainId, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.approvedBridgePeers)) return null;
const numericChainId = Number(chainId);
return data.approvedBridgePeers.find((peer) => Number(peer.chainId) === numericChainId) || null;
}
function getRawMappingTokenEntry(fromChainId, toChainId, mappingKey, jsonPath = DEFAULT_MULTICHAIN_JSON_PATH) {
const data = loadTokenMappingMultichainJson(jsonPath);
if (!data || !Array.isArray(data.pairs)) return null;
const pair = data.pairs.find(
(entry) => Number(entry.fromChainId) === Number(fromChainId) && Number(entry.toChainId) === Number(toChainId)
);
if (!pair || !Array.isArray(pair.tokens)) return null;
return pair.tokens.find((token) => token.key === mappingKey) || null;
}
function getActiveTransportPairs(options = {}) {
const activeJsonPath = options.activeJsonPath || DEFAULT_GRU_ACTIVE_JSON_PATH;
const multichainJsonPath = options.multichainJsonPath || DEFAULT_MULTICHAIN_JSON_PATH;
const deploymentJsonPath = options.deploymentJsonPath || DEFAULT_DEPLOYMENT_STATUS_JSON_PATH;
const active = loadGruTransportActiveJson(activeJsonPath);
const deployment = loadDeploymentStatusJson(deploymentJsonPath);
if (!active || !Array.isArray(active.transportPairs)) return [];
const enabledCanonicalTokens = new Set(
(Array.isArray(active.enabledCanonicalTokens) ? active.enabledCanonicalTokens : []).map((token) => normalizeSymbol(token.symbol))
);
const enabledDestinationChains = new Set(
(Array.isArray(active.enabledDestinationChains) ? active.enabledDestinationChains : []).map((chain) => Number(chain.chainId))
);
const peersByKey = new Map(
(Array.isArray(active.approvedBridgePeers) ? active.approvedBridgePeers : []).map((peer) => [String(peer.key), peer])
);
const reserveVerifiers = active.reserveVerifiers && typeof active.reserveVerifiers === 'object' ? active.reserveVerifiers : {};
return active.transportPairs.map((pair) => {
const canonicalChainId = Number(pair.canonicalChainId ?? active.system?.canonicalChainId ?? 138);
const destinationChainId = Number(pair.destinationChainId);
const canonicalSymbol = String(pair.canonicalSymbol || '').trim();
const mirroredSymbol = String(pair.mirroredSymbol || '').trim();
const mappingEntry = getRawMappingTokenEntry(canonicalChainId, destinationChainId, pair.mappingKey, multichainJsonPath);
const deploymentChain =
deployment && deployment.chains && typeof deployment.chains === 'object'
? deployment.chains[String(destinationChainId)] || null
: null;
const mirrorDeploymentAddress =
deploymentChain && deploymentChain.cwTokens && typeof deploymentChain.cwTokens === 'object'
? deploymentChain.cwTokens[mirroredSymbol] || null
: null;
const peer = peersByKey.get(String(pair.peerKey || '')) || null;
const maxOutstanding = pair.maxOutstanding && typeof pair.maxOutstanding === 'object' ? pair.maxOutstanding : {};
const reserveVerifier = pair.reserveVerifierKey ? reserveVerifiers[pair.reserveVerifierKey] : null;
const routeDiscoveryEnabled = pair.routeDiscoveryEnabled !== false;
const canonicalAddress = mappingEntry?.addressFrom || null;
const mirroredAddress = mappingEntry?.addressTo || null;
const runtimeL1BridgeAddress = peer ? resolveConfigRef(peer.l1Bridge) : '';
const runtimeL2BridgeAddress = peer ? resolveConfigRef(peer.l2Bridge) : '';
const runtimeMaxOutstandingValue = resolvePolicyRefValue(maxOutstanding);
const runtimeReserveVerifier = reserveVerifier && typeof reserveVerifier === 'object' ? reserveVerifier : null;
const runtimeReserveVerifierBridgeAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.bridgeRef) : '';
const runtimeReserveVerifierAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.verifierRef) : '';
const runtimeReserveVaultAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.vaultRef) : '';
const runtimeReserveSystemAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.reserveSystemRef) : '';
const mirrorDeployed =
isNonZeroAddress(mirrorDeploymentAddress) &&
isNonZeroAddress(mirroredAddress) &&
normalizeAddress(mirrorDeploymentAddress) === normalizeAddress(mirroredAddress);
const bridgePeerConfigured =
!!peer &&
hasConfigRef(peer.l1Bridge) &&
hasConfigRef(peer.l2Bridge);
const maxOutstandingConfigured = !maxOutstanding.required || !!maxOutstanding.amount || !!maxOutstanding.env;
const reserveVerifierConfigured =
!pair.reserveVerifierKey ||
(!!runtimeReserveVerifier &&
hasConfigRef(runtimeReserveVerifier.bridgeRef) &&
hasConfigRef(runtimeReserveVerifier.verifierRef) &&
(!runtimeReserveVerifier.requireVaultBacking || hasConfigRef(runtimeReserveVerifier.vaultRef)) &&
(!runtimeReserveVerifier.requireReserveSystemBalance || hasConfigRef(runtimeReserveVerifier.reserveSystemRef)) &&
(!runtimeReserveVerifier.requireTokenOwnerMatchVault || hasConfigRef(runtimeReserveVerifier.vaultRef)));
const runtimeBridgeReady = !!runtimeL1BridgeAddress && !!runtimeL2BridgeAddress;
const runtimeMaxOutstandingReady = !maxOutstanding.required || !!runtimeMaxOutstandingValue;
const runtimeReserveVerifierReady =
!pair.reserveVerifierKey ||
(!!runtimeReserveVerifierBridgeAddress &&
!!runtimeReserveVerifierAddress &&
(!runtimeReserveVerifier.requireVaultBacking || !!runtimeReserveVaultAddress) &&
(!runtimeReserveVerifier.requireReserveSystemBalance || !!runtimeReserveSystemAddress) &&
(!runtimeReserveVerifier.requireTokenOwnerMatchVault || !!runtimeReserveVaultAddress));
const eligibilityBlockers = [];
if (!routeDiscoveryEnabled) eligibilityBlockers.push('policy:routeDiscoveryDisabled');
if (!enabledCanonicalTokens.has(normalizeSymbol(canonicalSymbol))) {
eligibilityBlockers.push('overlay:canonicalTokenDisabled');
}
if (!enabledDestinationChains.has(destinationChainId)) {
eligibilityBlockers.push('overlay:destinationChainDisabled');
}
if (!mappingEntry) eligibilityBlockers.push('mapping:pairMissing');
if (!isNonZeroAddress(canonicalAddress)) eligibilityBlockers.push('mapping:canonicalAddressMissing');
if (!isNonZeroAddress(mirroredAddress)) eligibilityBlockers.push('mapping:mirroredAddressMissing');
if (!mirrorDeployed) eligibilityBlockers.push('deployment:mirroredTokenNotDeployed');
if (!bridgePeerConfigured) eligibilityBlockers.push('config:bridgePeerRefMissing');
if (!maxOutstandingConfigured) eligibilityBlockers.push('config:maxOutstandingRefMissing');
if (!reserveVerifierConfigured) eligibilityBlockers.push('config:reserveVerifierRefMissing');
const eligible = eligibilityBlockers.length === 0;
const runtimeMissingRequirements = [];
if (!runtimeL1BridgeAddress) runtimeMissingRequirements.push('bridge:l1Bridge');
if (!runtimeL2BridgeAddress) runtimeMissingRequirements.push('bridge:l2Bridge');
if (maxOutstanding.required && !runtimeMaxOutstandingValue) {
runtimeMissingRequirements.push('policy:maxOutstanding');
}
if (pair.reserveVerifierKey) {
if (!runtimeReserveVerifierBridgeAddress) runtimeMissingRequirements.push('reserveVerifier:bridgeRef');
if (!runtimeReserveVerifierAddress) runtimeMissingRequirements.push('reserveVerifier:verifierRef');
if (runtimeReserveVerifier?.requireVaultBacking && !runtimeReserveVaultAddress) {
runtimeMissingRequirements.push('reserveVerifier:vaultRef');
}
if (runtimeReserveVerifier?.requireReserveSystemBalance && !runtimeReserveSystemAddress) {
runtimeMissingRequirements.push('reserveVerifier:reserveSystemRef');
}
}
if (deploymentChain?.bridgeAvailable === false) {
runtimeMissingRequirements.push('deployment:bridgeUnavailable');
}
const runtimeReady = eligible && runtimeMissingRequirements.length === 0;
return {
...pair,
canonicalChainId,
destinationChainId,
canonicalSymbol,
mirroredSymbol,
canonicalAddress,
mirroredAddress,
mirrorDeploymentAddress,
peer,
mappingFound: !!mappingEntry,
mirrorDeployed,
canonicalEnabled: enabledCanonicalTokens.has(normalizeSymbol(canonicalSymbol)),
destinationEnabled: enabledDestinationChains.has(destinationChainId),
bridgeAvailable: deploymentChain?.bridgeAvailable ?? null,
bridgePeerConfigured,
maxOutstandingConfigured,
reserveVerifierConfigured,
runtimeL1BridgeAddress: runtimeL1BridgeAddress || null,
runtimeL2BridgeAddress: runtimeL2BridgeAddress || null,
runtimeBridgeReady,
runtimeMaxOutstandingValue: runtimeMaxOutstandingValue || null,
runtimeMaxOutstandingReady,
runtimeReserveVerifierBridgeAddress: runtimeReserveVerifierBridgeAddress || null,
runtimeReserveVerifierAddress: runtimeReserveVerifierAddress || null,
runtimeReserveVaultAddress: runtimeReserveVaultAddress || null,
runtimeReserveSystemAddress: runtimeReserveSystemAddress || null,
runtimeReserveVerifierReady,
runtimeMissingRequirements,
eligibilityBlockers,
runtimeReady,
eligible,
};
});
}
function getActiveTransportPair(fromChainId, toChainId, criteria = {}, options = {}) {
const from = Number(fromChainId);
const to = Number(toChainId);
const normalizedSymbol = normalizeTransportSymbol(
criteria.symbol || criteria.canonicalSymbol || criteria.mirroredSymbol || ''
);
const normalizedSourceAddress = normalizeAddress(
criteria.address || criteria.sourceTokenAddress || criteria.tokenAddress || ''
);
const normalizedTargetAddress = normalizeAddress(criteria.targetTokenAddress || '');
return (
getActiveTransportPairs(options).find((pair) => {
const sameDirection = pair.canonicalChainId === from && pair.destinationChainId === to;
const reverseDirection = pair.canonicalChainId === to && pair.destinationChainId === from;
if (!sameDirection && !reverseDirection) return false;
if (normalizedSymbol) {
const pairSymbols = new Set([
normalizeTransportSymbol(pair.canonicalSymbol),
normalizeTransportSymbol(pair.mirroredSymbol),
normalizeSymbol(pair.canonicalSymbol),
normalizeSymbol(pair.mirroredSymbol),
]);
if (!pairSymbols.has(normalizedSymbol)) return false;
}
if (normalizedSourceAddress) {
const allowedSourceAddresses = sameDirection
? [pair.canonicalAddress, pair.mirroredAddress]
: [pair.mirroredAddress, pair.canonicalAddress];
if (!allowedSourceAddresses.some((address) => normalizeAddress(address) === normalizedSourceAddress)) {
return false;
}
}
if (normalizedTargetAddress) {
const targetAddress = sameDirection ? pair.mirroredAddress : pair.canonicalAddress;
if (normalizeAddress(targetAddress) !== normalizedTargetAddress) return false;
}
return true;
}) || null
);
}
function getKnownMirroredTokenAddresses(chainId, options = {}) {
const multichainJsonPath = options.multichainJsonPath || DEFAULT_MULTICHAIN_JSON_PATH;
const deploymentJsonPath = options.deploymentJsonPath || DEFAULT_DEPLOYMENT_STATUS_JSON_PATH;
const data = loadTokenMappingMultichainJson(multichainJsonPath);
const deployment = loadDeploymentStatusJson(deploymentJsonPath);
const chainKey = String(Number(chainId));
const out = new Set();
if (deployment && deployment.chains && deployment.chains[chainKey]?.cwTokens) {
for (const address of Object.values(deployment.chains[chainKey].cwTokens)) {
if (isNonZeroAddress(address)) out.add(normalizeAddress(address));
}
}
if (data && Array.isArray(data.pairs)) {
const pair = data.pairs.find((entry) => Number(entry.fromChainId) === 138 && Number(entry.toChainId) === Number(chainId));
if (pair && Array.isArray(pair.tokens)) {
for (const token of pair.tokens) {
if (String(token.key || '').endsWith('_cW') && isNonZeroAddress(token.addressTo)) {
out.add(normalizeAddress(token.addressTo));
}
}
}
}
return Array.from(out);
}
function getActivePublicPools(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.publicPools)) return [];
return data.publicPools;
}
function getPublicPoolRecord(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
if (!isNonZeroAddress(poolAddress)) return null;
const normalizedPoolAddress = normalizeAddress(poolAddress);
return (
getActivePublicPools(jsonPath).find(
(pool) => Number(pool.chainId) === Number(chainId) && normalizeAddress(pool.poolAddress) === normalizedPoolAddress
) || null
);
}
function isPublicPoolActive(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const record = getPublicPoolRecord(chainId, poolAddress, jsonPath);
return !!record && record.active === true;
}
function isPublicPoolRoutable(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const record = getPublicPoolRecord(chainId, poolAddress, jsonPath);
return !!record && record.active === true && record.routingEnabled === true;
}
function isPublicPoolMcpVisible(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const record = getPublicPoolRecord(chainId, poolAddress, jsonPath);
return !!record && record.active === true && record.mcpVisible === true;
}
function shouldExposePublicPool(
chainId,
poolAddress,
token0Address,
token1Address,
activeJsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH,
multichainJsonPath = DEFAULT_MULTICHAIN_JSON_PATH,
deploymentJsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH
) {
const mirroredAddresses = new Set(getKnownMirroredTokenAddresses(chainId, { multichainJsonPath, deploymentJsonPath }));
const touchesMirroredToken =
mirroredAddresses.has(normalizeAddress(token0Address)) || mirroredAddresses.has(normalizeAddress(token1Address));
if (!touchesMirroredToken) return true;
return isPublicPoolActive(chainId, poolAddress, activeJsonPath);
}
function shouldUsePublicPoolForRouting(
chainId,
poolAddress,
token0Address,
token1Address,
activeJsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH,
multichainJsonPath = DEFAULT_MULTICHAIN_JSON_PATH,
deploymentJsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH
) {
const mirroredAddresses = new Set(getKnownMirroredTokenAddresses(chainId, { multichainJsonPath, deploymentJsonPath }));
const touchesMirroredToken =
mirroredAddresses.has(normalizeAddress(token0Address)) || mirroredAddresses.has(normalizeAddress(token1Address));
if (!touchesMirroredToken) return true;
return isPublicPoolRoutable(chainId, poolAddress, activeJsonPath);
}
module.exports = {
loadTokenMappingJson,
loadTokenMappingMultichainJson,
loadGruTransportActiveJson,
loadRoutingRegistryJson,
loadDeploymentStatusJson,
loadPoolMatrixJson,
getRelayTokenMapping,
getTokenList,
getTokenMappingForPair,
getAllMultichainPairs,
getMappedAddress,
getRoutingRegistryRoutes,
getGruTransportMetadata,
getEnabledCanonicalTokens,
getEnabledCanonicalToken,
getEnabledDestinationChains,
isCanonicalTokenActive,
isDestinationChainActive,
getApprovedBridgePeer,
getActiveTransportPairs,
getActiveTransportPair,
getKnownMirroredTokenAddresses,
getActivePublicPools,
isPublicPoolActive,
isPublicPoolRoutable,
isPublicPoolMcpVisible,
shouldExposePublicPool,
shouldUsePublicPoolForRouting,
resolveConfigRef,
isNonZeroAddress,
DEFAULT_JSON_PATH,
DEFAULT_MULTICHAIN_JSON_PATH
DEFAULT_MULTICHAIN_JSON_PATH,
DEFAULT_GRU_ACTIVE_JSON_PATH,
DEFAULT_ROUTING_REGISTRY_JSON_PATH,
DEFAULT_DEPLOYMENT_STATUS_JSON_PATH,
DEFAULT_POOL_MATRIX_JSON_PATH,
};

