diff --git a/.github/workflows/validate-config.yml b/.github/workflows/validate-config.yml index 99c5ff2..ca3b80a 100644 --- a/.github/workflows/validate-config.yml +++ b/.github/workflows/validate-config.yml @@ -6,19 +6,37 @@ on: paths: - 'config/**' - 'scripts/validation/**' + - 'scripts/jvmtm/**' + - 'scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh' + - 'scripts/verify/sync-blockscout-address-labels-from-registry.sh' - 'scripts/verify/run-all-validation.sh' - 'scripts/run-completable-tasks-from-anywhere.sh' - '.github/workflows/validate-config.yml' - 'token-lists/**' - 'explorer-monorepo/backend/api/rest/config/metamask/**' + - 'docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md' + - 'docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md' + - 'config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md' + - 'docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md' + - 'docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md' push: - branches: [master] + branches: [master, main] paths: - 'config/**' - 'scripts/validation/**' + - 'scripts/jvmtm/**' + - 'scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh' + - 'scripts/verify/sync-blockscout-address-labels-from-registry.sh' + - 'scripts/verify/run-all-validation.sh' + - 'scripts/run-completable-tasks-from-anywhere.sh' - '.github/workflows/validate-config.yml' - 'token-lists/**' - 'explorer-monorepo/backend/api/rest/config/metamask/**' + - 'docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md' + - 'docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md' + - 'config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md' + - 'docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md' + - 'docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md' jobs: validate: @@ -31,6 +49,21 @@ jobs: - name: Config validation run: bash scripts/validation/validate-config-files.sh + - name: DBIS institutional JSON Schemas + run: | + python3 -m pip install check-jsonschema + SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh + + - name: JVMTM regulatory closure JSON Schemas + run: | + python3 -m pip install check-jsonschema + SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh + + - name: Reserve provenance package (3FR attestation JSON) + run: | + python3 -m pip install check-jsonschema + SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh + - name: Completable tasks (dry-run) run: bash scripts/run-completable-tasks-from-anywhere.sh --dry-run diff --git a/AGENTS.md b/AGENTS.md index e5f81cc..6c00f56 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -11,27 +11,38 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus, | Need | Location | |------|-----------| | Doc index | `docs/MASTER_INDEX.md` | +| Chain 138 info site (`info.defi-oracle.io`) | `info-defi-oracle-138/` — `pnpm --filter info-defi-oracle-138 build`; deploy `dist/`; runbook `docs/04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md` | | cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (section 5.1) | | PMM mesh 6s tick | `smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh` — `docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation) | | VMID / IP / FQDN | `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md` | +| Proxmox Mail Proxy (LAN SMTP) | VMID **100** `192.168.11.32` (`proxmox-mail-gateway`) — submission **587** / **465**; see Mail Proxy note in `ALL_VMIDS_ENDPOINTS.md` | | Ops template + JSON | `docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md`, `config/proxmox-operational-template.json` | | Live vs template (read-only SSH) | `bash scripts/verify/audit-proxmox-operational-template.sh` | -| Config validation | `bash scripts/validation/validate-config-files.sh` | +| Config validation | `bash scripts/validation/validate-config-files.sh` (optional: `python3 -m pip install check-jsonschema` for `validate-dbis-institutional-schemas.sh`, `validate-jvmtm-regulatory-closure-schemas.sh`, `validate-reserve-provenance-package.sh`; includes explorer Chain 138 inventory vs `config/smart-contracts-master.json`) | +| Chain 138 contract addresses (JSON + bytecode) | `config/smart-contracts-master.json` — `bash scripts/verify/check-contracts-on-chain-138.sh` (expect **64/64** when Core RPC reachable; jq uses JSON when file present) | +| OMNL + Core + Chain 138 + RTGS + Smart Vaults | `docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md`; identifiers (UETR vs DLT-primary): `docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md`; JVMTM Tables B/C/D closure matrix: `config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md`; **dual-anchor attestation:** `scripts/omnl/omnl-chain138-attestation-tx.sh` (138 + optional mainnet via `ETHEREUM_MAINNET_RPC`); E2E zip: `AUDIT_PROOF.json` `chainAttestationMainnet`; machine-readable: `config/dbis-institutional/` | +| Blockscout address labels from registry | `bash scripts/verify/sync-blockscout-address-labels-from-registry.sh` (plan); `--apply` with `BLOCKSCOUT_*` env when explorer API confirmed | +| ISO-20022 on-chain methodology + intake gateway | `docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md`, `ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md`; Rail: `docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md` | | FQDN / NPM E2E verifier | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` — inventory: `docs/04-configuration/E2E_ENDPOINTS_LIST.md`. Gitea Actions URLs (no API): `bash scripts/verify/print-gitea-actions-urls.sh` | +| RPC FQDN batch (`eth_chainId` + WSS) | `bash scripts/verify/check-rpc-fqdns-e2e.sh` — after DNS + `update-npmplus-proxy-hosts-api.sh`; includes `rpc-core.d-bis.org` | | Submodule trees clean (CI / post-merge) | `bash scripts/verify/submodules-clean.sh` | | Submodule + explorer remotes | `docs/00-meta/SUBMODULE_HYGIENE.md` | | smom-dbis-138 `.env` in bash scripts | Prefer `source smom-dbis-138/scripts/lib/deployment/dotenv.sh` + `load_deployment_env --repo-root "$PROJECT_ROOT"` (trims RPC URL line endings). From an interactive shell: `source smom-dbis-138/scripts/load-env.sh`. Proxmox root scripts: `source scripts/lib/load-project-env.sh` (also trims common RPC vars). | | Sankofa portal → CT 7801 (build + restart) | `./scripts/deployment/sync-sankofa-portal-7801.sh` (`--dry-run` first); default `NEXTAUTH_URL=https://portal.sankofa.nexus` via `sankofa-portal-ensure-nextauth-on-ct.sh` | +| Portal Keycloak OIDC secret on CT 7801 | After client exists: `./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh` (needs `KEYCLOAK_CLIENT_SECRET` in repo `.env`; base64-safe over SSH) | | Sankofa corporate web → CT 7806 | Provision: `./scripts/deployment/provision-sankofa-public-web-lxc-7806.sh`. Sync: `./scripts/deployment/sync-sankofa-public-web-to-ct.sh`. systemd: `config/systemd/sankofa-public-web.service`. Set `IP_SANKOFA_PUBLIC_WEB` in `.env`, then `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` | | CCIP relay (r630-01 host) | Unit: `config/systemd/ccip-relay.service` → `/etc/systemd/system/ccip-relay.service`; `systemctl enable --now ccip-relay` | +| Wormhole protocol (LLM / MCP) vs Chain 138 facts | Wormhole NTT/Connect/VAAs/etc.: `docs/04-configuration/WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md`, mirror `scripts/doc/sync-wormhole-ai-resources.sh`, MCP `mcp-wormhole-docs/` + `docs/04-configuration/MCP_SETUP.md`. **Chain 138 addresses, PMM, CCIP:** repo `docs/11-references/` + `docs/07-ccip/` — not Wormhole bundles. Cursor overlay: `.cursor/rules/wormhole-ai-resources.mdc`. | | TsunamiSwap VM 5010 check | `./scripts/deployment/tsunamiswap-vm-5010-provision.sh` (inventory only until VM exists) | | The Order portal (`https://the-order.sankofa.nexus`) | OSJ management UI (secure auth); source repo **the_order** at `~/projects/the_order`. NPM upstream defaults to **order-haproxy** CT **10210** (`IP_ORDER_HAPROXY:80`); use `THE_ORDER_UPSTREAM_*` to point at the Sankofa portal if 10210 is down. Provision HAProxy: `scripts/deployment/provision-order-haproxy-10210.sh`. **`www.the-order.sankofa.nexus`** → **301** apex (same as www.sankofa / www.phoenix). | -| Portal login + Keycloak systemd + `.env` (prints password once) | `./scripts/deployment/enable-sankofa-portal-login-7801.sh` (`--dry-run` first) | -| Keycloak redirect URIs (portal + admin) | `./scripts/deployment/keycloak-sankofa-ensure-client-redirects.sh` — needs `KEYCLOAK_ADMIN_PASSWORD` in `.env` | +| Portal login + Keycloak systemd + `.env` (prints password once) | `./scripts/deployment/enable-sankofa-portal-login-7801.sh` (`--dry-run` first); preserves `KEYCLOAK_*` from repo `.env` and runs merge script when `KEYCLOAK_CLIENT_SECRET` is set | +| Keycloak redirect URIs (portal + admin) | `./scripts/deployment/keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh` (or `keycloak-sankofa-ensure-client-redirects.sh` for LAN URL) — needs `KEYCLOAK_ADMIN_PASSWORD` in `.env` | | NPM TLS for hosts missing certs | `./scripts/request-npmplus-certificates.sh` — optional `CERT_DOMAINS_FILTER='portal\\.sankofa|admin\\.sankofa'` | +| Token-aggregation API (Chain 138) | `pnpm run verify:token-aggregation-api` — tokens, pools, quote, `bridge/routes`, networks. Deploy: `scripts/deploy-token-aggregation-for-publication.sh`. After edge deploy: `SKIP_BRIDGE_ROUTES=0 bash scripts/verify/check-public-report-api.sh https://explorer.d-bis.org`. | | Completable (no LAN) | `./scripts/run-completable-tasks-from-anywhere.sh` | | Operator (LAN + secrets) | `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` unset) | | Cloudflare bulk DNS → `PUBLIC_IP` | `./scripts/update-all-dns-to-public-ip.sh` — use **`--dry-run`** and **`--zone-only=sankofa.nexus`** (or `d-bis.org` / `mim4u.org` / `defi-oracle.io`) to limit scope; see script header. Prefer scoped **`CLOUDFLARE_API_TOKEN`** (see `.env.master.example`). | +| IRU marketplace surfaces + Turnstile (Captcha) | [docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md) — **native** (VMs, IPs, app hosting, etc.) vs **partner** (e.g. SolaceNet IRU) methodology; Turnstile **secret** on API (`CLOUDFLARE_TURNSTILE_SECRET_KEY` or aliases), **site key** on frontend build (`VITE_*`); not the same as Cloudflare DNS keys. [docs/04-configuration/MASTER_SECRETS.md](docs/04-configuration/MASTER_SECRETS.md) (Cloudflare table). | ## Git submodules diff --git a/README.md b/README.md index 4a88fdb..bcd4f22 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,11 @@ From the root directory, you can run: ### Testing -- `pnpm test` - Run tests (if available) +- `pnpm test` - Run the local green-path Chain 138 / GRU / bridge / token test aggregate +- `pnpm test:chain138` - Run the Chain 138 package CI targets directly +- `pnpm test:chain138:contracts` - Run the focused Solidity contract CI targets +- `pnpm test:chain138:services` - Run the focused JS/TS service CI targets +- `pnpm test:mcp` - Run the legacy MCP server package test entrypoint - `pnpm test:basic` - Run basic MCP server tests (read-only operations) - `pnpm test:workflows` - Run comprehensive workflow tests (requires elevated permissions) @@ -319,4 +323,3 @@ Individual checks: ## License This workspace contains multiple projects with different licenses. Please refer to individual project directories for license information. - diff --git a/config/README-BRIDGE-ROUTES-DEFAULT.md b/config/README-BRIDGE-ROUTES-DEFAULT.md new file mode 100644 index 0000000..efe40cc --- /dev/null +++ b/config/README-BRIDGE-ROUTES-DEFAULT.md @@ -0,0 +1,8 @@ +# bridge-routes-chain138-default.json + +Static snapshot of the default **`GET /api/v1/bridge/routes`** response shape (without per-env address overrides). + +- **Server source of truth:** `smom-dbis-138/services/token-aggregation/src/api/utils/default-bridge-routes.ts` (applies `CCIPWETH9_BRIDGE_CHAIN138`, `LOCKBOX_138`, `INBOX_ETH`, etc.). +- **UI fallback:** `info-defi-oracle-138` imports this file when the live API returns 404 or errors. + +Update this JSON when canonical bridge addresses or relay destinations change; keep the TS module in sync. diff --git a/config/README-CONTRACTS-MASTER.md b/config/README-CONTRACTS-MASTER.md index 225641b..6882940 100644 --- a/config/README-CONTRACTS-MASTER.md +++ b/config/README-CONTRACTS-MASTER.md @@ -1,9 +1,10 @@ # Master Smart Contracts (JSON) -**Single source of truth for contract addresses:** `config/smart-contracts-master.json` +**Machine-readable contract map:** `config/smart-contracts-master.json` (when the file exists in your clone). - **Safe to publish** — no secrets (no keys, no RPC URLs with credentials). - **Used by:** Bash scripts (via `scripts/lib/load-contract-addresses.sh`), Node/JS (via `config/contracts-loader.cjs`), and docs. +- **If the file is absent:** loaders continue with `.env` only; Chain 138 **bytecode checks** use the embedded address list in `scripts/verify/check-contracts-on-chain-138.sh` (see also `docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md`). When you introduce `smart-contracts-master.json`, populate `chains["138"].contracts` with the **complete** set for that chain — the check script uses JSON addresses instead of its fallback when the file is present. ## Layout @@ -40,7 +41,7 @@ const { } = require('./config/contracts-loader.cjs'); // By contract key -getContractAddress(138, 'CCIP_Router'); // => '0x8078...' +getContractAddress(138, 'CCIP_Router'); // => '0x42DA...' (canonical; legacy direct: CCIP_Router_Direct_Legacy) getContractAddress(138, 'CCIPWETH9_Bridge'); getContractAddress(1, 'CCIP_Relay_Router'); @@ -57,7 +58,7 @@ loadContractsIntoProcessEnv(); ## Overrides -- **.env** (e.g. `smom-dbis-138/.env`, `services/relay/.env`): Values set there take precedence over the master JSON. Use .env for local or per-service overrides. +- **.env** (e.g. `smom-dbis-138/.env`, `services/relay/.env`): Values set there take precedence over the master JSON. Use .env for local or per-service overrides. For **`ADDRESS_MAPPER`** on Chain 138, keep **`ADDRESS_MAPPER`** equal to **`chains["138"].contracts.AddressMapper`** unless you have a deliberate fork: a legacy duplicate on Core shares bytecode with the canonical mapper (see `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md`, section 1.5). - **Publishing:** Commit `smart-contracts-master.json`; do not commit `.env` or any file containing `PRIVATE_KEY` or API secrets. ## Updating addresses diff --git a/config/bridge-routes-chain138-default.json b/config/bridge-routes-chain138-default.json new file mode 100644 index 0000000..2ca7be7 --- /dev/null +++ b/config/bridge-routes-chain138-default.json @@ -0,0 +1,25 @@ +{ + "routes": { + "weth9": { + "Ethereum Mainnet (1)": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939", + "BNB Chain (56)": "0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C", + "Avalanche C-Chain (43114)": "0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F" + }, + "weth10": { + "Ethereum Mainnet (1)": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939", + "BNB Chain (56)": "0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C", + "Avalanche C-Chain (43114)": "0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F" + } + }, + "chain138Bridges": { + "weth9": "0xcacfd227A040002e49e2e01626363071324f820a", + "weth10": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0", + "trustless": "0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c" + }, + "tokenMappingApi": { + "basePath": "/api/v1/token-mapping", + "pairs": "/api/v1/token-mapping/pairs", + "resolve": "/api/v1/token-mapping/resolve", + "note": "Resolve bridged token addresses between chains; requires monorepo config/token-mapping-multichain.json on server." + } +} diff --git a/config/contracts-loader.cjs b/config/contracts-loader.cjs index 3d87163..d2f1749 100644 --- a/config/contracts-loader.cjs +++ b/config/contracts-loader.cjs @@ -4,7 +4,7 @@ * * Usage: * const { getContractAddress, getChainContracts, loadContractsIntoProcessEnv } = require('../config/contracts-loader.cjs'); - * getContractAddress(138, 'CCIP_Router') // => '0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e' + * getContractAddress(138, 'CCIP_Router') // => '0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817' * getContractAddress(138, 'CCIPWETH9_Bridge') // by contract key * loadContractsIntoProcessEnv() // set process.env.CCIP_ROUTER etc. from envVarMap when unset * diff --git a/config/dbis-data-api/README.md b/config/dbis-data-api/README.md new file mode 100644 index 0000000..0f0b376 --- /dev/null +++ b/config/dbis-data-api/README.md @@ -0,0 +1,38 @@ +# DBIS Data API — implementation notes + +OpenAPI contract: [openapi.yaml](./openapi.yaml). + +## Lineage + +| Value | Meaning | +|-------|---------| +| `on_chain` | Derived from Chain 138 indexer, RPC, or token-aggregation inputs | +| `policy` | Published by policy officers; not implied as ledger truth | +| `modelled` | Simulation or internal model | + +## Suggested PostgreSQL / Timescale layout + +**Relational (PostgreSQL)** + +- `api_clients` — id, name, key_hash, rate_limit_tier, created_at +- `datasets` — id, slug, title, description, lineage_default +- `dataset_versions` — dataset_id, version, published_at, document_url + +**Hypertables (TimescaleDB)** + +- `metric_gru_supply` — time TIMESTAMPTZ, value NUMERIC, metadata JSONB +- `metric_settlement_volume` — time, window, chain_id, value, tx_count +- `metric_reserve_snapshot` — time, asset, amount, source + +Ingest jobs read from existing token-aggregation and explorer-compatible sources; separate ETL for policy-published series. + +## Frontend (DBIS portal) + +Set `NEXT_PUBLIC_DATA_API_BASE` in the Gov Web Portals DBIS app (see `DBIS/.env.example`) so the homepage and `/dashboard` monetary panels call this API. When the service is down, the UI shows placeholders and an “unreachable” status. + +## Deployment path + +1. Provision CT/VM or service user on LAN. +2. NPMplus proxy host `data.d-bis.org` → upstream. +3. Enable API keys (optional) for high-volume consumers; public tier remains read-only GET. +4. Add host to [E2E_ENDPOINTS_LIST.md](../../docs/04-configuration/E2E_ENDPOINTS_LIST.md) when live. diff --git a/config/dbis-data-api/openapi.yaml b/config/dbis-data-api/openapi.yaml new file mode 100644 index 0000000..f4a40ce --- /dev/null +++ b/config/dbis-data-api/openapi.yaml @@ -0,0 +1,133 @@ +openapi: 3.1.0 +info: + title: DBIS Data API + version: 0.1.0 + description: | + Public read API for data.d-bis.org — monetary aggregates, GRU series, settlement summaries, rates. + Every response MUST declare lineage via `x-dbis-lineage` on operations: `on_chain`, `policy`, `modelled`. +servers: + - url: https://data.d-bis.org + description: Production + - url: http://localhost:8080 + description: Local +tags: + - name: gru + - name: reserves + - name: settlement + - name: rates +paths: + /v1/health: + get: + summary: Liveness + operationId: health + responses: + "200": + description: OK + content: + application/json: + schema: + type: object + properties: + status: { type: string, example: ok } + /v1/gru/supply: + get: + tags: [gru] + summary: GRU supply time series (when defined) + operationId: gruSupply + x-dbis-lineage: policy + parameters: + - name: from + in: query + schema: { type: string, format: date } + - name: to + in: query + schema: { type: string, format: date } + responses: + "200": + description: Series points + content: + application/json: + schema: + $ref: "#/components/schemas/TimeSeriesResponse" + "501": + description: Not yet published + /v1/reserves/summary: + get: + tags: [reserves] + summary: Reserve holdings summary + operationId: reservesSummary + x-dbis-lineage: on_chain + responses: + "200": + description: Summary + content: + application/json: + schema: + $ref: "#/components/schemas/ReservesSummary" + /v1/settlement/volumes: + get: + tags: [settlement] + summary: Settlement volume aggregates + operationId: settlementVolumes + x-dbis-lineage: on_chain + parameters: + - name: window + in: query + schema: { type: string, enum: [1h, 24h, 7d, 30d] } + responses: + "200": + content: + application/json: + schema: + $ref: "#/components/schemas/SettlementVolumes" + /v1/rates/reference: + get: + tags: [rates] + summary: Reference rates (policy or observed) + operationId: referenceRates + x-dbis-lineage: policy + responses: + "200": + content: + application/json: + schema: + type: object + additionalProperties: true +components: + schemas: + LineageMeta: + type: object + required: [lineage, asOf] + properties: + lineage: + type: string + enum: [on_chain, policy, modelled] + asOf: { type: string, format: date-time } + source: { type: string } + TimeSeriesResponse: + allOf: + - $ref: "#/components/schemas/LineageMeta" + - type: object + properties: + unit: { type: string } + points: + type: array + items: + type: object + required: [t, v] + properties: + t: { type: string, format: date-time } + v: { type: number } + ReservesSummary: + allOf: + - $ref: "#/components/schemas/LineageMeta" + - type: object + additionalProperties: true + SettlementVolumes: + allOf: + - $ref: "#/components/schemas/LineageMeta" + - type: object + properties: + window: { type: string } + totalValue: { type: string, description: Decimal string } + txCount: { type: integer } diff --git a/config/dbis-institutional/README.md b/config/dbis-institutional/README.md new file mode 100644 index 0000000..52ecf38 --- /dev/null +++ b/config/dbis-institutional/README.md @@ -0,0 +1,108 @@ +# DBIS institutional config (schemas + examples) + +Machine-readable artifacts for **OMNL + DBIS Core + Chain 138 + RTGS** integration and **identifier** alignment (LEI, IBAN, ISIN, ENS, WEB3-ETH-IBAN, explorer labels). + +## Canonical narrative doc + +[OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../../docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) + +## Event producers (`event-producers.manifest.json`) + +Registered logical emitters for `settlement-event.event_producer` (kept in sync with the `enum` in `schemas/settlement-event.schema.json`). Add a producer: extend both the manifest and the schema enum in one change. + +## Schemas (`schemas/`) + +| File | Purpose | +|------|---------| +| `settlement-event.schema.json` | Cross-system settlement / evidence event (section 6 of runbook). | +| `address-registry-entry.schema.json` | Vault or wallet row: `0x` address, fiat rails, Web3 aliases, optional ISIN/CUSIP, Blockscout label hints (sections 3, 7, 13). | + +## Examples (`examples/`) + +| File | Pairs with | +|------|------------| +| `settlement-event.example.json` | `settlement-event.schema.json` (hybrid: includes `uetr` + internal refs) | +| `settlement-event.chain138-primary.example.json` | Same schema; **Chain 138 as authoritative rail** — no `uetr`; `rtgs_message_ids.rail` + internal refs; see [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) | +| `settlement-event.min.json` | **Minimal** valid `CHAIN_SETTLEMENT` fixture (required fields + `chain_tx_hash` / `chain_id`); CI baseline in `validate-dbis-institutional-schemas.sh`. | +| `settlement-events-batch.example.json` | Each array element validated against `settlement-event.schema.json` (see `validate-dbis-institutional-schemas.sh`) | +| `address-registry-entry.example.json` | `address-registry-entry.schema.json` | +| `address-registry-entries-batch.example.json` | Each array element validated against `address-registry-entry.schema.json` | + +Examples use placeholder addresses and ids; replace with live data in a secure store (not committed). + +### Settlement `amount` convention (operators + integrators) + +Use **major currency units** as a decimal string, with explicit scale for fiat: + +- **`amount`:** string matching `^-?[0-9]+(\.[0-9]+)?$` (e.g. USD 25,000,000.00 → `"25000000.00"`). +- **`amount_scale`:** use **`2`** for USD and other ISO 4217 currencies with two decimal places. + +Fineract journal APIs may still use **minor units (cents)**; convert at the boundary and record settlement events in **major units** so logs and regulatory exports stay human-aligned. Do not mix major and minor in the same field without documenting which convention applies. + +### Chain 138 as SWIFT replacement vs UETR + +When settlement is **authoritative on Chain 138** (chain id **138**), treat **`correlation_id` + `chain_tx_hash` + `occurred_at`** as the primary rail-native E2E evidence for that leg. **`rtgs_message_ids.uetr`** is **optional** unless you also run a **parallel SWIFT gpi** leg (hybrid); then record both UETR and chain fields on the same **`correlation_id`**. + +### SWIFT UETR vs internal “message sent” reference + +**UETR** belongs in `rtgs_message_ids.uetr` when the payment is on **SWIFT gpi** (or your counterparty/scheme requires it). You **cannot** treat an arbitrary internal message id as a regulatory substitute for UETR on **those** legs. + +When no UETR exists yet (internal-only, pre-SWIFT, DLT-only, domestic rail), add extra keys under **`rtgs_message_ids`** (the schema allows any string keys), e.g. `internal_instruction_ref`, `operator_message_ref`, or a digest of the submitted instruction — and keep **`correlation_id`** as the cross-system spine. When UETR is later assigned, **record it** and retain internal refs for audit lineage. + +Policy and audit-scope notes: [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md). + +## Related repo config + +- OMNL entity master: `docs/04-configuration/mifos-omnl-central-bank/OMNL_ENTITY_MASTER_DATA.json` +- Institutional subdomains: `docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md` +- Blockscout address labeling (K8s): `smom-dbis-138/k8s/blockscout/address-labeling-config.yaml` + +## Validation + +```bash +# JSON parse (all examples/*.json) +bash scripts/validation/validate-dbis-institutional-json.sh + +# JSON Schema — requires check-jsonschema on PATH (PEP 668 / “externally managed” Python): +# python3 -m venv .venv-checkjson && .venv-checkjson/bin/pip install check-jsonschema +# PATH="$PWD/.venv-checkjson/bin:$PATH" bash scripts/validation/validate-dbis-institutional-schemas.sh +# Or: pipx install check-jsonschema +SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh +``` + +`scripts/validation/validate-dbis-institutional-schemas.sh` validates **checked-in examples** only. For a **live or one-off** settlement event file, validate it directly: + +### Validation — ad-hoc settlement event + +```bash +# From repository root; use the same venv as above or any check-jsonschema on PATH. +PATH="$PWD/.venv-checkjson/bin:$PATH" check-jsonschema \ + --schemafile config/dbis-institutional/schemas/settlement-event.schema.json \ + your-event.json +``` + +- **Success:** exit code **0**; typical stdout is `ok -- validation done` (wording may vary by version). +- **Failure:** non-zero exit; `ValidationError` / `SchemaError` in stderr — treat as **not schema-closed**. + +Do not use `validate-dbis-institutional-schemas.sh` as a substitute for validating arbitrary payload files. + +`validate-config-files.sh` runs schema validation automatically when `check-jsonschema` is on `PATH`. The gitignored venv `.venv-checkjson/` is listed in `.gitignore` for this purpose. + +Validated pairs (examples versus schemas): `settlement-event`, `address-registry-entry`, `trust`, `governance`, `policy` (against `policy-manifest.schema.json`). + +`settlement-event` optionally carries **ISO-20022** (`iso_msg_type`, `iso_instruction_id`, `iso_payload_hash`, `rail_iso_hash`) and **identity** (`holder_did`, `identity_verification_ref`) for full fiat / FX / chain correlation — see runbook section 14. + +`address-registry-entry` supports **`iso_intake`** and **`dbis_settlement_router`** roles plus optional **`primary_holder_did`** and **`identity_anchor_ref`** (section 14.6 checklist). + +## Blockscout address labels + +Plan or sync labels from registry JSON (`blockscout.label` + `status: active`): + +```bash +bash scripts/verify/sync-blockscout-address-labels-from-registry.sh config/dbis-institutional/examples/address-registry-entry.example.json +bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --from-dir config/dbis-institutional/registry +# Preferred for the self-hosted Chain 138 explorer (writes Blockscout Postgres address_names): +bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry +``` + +On `explorer.d-bis.org`, public `/api/v1/*` is served by token-aggregation, not by a Blockscout label-write API, so `--mode=db` is the correct operator path for live labels unless you have separately enabled a dedicated label endpoint. See `registry/README.md` for drop-in files (gitignored by default). diff --git a/config/dbis-institutional/event-producers.manifest.json b/config/dbis-institutional/event-producers.manifest.json new file mode 100644 index 0000000..a856971 --- /dev/null +++ b/config/dbis-institutional/event-producers.manifest.json @@ -0,0 +1,38 @@ +{ + "schema_version": 1, + "description": "Registered settlement event emitters. Keep in sync with settlement-event.schema.json event_producer enum.", + "producers": [ + { + "id": "hybx-omnl-sidecar", + "summary": "HYBX Fineract/OMNL integration sidecar emitting settlement-correlated events." + }, + { + "id": "dbis-core", + "summary": "DBIS Core banking / nostro-vostro / ISO adapter path." + }, + { + "id": "iso-gateway", + "summary": "Off-chain ISO gateway building canonical bundles before chain or relayer submission." + }, + { + "id": "mintauth-relayer", + "summary": "MintAuth EIP-712 quorum and relayer calling SettlementRouter or related contracts." + }, + { + "id": "chain-settlement-worker", + "summary": "Worker observing chain receipts and emitting settlement events for