42
config/token-mapping-multichain.json
View File

@@ -174,6 +174,48 @@
}
]
},
{
"fromChainId": 138,
"toChainId": 1,
"notes": "Chain 138 ↔ Ethereum Mainnet (CCIP); direct mapping; c*_cW = c* on 138 → cW* on destination",
"tokens": [
{
"key": "WETH9",
"name": "Wrapped Ether",
"addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"addressTo": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"notes": "138 WETH9 → Ethereum WETH"
},
{
"key": "Compliant_USDT",
"name": "cUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0xdAC17F958D2ee523a2206206994597C13D831ec7",
"notes": "138 cUSDT → Ethereum USDT (native)"
},
{
"key": "Compliant_USDT_cW",
"name": "cUSDT→cWUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0xaF5017d0163ecb99D9B5D94e3b4D7b09Af44D8AE",
"notes": "138 cUSDT → Ethereum cWUSDT"
},
{
"key": "Compliant_USDC",
"name": "cUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"notes": "138 cUSDC → Ethereum USDC (native)"
},
{
"key": "Compliant_USDC_cW",
"name": "cUSDC→cWUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0x2de5F116bFcE3d0f922d9C8351e0c5Fc24b9284a",
"notes": "138 cUSDC → Ethereum cWUSDC"
}
]
},
{
"fromChainId": 138,
"toChainId": 56,

56
dbis_chain_138_technical_master_plan.md
View File

@@ -5,6 +5,12 @@ This document is the governance and execution baseline for DBIS Chain 138 infras
The objective is to move from architecture theory to a production-grade sovereign deployment program that is evidence-based, phased, and operationally auditable.
## Repo backlog alignment (2026-03-30)
**Operational status** (Open/Done, P1 IDs, routing, CCIP, E2E evidence) lives in `docs/00-meta/TODOS_CONSOLIDATED.md`, `docs/00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md`, and `docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md`. This file stays the **architecture and phased-intent** baseline; refresh cross-links after major deploys or when **P1-E01** reconciliation is run.
**Web and institutional surface (d-bis.org multi-portal):** [docs/02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](docs/02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md) — public IA, data API contract, trust JSON, subdomain map; complements this chain/Hyperledger baseline.
---
# SECTION 1 — MASTER OBJECTIVES
@@ -26,11 +32,13 @@ The objective is to move from architecture theory to a production-grade sovereig
## Deployed now
- Hyperledger Besu (QBFT, Chain 138)
- Hyperledger Fabric containers and VMIDs are allocated
- Hyperledger Indy containers and VMIDs are allocated
- Hyperledger FireFly primary container footprint exists
- Hyperledger Cacti primary `5200` is app-healthy against Chain 138
- Hyperledger Fabric primary `6000` runs an operational sample network
- Hyperledger Indy primary `6400` runs an operational four-node local pool
- Hyperledger Aries / AnonCreds primary `6500` runs a live ACA-Py agent with the `askar-anoncreds` wallet path
- Hyperledger FireFly primary `6200` exposes a working local API footprint
- Hyperledger Caliper primary `6600` hosts an operational upstream benchmark workspace
- Blockscout / explorer stack
- Hyperledger Caliper hook and performance guidance (documentation only)
## Partially deployed / under validation
@@ -38,20 +46,23 @@ The objective is to move from architecture theory to a production-grade sovereig
- primary `6200` is restored as a minimal local FireFly API footprint
- secondary `6201` is present in inventory but currently behaves like a retired / standby shell with no valid deployment payload
- Hyperledger Fabric:
- `6000`, `6001`, `6002` are present in inventory but are now intentionally stopped as reserved placeholders
- current app-level verification did not show active Fabric peer / orderer workloads or meaningful Fabric payloads inside those CTs
- primary `6000` is operational and validated at the application level
- `6001` and `6002` remain reserved placeholder inventory
- Hyperledger Indy:
- `6400`, `6401`, `6402` are present in inventory but are now intentionally stopped as reserved placeholders
- current app-level verification did not show active Indy node listeners or meaningful Indy payloads inside those CTs
- primary `6400` is operational and validated at the application level
- `6401` and `6402` remain reserved placeholder inventory
- Hyperledger Aries / AnonCreds:
- primary `6500` is operational and validated at the application level
- no RTGS credential issuance / verification flow is yet validated end to end
- Hyperledger Caliper:
- primary `6600` is operational and validated as a benchmark workspace
- approved workload profiles and recorded benchmark runs are not yet in place
## Planned / aspirational
- Hyperledger Aries as a proven deployed service tier
- Hyperledger AnonCreds as an operationally verified deployed layer
- Hyperledger Ursa as a required runtime dependency
- Hyperledger Ursa as a direct operator-managed runtime dependency, if later required
- Hyperledger Quilt
- Hyperledger Avalon
- Hyperledger Cacti as a proven live interoperability layer
- Full multi-region sovereignized Proxmox with Ceph-backed storage and segmented production VLANs
---
@@ -65,6 +76,7 @@ The source-of-truth discovery path for current state is:
- [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md)
- [docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md)
- [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md)
- [docs/03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](docs/03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md)
- [scripts/verify/run-phase1-discovery.sh](scripts/verify/run-phase1-discovery.sh)
- [config/proxmox-operational-template.json](config/proxmox-operational-template.json)
- [docs/04-configuration/ALL_VMIDS_ENDPOINTS.md](docs/04-configuration/ALL_VMIDS_ENDPOINTS.md)
@@ -177,12 +189,12 @@ The executable placement artifact is:
- Workflow VM / CT family for FireFly
- Institutional VM / CT family for Fabric
- Identity VM / CT family for Indy
- Identity VM / CT family for Indy plus Aries / AnonCreds
- Performance VM / CT family for Caliper
### Planned / aspirational
- Identity VM template that includes proven Aries + AnonCreds runtime
- Interoperability VM template for true Hyperledger Cacti usage
- Interoperability VM template for true cross-ledger Cacti usage
## Implementation rule
@@ -604,11 +616,11 @@ stateDiagram-v2
## Current state
- CCIP relay and Chain 138 cross-chain infrastructure exist in the broader stack.
- Hyperledger Cacti is not currently proven as the live interoperability engine for DBIS in this environment.
- Hyperledger Cacti primary `5200` is now proven as a live interoperability layer for Besu in this environment.
## Planning rule
This plan must refer to Cacti as `future / optional` until a deployed and validated Cacti environment is evidenced in discovery artifacts.
This plan may treat Cacti primary as `deployed and validated`, while any broader multi-connector Cacti expansion remains optional until additional app-level evidence exists.
---
@@ -640,7 +652,8 @@ The pipeline is partially implemented via scripts and runbooks; it is not yet a
## Current state
- Hyperledger Caliper is not vendored in this repo.
- A documented performance hook exists instead of a committed benchmark harness.
- Primary `6600` now hosts a live upstream Caliper workspace bound for Besu `1.4`.
- A documented performance hook exists, but workload execution is not yet a routine readiness gate.
## Canonical artifact
@@ -648,7 +661,7 @@ The pipeline is partially implemented via scripts and runbooks; it is not yet a
## Interpretation rule
Performance benchmarking is planned and documented, but not yet a routine automated readiness gate.
Performance benchmarking is now operationally staged, but it is not yet a routine automated readiness gate.
---
@@ -767,8 +780,8 @@ Separate security compliance and benchmark reports remain future deliverables un
## Infrastructure gaps
- FireFly secondary `6201` is currently stopped and should be treated as retired / standby until intentionally rebuilt.
- Fabric CTs are present in inventory, but current app-level verification did not prove active Fabric peer or orderer services and did not show meaningful Fabric payloads; they are now intentionally stopped as reserved placeholders.
- Indy CTs are present in inventory, but current app-level verification did not prove active Indy validator listeners and did not show meaningful Indy payloads; they are now intentionally stopped as reserved placeholders.
- Fabric secondary / tertiary CTs `6001` and `6002` remain placeholder inventory only.
- Indy secondary / tertiary CTs `6401` and `6402` remain placeholder inventory only.
- The current per-node app-level evidence table is maintained in [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md).
## Platform gaps
@@ -805,6 +818,7 @@ Executable counterparts in this repository:
| RTGS later-phase sidecars deployment checklist | `docs/03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md` |
| RTGS later-phase sidecars deployment scripts | `scripts/deployment/create-dbis-rtgs-later-phase-sidecar-lxcs.sh`, `scripts/deployment/deploy-dbis-rtgs-later-phase-sidecars.sh`, `scripts/verify/check-dbis-rtgs-later-phase-sidecars.sh` |
| Indonesia / BNI E2E integration blueprint | `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md` |
| Indonesia / BNI executable task list | `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md` |
| RTGS first-slice architecture | `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md` |
| RTGS first-slice deployment checklist | `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md` |
| Caliper hook | `docs/03-deployment/CALIPER_CHAIN138_PERF_HOOK.md`, `scripts/verify/print-caliper-chain138-stub.sh` |

2
docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md
View File

@@ -3,6 +3,8 @@
**Purpose:** Filtered view of high-priority and critical items from the canonical list.
**Canonical source:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (~139 items, 20 sections).
**Execution tracking:** Bulk completion is not implied by this file alone — use [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md), [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md), and live runs in [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md).
---
## 1. Proxmox / Validated Set (High) — Items 111