reconciliation." + }, + { + "id": "omnl-fineract-webhook", + "summary": "Fineract/OMNL webhook or callback integration." + }, + { + "id": "integration-hub-example", + "summary": "Documentation / lab example only; not a production system id." + }, + { + "id": "manual-operator", + "summary": "Human-initiated or ops tooling emission with explicit audit trail." + } + ] +} diff --git a/config/dbis-institutional/examples/address-registry-entries-batch.example.json b/config/dbis-institutional/examples/address-registry-entries-batch.example.json new file mode 100644 index 0000000..1341ef7 --- /dev/null +++ b/config/dbis-institutional/examples/address-registry-entries-batch.example.json @@ -0,0 +1,29 @@ +[ + { + "registryEntryId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "entity_id": "98450070C57395F6B906", + "jurisdiction": "ID", + "chain_id": 138, + "address": "0x0000000000000000000000000000000000000001", + "addressRole": "treasury_vault", + "status": "active", + "blockscout": { + "label": "OMNL — Treasury vault (Office 22)", + "labelType": "contract" + } + }, + { + "registryEntryId": "b2c3d4e5-f6a7-8901-bcde-f12345678901", + "entity_id": "98450070C57395F6B906", + "jurisdiction": "ID", + "chain_id": 138, + "address": "0x0000000000000000000000000000000000000002", + "addressRole": "iso_intake", + "status": "active", + "primary_holder_did": "did:sov:WRfXg6LQCZgRsXoHF", + "blockscout": { + "label": "ISO intake / gateway (verify live address)", + "labelType": "contract" + } + } +] diff --git a/config/dbis-institutional/examples/address-registry-entry.example.json b/config/dbis-institutional/examples/address-registry-entry.example.json new file mode 100644 index 0000000..95905a6 --- /dev/null +++ b/config/dbis-institutional/examples/address-registry-entry.example.json @@ -0,0 +1,53 @@ +{ + "registryEntryId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "entity_id": "98450070C57395F6B906", + "jurisdiction": "ID", + "class_id": "C01", + "anchor_id": "C01-A01", + "division_id": "C01-A01-D01", + "omnl_office_id": 22, + "dbis_participant_id": "PART-ID-OMNL-HO-001", + "chain_id": 138, + "address": "0x0000000000000000000000000000000000000001", + "addressRole": "treasury_vault", + "fiat_rails": [ + { + "railType": "iban", + "railValue": "ID00XXXX0000000000000000", + "bic": "EXAMPLEIDJ", + "validFrom": "2026-01-01" + } + ], + "aliases": [ + { + "aliasType": "ens", + "aliasValue": "treasury-example.eth", + "resolver_chain_id": 1, + "validFrom": "2026-03-01T00:00:00Z" + }, + { + "aliasType": "web3_eth_iban", + "aliasValue": "ETHXXXXXXXXXXXXXXXX", + "validFrom": "2026-03-15T00:00:00Z" + }, + { + "aliasType": "custom_ens_tld", + "aliasValue": "vault.anchor01.d-bis", + "validFrom": "2026-03-20T00:00:00Z" + } + ], + "instruments": [ + { + "isin": "US0000000000", + "cusip": "000000000" + } + ], + "primary_holder_did": "did:sov:WRfXg6LQCZgRsXoHF", + "identity_anchor_ref": "indy-nym-or-acapy-conn-example", + "blockscout": { + "label": "OMNL — Treasury vault (Office 22)", + "labelType": "contract" + }, + "status": "active", + "lastCorrelationId": "550e8400-e29b-41d4-a716-446655440001" +} diff --git a/config/dbis-institutional/examples/governance.json b/config/dbis-institutional/examples/governance.json new file mode 100644 index 0000000..55fd8e1 --- /dev/null +++ b/config/dbis-institutional/examples/governance.json @@ -0,0 +1,13 @@ +{ + "version": "0.1.0", + "issuedAt": "2026-03-30T00:00:00Z", + "amendmentProcess": "Described in DBIS Charter and Governance Statute (placeholder).", + "bodies": [ + { + "id": "council", + "name": "Sovereign Council", + "role": "Strategic oversight", + "documentUrl": "https://d-bis.org/documents/governance-statute" + } + ] +} diff --git a/config/dbis-institutional/examples/policy.json b/config/dbis-institutional/examples/policy.json new file mode 100644 index 0000000..02493d6 --- /dev/null +++ b/config/dbis-institutional/examples/policy.json @@ -0,0 +1,13 @@ +{ + "version": "0.1.0", + "issuedAt": "2026-03-30T00:00:00Z", + "policies": [ + { + "id": "gru-overview-v0", + "title": "Global Reserve Unit — Overview (draft)", + "effectiveDate": "2026-03-30", + "documentUrl": "https://d-bis.org/gru/overview", + "hashSha256": "0000000000000000000000000000000000000000000000000000000000000000" + } + ] +} diff --git a/config/dbis-institutional/examples/settlement-event.chain138-primary.example.json b/config/dbis-institutional/examples/settlement-event.chain138-primary.example.json new file mode 100644 index 0000000..cb0c5b5 --- /dev/null +++ b/config/dbis-institutional/examples/settlement-event.chain138-primary.example.json @@ -0,0 +1,30 @@ +{ + "schema_version": 1, + "correlation_id": "660e8400-e29b-41d4-a716-446655440002", + "event_producer": "chain-settlement-worker", + "entity_id": "98450070C57395F6B906", + "jurisdiction": "ID", + "class_id": "C01", + "anchor_id": "C01-A01", + "division_id": "C01-A01-D01", + "amount": "25000000.00", + "amount_scale": 2, + "currency": "USD", + "event_type": "CHAIN_SETTLEMENT", + "omnl_journal_entry_id": 88421, + "omnl_office_id": 22, + "dbis_reference": "CORE-TX-2026-0331-CHAIN138", + "rtgs_message_ids": { + "rail": "chain138", + "internal_instruction_ref": "OMNL-M1-KANAYA-CKRA-20260331", + "operator_message_ref": "sha256:replace-with-digest-of-instruction-or-archive-manifest" + }, + "chain_id": 138, + "chain_tx_hash": "0xb90f2da51d9c506f552d276d9aa57f4ae485528f2ee6025f435f188d09d405f4", + "ipsas_narrative": "Chain 138 authoritative settlement leg; no SWIFT UETR on this flow", + "occurred_at": "2026-03-31T10:00:00Z", + "iso_msg_type": "pacs.008", + "iso_instruction_id": "pain001-hashed-key-placeholder", + "iso_payload_hash": "0xcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc", + "rail_iso_hash": "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd" +} diff --git a/config/dbis-institutional/examples/settlement-event.example.json b/config/dbis-institutional/examples/settlement-event.example.json new file mode 100644 index 0000000..e7bc268 --- /dev/null +++ b/config/dbis-institutional/examples/settlement-event.example.json @@ -0,0 +1,33 @@ +{ + "schema_version": 1, + "correlation_id": "550e8400-e29b-41d4-a716-446655440001", + "event_producer": "integration-hub-example", + "entity_id": "98450070C57395F6B906", + "jurisdiction": "ID", + "class_id": "C01", + "anchor_id": "C01-A01", + "division_id": "C01-A01-D01", + "amount": "1000000.00", + "amount_scale": 2, + "currency": "USD", + "event_type": "CHAIN_SETTLEMENT", + "omnl_journal_entry_id": 12045, + "omnl_office_id": 22, + "dbis_reference": "CORE-TX-2026-0330-88421", + "rtgs_message_ids": { + "uetr": "97ed4827-7b6f-4491-94b1-d651442ca301", + "msgId": "BNI2026033012000001", + "internal_instruction_ref": "018215821582-INAAUDJVMTM-2025-MSG-001", + "operator_message_ref": "sha256:replace-with-digest-of-submitted-instruction-payload" + }, + "chain_id": 138, + "chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "ipsas_narrative": "IPSAS28/29 settlement leg; PvP net beneficiary credit", + "occurred_at": "2026-03-30T12:00:00Z", + "iso_msg_type": "pacs.008", + "iso_instruction_id": "0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", + "iso_payload_hash": "0xcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc", + "rail_iso_hash": "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", + "holder_did": "did:sov:WRfXg6LQCZgRsXoHF", + "identity_verification_ref": "acapy-proof-req-2026-0330-001" +} diff --git a/config/dbis-institutional/examples/settlement-event.min.json b/config/dbis-institutional/examples/settlement-event.min.json new file mode 100644 index 0000000..c2349e8 --- /dev/null +++ b/config/dbis-institutional/examples/settlement-event.min.json @@ -0,0 +1,12 @@ +{ + "schema_version": 1, + "entity_id": "OMNL", + "jurisdiction": "MT", + "correlation_id": "00000000-0000-0000-0000-000000000001", + "event_type": "CHAIN_SETTLEMENT", + "amount": "1.00", + "amount_scale": 2, + "currency": "USD", + "chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "chain_id": 138 +} diff --git a/config/dbis-institutional/examples/settlement-events-batch.example.json b/config/dbis-institutional/examples/settlement-events-batch.example.json new file mode 100644 index 0000000..34db330 --- /dev/null +++ b/config/dbis-institutional/examples/settlement-events-batch.example.json @@ -0,0 +1,33 @@ +[ + { + "schema_version": 1, + "correlation_id": "550e8400-e29b-41d4-a716-446655440001", + "event_producer": "chain-settlement-worker", + "entity_id": "98450070C57395F6B906", + "jurisdiction": "ID", + "class_id": "C01", + "anchor_id": "C01-A01", + "division_id": "C01-A01-D01", + "amount": "1000000.00", + "amount_scale": 2, + "currency": "USD", + "event_type": "CHAIN_SETTLEMENT", + "chain_id": 138, + "chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "occurred_at": "2026-03-30T12:00:00Z" + }, + { + "schema_version": 1, + "correlation_id": "550e8400-e29b-41d4-a716-446655440002", + "event_producer": "omnl-fineract-webhook", + "entity_id": "98450070C57395F6B906", + "jurisdiction": "ID", + "amount": "0", + "currency": "USD", + "event_type": "OMNL_JOURNAL_POSTED", + "omnl_journal_entry_id": 12046, + "omnl_office_id": 22, + "occurred_at": "2026-03-30T12:05:00Z", + "no_chain_leg_reason": "IPSAS-only reclassification; no on-ledger leg" + } +] diff --git a/config/dbis-institutional/examples/trust.json b/config/dbis-institutional/examples/trust.json new file mode 100644 index 0000000..5dcfbb4 --- /dev/null +++ b/config/dbis-institutional/examples/trust.json @@ -0,0 +1,16 @@ +{ + "version": "0.1.0", + "issuedAt": "2026-03-30T00:00:00Z", + "organization": "Digital Bank of International Settlements", + "endpoints": { + "didRegistry": "https://identity.d-bis.org/registry", + "dataApi": "https://data.d-bis.org", + "explorer": "https://explorer.d-bis.org", + "status": "https://status.d-bis.org", + "developers": "https://developers.d-bis.org", + "gitea": "https://gitea.d-bis.org" + }, + "jwksUri": "https://identity.d-bis.org/.well-known/jwks.json", + "caHints": ["production-trust-anchor.example"], + "notes": "Example only — replace URIs and keys before production." +} diff --git a/config/dbis-institutional/registry/.gitignore b/config/dbis-institutional/registry/.gitignore new file mode 100644 index 0000000..65f05e2 --- /dev/null +++ b/config/dbis-institutional/registry/.gitignore @@ -0,0 +1,4 @@ +# Operator-specific registry rows; do not commit live LEI/IBAN/addresses. +*.json +!.gitignore +!README.md diff --git a/config/dbis-institutional/registry/README.md b/config/dbis-institutional/registry/README.md new file mode 100644 index 0000000..7bec76f --- /dev/null +++ b/config/dbis-institutional/registry/README.md @@ -0,0 +1,42 @@ +# Address registry drop-in (operator / CI) + +Place **non-example** `address-registry-entry` JSON files here (one object per file, or one array in a single file). These files may contain **LEI, IBAN, and live `0x` addresses** — treat as confidential; prefer `.gitignore` or a secrets store in production. + +## Sync labels to Blockscout + +From repo root (plan only): + +```bash +bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --from-dir config/dbis-institutional/registry +``` + +Or a **single JSON array** file (see [`../examples/address-registry-entries-batch.example.json`](../examples/address-registry-entries-batch.example.json)): + +```bash +bash scripts/verify/sync-blockscout-address-labels-from-registry.sh path/to/registry-array.json +``` + +Apply (LAN or VPN to explorer; set API key if required): + +```bash +export BLOCKSCOUT_API_KEY=... # if your Blockscout instance requires it +bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --from-dir config/dbis-institutional/registry +``` + +For the self-hosted Chain 138 explorer, prefer direct DB sync: + +```bash +bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry +``` + +That path writes Blockscout primary labels into `public.address_names` through the explorer CT (`5000`) because `explorer.d-bis.org/api/v1/*` is token-aggregation, not a native Blockscout label-write surface. Use HTTP mode only if you have separately enabled and confirmed a compatible label endpoint (default probe target: `/api/v1/labels`). + +## Token contract staging + +This directory is also the right place for **live token-contract label rows** that should not be committed, for example: + +- staged `cUSDT V2` / `cUSDC V2` token contract labels on Chain 138 +- bridge-side `cW*` contracts before public cutover +- temporary explorer labels used during GRU V1/V2 coexistence + +Keep versioned token contracts clearly labeled in `blockscout.label`, for example `Chain 138 cUSDT V2 (staged)`, so explorer operators can distinguish them from the active V1 liquidity contracts. diff --git a/config/dbis-institutional/schemas/address-registry-entry.schema.json b/config/dbis-institutional/schemas/address-registry-entry.schema.json new file mode 100644 index 0000000..8534822 --- /dev/null +++ b/config/dbis-institutional/schemas/address-registry-entry.schema.json @@ -0,0 +1,140 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/address-registry-entry.json", + "title": "Chain address + fiat + Web3 alias registry entry", + "description": "Source-of-truth row for explorer sync and settlement binding. See docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md sections 3, 7, 13, 14.", + "type": "object", + "required": [ + "registryEntryId", + "entity_id", + "jurisdiction", + "chain_id", + "address", + "addressRole", + "status" + ], + "properties": { + "registryEntryId": { + "type": "string", + "description": "Stable UUID for this registry row." + }, + "entity_id": { + "type": "string", + "description": "LEI (preferred) or internal party id." + }, + "jurisdiction": { "type": "string" }, + "class_id": { "type": "string" }, + "anchor_id": { "type": "string" }, + "division_id": { "type": "string" }, + "omnl_office_id": { "type": "integer" }, + "dbis_participant_id": { "type": "string" }, + "chain_id": { + "type": "integer", + "description": "138 for production Chain 138." + }, + "address": { + "type": "string", + "pattern": "^0x[a-fA-F0-9]{40}$", + "description": "Checksummed or lower-case EVM address (vault, EOA, or contract)." + }, + "addressRole": { + "type": "string", + "enum": [ + "treasury_vault", + "smart_account", + "eoa_operational", + "contract_registry", + "escrow", + "token_contract", + "iso_intake", + "dbis_settlement_router", + "other" + ] + }, + "fiat_rails": { + "type": "array", + "items": { + "type": "object", + "required": ["railType", "railValue"], + "properties": { + "railType": { + "type": "string", + "enum": ["iban", "bban", "bic_account", "rtgs_account", "other"] + }, + "railValue": { "type": "string" }, + "bic": { "type": "string" }, + "validFrom": { "type": "string", "format": "date" }, + "validTo": { "type": "string", "format": "date" } + }, + "additionalProperties": true + } + }, + "aliases": { + "type": "array", + "items": { + "type": "object", + "required": ["aliasType", "aliasValue"], + "properties": { + "aliasType": { + "type": "string", + "enum": [ + "ens", + "custom_ens_tld", + "web3_eth_iban", + "did", + "internal_slug", + "other" + ] + }, + "aliasValue": { "type": "string" }, + "resolver_chain_id": { "type": "integer" }, + "validFrom": { "type": "string", "format": "date-time" }, + "validTo": { "type": "string", "format": "date-time" } + }, + "additionalProperties": true + } + }, + "instruments": { + "type": "array", + "description": "ISIN/CUSIP held or represented at this address when applicable.", + "items": { + "type": "object", + "properties": { + "isin": { "type": "string" }, + "cusip": { "type": "string" }, + "figi": { "type": "string" } + }, + "additionalProperties": true + } + }, + "blockscout": { + "type": "object", + "description": "Hints for label sync (Blockscout /api/v1/labels or UI).", + "properties": { + "label": { "type": "string" }, + "labelType": { + "type": "string", + "enum": ["account", "contract", "token"] + } + }, + "additionalProperties": true + }, + "status": { + "type": "string", + "enum": ["active", "pending", "revoked"] + }, + "lastCorrelationId": { + "type": "string", + "description": "Last mutation tied to a settlement-event correlation_id." + }, + "primary_holder_did": { + "type": "string", + "description": "Default operational DID for this address (Indy did:sov, did:web, etc.); link LEI in entity_id." + }, + "identity_anchor_ref": { + "type": "string", + "description": "Indy NYM, ACA-Py connection, or OIDC subject binding reference for audits." + } + }, + "additionalProperties": true +} diff --git a/config/dbis-institutional/schemas/governance.schema.json b/config/dbis-institutional/schemas/governance.schema.json new file mode 100644 index 0000000..949cabc --- /dev/null +++ b/config/dbis-institutional/schemas/governance.schema.json @@ -0,0 +1,27 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/governance.json", + "title": "DBIS governance.json", + "type": "object", + "required": ["version", "issuedAt", "bodies"], + "properties": { + "version": { "type": "string" }, + "issuedAt": { "type": "string", "format": "date-time" }, + "amendmentProcess": { "type": "string" }, + "bodies": { + "type": "array", + "items": { + "type": "object", + "required": ["id", "name"], + "properties": { + "id": { "type": "string" }, + "name": { "type": "string" }, + "role": { "type": "string" }, + "documentUrl": { "type": "string", "format": "uri" } + }, + "additionalProperties": true + } + } + }, + "additionalProperties": false +} diff --git a/config/dbis-institutional/schemas/member-directory-entry.schema.json b/config/dbis-institutional/schemas/member-directory-entry.schema.json new file mode 100644 index 0000000..8bae79e --- /dev/null +++ b/config/dbis-institutional/schemas/member-directory-entry.schema.json @@ -0,0 +1,64 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/member-directory-entry.json", + "title": "DBIS member directory entry", + "type": "object", + "required": [ + "memberId", + "name", + "jurisdiction", + "memberStatus", + "participationType", + "slug" + ], + "properties": { + "memberId": { "type": "string" }, + "lei": { "type": "string" }, + "name": { "type": "string" }, + "shortName": { "type": "string" }, + "jurisdiction": { "type": "string" }, + "memberStatus": { + "type": "string", + "enum": ["active", "candidate", "suspended", "observer"] + }, + "participationType": { "type": "string" }, + "tier": { + "type": "string", + "enum": [ + "full_central_bank", + "settlement_member", + "observer_member", + "infrastructure_member" + ] + }, + "settlementRole": { "type": "string" }, + "currencyParticipation": { + "type": "array", + "items": { "type": "string" } + }, + "validatorRole": { "type": "string" }, + "nodeParticipationStatus": { "type": "string" }, + "roles": { + "type": "array", + "items": { "type": "string" } + }, + "logoUrl": { "type": "string", "format": "uri" }, + "slug": { + "type": "string", + "pattern": "^[a-z0-9]+(?:-[a-z0-9]+)*$" + }, + "summary": { "type": "string" }, + "hq": { + "type": "object", + "description": "Headquarters WGS84 coordinates for strategic map", + "required": ["lat", "lng"], + "properties": { + "lat": { "type": "number", "minimum": -90, "maximum": 90 }, + "lng": { "type": "number", "minimum": -180, "maximum": 180 }, + "label": { "type": "string" } + }, + "additionalProperties": false + } + }, + "additionalProperties": false +} diff --git a/config/dbis-institutional/schemas/policy-manifest.schema.json b/config/dbis-institutional/schemas/policy-manifest.schema.json new file mode 100644 index 0000000..f1255ab --- /dev/null +++ b/config/dbis-institutional/schemas/policy-manifest.schema.json @@ -0,0 +1,27 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/policy-manifest.json", + "title": "DBIS policy.json manifest", + "type": "object", + "required": ["version", "issuedAt", "policies"], + "properties": { + "version": { "type": "string" }, + "issuedAt": { "type": "string", "format": "date-time" }, + "policies": { + "type": "array", + "items": { + "type": "object", + "required": ["id", "title", "hashSha256"], + "properties": { + "id": { "type": "string" }, + "title": { "type": "string" }, + "effectiveDate": { "type": "string", "format": "date" }, + "documentUrl": { "type": "string", "format": "uri" }, + "hashSha256": { "type": "string", "pattern": "^[a-f0-9]{64}$" } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false +} diff --git a/config/dbis-institutional/schemas/settlement-event.schema.json b/config/dbis-institutional/schemas/settlement-event.schema.json new file mode 100644 index 0000000..44f4ec4 --- /dev/null +++ b/config/dbis-institutional/schemas/settlement-event.schema.json @@ -0,0 +1,143 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/settlement-event.json", + "title": "Canonical settlement event (OMNL / Core / RTGS / Chain 138)", + "description": "Minimum payload for cross-system reconciliation. See docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md sections 6 and 14 (ISO-20022 + DID).", + "type": "object", + "required": [ + "schema_version", + "correlation_id", + "entity_id", + "jurisdiction", + "amount", + "currency", + "event_type" + ], + "properties": { + "schema_version": { + "type": "integer", + "minimum": 1, + "description": "Bump when breaking field semantics." + }, + "correlation_id": { + "type": "string", + "minLength": 8, + "description": "UUID v4, ULID, or org ULID; immutable for the business event." + }, + "entity_id": { + "type": "string", + "description": "LEI (preferred) or internal UUID for legal/cooperative entity." + }, + "jurisdiction": { + "type": "string", + "description": "ISO 3166-1 alpha-2 or ISO 3166-2 style (e.g. US-NY)." + }, + "event_producer": { + "type": "string", + "description": "Logical emitter for routing and audit. Registered ids and descriptions: `event-producers.manifest.json` in this directory.", + "enum": [ + "hybx-omnl-sidecar", + "dbis-core", + "iso-gateway", + "mintauth-relayer", + "chain-settlement-worker", + "omnl-fineract-webhook", + "integration-hub-example", + "manual-operator" + ] + }, + "class_id": { + "type": "string", + "description": "Elemental Imperium class, e.g. C01–C07." + }, + "anchor_id": { "type": "string" }, + "division_id": { "type": "string" }, + "amount": { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]+)?$", + "description": "Decimal amount as string; scale implied by currency or separate field." + }, + "amount_scale": { + "type": "integer", + "minimum": 0, + "maximum": 18, + "description": "Optional explicit minor units (e.g. 2 for USD)." + }, + "currency": { + "type": "string", + "description": "ISO 4217 for fiat, or token symbol / 0x contract on-chain." + }, + "event_type": { + "type": "string", + "enum": [ + "RTGS_OUT", + "RTGS_IN", + "OMNL_JOURNAL_POSTED", + "CHAIN_SETTLEMENT", + "PV_NET", + "TREASURY_RELEASE", + "INTERNAL_TRANSFER", + "NO_CHAIN_LEG" + ] + }, + "no_chain_leg_reason": { + "type": "string", + "description": "When event_type is NO_CHAIN_LEG or internal-only; audit explanation." + }, + "omnl_journal_entry_id": { "type": "integer" }, + "omnl_office_id": { "type": "integer" }, + "dbis_reference": { + "type": "string", + "description": "DBIS Core case or transaction id." + }, + "rtgs_message_ids": { + "type": "object", + "additionalProperties": { "type": "string" }, + "description": "Rail and messaging references. When Chain 138 is the authoritative settlement rail (SWIFT replacement for that flow), primary E2E evidence is correlation_id + chain_id + chain_tx_hash; uetr is optional unless a parallel SWIFT gpi leg exists. **uetr**: SWIFT gpi Unique End-to-End Transaction Reference (UUID) when the payment is on or reported to SWIFT gpi — required on those legs if the counterparty or scheme requires it. **msgId**, **endToEndId**: ISO-20022 / bank message ids. When no UETR exists yet (pre-SWIFT, internal-only, DLT-only, or domestic rail), record agreed internal keys, e.g. **internal_instruction_ref**, **operator_message_ref**, or **audit_file_ref**. Internal refs are not a substitute for a real UETR on SWIFT-settled payments; in hybrid flows map uetr + chain evidence + internal refs. See docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md." + }, + "chain_id": { + "type": "integer", + "description": "EVM chain id; 138 for DeFi Oracle Meta Mainnet." + }, + "chain_tx_hash": { + "type": "string", + "pattern": "^0x[a-fA-F0-9]{64}$" + }, + "ipsas_narrative": { + "type": "string", + "maxLength": 500 + }, + "occurred_at": { + "type": "string", + "format": "date-time", + "description": "Business timestamp in UTC." + }, + "iso_msg_type": { + "type": "string", + "description": "e.g. pacs.008, pain.001, MT103 — aligns with SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY canonical struct." + }, + "iso_instruction_id": { + "type": "string", + "description": "InstrId or hashed instruction key (hex or string per gateway contract)." + }, + "iso_payload_hash": { + "type": "string", + "pattern": "^0x[a-fA-F0-9]{64}$", + "description": "keccak256 of canonical ISO bundle or raw MX/MT fingerprint; ties OMNL/Core to on-chain intake." + }, + "rail_iso_hash": { + "type": "string", + "pattern": "^0x[a-fA-F0-9]{64}$", + "description": "Optional DBIS Rail isoHash from canonical bundle (ISO_GATEWAY_AND_RELAYER_SPEC)." + }, + "holder_did": { + "type": "string", + "description": "W3C DID of payment initiator or account holder when VC/DID path used (Indy did:sov, did:web, etc.)." + }, + "identity_verification_ref": { + "type": "string", + "description": "Reference to ACA-Py proof request, OIDC session, or eIDAS connector correlation id." + } + }, + "additionalProperties": true +} diff --git a/config/dbis-institutional/schemas/trust.schema.json b/config/dbis-institutional/schemas/trust.schema.json new file mode 100644 index 0000000..af51327 --- /dev/null +++ b/config/dbis-institutional/schemas/trust.schema.json @@ -0,0 +1,31 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/trust.json", + "title": "DBIS trust.json", + "type": "object", + "required": ["version", "issuedAt", "endpoints"], + "properties": { + "version": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" }, + "issuedAt": { "type": "string", "format": "date-time" }, + "organization": { "type": "string" }, + "endpoints": { + "type": "object", + "additionalProperties": { "type": "string", "format": "uri" }, + "properties": { + "didRegistry": { "type": "string", "format": "uri" }, + "dataApi": { "type": "string", "format": "uri" }, + "explorer": { "type": "string", "format": "uri" }, + "status": { "type": "string", "format": "uri" }, + "developers": { "type": "string", "format": "uri" }, + "gitea": { "type": "string", "format": "uri" } + } + }, + "jwksUri": { "type": "string", "format": "uri" }, + "caHints": { + "type": "array", + "items": { "type": "string" } + }, + "notes": { "type": "string" } + }, + "additionalProperties": false +} diff --git a/config/gitea/dbis-ci-template/README.md b/config/gitea/dbis-ci-template/README.md new file mode 100644 index 0000000..e2bfaa7 --- /dev/null +++ b/config/gitea/dbis-ci-template/README.md @@ -0,0 +1,5 @@ +# DBIS Gitea CI template + +Copy `example-workflow.yml` into a repository as `.gitea/workflows/ci.yml`. + +Gitea Actions availability depends on server configuration; if Actions are disabled, use external CI (e.g. Drone, Jenkins) with the same stages: checkout → install → lint → test → build. diff --git a/config/gitea/dbis-ci-template/example-workflow.yml b/config/gitea/dbis-ci-template/example-workflow.yml new file mode 100644 index 0000000..9d6393e --- /dev/null +++ b/config/gitea/dbis-ci-template/example-workflow.yml @@ -0,0 +1,25 @@ +# Gitea Actions — example CI for DBIS ecosystem repos +# Path in repo: .gitea/workflows/ci.yml (adjust for your Gitea version) +name: ci +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] +jobs: + build: + runs-on: docker + steps: + - uses: actions/checkout@v4 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: "20" + - name: Install + run: npm ci || pnpm install --frozen-lockfile || yarn install --frozen-lockfile + - name: Lint + run: npm run lint --if-present + - name: Test + run: npm test --if-present + - name: Build + run: npm run build --if-present diff --git a/config/gru-iso4217-currency-manifest.json b/config/gru-iso4217-currency-manifest.json new file mode 100644 index 0000000..13e05d7 --- /dev/null +++ b/config/gru-iso4217-currency-manifest.json @@ -0,0 +1,226 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "name": "GRU ISO-4217 Currency Manifest", + "version": "1.0.0", + "updated": "2026-03-31", + "canonicalChainId": 138, + "standardsProfileRef": "config/gru-standards-profile.json", + "coverage": { + "appliesToCurrentAndFutureCurrencies": true, + "targetUniverse": [ + "all ISO-4217 fiat currencies adopted into GRU", + "governance-approved commodities and additional monetary units" + ], + "transportMethodology": "Chain 138 canonical c* with mirrored cW* transport on compatible public chains" + }, + "notes": "Canonical GRU-supported ISO-4217 and commodity currency set for c* and cW* onboarding, routing, explorer metadata, and FX integration. This is the machine-readable source of truth for supported currencies, token families, lifecycle state, and canonical logo assignment.", + "currencies": [ + { + "code": "USD", + "name": "US Dollar", + "type": "fiat", + "minorUnits": 2, + "status": { + "planned": true, + "deployed": true, + "transportActive": true, + "x402Ready": true + }, + "canonicalAssets": { + "coin": { + "symbol": "cUSDC", + "v1Address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "v2Address": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99", + "activeVersion": "v1", + "x402PreferredVersion": "v2", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cUSDC.svg" + }, + "token": { + "symbol": "cUSDT", + "v1Address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "v2Address": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29", + "activeVersion": "v1", + "x402PreferredVersion": "v2", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cUSDT.svg" + } + }, + "wrappedAssets": { + "coin": "cWUSDC", + "token": "cWUSDT" + } + }, + { + "code": "EUR", + "name": "Euro", + "type": "fiat", + "minorUnits": 2, + "status": { + "planned": true, + "deployed": true, + "transportActive": false, + "x402Ready": false + }, + "canonicalAssets": { + "coin": { + "symbol": "cEURC", + "address": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cEURC.svg" + }, + "token": { + "symbol": "cEURT", + "address": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cEURT.svg" + } + }, + "wrappedAssets": { + "coin": "cWEURC", + "token": "cWEURT" + } + }, + { + "code": "GBP", + "name": "Pound Sterling", + "type": "fiat", + "minorUnits": 2, + "status": { + "planned": true, + "deployed": true, + "transportActive": false, + "x402Ready": false + }, + "canonicalAssets": { + "coin": { + "symbol": "cGBPC", + "address": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cGBPC.svg" + }, + "token": { + "symbol": "cGBPT", + "address": "0x350f54e4D23795f86A9c03988c7135357CCaD97c", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cGBPT.svg" + } + }, + "wrappedAssets": { + "coin": "cWGBPC", + "token": "cWGBPT" + } + }, + { + "code": "AUD", + "name": "Australian Dollar", + "type": "fiat", + "minorUnits": 2, + "status": { + "planned": true, + "deployed": true, + "transportActive": false, + "x402Ready": false + }, + "canonicalAssets": { + "coin": { + "symbol": "cAUDC", + "address": "0xD51482e567c03899eecE3CAe8a058161FD56069D", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cAUDC.svg" + } + }, + "wrappedAssets": { + "coin": "cWAUDC" + } + }, + { + "code": "JPY", + "name": "Japanese Yen", + "type": "fiat", + "minorUnits": 0, + "status": { + "planned": true, + "deployed": true, + "transportActive": false, + "x402Ready": false + }, + "canonicalAssets": { + "coin": { + "symbol": "cJPYC", + "address": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cJPYC.svg" + } + }, + "wrappedAssets": { + "coin": "cWJPYC" + } + }, + { + "code": "CHF", + "name": "Swiss Franc", + "type": "fiat", + "minorUnits": 2, + "status": { + "planned": true, + "deployed": true, + "transportActive": false, + "x402Ready": false + }, + "canonicalAssets": { + "coin": { + "symbol": "cCHFC", + "address": "0x873990849DDa5117d7C644f0aF24370797C03885", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cCHFC.svg" + } + }, + "wrappedAssets": { + "coin": "cWCHFC" + } + }, + { + "code": "CAD", + "name": "Canadian Dollar", + "type": "fiat", + "minorUnits": 2, + "status": { + "planned": true, + "deployed": true, + "transportActive": false, + "x402Ready": false + }, + "canonicalAssets": { + "coin": { + "symbol": "cCADC", + "address": "0x54dBd40cF05e15906A2C21f600937e96787f5679", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cCADC.svg" + } + }, + "wrappedAssets": { + "coin": "cWCADC" + } + }, + { + "code": "XAU", + "name": "Gold", + "type": "commodity", + "minorUnits": null, + "unitOfAccount": "troy_ounce", + "status": { + "planned": true, + "deployed": true, + "transportActive": false, + "x402Ready": false + }, + "canonicalAssets": { + "coin": { + "symbol": "cXAUC", + "address": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cXAUC.svg" + }, + "token": { + "symbol": "cXAUT", + "address": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E", + "logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cXAUT.svg" + } + }, + "wrappedAssets": { + "coin": "cWXAUC", + "token": "cWXAUT" + } + } + ] +} diff --git a/config/gru-standards-profile.json b/config/gru-standards-profile.json new file mode 100644 index 0000000..acfd883 --- /dev/null +++ b/config/gru-standards-profile.json @@ -0,0 +1,175 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "name": "GRU Standards Profile", + "profileId": "gru-c-star-v2-transport-and-payment", + "version": "1.0.0", + "updated": "2026-03-31", + "canonicalChainId": 138, + "notes": "Machine-readable standards profile for canonical c* V2 money on Chain 138, mirrored cW* public-chain transport, x402 payment capability, ISO-4217 coverage, and GRU governance/policy enforcement.", + "references": { + "transportOverlay": "config/gru-transport-active.json", + "currencyManifest": "config/gru-iso4217-currency-manifest.json", + "standardsMatrixDoc": "docs/04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md", + "x402SupportDoc": "docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md", + "fxOnboardingDoc": "docs/04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md" + }, + "scope": { + "canonicalAssetPrefix": "c", + "wrappedAssetPrefix": "cW", + "canonicalMethodology": "Chain 138 is the canonical monetary layer for c*. Compatible public chains use mirrored cW* transport assets via lock on 138 and mint on destination.", + "targetCurrencyCoverage": [ + "all ISO-4217 fiat currencies adopted into the GRU currency manifest", + "governance-approved commodities and additional monetary units beyond ISO-4217" + ], + "compatibilityBoundary": [ + "token mapping exists in config/token-mapping-multichain.json", + "destination cW deployment is non-zero in cross-chain-pmm-lps/config/deployment-status.json", + "bridgeAvailable is true in cross-chain-pmm-lps/config/deployment-status.json", + "destination chain is explicitly enabled in config/gru-transport-active.json" + ] + }, + "paymentProfiles": [ + { + "id": "x402", + "requiredOn": [ + "canonical_c_star_v2" + ], + "recommendedOn": [ + "mirrored_cw_v2" + ], + "requiresAnyOf": [ + "ERC-2612", + "ERC-3009" + ], + "dependsOn": [ + "EIP-712", + "ERC-5267" + ] + } + ], + "baseTokenStandards": [ + { + "id": "ERC-20", + "required": true + }, + { + "id": "AccessControl", + "required": true + }, + { + "id": "Pausable", + "required": true + }, + { + "id": "EIP-712", + "required": true + }, + { + "id": "ERC-2612", + "required": true + }, + { + "id": "ERC-3009", + "required": true + }, + { + "id": "ERC-5267", + "required": true + }, + { + "id": "IeMoneyToken", + "required": true, + "repoInterface": "contracts/emoney/interfaces/IeMoneyToken.sol" + } + ], + "transportAndWrapperStandards": [ + { + "id": "CompliantWrappedToken", + "layer": "public_transport", + "required": true + }, + { + "id": "CWMultiTokenBridgeL1", + "layer": "bridge", + "required": true + }, + { + "id": "CWReserveVerifier", + "layer": "bridge", + "required": true + }, + { + "id": "CWMultiTokenBridgeL2", + "layer": "bridge", + "required": true + } + ], + "adjacentAllowedButNotBaseToken": [ + { + "id": "ERC-3156", + "location": "wrapper_only" + }, + { + "id": "ERC-4626", + "location": "vault_only" + }, + { + "id": "EIP-1271", + "location": "smart_account_or_wallet_registry" + }, + { + "id": "ERC-1363", + "location": "specialized_adapter_only" + } + ], + "governanceAndPolicyStandards": [ + { + "id": "ERC-2535", + "component": "gru_m00_diamond", + "required": true + }, + { + "id": "StandardsRegistryFacet", + "required": true + }, + { + "id": "GovernanceLevelFacet", + "required": true + }, + { + "id": "PolicyRouterFacet", + "required": true + }, + { + "id": "ComplianceGateFacet", + "required": true + }, + { + "id": "AccountingGateFacet", + "required": true + }, + { + "id": "MessagingGateFacet", + "required": true + }, + { + "id": "ReserveGateFacet", + "required": true + }, + { + "id": "ISO-20022 Canonical Message Model", + "required": true + } + ], + "lifecycleDefaults": { + "transportActiveDefault": false, + "x402ReadyDefault": false, + "forwardCanonicalVersionPolicy": "one_forward_canonical_version_per_asset_family" + }, + "currentActivationExample": { + "activeCanonicalCurrencyCodes": [ + "USD" + ], + "transportOverlayRef": "config/gru-transport-active.json" + } +} diff --git a/config/gru-transport-active.json b/config/gru-transport-active.json new file mode 100644 index 0000000..d58ff6a --- /dev/null +++ b/config/gru-transport-active.json @@ -0,0 +1,863 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "description": "GRU Monetary Transport Layer active-policy overlay. This file gates which canonical c* assets, cW* destinations, bridge peers, and public pools are active for routing, exposure, and MCP visibility.", + "version": "1.2.0", + "updated": "2026-03-31", + "standardsProfileRef": "config/gru-standards-profile.json", + "system": { + "name": "GRU Monetary Transport Layer", + "shortName": "GRU Transport", + "canonicalChainId": 138, + "canonicalChainName": "Chain 138", + "transportClass": "Compliant Wrapped ISO-4217 M1", + "publicPoolModel": "local_edge_pools", + "hardPegTruth": "redeemable_at_par_into_canonical_c_star", + "wethTransportSeparated": true, + "notes": "Canonical c* remains on Chain 138. Public chains carry cW* as the mirrored transport form. Existing WETH routes remain separate from GRU Transport." + }, + "terminology": { + "canonicalAsset": "Canonical c* asset on Chain 138.", + "mirroredCwAsset": "Public-network cW* representation of a canonical c* asset.", + "activeTransportPair": "A canonical-to-mirrored pair explicitly enabled by this overlay and allowed to route.", + "activePublicPool": "A public-chain local edge pool that is explicitly enabled for token-aggregation exposure.", + "hardPegEligiblePair": "A pair whose outbound wrapping is governed by reserve-verifier checks and per-destination outstanding limits." + }, + "enabledCanonicalTokens": [ + { + "symbol": "cUSDT", + "currencyCode": "USD", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "phase": "v1", + "reserveVerifierKey": "chain138-hard-peg", + "activeVersion": "v1", + "activeAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "x402PreferredVersion": "v2", + "x402PreferredAddress": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29", + "cutover": { + "liquidityActiveVersion": "v1", + "transportActiveVersion": "v1", + "explorerPrimaryVersion": "v1", + "x402ReadyVersion": "v2", + "nextAction": "Complete cW/pool migration before flipping canonical routing to V2." + }, + "deployments": [ + { + "version": "v1", + "address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "status": "active", + "purpose": "Live Chain 138 liquidity, PMM pools, and current transport routes.", + "forwardCanonical": false + }, + { + "version": "v2", + "address": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29", + "status": "staged", + "purpose": "Permit/auth-capable x402 payments and next GRU transport cutover.", + "forwardCanonical": false + } + ] + }, + { + "symbol": "cUSDC", + "currencyCode": "USD", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "phase": "v1", + "reserveVerifierKey": "chain138-hard-peg", + "activeVersion": "v1", + "activeAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "x402PreferredVersion": "v2", + "x402PreferredAddress": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99", + "cutover": { + "liquidityActiveVersion": "v1", + "transportActiveVersion": "v1", + "explorerPrimaryVersion": "v1", + "x402ReadyVersion": "v2", + "nextAction": "Complete cW/pool migration before flipping canonical routing to V2." + }, + "deployments": [ + { + "version": "v1", + "address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "status": "active", + "purpose": "Live Chain 138 liquidity, PMM pools, and current transport routes.", + "forwardCanonical": false + }, + { + "version": "v2", + "address": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99", + "status": "staged", + "purpose": "Permit/auth-capable x402 payments and next GRU transport cutover.", + "forwardCanonical": false + } + ] + } + ], + "enabledDestinationChains": [ + { + "chainId": 25, + "name": "Cronos", + "phase": "v1", + "peerKey": "cronos" + }, + { + "chainId": 56, + "name": "BSC", + "phase": "v1", + "peerKey": "bsc" + }, + { + "chainId": 137, + "name": "Polygon", + "phase": "v1", + "peerKey": "polygon" + }, + { + "chainId": 43114, + "name": "Avalanche C-Chain", + "phase": "v1", + "peerKey": "avalanche" + }, + { + "chainId": 42161, + "name": "Arbitrum One", + "phase": "v1", + "peerKey": "arbitrum" + }, + { + "chainId": 8453, + "name": "Base", + "phase": "v1", + "peerKey": "base" + }, + { + "chainId": 10, + "name": "Optimism", + "phase": "v1", + "peerKey": "optimism" + }, + { + "chainId": 100, + "name": "Gnosis Chain", + "phase": "v1", + "peerKey": "gnosis" + }, + { + "chainId": 1, + "name": "Ethereum Mainnet", + "phase": "v1", + "peerKey": "mainnet" + } + ], + "approvedBridgePeers": [ + { + "key": "cronos", + "chainId": 25, + "chainName": "Cronos", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_CRONOS" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "mainnet", + "chainId": 1, + "chainName": "Ethereum Mainnet", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_MAINNET" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "bsc", + "chainId": 56, + "chainName": "BSC", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_BSC" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "polygon", + "chainId": 137, + "chainName": "Polygon", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_POLYGON" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "avalanche", + "chainId": 43114, + "chainName": "Avalanche C-Chain", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_AVALANCHE" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "arbitrum", + "chainId": 42161, + "chainName": "Arbitrum One", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_ARBITRUM" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "base", + "chainId": 8453, + "chainName": "Base", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_BASE" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "optimism", + "chainId": 10, + "chainName": "Optimism", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_OPTIMISM" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + }, + { + "key": "gnosis", + "chainId": 100, + "chainName": "Gnosis Chain", + "bridgeKind": "cw_multi_token", + "l1Bridge": { + "env": "CHAIN138_L1_BRIDGE" + }, + "l2Bridge": { + "env": "CW_BRIDGE_GNOSIS" + }, + "freezeTokenPairRequired": true, + "freezeDestinationRequired": true + } + ], + "reserveVerifiers": { + "chain138-hard-peg": { + "chainId": 138, + "bridgeRef": { + "env": "CHAIN138_L1_BRIDGE" + }, + "verifierRef": { + "env": "CW_RESERVE_VERIFIER_CHAIN138" + }, + "vaultRef": { + "env": "CW_STABLECOIN_RESERVE_VAULT" + }, + "reserveSystemRef": { + "env": "CW_RESERVE_SYSTEM" + }, + "requireVaultBacking": true, + "requireReserveSystemBalance": true, + "requireTokenOwnerMatchVault": true + } + }, + "transportPairs": [ + { + "key": "138-25-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 25, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "cronos", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_CRONOS" + }, + "publicPoolKeys": [ + "25-cWUSDT-USDT" + ] + }, + { + "key": "138-25-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 25, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "cronos", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_CRONOS" + }, + "publicPoolKeys": [ + "25-cWUSDC-USDT" + ] + }, + { + "key": "138-56-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 56, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "bsc", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_BSC" + }, + "publicPoolKeys": [ + "56-cWUSDT-USDT" + ] + }, + { + "key": "138-56-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 56, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "bsc", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_BSC" + }, + "publicPoolKeys": [ + "56-cWUSDC-USDT" + ] + }, + { + "key": "138-137-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 137, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "polygon", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_POLYGON" + }, + "publicPoolKeys": [ + "137-cWUSDT-USDC" + ] + }, + { + "key": "138-137-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 137, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "polygon", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_POLYGON" + }, + "publicPoolKeys": [ + "137-cWUSDC-USDC" + ] + }, + { + "key": "138-43114-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 43114, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "avalanche", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_AVALANCHE" + }, + "publicPoolKeys": [ + "43114-cWUSDT-USDC" + ] + }, + { + "key": "138-43114-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 43114, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "avalanche", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_AVALANCHE" + }, + "publicPoolKeys": [ + "43114-cWUSDC-USDC" + ] + }, + { + "key": "138-42161-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 42161, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "arbitrum", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_ARBITRUM" + }, + "publicPoolKeys": [ + "42161-cWUSDT-USDC" + ] + }, + { + "key": "138-42161-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 42161, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "arbitrum", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_ARBITRUM" + }, + "publicPoolKeys": [ + "42161-cWUSDC-USDC" + ] + }, + { + "key": "138-8453-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 8453, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "base", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_BASE" + }, + "publicPoolKeys": [ + "8453-cWUSDT-USDC" + ] + }, + { + "key": "138-8453-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 8453, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "base", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_BASE" + }, + "publicPoolKeys": [ + "8453-cWUSDC-USDC" + ] + }, + { + "key": "138-10-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 10, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "optimism", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_OPTIMISM" + }, + "publicPoolKeys": [ + "10-cWUSDT-USDC" + ] + }, + { + "key": "138-10-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 10, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "optimism", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_OPTIMISM" + }, + "publicPoolKeys": [ + "10-cWUSDC-USDC" + ] + }, + { + "key": "138-100-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 100, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "gnosis", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_GNOSIS" + }, + "publicPoolKeys": [ + "100-cWUSDT-USDC" + ] + }, + { + "key": "138-100-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 100, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "gnosis", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_GNOSIS" + }, + "publicPoolKeys": [ + "100-cWUSDC-USDC" + ] + }, + { + "key": "138-1-cUSDT-cWUSDT", + "canonicalChainId": 138, + "destinationChainId": 1, + "canonicalSymbol": "cUSDT", + "mirroredSymbol": "cWUSDT", + "mappingKey": "Compliant_USDT_cW", + "peerKey": "mainnet", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDT_MAINNET" + }, + "publicPoolKeys": [ + "1-cWUSDT-USDC" + ] + }, + { + "key": "138-1-cUSDC-cWUSDC", + "canonicalChainId": 138, + "destinationChainId": 1, + "canonicalSymbol": "cUSDC", + "mirroredSymbol": "cWUSDC", + "mappingKey": "Compliant_USDC_cW", + "peerKey": "mainnet", + "phase": "v1", + "routeDiscoveryEnabled": true, + "mcpVisible": true, + "reserveVerifierKey": "chain138-hard-peg", + "maxOutstanding": { + "required": true, + "env": "CW_MAX_OUTSTANDING_USDC_MAINNET" + }, + "publicPoolKeys": [ + "1-cWUSDC-USDC" + ] + } + ], + "publicPools": [ + { + "key": "25-cWUSDT-USDT", + "chainId": 25, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDT", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "25-cWUSDC-USDT", + "chainId": 25, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDT", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "56-cWUSDT-USDT", + "chainId": 56, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDT", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "56-cWUSDC-USDT", + "chainId": 56, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDT", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "137-cWUSDT-USDC", + "chainId": 137, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "137-cWUSDC-USDC", + "chainId": 137, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "43114-cWUSDT-USDC", + "chainId": 43114, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "43114-cWUSDC-USDC", + "chainId": 43114, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "42161-cWUSDT-USDC", + "chainId": 42161, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "42161-cWUSDC-USDC", + "chainId": 42161, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "8453-cWUSDT-USDC", + "chainId": 8453, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "8453-cWUSDC-USDC", + "chainId": 8453, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "10-cWUSDT-USDC", + "chainId": 10, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "10-cWUSDC-USDC", + "chainId": 10, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "100-cWUSDT-USDC", + "chainId": 100, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "100-cWUSDC-USDC", + "chainId": 100, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "1-cWUSDT-USDC", + "chainId": 1, + "baseSymbol": "cWUSDT", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + }, + { + "key": "1-cWUSDC-USDC", + "chainId": 1, + "baseSymbol": "cWUSDC", + "quoteSymbol": "USDC", + "poolAddress": null, + "active": false, + "routingEnabled": false, + "mcpVisible": false, + "phase": "v1" + } + ] +} diff --git a/config/ip-addresses.conf b/config/ip-addresses.conf index e358655..9aa7348 100644 --- a/config/ip-addresses.conf +++ b/config/ip-addresses.conf @@ -87,6 +87,7 @@ ORDER_POSTGRES_PRIMARY="192.168.11.44" ORDER_POSTGRES_REPLICA="192.168.11.45" # Dedicated order-redis LXC (e.g. VMID 10020) not present on cluster as of 2026-03; reserve for scripts / future CT ORDER_REDIS_IP="192.168.11.38" +IP_ORDER_MCP_LEGAL="192.168.11.94" # DBIS Service IPs DBIS_POSTGRES_PRIMARY="192.168.11.105" @@ -113,6 +114,12 @@ IP_FIREFLY_2="192.168.11.67" IP_BESU_SENTRY="192.168.11.154" IP_DBIS_API="192.168.11.155" IP_DBIS_API_2="192.168.11.156" +# d-bis.org public apex — Gov Portals DBIS on VMID 7804 (same as dbis.xom-dev :3001); override when production host is pinned +IP_DBIS_PUBLIC_APEX="${IP_DBIS_PUBLIC_APEX:-192.168.11.54}" +DBIS_PUBLIC_APEX_PORT="${DBIS_PUBLIC_APEX_PORT:-3001}" +# core.d-bis.org — DBIS Core banking client portal; default API VM until dedicated UI (dbis_core); override in .env when UI has its own upstream +IP_DBIS_CORE_CLIENT="${IP_DBIS_CORE_CLIENT:-192.168.11.155}" +DBIS_CORE_CLIENT_PORT="${DBIS_CORE_CLIENT_PORT:-3000}" # Additional service/container IPs (for remaining script migration) IP_VALIDATOR_0="192.168.11.100" @@ -195,6 +202,9 @@ IP_GOV_PORTALS_DEV="192.168.11.54" # Order legal (VMID 10070) — **not** .54 (that is exclusive to VMID 7804 gov-portals). Fixed duplicate ARP 2026-03-25. IP_ORDER_LEGAL="192.168.11.87" +# Order MCP legal (VMID 10092) — moved off 192.168.11.37 on 2026-03-29 to avoid conflicting with MIM4U VMID 7810. +IP_ORDER_MCP_LEGAL="${IP_ORDER_MCP_LEGAL:-192.168.11.94}" + # Sankofa Studio (VMID 7805) — FusionAI Creator / Phoenix Marketplace SaaS at studio.sankofa.nexus # Note: 192.168.11.55 is used by VMID 10230 (order-vault); .72 chosen to avoid conflict. IP_SANKOFA_STUDIO="192.168.11.72" diff --git a/config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md b/config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md new file mode 100644 index 0000000..1e34a07 --- /dev/null +++ b/config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md @@ -0,0 +1,121 @@ +# INAAUDJVMTM / 2025 — Audit tables → E2E archive closure matrix + +**Engagement / file reference:** `018215821582` / **INAAUDJVMTM** / **2025** +**Purpose:** Map **Tables B, C, D** (weakness vs standard, transaction flow, systemic risk) to **what this repository stages** in the OMNL E2E settlement audit zip, **without overstating** examination credit. Templates and schemas **define** controls; **generators, vendor exports, and executed drills** **prove** them — see [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md). + +**Not legal or supervisory advice.** OJK/BI expectations must be confirmed with counsel and supervisors. + +--- + +## A. JVMTM scope + +This package treats **JVMTM** as the **audit / working-paper framing** for OMNL-related **reconciliation, validation, continuity, finality, liquidity, messaging, and exceptions**. The archive is a **structured evidence bundle** plus **runbooks**; it does **not** by itself certify **production** compliance until **live** artifacts populate **`JVMTM_CLOSURE_DIR`** and generators are run against **real** systems. + +**Primary narrative / identifier policy:** [docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) (includes **`internal_instruction_ref`** pattern for this engagement). + +--- + +## B. Weakness vs regulatory standards — audit table + closure mapping + +### B.1 Audit table (source structure) + +| No | Risk area | OMNL system condition | OJK / BI regulatory standard | Gap / violation | Impact | +|----|-----------|------------------------|------------------------------|-----------------|--------| +| 1 | Reconciliation | No automated reconciliation | Mandatory daily reconciliation & matching system | No 3-way matching | Balance discrepancies & audit failure | +| 2 | Transaction validation | Relies on “credit advice” | Mandatory transaction verification (KYT, SWIFT, ledger) | Vulnerable to spoofing | Fraud & unauthorized payments | +| 3 | Single point of failure | OMNL as central dependency | Mandatory BCP & DRC | No failover mechanism | Total system outage | +| 4 | Business continuity | No contingency plan | Mandatory disaster recovery plan | Non-compliant | Operational disruption | +| 5 | Settlement finality | No clear finality point | Must be final & irrevocable | Undefined finality | Legal disputes | +| 6 | Closed-loop confirmation | Confirmation after credit | Must have ACK before settlement | Reversed process flow | Unconfirmed transactions | +| 7 | Liquidity control | No prefunding mechanism | Mandatory prefunded / liquidity control | High settlement risk | Payment failure | +| 8 | Balance monitoring | No visibility for correspondent bank | Real-time balance monitoring required | Blind position | Over-credit risk | +| 9 | Messaging standard | No standardized messaging | Structured messaging required | Non-interoperable | Communication errors | +| 10 | Exception handling | No error handling mechanism | Mandatory exception handling system | Uncontrolled errors | Double posting | + +### B.2 Closure mapping (how the archive responds) + +| No | Posture | What the archive provides | Honest boundary (what remains org/production) | +|----|---------|---------------------------|-----------------------------------------------| +| 1 | **PARTIAL → OPERATIONAL when run** | **`reconciliation/daily-3way-reconciliation-report.json`** (template or live); **`scripts/omnl/generate-3way-reconciliation-evidence.sh`** → **`reconciliation/3way-result.json`** when executed (Fineract GL + Chain 138 `balanceOf` + optional bank JSON); **`settlement-event.schema.json`** + events under **`settlement-events/`** with **`correlation_id`**. | **Daily automated** job in production, **bank-issued** statement/API, and **supervisor-agreed** matching rules are **outside** the repo. | +| 2 | **PARTIAL → OPERATIONAL when integrated** | **`validation/kyt-screening-result.json`** (template); **`scripts/omnl/fetch-kyt-vendor-report.sh`** (**refuses** fabricated PASS); ledger/journal evidence optional via **`FETCH_LIVE_EVIDENCE=1`**; **chain** finality fingerprint **`chain_tx_hash`** + runbook. **DLT-primary** leg: structured event without SWIFT per OJK policy doc. | **Production KYT vendor**, **SWIFT/UETR** when the rail is SWIFT, and **counterparty** verification are **operational**. | +| 3 | **DOCUMENTED + SMOKE** | **`scripts/omnl/bcp-rpc-failover-smoke.sh`** (real RPC reachability; optional secondary URL); **`bcp/failover-test-log.txt`**, **`bcp/recovery-time-report.json`** (structure). RTGS / Core runbooks in **`docs/`** (bundled). | **Fineract/Core HA**, **data-centre DR**, and **RTO/RPO** **certification** are **infrastructure / org** scope — not fully provable from this zip alone. | +| 4 | **PARTIAL (template + path)** | **`disaster-recovery/DR-simulation-report.json`**; **`bcp/recovery-time-report.json`**; exception/retry artefacts. | **Executed** DR drill logs, **board-approved** BCP, and **regulator-reviewed** plans must be **attached live**. | +| 5 | **PARTIAL + RAIL FRAMING** | **Chain 138** attestation receipt **`evidence/chain138-attestation-receipt.txt`**; settlement events **`FINALIZED`**; **`reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json`** (declared narrative — counsel); OJK doc **§2** (on-chain vs SWIFT finality). | **Legal** finality and **interbank** scheme rules are **counsel / counterparty**; repo states **technical** and **documented** finality points. | +| 6 | **PARTIAL → OPERATIONAL when run** | **`acknowledgements/pre-settlement-ack.json`**; **`scripts/omnl/verify-ack-before-credit.sh`** (ACK timestamp vs Fineract journal). | Must be run per **live** journal id; **process SOP** must mandate **ACK-before-credit** in operations. | +| 7 | **PARTIAL (structure + narrative)** | **`liquidity/prefunding-proof.json`**; reserve **`prefunding`** / liquidity narrative in **`reserve-provenance-package/`**. | **Live** nostro/prefunding **proof** and **limits** are **treasury / bank** evidence. | +| 8 | **PARTIAL** | **`monitoring/real-time-balance-snapshot.json`**; **3-way** script surfaces **on-chain** balance; optional Fineract **`glaccounts` / journals** in **`evidence/`** when **`FETCH_LIVE_EVIDENCE=1`**. | **Correspondent bank** visibility and **24/7** monitoring are **production** integrations. | +| 9 | **ADDRESSED (structured messaging)** | **`settlement-event.schema.json`**; examples with **`iso_*`**, **`rtgs_message_ids`**, **`internal_instruction_ref`** / **`audit_file_ref`**; ISO methodology docs bundled. **Chain 138 as SWIFT-replacement** documented in OJK policy. | **SWIFT network** message types in production require **live gateway**; repo provides **canonical JSON** and **mapping** runbooks. | +| 10 | **ADDRESSED (structure)** | **`exceptions/exception-policy.md`**, **`exceptions/sample-exception-event.json`**, **`exceptions/retry-log.txt`**. | **Production** ticketing volume and **maker-checker** enforcement are **operational** evidence beyond templates. | + +**Summary:** Rows **1–8** typically need **live** data or **org** programs to reach **full** supervisory satisfaction; the archive **does not** claim otherwise. Rows **9–10** are **strongest** on **machine-readable structure** in-repo. **Positive sidestep:** where **Chain 138** is policy-selected as **settlement rail**, **control parity** (finality, correlation, reconciliation, KYT) is **argued** in docs and **demonstrated** with **generators + events**, not by pretending **SWIFT** was used. + +--- + +## C. Transaction flow issues — audit table + remediation path + +### C.1 Audit table (source structure) + +| Stage | Current flow | Issue | Regulatory standard | Impact | +|-------|--------------|-------|---------------------|--------| +| 1 | Instruction sent | No pre-validation | Mandatory pre-validation | Invalid transactions risk | +| 2 | OMNL debited | No balance verification | Prefunding check required | Overdraft risk | +| 3 | Beneficiary credited | Before confirmation | Must occur after ACK | Invalid settlement | +| 4 | Confirmation sent | Post-credit (too late) | Pre-settlement ACK required | No closed-loop | +| 5 | Reconciliation | Manual / none | Must be automated | Data mismatch | + +### C.2 Remediation path in this package + +| Stage | Control / artifact | Script or path | +|-------|-------------------|----------------| +| 1 | Schema validation + typed settlement events + optional ISO hashes | `schemas/settlement-event.schema.json`, `settlement-events/*.json`, `validate-dbis-institutional-schemas.sh` | +| 2 | Prefunding proof container + treasury policy hook | `liquidity/prefunding-proof.json`, reserve package | +| 3–4 | ACK-before-credit + timestamp evidence | `acknowledgements/pre-settlement-ack.json`, `verify-ack-before-credit.sh` | +| 5 | 3-way reconciliation generator + daily report | `generate-3way-reconciliation-evidence.sh`, `reconciliation/daily-3way-reconciliation-report.json`, `reconciliation/3way-result.json` | + +**Caveat:** Stages **3–4** are **only proven** when **`verify-ack-before-credit.sh`** is run against **real** IDs and **ACK timestamps** precede **credit** in Fineract (or equivalent). + +--- + +## D. Systemic risk assessment — mapping to mitigations + +### D.1 Audit table (source structure) + +| No | Risk type | Description | Potential impact | +|----|-----------|-------------|------------------| +| 1 | Operational risk | Full dependency on OMNL | Total system shutdown | +| 2 | Fraud risk | Credit advice can be falsified | Financial loss | +| 3 | Settlement risk | No prefunding | Payment default | +| 4 | Reconciliation risk | No matching system | Reporting discrepancies | +| 5 | Legal risk | No settlement finality | Interbank disputes | +| 6 | Liquidity risk | No fund control | Cash flow mismatch | + +### D.2 Mitigations staged or documented + +| No | Mitigation (archive) | Limitation | +|----|----------------------|------------| +| 1 | BCP/DR **templates**, RPC **failover smoke**, runbooks | Does not replace **platform HA** or **multi-site** OMNL | +| 2 | **KYT** vendor hook (no fake PASS), **on-chain** `chain_tx_hash`, structured events | Does not replace **bank** confirmation or **SWIFT** gpi when applicable | +| 3 | **`prefunding-proof.json`** + reserve narratives | **Live** nostro proof required | +| 4 | **3-way** generator + **`correlation_id`** spine | **Automated daily** + **bank file** required for full credit | +| 5 | **Chain attestation** + settlement status + legal declarations (counsel) | **Court** / **scheme** finality still external | +| 6 | Prefunding + liquidity JSON + reconciliation | **Treasury** operating limits out of band | + +--- + +## Success criteria (how to read “positive sidestep”) + +1. **Examiners** see **traceable** mapping from **each audit row** to **a path** (artifact, script, or doc), not a blank denial. +2. **Templates** are explicitly labeled where **live** evidence is still required — see [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md). +3. **Chain 138 / DLT-primary** flows are **not** presented as **SWIFT**; they are presented as **alternative rail** with **documented** identifier and **finality** mapping per OJK policy. +4. **`JVMTM_CLOSURE_DIR`** overrides stage **examination-grade** JSON without editing the repo. + +--- + +## Operator checklist (before calling the bundle “complete”) + +- [ ] Run **`generate-3way-reconciliation-evidence.sh`** and confirm **`reconciliation/3way-result.json`** in the zip. +- [ ] Run **`verify-ack-before-credit.sh`** for at least one production-like journal and retain logs. +- [ ] Configure KYT vendor or accept **PENDING** and document why. +- [ ] Run **`bcp-rpc-failover-smoke.sh`** or attach **real** DR/BCP logs to **`JVMTM_CLOSURE_DIR`**. +- [ ] Point **`JVMTM_CLOSURE_DIR`** at **filled** `daily-3way-reconciliation-report.json`, `prefunding-proof.json`, `pre-settlement-ack.json` as appropriate. +- [ ] Ensure **`internal_instruction_ref`** or **`audit_file_ref`** in settlement events ties to **`018215821582/INAAUDJVMTM/2025`** where used. diff --git a/config/jvmtm-regulatory-closure/JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md b/config/jvmtm-regulatory-closure/JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md new file mode 100644 index 0000000..7b997dd --- /dev/null +++ b/config/jvmtm-regulatory-closure/JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md @@ -0,0 +1,90 @@ +# JVMTM transaction-grade compliance matrix + +**Purpose:** Turn the JVMTM audit-row closure material into a transaction-operator control pack optimized for **pre-settlement go/no-go**, while preserving execution, finality, reconciliation, resilience, and post-close evidence handling. + +**Canonical source:** [`transaction-compliance-matrix.json`](transaction-compliance-matrix.json) +**Spreadsheet export:** [`transaction-compliance-matrix.csv`](transaction-compliance-matrix.csv) +**Per-transfer envelope:** [`schemas/transaction-compliance-execution.schema.json`](schemas/transaction-compliance-execution.schema.json) with examples in [`examples/`](examples/). + +**Hybrid posture:** Control language stays rail-agnostic; the repo-specific column shows how the control maps into **OMNL + DBIS Core + Chain 138 + RTGS** artifacts already present in this repository. +**Envelope rule:** every execution envelope carries an `instruction_ref`; `settlement_event_ref` becomes optional until a canonical settlement event actually exists. A blocked pre-execution record should not pretend settlement evidence already exists. + +--- + +## 1. Pre-transaction controls + +| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action | +|------------|-----------------------------|--------------------------------|--------------------| +| `PT-01` | Pre-validation is mandatory before instruction acceptance. | Validate the submitted instruction normalized into the canonical settlement-event shape against [`config/dbis-institutional/schemas/settlement-event.schema.json`](../dbis-institutional/schemas/settlement-event.schema.json) and collect live KYT evidence through [`scripts/omnl/fetch-kyt-vendor-report.sh`](../../scripts/omnl/fetch-kyt-vendor-report.sh) or equivalent vendor output. | Reject instruction if validation or KYT is missing or inconsistent. | +| `PT-02` | Prefunding must exist before the instruction can be accepted. | Use live [`prefunding-proof.json`](examples/prefunding-proof.example.json) and [`real-time-balance-snapshot.json`](examples/real-time-balance-snapshot.example.json) structures, validated against the schemas in [`schemas/`](schemas/). | Block transaction and place it on treasury hold if prefunding is missing or stale. | +| `PT-03` | Structured messaging is required for every intake path. | Use the canonical settlement-event schema plus the identifier guidance in [`OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md`](../../docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) to normalize the instruction record before release. | Reject malformed or uncorrelated instructions. | +| `PT-04` | Multi-layer authorization is mandatory. | Record maker-checker approval in the transaction execution envelope and tie it to the same `correlation_id` as the settlement event. | Block until approval is complete. | +| `PT-05` | Credit advice cannot be the sole proof. | Require independent KYT and instruction validation; map the result into the transaction execution envelope rather than relying on advice text alone. | Escalate to fraud workflow and freeze release. | + +## 2. Execution controls + +| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action | +|------------|-----------------------------|--------------------------------|--------------------| +| `TX-01` | Debit only after all release gates pass. | The operator envelope must show `decision_status=READY` before OMNL journal posting, RTGS release, or Chain 138 settlement execution. | Halt execution and investigate sequencing. | +| `TX-02` | ACK must exist before beneficiary credit. | Use [`scripts/omnl/verify-ack-before-credit.sh`](../../scripts/omnl/verify-ack-before-credit.sh) against live [`pre-settlement-ack.json`](examples/pre-settlement-ack.example.json) and the relevant journal entry id. | Stop settlement if ACK ordering is unproven. | +| `TX-03` | Finality point must be explicit. | Tie the canonical settlement event to the legal and rail narrative in [`OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md`](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) and, where needed, reserve provenance declarations. | Escalate to legal / ops hold if finality is undefined. | +| `TX-04` | Liquidity must still be available at release time. | Re-check the prefunding proof and balance snapshot immediately before release, not just at intake. | Cancel or pause settlement if liquidity no longer supports the transfer. | +| `TX-05` | Exception and rollback logic must exist. | Record exception events using the policy in [`policies/exception-policy.md`](policies/exception-policy.md) and attach the machine-readable exception record to the execution envelope. | Trigger rollback or incident workflow. | + +## 3. Post-settlement controls + +| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action | +|------------|-----------------------------|--------------------------------|--------------------| +| `PS-01` | Daily automated three-way reconciliation is mandatory. | Generate reconciliation evidence via [`scripts/omnl/generate-3way-reconciliation-evidence.sh`](../../scripts/omnl/generate-3way-reconciliation-evidence.sh) and retain both the daily report and generated result. | Flag discrepancy and open reconciliation incident. | +| `PS-02` | Real-time balance visibility must be retained. | Capture a live [`real-time-balance-snapshot.json`](examples/real-time-balance-snapshot.example.json) and tie it to the same transaction corridor. | Notify treasury and risk if visibility is stale or incomplete. | +| `PS-03` | Immutable transaction logging is required. | Keep the canonical settlement event as the cross-system truth and bind the transaction execution envelope to it through the same `correlation_id`. | Mark the audit trail incomplete and escalate evidence remediation. | +| `PS-04` | Exceptions require explicit closure. | Use the exception policy, exception event, and retry log to show how the issue was resolved or escalated. | Escalate unresolved exceptions to incident management. | +| `PS-05` | Reporting and packaging must complete after settlement. | Stage transaction envelopes under `JVMTM_CLOSURE_DIR/transactions/` and rebuild the E2E archive with [`scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh`](../../scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh). | Reopen evidence assembly if the transaction is missing from the closure package. | + +## 4. Resilience controls + +| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action | +|------------|-----------------------------|--------------------------------|--------------------| +| `SR-01` | Continuity path must exist. | Run [`scripts/omnl/bcp-rpc-failover-smoke.sh`](../../scripts/omnl/bcp-rpc-failover-smoke.sh) and retain the failover execution log. | Escalate to platform ops if continuity is unproven. | +| `SR-02` | Disaster recovery evidence must exist. | Use live recovery-time and DR simulation reports, structured by the schemas already present in [`schemas/`](schemas/). | Escalate continuity governance gaps before declaring the rail production-ready. | +| `SR-03` | No single point of failure should remain unacknowledged. | Document the fallback route or compensating control in the operating model and connect it to the active rail posture. | Escalate to architecture review when the path remains single-threaded. | +| `SR-04` | Message and evidence formats must remain schema-closed. | Validate both DBIS institutional schemas and JVMTM closure schemas before packaging or release. | Block publication if schema drift is detected. | +| `SR-05` | Reserve and provenance integrity must stay aligned with settlement evidence. | Validate the reserve provenance package when reserve-backed or legally narrated settlement is in scope. | Escalate reserve-integrity gaps and suspend unsupported attestations. | + +## 5. Systemic risk controls + +| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action | +|------------|-----------------------------|--------------------------------|--------------------| +| `RK-01` | Operational dependency risk must be surfaced. | Review