2
docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md
View File

@@ -55,6 +55,8 @@
All required fixes in [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) §§16 are **Done** or **Documented**. Placeholders (canonical addresses, AlltraAdapter, smart accounts, quote FABRIC_CHAIN_ID, .bak) are complete per that doc. Remaining work: operator/LAN tasks, deferred dbis_core TS (~1186), and external (audits, Ledger, CoinGecko).
**Live operator status (2026-03-29):** public explorer `/api/v1/report/*` + `/api/v1/networks` are healthy again, and `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` passed with `Failed: 0`. The remaining work is therefore mostly the irreversible/operator-owned tranche: real bridge sends, cross-chain funding/deployments, security hardening, external listings, and deferred TypeScript cleanup.
**Still not done — execution checklist:** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) — copy-paste commands and links for every operator/LAN, dbis_core TS, security-audit, external, and maintenance item.
---

2
docs/00-meta/CW_BRIDGE_TASK_LIST.md
View File

@@ -4,7 +4,7 @@
**Updated:** 2026-02-27 — In-repo tasks completed (Phase A, C1, F); operator tasks (D, E, C2C3) have runbook.
**Context:** After setting `CW_BRIDGE_<CHAIN>` from the deployed bridge suite (CCIPRelayBridge on Mainnet, CCIPWETH9_BRIDGE_* on other chains), this document reviews the note that those contracts may need extension for cW* and turns it into a concrete task list.
**Completion summary (in-repo):** Phase A (approach decided and documented), Phase C1 (CompliantWrappedToken.burnFrom added, tests added), Phase F (docs and runbook). Phase B marked N/A (Option 2 chosen). **Remaining steps script:** [run-cw-remaining-steps.sh](../../scripts/deployment/run-cw-remaining-steps.sh) — `--dry-run` (default), `--deploy`, `--update-mapping`, `--verify`. Phase D/E and C2C3: run script with `--deploy` when RPC/keys are set; then set CWUSDT_*/CWUSDC_* in .env and run `--update-mapping`; see [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md).
**Completion summary (in-repo):** Phase A (approach decided and documented), Phase C1 (CompliantWrappedToken.burnFrom added, tests added), Phase F (docs and runbook). Phase B marked N/A (Option 2 chosen). **Remaining steps script:** [run-cw-remaining-steps.sh](../../scripts/deployment/run-cw-remaining-steps.sh) — `--dry-run` (default), `--deploy`, `--update-mapping`, `--verify`, `--verify-hard-peg`. Phase D/E and C2C3: run script with `--deploy` when RPC/keys are set; then set CWUSDT_*/CWUSDC_* in .env and run `--update-mapping`; use `--verify-hard-peg` for the Avalanche hard-peg bridge state; see [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md).
---

4
docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md
View File

@@ -1,8 +1,10 @@
# Documentation Consolidation Plan
**Last Updated:** 2026-03-02
**Last Updated:** 2026-03-30
**Purpose:** Review, consolidate, and prune markdown docs. Single reference for what to keep, merge, or archive.
**2026-03-30:** Live verification logged in [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). **Pruning unchanged** — no automated mass deletion; use [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) for intentional archive moves.
**Related:** [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) — inventory of moved material. Dated review docs from 2026-02 live only on disk under `docs/archive/`; **active runbooks should not link there** — use [MASTER_INDEX.md](../MASTER_INDEX.md) and living paths in this plan.
---

7
docs/00-meta/DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md
View File

@@ -27,7 +27,8 @@
| **PRIVATE_KEY** | Deploy, bridge send, forge script | 64-char hex; same wallet holds LINK for CCIP fees |
| **RPC_URL_138** | Deploy, verify, on-chain checks | Use IP:port for deploy: `http://192.168.11.211:8545` |
| **ETH_MAINNET_RPC_URL** / **ETHEREUM_MAINNET_RPC** | Mainnet verify, CCIP, relay | Infura/Alchemy |
| **CCIPWETH9_BRIDGE_CHAIN138**, **CCIPWETH10_BRIDGE_CHAIN138** | Bridge scripts, token-aggregation, routing | Canonical: WETH9 `0xcacfd227A040002e49e2e01626363071324f820a`; WETH10 `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` |
| **CCIP_ROUTER** / **CHAIN_138_CCIP_ROUTER** | CCIP send, relay scripts | Canonical `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817`; legacy direct `CCIP_ROUTER_DIRECT_LEGACY` `0x8078…` |
| **CCIPWETH9_BRIDGE_CHAIN138**, **CCIPWETH10_BRIDGE_CHAIN138** | Bridge scripts, token-aggregation, routing | Canonical WETH9 `0xcacfd227A040002e49e2e01626363071324f820a`; legacy `CCIPWETH9_BRIDGE_DIRECT_LEGACY` `0x971c…`; WETH10 `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` |
| **CHAIN_138_DODO_PMM_INTEGRATION** | Token-aggregation indexer, quotes | `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` |
| **CUSDT_ADDRESS_138**, **CUSDC_ADDRESS_138** | Scripts, token-aggregation | Canonical in EXPLORER_TOKEN_LIST_CROSSCHECK §5 |
| **DATABASE_URL** | Token-aggregation DB, migrations | When using PostgreSQL (e.g. VMID 5000) |
@@ -71,7 +72,7 @@
| Task | Result |
|------|--------|
| **validate-config-files.sh** | ✅ Passed |
| **run-completable-tasks-from-anywhere.sh** | ✅ Passed (config, on-chain 59/59, validation --skip-genesis, reconcile output printed) |
| **run-completable-tasks-from-anywhere.sh** | ✅ Passed (config, on-chain **64/64** after 2026-03-30 script update, validation --skip-genesis, reconcile output printed) |
| **check-pmm-pool-balances-chain138.sh** | ✅ Pool 1: 2M cUSDT / 2M cUSDC; Pools 23 empty (expected) |
| **deployer-gas-auto-route.sh --dry-run** | ✅ Ran; 6 chains need gas (1, 56, 10, 42161, 8453, 25); Celo/Wemix/651940/42793 “no RPC configured” if RPC not in env |
@@ -84,7 +85,7 @@
| Gap | Location | Recommendation |
|-----|----------|----------------|
| **CCIPWETH10 on Chain 138** | CONTRACT_ADDRESSES_REFERENCE.md: `0xe0E93247376aa097dB308B92e6Ba36bA015535D0`. Older bootstrap defaults may still mention `0xF5a87528cEb72312979DB0C51509489caF940721`, but the active routing registry and env-backed defaults now use `0xe0E932...`. | Keep `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` as the canonical WETH10 bridge and update any remaining legacy bootstrap references if they resurface. |
| **CCIPWETH9 on Chain 138** | Docs mention both `0x971cD9...` and `0xcacfd227...`. On-chain check and routing-registry use `0xcacfd227...`. | Treat `0xcacfd227A040002e49e2e01626363071324f820a` as canonical for “working” WETH9 bridge; document the other in CONTRACT_ADDRESSES_REFERENCE as alternate/deploy if applicable. |
| **CCIPWETH9 on Chain 138** | ~~Dual addresses~~ **Resolved 2026-03-30:** canonical `0xcacfd227…` (`CCIPWETH9_BRIDGE_CHAIN138`); legacy `0x971c…` (`CCIPWETH9_BRIDGE_DIRECT_LEGACY`). Both in bytecode check, [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md), [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), `config/smart-contracts-master.json`. |
### 4.2 Missing or placeholder env

6
docs/00-meta/EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md
View File

@@ -60,7 +60,7 @@
| # | Step | Command / action | Status |
|---|------|------------------|--------|
| C.1 | Deploy or bridge cW* per chain | Use cross-chain-pmm-lps config/chains.json, pool-matrix.json; deploy CompliantWrappedToken per chain; record in deployment-status.json and .env | ⏳ Pending (deployment-status.json has no cW* addresses) |
| C.1 | Deploy or bridge cW* per chain | Use cross-chain-pmm-lps config/chains.json, pool-matrix.json; deploy CompliantWrappedToken per chain; record in deployment-status.json and .env | ⚠️ Partial (`deployment-status.json` now records cW* addresses and bridge availability on active chains; remaining work is dedicated receiver alignment on broader lanes) |
| C.2 | Create PMM edge pools per chain | From pool-matrix poolsFirst create cWUSDT/USDC, cWUSDC/USDC, etc. per chain | ⏳ Pending |
| C.3 | Add initial liquidity to edge pools | Add base/quote to each pool; size for larger transfers | ⏳ Pending |
| C.4 | Record pool addresses | Populate deployment-status.json chains[chainId].pmmPools | ⏳ Pending |
@@ -124,11 +124,11 @@
## 10. Execution run summary (2026-03-06)
- **Full verification run (incl. optional):** completable ✅, validate-config ✅, check-contracts 59/59 ✅, PMM balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, test-all-contracts (unit) 457 ✅, E2E flow dry-run ✅, E2E routing 37 domains 0 failed ✅, operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify).
- **Full verification run (incl. optional):** completable ✅, validate-config ✅, check-contracts **64/64** ✅ (from 2026-03-30 script list), PMM balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, test-all-contracts (unit) 457 ✅, E2E flow dry-run ✅, E2E routing **37** public domains **Failed: 0** (2026-03-06 inventory) ✅, operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify). **Later:** public profile **44** domains **Failed: 0** (2026-03-29) — [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md).
- **Prerequisites:** validate-config ✅, preflight ✅, deployer balance script ✅, PMM balances ✅ (Pool 1: 2M/2M).
- **Phase A:** A.1/A.2 done; A.4 set; A.3, A.5 pending/optional.
- **Phase B:** preflight all — Gnosis/Celo OK, Cronos low CRO, Wemix 0 WEMIX; complete-config dry-run OK; B.4 LINK blocked; B.5 validate passed.
- **SBS:** SBS.1 requires BRIDGE_REGISTRY_ADDRESS (deploy BridgeRegistry if needed); SBS.2SBS.5 pending.
- **Phase C:** deployment-status.json empty for cW* and pmmPools; C.1C.5 pending.
- **Phase C:** `deployment-status.json` now records cW* token addresses and bridge availability on active chains, and the dedicated AVAX `cUSDT -> cWUSDT` corridor is proven. PMM pool arrays remain empty, so C.2C.5 are still pending and broader cW routing remains partial.
- **Liquidity maintenance:** 6.1 verified; 6.36.6 pending or when Phase C live.
- **Optional:** 7.17.4 documented; not executed (optional).

48
docs/00-meta/GAPS_STATUS.md
View File

@@ -1,7 +1,22 @@
# Gaps Status — Consolidated View
**Last Updated:** 2026-03-02
**Purpose:** Single reference for all gap sources and current status. Use this to see what is fixed in-repo vs what remains operator/external.
**Last Updated:** 2026-03-30
**Purpose:** Single reference for gap sources and current status. **Live checks:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). **Full recommendation backlog is not auto-complete** — see [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) and [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md).
---
## Live verification snapshot (2026-03-30)
| Area | Result |
|------|--------|
| Core RPC, Explorer, NPMplus (LAN) | Reachable (see log) |
| `validate-config-files.sh` | Passed |
| `run-all-validation.sh --skip-genesis` | Passed |
| `check-contracts-on-chain-138.sh` | **64/64** present (includes ISO20022Router; expanded address list) |
| Public + private E2E routing | **Failed: 0** (evidence paths in log) |
| `submodules-clean.sh` | **Failed** — dirty `dbis_core`, `smom-dbis-138` trees |
**2026-03-29 follow-up:** Same checks re-run on the operator workspace — config + **61/61** on-chain still green; public E2E evidence `verification-evidence/e2e-verification-20260329_235044/`, private `...235128/`; submodule hygiene unchanged. See [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md) (section “Follow-up session”).
---
@@ -10,33 +25,36 @@
| Document | Scope | Status |
|----------|--------|--------|
| [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) | Build, contracts, canonical list, placeholders, docs, tests | All §§16 **Done** or Documented. §9 optional/informational. |
| [04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) | Explorer API, token-aggregation, nginx order, tests, CI | §12, 58 **Fixed**. §34 **Addressed** (nginx order documented; Explorer/Wallet timeouts 25s). §9 optional. §12 operator. |
| [04-configuration/VERIFICATION_GAPS_AND_TODOS.md](../04-configuration/VERIFICATION_GAPS_AND_TODOS.md) | Missing scripts, placeholders, runbook .env | backup-npmplus.sh **Created**. Runbook production note **Added** (INGRESS_VERIFICATION_RUNBOOK; VERIFICATION_GAPS doc). Sankofa/TBD remain until services deployed. |
| [00-meta/CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md) | cW* bridge mint/receive | Phases A, C1, F **Done** (in-repo). C2C3, D, E **Operator** (deploy receiver, wire, test E2E). |
| [00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) | 139+ recommendations (Proxmox, code, docs, security, infra) | Many done or ongoing. Track per section; high-priority security/config items in §12, 6. |
| [04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) | Explorer API, token-aggregation, nginx order, tests, CI | §12, 58 **Fixed**. §34 **Addressed**. §9 optional. §12 operator. |
| [04-configuration/VERIFICATION_GAPS_AND_TODOS.md](../04-configuration/VERIFICATION_GAPS_AND_TODOS.md) | Missing scripts, placeholders, runbook .env | backup-npmplus.sh **Created**. Production notes added. |
| [00-meta/CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md) | cW* bridge mint/receive | Phases A, C1, F **Done** (in-repo). C2C3, D, E **Operator**. |
| [00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) | 139+ recommendations | **Ongoing** — track per section; high-priority in §12, 6. |
---
## Fixes applied in this pass (2026-03-02)
## Fixes applied (2026-03-02) — retained for history
| Gap | Fix |
|-----|-----|
| Explorer homepage / Wallet page tests intermittent | `scripts/verify-all-systems.sh`: timeout for Explorer homepage and Wallet page increased 15s → 25s. |
| Nginx proxy order (§3 DETAILED_GAPS) | Confirmed `fix-nginx-conflicts-vmid5000.sh` has `location /api/v1/` before `location /api/`; status set to Addressed; operator should use this script. |
| Runbook placeholders / .env in production | INGRESS_VERIFICATION_RUNBOOK.md: production note added in Prerequisites. VERIFICATION_GAPS_AND_TODOS: documentation note added. |
| §12 Nginx + config on VMID 5000 | `scripts/apply-remaining-operator-fixes.sh` created; run from LAN applies nginx fix and deploys explorer config via Proxmox host. **Executed 2026-03-02:** nginx fix and config deploy succeeded. |
| Explorer homepage / Wallet page tests intermittent | `scripts/verify-all-systems.sh`: timeout 15s → 25s. |
| Nginx proxy order | `fix-nginx-conflicts-vmid5000.sh`; operator runbook. |
| Runbook placeholders / .env in production | INGRESS_VERIFICATION_RUNBOOK, VERIFICATION_GAPS notes. |
| §12 Nginx + config on VMID 5000 | `apply-remaining-operator-fixes.sh` (2026-03-02). |
---
## Remaining (operator / external)
## Remaining (operator / external / engineering)
- **Operator (LAN/Proxmox):** ~~Apply nginx config on VMID 5000~~ **Done 2026-03-02** via `./scripts/apply-remaining-operator-fixes.sh` (nginx fix + explorer config deploy). Create token_aggregation DB and run migrations; restart token-aggregation; run run-all-operator-tasks-from-lan.sh; deploy TwoWayTokenBridgeL2 (or cW* receiver) per chain; wire CW_BRIDGE_* and test E2E. See [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md), [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md), [DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) §12.
- **External / TBD:** Sankofa cutover placeholders until services deployed; CMC/CoinGecko submission; ramp provider outreach for Chain 138. See [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md).
- **Operator (LAN/Proxmox):** token_aggregation DB/migrations; `run-all-operator-tasks-from-lan.sh`; CCIP fund/complete-config; cW* per [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md). [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
- **External:** CMC/CoinGecko, Ledger, ramps — [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md).
- **Submodules:** clean or commit dirty `dbis_core` / `smom-dbis-138` before CI that requires `submodules-clean.sh`.
- **dbis_core TS / Prisma:** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) §2.
---
## Quick reference
- **In-repo actionable gaps:** Addressed or documented; see REQUIRED_FIXES_UPDATES_GAPS §§16 and this doc.
- **In-repo actionable gaps:** Addressed or documented; see REQUIRED_FIXES_UPDATES_GAPS §§16.
- **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
- **Remaining tasks (one page):** [REMAINING_TASKS.md](REMAINING_TASKS.md).
- **Pruning:** No bulk archive delete in 2026-03-30 pass — [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md), [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md).

41
docs/00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md Normal file
View File

@@ -0,0 +1,41 @@
# Integration gaps and next steps (consolidated)
**Date:** 2026-03-30 (updated same day — open items closed)
**Purpose:** One place for cross-cutting integration gaps called out across OMNL, DBIS Core, Chain 138, RTGS, ISO-20022, and institutional config — with pointers to canonical runbooks and owners.
## Resolved in-repo (2026-03-30 follow-up)
| ID | Topic | Resolution |
|----|--------|------------|
| **G1** | CCIP Router / WETH9 bridge doc vs bytecode list | **Canonical Chain 138 router** is `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` (relay path, matches `smom-dbis-138/.env`). **Legacy direct router** `0x8078…` and **legacy WETH9 bridge** `0x971c…` remain deployed and are included in `check-contracts-on-chain-138.sh`. **Canonical WETH9 bridge** `0xcacfd227…` is the sendCrossChain path. [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) section 1.3 lists canonical + legacy rows. |
| **G2** | `config/smart-contracts-master.json` missing | **Added** publishable [`config/smart-contracts-master.json`](../../config/smart-contracts-master.json) — 64 Chain 138 contracts + `envVarMap` + mainnet relay pair (chain `1`). When present, `check-contracts-on-chain-138.sh` and `load-contract-addresses.sh` use it (jq). |
| **G3** | Explorer `address-inventory.json` drift | **Aligned** `explorer-monorepo/config/address-inventory.json` Chain 138 keys (`CCIP_ROUTER_*`, `CCIPWETH9_BRIDGE*`, `LINK_TOKEN_138`) to the master JSON. **CI guard:** [`scripts/validation/validate-explorer-chain138-inventory.sh`](../../scripts/validation/validate-explorer-chain138-inventory.sh) (wired from [`validate-config-files.sh`](../../scripts/validation/validate-config-files.sh)). Explorer shell script fallbacks and `explorer-spa.js` labels updated to canonical addresses where they referred to Chain 138. |
| **G4** | ISO20022Router E2E acceptance | **Documented** manual acceptance criteria in [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) (subsection under Related artifacts). Full automation is out of scope until a frozen relayer/sidecar test harness exists. |
| **G5** | `event_producer` process | **Closed as process:** extend [`event-producers.manifest.json`](../../config/dbis-institutional/event-producers.manifest.json) and [`settlement-event.schema.json`](../../config/dbis-institutional/schemas/settlement-event.schema.json) `enum` together; see [`config/dbis-institutional/README.md`](../../config/dbis-institutional/README.md). |
| **G6** | AddressMapper `.env` vs matrix | **Resolved:** Two deployments on Core — canonical `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` and legacy duplicate `0xe48E3f248698610e18Db865457fcd935Bb3da856`. On-chain: **identical bytecode**; `getDeployedAddress(WETH genesis)` and `owner()` match. SSOT remains matrix + [`config/smart-contracts-master.json`](../../config/smart-contracts-master.json). [`smom-dbis-138/config/address-inventory.chain138.json`](../../smom-dbis-138/config/address-inventory.chain138.json) updated; operators should set **`ADDRESS_MAPPER`** in `smom-dbis-138/.env` to the **canonical** address. |
### Earlier pass (same doc lineage)
| Topic | Resolution |
|-------|------------|
| Master JSON vs docs narrative | [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [config/README-CONTRACTS-MASTER.md](../../config/README-CONTRACTS-MASTER.md) describe JSON + embedded fallback behavior. |
| ISO20022Router in matrix / check | Address `0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074` in matrix, reference doc, and bytecode list. |
| `rail_iso_hash` | [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) section 14.2 → [DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md](../dbis-rail/DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md). |
| `event_producer` enum + manifest | [event-producers.manifest.json](../../config/dbis-institutional/event-producers.manifest.json) + schema enum. |
| E2E matrix links | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) related artifacts. |
## Open follow-ups (new work, not G1G6)
| Topic | Owner | Note |
|-------|--------|------|
| **Automated ISO20022Router integration test** | Settlement / QA | When relayer + test wallet are stable, add scripted tx + settlement-event assertion (extends G4 doc criteria). |
## Canonical pointers
- OMNL / Core / Smart Vault / RTGS: [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md)
- Production checklist: [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md)
- On-chain contract sweep: `scripts/verify/check-contracts-on-chain-138.sh` — expect **64/64** when LAN RPC reachable (canonical + legacy CCIP deployments).
- Machine-readable addresses: `config/smart-contracts-master.json`
- Institutional JSON schemas: `config/dbis-institutional/`
**Document status:** Living; file new gaps when discovered.

56
docs/00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md Normal file
View File

@@ -0,0 +1,56 @@
# Live verification log — 2026-03-30
**Purpose:** Record automated and manual checks run from the operator workspace, evidence paths, and doc alignment. **This does not** mark the full [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) backlog as complete; operator, external, and engineering items remain in [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) and [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) (P1).
---
## Checks executed
| Check | Command / path | Result (2026-03-30) |
|--------|------------------|---------------------|
| Core RPC JSON-RPC | `curl``http://192.168.11.211:8545` | HTTP **201** |
| Explorer | `https://explorer.d-bis.org/` | HTTP **200** |
| NPMplus UI | `http://192.168.11.167:81/` | HTTP **301** |
| Config validation | `bash scripts/validation/validate-config-files.sh` | **Passed** |
| P1 local slice | `bash scripts/verify/run-p1-local-verification.sh` | **Passed** (completable + validate-config; IRU tests optional) |
| Full validation (no genesis) | `bash scripts/verify/run-all-validation.sh --skip-genesis` | **Passed** (optional tools: sqlite3, websocat, etc. noted as missing — non-blocking) |
| Chain 138 bytecode | `scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545` | **64 present, 0 missing** (canonical + legacy CCIP router/WETH9 bridge, ISO20022Router; `config/smart-contracts-master.json` aligned) |
| Public E2E | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` | **Failed: 0**; 44 domains; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/` |
| Private E2E | `bash scripts/verify/verify-end-to-end-routing.sh --profile=private` | **Failed: 0**; 4 domains; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/` |
| Submodule hygiene | `bash scripts/verify/submodules-clean.sh` | **Exit 1****dirty trees** in `dbis_core/` and `smom-dbis-138/` (modified and untracked files). Clean or commit before CI gates that require clean submodules. |
---
## Documentation updates (same pass)
- Canonical **on-chain check** count aligned to **64 addresses** (`check-contracts-on-chain-138.sh` + `config/smart-contracts-master.json`; **ISO20022Router** `0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074`; legacy CCIP `0x8078…` / `0x971c…`) across [MASTER_INDEX.md](../MASTER_INDEX.md), [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md), [GAPS_STATUS.md](GAPS_STATUS.md), [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md), deployment runbooks, [CONTRACT_NEXT_STEPS_LIST.md](../11-references/CONTRACT_NEXT_STEPS_LIST.md), [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md), [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md), [ALL_RECOMMENDATIONS_HIGH_PRIORITY.md](ALL_RECOMMENDATIONS_HIGH_PRIORITY.md), and related 00-meta / dbis-rail pointers. Consolidated gaps: [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md).
- **Historical** lines in dated completion notes (e.g. 2026-02, 2026-03-06) that say **59/59** or **61/61** are left as-is where they record **that days** result; current target is **64**.
- **AddressMapper:** Core RPC verification — `0x439F…` (canonical) and `0xe48E…` (legacy) have **identical** `eth_getCode`; `cast call` `getDeployedAddress(0xC02a…)` and `owner()` **match**. Docs and `smom-dbis-138/config/address-inventory.chain138.json` reconciled to canonical; operators align live `.env` `ADDRESS_MAPPER` to `0x439F…`.
---
## Pruning
**No bulk deletion** of `docs/archive/` in this pass. Follow [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md) and [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) in a dedicated review. Prefer linking canonical docs from [MASTER_INDEX.md](../MASTER_INDEX.md) only.
---
## Follow-up session (2026-03-29)
Re-run from operator workspace after doc sweep:
| Check | Result |
|--------|--------|
| `validate-config-files.sh` | **Passed** |
| `check-contracts-on-chain-138.sh http://192.168.11.211:8545` | **61 present, 0 missing** (script list before ISO20022Router row) |
| `submodules-clean.sh` | **Exit 1** — same dirty trees (`dbis_core/`, `smom-dbis-138/`) |
| Public E2E `--profile=public` | **Failed: 0**; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/` |
| Private E2E `--profile=private` | **Failed: 0**; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/` |
---
## Recommended follow-ups (not run here)
- `./scripts/run-all-operator-tasks-from-lan.sh` (with appropriate flags).
- Resolve **submodule dirty** state for reproducible CI.
- Install **optional** validation tools if you want full `run-all-validation.sh` parity (sqlite3, websocat, shellcheck, etc.).

55
docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md
View File

@@ -2,10 +2,10 @@
> Historical note (2026-03-26): this consolidated TODO list includes superseded PMM-address references from earlier deployment phases. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`.
**Last Updated:** 2026-03-02
**Purpose:** Single checklist of all next steps and remaining tasks. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs).
**Last Updated:** 2026-03-30
**Purpose:** Narrative checklist of next steps and history. **Merged backlog + P1 IDs:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) (prefer **P1** for current Open/Done). **Live verification:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs).
**👉 Single list (runbooks not yet run + remaining deployments + recommendations):** this document ([NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md)).
**👉 Full narrative (this file):** historical “completed in pass” sections below + tables. **Action list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) § P1, V*, routing grid.
**See also:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) (full deployment order Phase 06 + preflight), [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md), [RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md), [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md), [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md).
@@ -15,18 +15,19 @@
## Remaining tasks (summary)
Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-03-02). **Single-page summary of what remains:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md) (operator/LAN and external only). **Task check (2026-03-02):** See [TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md) for per-task status. What remains:
Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-03-02). **On-chain bytecode check** target is **64/64** (expanded script list; ISO20022Router added 2026-03-30; verified **64/64** on LAN RPC same day). **Single-page summary:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md). **Task check:** [TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md). What remains:
| # | Task | Who | Command / doc |
|---|------|-----|----------------|
| 4 | **Full deployment order (Phase 06)** | Operator | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — prereqs → core → PMM pools → provider → optional → cW* → verify |
| 5 | **Chain 138 PMM:** add liquidity, ensure DODOPMMProvider registered | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); add liquidity per [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) |
| 5 | **Chain 138 PMM:** **three pools + DODOPMMProvider live**; Pool 1 (cUSDT/cUSDC) **2M/2M** (2026-03-06). **Optional:** more liquidity, Phase 2 / edge pools, `LIQUIDITY_POOLS_MASTER_MAP` | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **A1**, **L13** |
| 6 | **Operator tasks:** Blockscout verify, 502 fix, NPMplus backup, optional deploy | Operator/LAN | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]`; [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) |
| 7 | **Gnosis, Celo, Wemix CCIP bridges** | Operator/LAN | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md); DeployWETHBridges + destinations + fund LINK |
| 7 | **CCIP bridges:** **Celo + Gnosis** deployed (2026-03-04). **Remain:** Cronos (+ LINK), Wemix (tabled), `complete-config`, fund LINK — [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | Operator/LAN | Same; see [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **V4** |
| 8 | **LINK support on Mainnet relay** | Operator/LAN | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) |
| 9 | **Repos & PRs:** Ledger, Trust Wallet, Chainlist, on-ramps | External | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) |
| 10 | **PR-ready files:** Chainlist, Trust Wallet forms | Anyone | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) |
| 11 | **E2E flow waves E1E7** (add liquidity, CCIP fund, token-aggregation, Blockscout, L2 PMM, bridge UI, docs) | Operator/Dev | `./scripts/run-e2e-flow-tasks-full-parallel.sh`; [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md) |
| 12 | **Submodule hygiene** | Dev | `bash scripts/verify/submodules-clean.sh` → exit **0**; today dirty **`dbis_core/`**, **`smom-dbis-138/`** — [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **P1-F08**, **R1** |
**Optional / lower priority:** Wemix token verification; mint tokens to deployer for LPs/bridges ([TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md)); AddressMapper on other chains; Mainnet trustless stack; cW* on public chains. See [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md).
@@ -39,7 +40,7 @@ Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-0
| 1 | **From anywhere (no LAN):** config + on-chain + validation | Anyone | `./scripts/run-completable-tasks-from-anywhere.sh` |
| 2 | **Before any Chain 138 deploy:** preflight (RPC, dotenv, nonce, optional cost) | Anyone with .env | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` |
| 3 | **Full deployment order** | Operator | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 06: prereqs → core → PMM pools → provider → optional → cW* → verify |
| 4 | **Chain 138 PMM:** create pools, deploy DODOPMMProvider | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); `create-all-pmm-pools-chain138.sh`, then DeployDODOPMMProvider |
| 4 | **Chain 138 PMM:** pools + provider **already deployed** — optional add liquidity / parity scripts only | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); `mint-for-liquidity.sh --add-liquidity` if topping up |
| 5 | **Operator tasks (Blockscout, 502, backup, deploy)** | Operator/LAN | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`; [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) |
---
@@ -49,9 +50,20 @@ Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-0
| # | Item |
|---|------|
| — | **Documentation consolidation:** [MASTER_INDEX.md](../MASTER_INDEX.md) and [README.md](../README.md) created; [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) added (redirect); [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) deprecated (redirect stub). DOCUMENTATION_CONSOLIDATION_PLAN §5 (eliminating deprecated content) and ARCHIVE_CANDIDATES updated. |
| — | **Completable-from-anywhere run:** `./scripts/run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 59/59 (Chain 138); run-all-validation --skip-genesis OK; reconcile-env --print. E2E flow tasks dry-run: `./scripts/run-e2e-flow-tasks-full-parallel.sh --dry-run` (waves E0E7 listed). |
| — | **Completable-from-anywhere run:** `./scripts/run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain **64/64** (Chain 138; current script list); run-all-validation --skip-genesis OK; reconcile-env --print. E2E flow tasks dry-run: `./scripts/run-e2e-flow-tasks-full-parallel.sh --dry-run` (waves E0E7 listed). |
| — | **Preflight:** `./scripts/deployment/preflight-chain138-deploy.sh` — passed (dotenv, RPC Core, nonce consistent). |
| — | **Chain 138 next steps (full run):** `./scripts/deployment/run-all-next-steps-chain138.sh` — Step 1 preflight OK; Step 2 TransactionMirror already deployed, cUSDT/cUSDC pool already exists (continued); Step 3 Register c* as GRU: all 12 c* already registered (skip); Step 4 on-chain verification 59/59. Exit 0. |
| — | **Chain 138 next steps (full run):** `./scripts/deployment/run-all-next-steps-chain138.sh` — Step 1 preflight OK; Step 2 TransactionMirror already deployed, cUSDT/cUSDC pool already exists (continued); Step 3 Register c* as GRU: all 12 c* already registered (skip); Step 4 on-chain verification **64/64**. Exit 0. |
---
## Doc / verification sync (2026-03-2930)
| # | Item |
|---|------|
| — | **E2E routing:** `verify-end-to-end-routing.sh`**2026-03-29** public **44** domains + private **4**, **Failed: 0** (evidence under `docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/` and `...235128/`). Earlier **2026-03-06** public run used **37** domains (smaller list). |
| — | **On-chain:** `check-contracts-on-chain-138.sh`**64/64**; script env-load hardened (`PROJECT_ROOT`, `set +eu` around dotenv). |
| — | **Docs:** deployment runbooks + meta aligned from **59→61** address count; [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). |
| — | **Open (not repo-completable):** `submodules-clean.sh` exit **1** until submodule trees clean — **P1-F08** / **R1** in [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). |
---
@@ -63,7 +75,7 @@ Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-0
| — | **Deployment safety (four rules):** Correct RPC (Core only), correct dotenv (`smom-dbis-138/.env` only), Gas API/cost estimate before deploy, do not deploy when transactions stuck. Documented in DEPLOYMENT_ORDER_OF_OPERATIONS, PRE_DEPLOYMENT_CHECKLIST, CONTRACT_DEPLOYMENT_RUNBOOK. |
| — | **Preflight script:** `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` — checks dotenv, env keys, RPC (Core, chainId 138), deployer nonce (fails if stuck); optional `--cost` runs cost estimate. Linked from runbook and Phase 0. |
| — | **Todo/docs sync:** NEXT_STEPS_AND_REMAINING_TODOS, TODOS_CONSOLIDATED, TODO_TASK_LIST_MASTER updated with 2026-02-27 completion and deployment order/preflight refs. |
| — | **Completable run (2026-02-27):** `run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 59/59 (Chain 138); run-all-validation --skip-genesis OK; reconcile-env --print. |
| — | **Completable run (2026-02-27):** `run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 59/59 (Chain 138; historical count that day); **current target 64/64** — [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md), [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md). run-all-validation --skip-genesis OK; reconcile-env --print. |
---
@@ -136,7 +148,7 @@ Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-0
| # | Task | Owner | Ref |
|---|------|--------|-----|
| 1 | **Wemix (1111) token addresses:** Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); confirm WETH, USDT, USDC; re-verify with Tether/Circle/Wemix; if different official addresses, update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md). Run `bash scripts/validation/validate-config-files.sh`; remove "re-verify before production" when satisfied. | Operator | RECOMMENDED_COMPLETION_CHECKLIST §1 |
| 2 | **Gnosis, Celo, Wemix CCIP bridges:** Confirm CCIP supports 100, 42220, 1111. Per chain: set RPC, CCIP Router, LINK, WETH9/WETH10; run DeployWETHBridges; on 138 add destinations; on each new chain add 138; fund LINK; update env/docs. | **Operator/LAN** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) |
| 2 | **Gnosis, Celo, Wemix CCIP bridges:** **Celo + Gnosis** done (2026-03-04). **Remain:** Cronos, Wemix (tabled), LINK funding, env — same runbook. | **Operator/LAN** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md); [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **V4** |
---
@@ -157,7 +169,7 @@ Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-0
| # | Task | Owner | Ref |
|---|------|--------|-----|
| 8 | **Blockscout verification:** `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | **Operator/LAN** | CONTRACT_DEPLOYMENT_RUNBOOK |
| 9 | **Fix E2E 502s (if needed):** `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | **Operator/LAN** | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES |
| 9 | **Fix E2E 502s (if needed):** ✅ Fixed **2026-03-06**; **2026-03-29** routing check public **44** + private **4** **Failed: 0** ([LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md)). Re-run `./scripts/maintenance/address-all-remaining-502s.sh [--e2e]` if 502s recur. | **Operator/LAN** | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES |
| 10 | **Operator tasks script:** `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` (backup, verify, deploy, create VMs) | **Operator/LAN** | STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS |
---
@@ -167,7 +179,7 @@ Steps 12 and the Chain 138 “all in one” run (step 3) are **done** (2026-0
| # | Task | Owner | Ref |
|---|------|--------|-----|
| 11 | **AddressMapper on other chains:** Cronos ✅ (deployed, config updated). For others: deploy via [DeployAddressMapperOtherChain.s.sol](../../smom-dbis-138/script/DeployAddressMapperOtherChain.s.sol); set `mapper` in smart-contracts-master.json. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §A |
| 12 | **DODO PMM on 138:** Deploy DODOPMMIntegration; set env; create cUSDT/cUSDC pools; document in LIQUIDITY_POOLS_MASTER_MAP. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §B; RECOMMENDED_COMPLETION_CHECKLIST §6 |
| 12 | **DODO PMM on 138:** **Deployed** (integration + **three** pools; Pool 1 funded **2M/2M**). **Optional:** more liquidity, parity / edge pools, map updates. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §B; [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **L13** |
| 13 | **Mainnet trustless stack:** Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet) per runbook. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §C; RECOMMENDED_COMPLETION_CHECKLIST §7 |
---
@@ -221,7 +233,7 @@ Runbooks and scripts are in place. From a host with LAN and secrets:
| Action | Command / doc |
|--------|----------------|
| **Wemix token verify** | Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); update JSON if needed; run `bash scripts/validation/validate-config-files.sh`. |
| **Gnosis/Celo/Wemix CCIP** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) — deploy bridges, add destinations, fund LINK. |
| **Gnosis/Celo/Wemix CCIP** | **Celo + Gnosis** deployed; finish Cronos / LINK / Wemix per [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). |
| **LINK relay** | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md). |
| **Blockscout verify** | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` |
| **E2E 502 fix** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` |
@@ -231,14 +243,15 @@ Runbooks and scripts are in place. From a host with LAN and secrets:
## Summary
- **Completed this pass:** run-completable-tasks; bridge UIs/Snap → token-mapping API; doc hygiene.
- **High:** 2 (Wemix verify — Operator; Gnosis/Celo/Wemix CCIP — Operator/LAN).
- **Latest doc/verify sync (2026-03-2930):** E2E **44+4** domains **Failed: 0**; on-chain **64/64** (ISO router + CCIP canonical/legacy 2026-03-30); **59→64** doc alignment; **submodules-clean** still **Open** ([TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **P1-F08**).
- **Completed (historical sections above):** run-completable-tasks; bridge UIs/Snap → token-mapping API; doc hygiene; PMM stack; many dated passes.
- **High:** 2 (Wemix verify — Operator; CCIP **remainder** — Operator/LAN; Celo+Gnosis done).
- **Medium:** LINK relay (Operator/LAN); run from-anywhere periodically; placeholders; API keys.
- **LAN/Operator:** 3 (Blockscout verify; E2E 502 fix; run-all-operator-tasks).
- **Low (planned):** 3 (AddressMapper others; DODO PMM 138; Mainnet trustless).
- **External (blocked on third party):** 4 (Ledger, Trust, Consensys, CoinGecko).
- **LAN/Operator:** Blockscout verify; E2E 502 watch; run-all-operator-tasks.
- **Low (planned):** AddressMapper others; PMM **optional** top-up/parity; Mainnet trustless.
- **External:** 4 (Ledger, Trust, Consensys, CoinGecko).
- **Tezos/Etherlink:** 3 (when scoped).
- **Doc hygiene:** 3 (all done in-repo).
- **Master/Security:** 4.
- **Repo hygiene:** submodule clean trees (**Open** until dev commits).
- **Master/Security:** recommendations list, audits, dbis_core TS deferral, optional paymaster.
**Single checklist (CCIP/mapper):** [docs/07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md).

6
docs/00-meta/NEXT_STEPS_FOR_YOU.md
View File

@@ -3,9 +3,11 @@
**Last Updated:** 2026-03-02
**Purpose:** Single list of what **you** need to do next (no infra/automation). Everything else the repo can do has been completed or documented.
**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 59/59, validation OK, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification 59/59. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0E7 listed.
**2026-03-30:** On-chain target is **64/64** (ISO20022Router added to script); full live verification — [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md), [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md). Pruning: no bulk archive delete this pass.
**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh`all 4 steps passed (config, on-chain 59/59, validation, reconcile-env). Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv.
**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain **64/64** (current script list), validation OK, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification **64/64**. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0E7 listed.
**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh` — all 4 steps passed (config, on-chain 59/59 historical, **64/64** today), validation, reconcile-env. Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv.
**Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 59/59, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 59/59. Next steps index and TODOS_CONSOLIDATED updated.

6
docs/00-meta/NEXT_STEPS_INDEX.md
View File

@@ -1,9 +1,11 @@
# Next Steps — Index
**Last Updated:** 2026-03-28
**Last Updated:** 2026-03-30
**Purpose:** Single entry point for "what to do next." Pick by audience and granularity.
**Latest automation run (2026-03-28):** `./scripts/run-completable-tasks-from-anywhere.sh` completed (config validation, 61/61 on-chain, validation, reconcile print). `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` completed (NPMplus 40 hosts updated, Blockscout verification batch submitted). **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
**Live verification (2026-03-30):** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md) — public + private E2E routing **Failed: 0**, `run-all-validation.sh --skip-genesis`, `submodules-clean.sh` exit 1 (dirty `dbis_core/`, `smom-dbis-138/` — commit or stash before CI). **No bulk prune** of `docs/archive/` in this pass; see [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md).
**Latest automation run (2026-03-28):** `./scripts/run-completable-tasks-from-anywhere.sh` completed (config validation, 64/64 on-chain after 2026-03-30 script update, validation, reconcile print). `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` completed (NPMplus 40 hosts updated, Blockscout verification batch submitted). **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart.
**Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation.

6
docs/00-meta/NEXT_STEPS_LIST.md
View File

@@ -1,11 +1,11 @@
# Next Steps (ordered)
**Last Updated:** 2026-03-06 (completion run: reconcile CCIPWETH10, runbooks, inbound table, PLACEHOLDERS, OPERATOR_CREDENTIALS, smom-dbis-138 README .env)
**Context:** Phase A mint + add-liquidity completed (Pool 1 cUSDT/cUSDC has 2M/2M). Below are remaining steps in recommended order.
**Last Updated:** 2026-03-30 — **P1 merged backlog** (platform + chain + HYBX + external + local verification IDs) added to [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md#p1--merged-backlog-2026-03-30). Local automation: `bash scripts/verify/run-p1-local-verification.sh` (`--with-iru-tests` optional).
**Context (2026-03-06):** Phase A mint + add-liquidity completed (Pool 1 cUSDT/cUSDC has 2M/2M). Below are remaining steps in recommended order.
**Refs:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md), [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md), [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md). **Full execution (all + optional, suggested order):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md).
**Completion check (2026-03-06):** Full run including optional: completable ✅, validate-config ✅, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, on-chain 59/59 (check-contracts-on-chain-138.sh) ✅, unit tests 457 ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, E2E flow dry-run ✅, E2E routing ✅ (37 domains, 0 failed), operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify). **Audit (2026-03-06):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md) — required dotenv/markdown info, gaps, and recommendations. B.1/B.2 still blocked (need CRO/WEMIX); B.3 blocked (LINK/gas); A2 env set (CHAIN_138_DODO_PMM_INTEGRATION in smom-dbis-138/.env); A3/C3C8, Phase C, LINK relay, B4/B5 remain pending or optional.
**Completion check (2026-03-06):** Full run including optional: completable ✅, validate-config ✅, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, on-chain **64/64** (check-contracts-on-chain-138.sh; ISO20022Router added 2026-03-30) ✅, unit tests 457 ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, E2E flow dry-run ✅, E2E routing ✅ (**37** public domains **Failed: 0** on 2026-03-06; **44** on 2026-03-29 re-check), operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify). **Live 2026-03-30:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). **Audit (2026-03-06):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md) — required dotenv/markdown info, gaps, and recommendations. B.1/B.2 still blocked (need CRO/WEMIX); B.3 blocked (LINK/gas); A2 env set (CHAIN_138_DODO_PMM_INTEGRATION in smom-dbis-138/.env); A3/C3C8, Phase C, LINK relay, B4/B5 remain pending or optional.
---

Some files were not shown because too many files have changed in this diff Show More