failover posture and continuity evidence before declaring the rail ready. | Raise executive escalation when dependency remains unresolved. | +| `RK-02` | Fraud indicators must trigger a hard investigation path. | Tie advice, KYT, and execution evidence together inside the transaction envelope. | Freeze transaction and open fraud investigation. | +| `RK-03` | Settlement risk from missing prefunding is non-waivable. | Use prefunding and balance evidence to determine whether release would violate funding policy. | Place transaction on settlement hold and escalate to treasury. | +| `RK-04` | Reconciliation mismatches must trigger audit escalation. | Review generated three-way results and open incidents for unmatched items. | Escalate to reconciliation and audit owners. | +| `RK-05` | Undefined finality must trigger legal escalation. | Compare the rail finality point to the documented policy and reserve/finality narratives. | Hold legal attestation and route to counsel review. | +| `RK-06` | Liquidity variance and blind positions must trigger treasury escalation. | Compare balance snapshots, prefunding proof, and reconciliation outputs for divergence. | Notify treasury and risk management immediately. | + +## 6. High-value mode controls + +| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action | +|------------|-----------------------------|--------------------------------|--------------------| +| `HV-01` | Dual authorization is mandatory for high-value transfers. | Record both approvals in the execution envelope validated by [`transaction-compliance-execution.schema.json`](schemas/transaction-compliance-execution.schema.json). | Do not release until both approvals are present. | +| `HV-02` | Treasury must explicitly certify liquidity and reserve readiness. | Require live prefunding proof, balance snapshot, and where relevant reserve provenance support. | Keep the transfer blocked until treasury certifies capacity. | +| `HV-03` | Mirrored evidence must exist across event and reconciliation layers. | Link the transaction envelope to the settlement event and generated three-way reconciliation result. | Treat the transfer as evidence-incomplete until both layers exist. | +| `HV-04` | A freeze or review window is required before the case is fully closed. | Record the freeze-window review inside the execution envelope. | Maintain enhanced monitoring until the review completes. | +| `HV-05` | Executive escalation is mandatory for unresolved high-value alerts. | Escalate any `FAIL` or `PENDING` high-value control and rebuild the archive after resolution. | Keep the transaction in `BLOCKED` or `ESCALATE` until executive review is complete. | + +--- + +## Operator workflow + +1. Generate or collect live evidence: reconciliation, prefunding, ACK, KYT, balance, DR/BCP, and any reserve provenance artifacts. +2. Fill a per-transaction execution envelope using [`examples/transaction-compliance-execution.example.json`](examples/transaction-compliance-execution.example.json) as the model. + Every envelope must carry `instruction_ref`; only attach `settlement_event_ref` once a canonical settlement event exists. +3. Place live files under `JVMTM_CLOSURE_DIR/` and transaction envelopes under `JVMTM_CLOSURE_DIR/transactions/`. +4. Run [`scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh`](../../scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh). +5. Rebuild the E2E archive so the live transaction envelopes and closure evidence are staged together. + +## Notes + +- JSON is canonical; CSV is a convenience export for spreadsheets. +- The execution envelope references evidence by path or slot; it should not inline vendor reports or duplicate the full settlement-event payload. +- The current repo remains honest about live vs template evidence. Templates define controls; generated and staged artifacts prove they ran. diff --git a/config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md b/config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md new file mode 100644 index 0000000..c83b2c4 --- /dev/null +++ b/config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md @@ -0,0 +1,74 @@ +# Operational evidence vs templates (regulatory expectation) + +**Purpose:** State plainly what **examination-grade** material requires. JSON **templates** and **schemas** structure proof; they do **not** substitute for **execution evidence** (ledger extracts, bank statements, vendor KYT, executed failover, ACK ordering). + +**Not legal or supervisory advice.** + +--- + +## The distinction + +| Layer | Role | Regulator question answered | +|-------|------|------------------------------| +| **Template / schema** | Empty socket, validation, uniformity | “Is the control **defined** and **machine-readable**?” | +| **Operational artifact** | Generated from live systems or vendor | “Did the control **run** and **match** independent sources?” | + +Checklists without logs are not altitude. Structured JSON without **sourceRefs** and **fetch timestamps** is still weak evidence. + +--- + +## Evidence matrix (minimum real-world set) + +| Requirement | Must be derived from | Not sufficient alone | +|-------------|----------------------|----------------------| +| 3-way match | **Ledger** export/API + **bank** statement/API (or nostro extract) + **chain** RPC (or agreed on-chain metric) | Manual JSON, `matched: true` without sources | +| KYT | **Vendor** API/export (Chainalysis, TRM, Elliptic, …) with **referenceId** | Internal-only score, placeholder `PASS` | +| BCP / DR | **Executed** test with **RTO/RPO** metrics and command logs | Policy PDF only | +| ACK before credit | **Timestamp proof** `ack_time < credit_time` (same `correlation_id`) | Post-credit narrative only | +| Reconciliation job | **Scheduled/automated** run record (`generator` block in JSON) | One-off hand edit | + +--- + +## Reserve / funding origin attestation (3FR package) + +Structured **legal → bank → chain** containers: attorney receipt, settlement finality declaration, funding origin narrative, **bank certification awaiting MT940/camt.053/API**, **KYT pending**, reconciliation trigger, **provisional** reserve recognition. See [`config/reserve-provenance-package/README.md`](../reserve-provenance-package/README.md) and `scripts/validation/validate-reserve-provenance-package.sh`. Bundled in the E2E zip as `reserve-provenance-package/`. + +--- + +## Repo tooling (event-generated path) + +| Script | Output | Notes | +|--------|--------|--------| +| [`scripts/omnl/generate-3way-reconciliation-evidence.sh`](../../scripts/omnl/generate-3way-reconciliation-evidence.sh) | `output/jvmtm-evidence/3way-.json` + `latest-3way-result.json` | Ledger (Fineract GL), chain (ERC20 `balanceOf`), bank (file/env). Marks `evidence_tier`, `evidence_gaps`. | +| [`scripts/omnl/verify-ack-before-credit.sh`](../../scripts/omnl/verify-ack-before-credit.sh) | stdout + exit code | Compares ACK timestamp to Fineract journal entry date. | +| [`scripts/omnl/fetch-kyt-vendor-report.sh`](../../scripts/omnl/fetch-kyt-vendor-report.sh) | `validation/kyt-vendor-result.json` or manifest | **Exits non-zero** if no vendor configured (no fake PASS). | +| [`scripts/omnl/bcp-rpc-failover-smoke.sh`](../../scripts/omnl/bcp-rpc-failover-smoke.sh) | Appends `bcp/failover-execution-log.txt` | **Real** RPC reachability check; optional secondary URL. Not a full data-centre DR. | + +Validate generated JSON: + +```bash +check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json \ + output/jvmtm-evidence/latest-3way-result.json +``` + +--- + +## Audit engagement mapping (INAAUDJVMTM / 2025) + +For **`018215821582` / INAAUDJVMTM / 2025**, see **[INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md](INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md)** — each Table **B/C/D** row is mapped to **archive paths** and **honest limits** (template vs operational). + +## Archive integration + +1. Run generators **before** `build-omnl-e2e-settlement-audit-archive.sh`. +2. Set **`JVMTM_CLOSURE_DIR`** to a directory that includes **live** files, **or** rely on the builder copying `output/jvmtm-evidence/latest-3way-result.json` into the zip when present (see script header). +3. Keep **templates** in-repo for CI; keep **generated** outputs out of git (or in `output/` only). + +--- + +## Hybrid model (target state) + +``` +Schema (template) + live generator + vendor export + execution logs → zip → manifest hash +``` + +That is **operational compliance** posture, not **design compliance** alone. diff --git a/config/jvmtm-regulatory-closure/README.md b/config/jvmtm-regulatory-closure/README.md new file mode 100644 index 0000000..bc7892e --- /dev/null +++ b/config/jvmtm-regulatory-closure/README.md @@ -0,0 +1,104 @@ +# JVMTM / regulatory closure artifacts (E2E archive) + +**Regulators accept execution evidence, not intent.** JSON **schemas** and **templates** are the sockets; **generated** reconciliations, **vendor** KYT exports, and **executed** BCP drills are the current. Read first: [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md). + +**Audit engagement `018215821582` / INAAUDJVMTM / 2025 — Tables B, C, D:** row-by-row **closure matrix** (weakness vs standard, transaction flow, systemic risk → archive artefacts and honest limits): [INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md](INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md) (bundled in the E2E zip and listed in `SETTLEMENT_CLOSURE.json`). + +## Transaction-grade operator pack + +This directory now includes a transaction-operator layer that sits between the audit closure matrix and live settlement execution: + +| Artifact | Purpose | +|----------|---------| +| `JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md` | Human-readable operator matrix grouped by transaction phase. | +| `transaction-compliance-matrix.json` | **Canonical** machine-readable control library. | +| `transaction-compliance-matrix.csv` | Spreadsheet-friendly export generated from the canonical JSON. | +| `schemas/transaction-compliance-execution.schema.json` | Per-transfer execution envelope schema. | +| `examples/transaction-compliance-execution.example.json` | Ready / pass example envelope. | +| `examples/transaction-compliance-execution.blocked.example.json` | Blocked / fail example envelope. | + +**Design rule:** JSON is canonical; CSV is convenience-only. The execution envelope references evidence by path or slot and should not inline full vendor exports or duplicate settlement-event payloads. Every envelope must carry an `instruction_ref`; `settlement_event_ref` is optional until a canonical settlement event actually exists. + +## Event-generated evidence (run before zipping) + +| Goal | Command | +|------|---------| +| 3-way from Fineract + chain (+ optional bank file/env) | `bash scripts/omnl/generate-3way-reconciliation-evidence.sh` → `output/jvmtm-evidence/latest-3way-result.json` | +| ACK before credit vs journal | `bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json ` | +| KYT vendor (refuses if unset) | `bash scripts/omnl/fetch-kyt-vendor-report.sh` | +| RPC reachability / secondary smoke | `bash scripts/omnl/bcp-rpc-failover-smoke.sh` | + +Then run `build-omnl-e2e-settlement-audit-archive.sh` (it picks up `latest-3way-result.json` as `reconciliation/3way-result.json` when present). + +## Mandatory four (archive paths) + +| Archive path | Schema | Example (source) | +|--------------|--------|------------------| +| `reconciliation/daily-3way-reconciliation-report.json` | `schemas/daily-3way-reconciliation-report.schema.json` | `examples/daily-3way-reconciliation-report.example.json` | +| `liquidity/prefunding-proof.json` | `schemas/prefunding-proof.schema.json` | `examples/prefunding-proof.example.json` | +| `acknowledgements/pre-settlement-ack.json` | `schemas/pre-settlement-ack.schema.json` | `examples/pre-settlement-ack.example.json` | +| `exceptions/exception-policy.md` | — (Markdown) | `policies/exception-policy.md` | +| `exceptions/sample-exception-event.json` | `schemas/sample-exception-event.schema.json` | `examples/sample-exception-event.example.json` | + +Optional supplementary (same audit mapping): + +| Archive path | Schema | Example | +|--------------|--------|---------| +| `validation/kyt-screening-result.json` | `schemas/kyt-screening-result.schema.json` | `examples/kyt-screening-result.example.json` | +| `bcp/recovery-time-report.json` | `schemas/recovery-time-report.schema.json` | `examples/recovery-time-report.example.json` | +| `bcp/failover-test-log.txt` | — | `examples/failover-test-log.example.txt` | +| `disaster-recovery/DR-simulation-report.json` | `schemas/dr-simulation-report.schema.json` | `examples/dr-simulation-report.example.json` | +| `monitoring/real-time-balance-snapshot.json` | `schemas/real-time-balance-snapshot.schema.json` | `examples/real-time-balance-snapshot.example.json` | + +## Operator workflow + +1. Generate or collect live evidence: + - `bash scripts/omnl/generate-3way-reconciliation-evidence.sh` + - `bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json ` + - `bash scripts/omnl/fetch-kyt-vendor-report.sh` + - `bash scripts/omnl/bcp-rpc-failover-smoke.sh` +2. Fill a per-transaction execution envelope using: + - `examples/transaction-compliance-execution.example.json` + - `examples/transaction-compliance-execution.blocked.example.json` + - blocked / pre-exec cases should keep `instruction_ref` and omit `settlement_event_ref` +3. Copy examples to a **private** directory; fill with **live** figures, bank statements, chain refs, named reviewers, and place live transaction envelopes under `transactions/`. +4. Point the archive builder at that directory: + + ```bash + JVMTM_CLOSURE_DIR=/path/to/live-closure-evidence \ + bash scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh + ``` + + Expected filenames inside `JVMTM_CLOSURE_DIR` (same basenames as archive): + + - `daily-3way-reconciliation-report.json` + - `prefunding-proof.json` + - `pre-settlement-ack.json` + - `sample-exception-event.json` (optional override) + - `kyt-screening-result.json`, `recovery-time-report.json`, `DR-simulation-report.json`, `real-time-balance-snapshot.json`, `failover-test-log.txt` (optional) + - `transactions/*.json` (optional live transaction execution envelopes) + + If `JVMTM_CLOSURE_DIR` is unset, the builder stages **repo examples** (clearly placeholders — replace for real examination). + +5. Run validation: + + ```bash + bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh + ``` + + This now validates: + - the existing JVMTM example/schema pairs when `check-jsonschema` is installed + - the transaction execution schema against both example envelopes + - the transaction-grade pack consistency (unique `control_id`, JSON/CSV sync, valid repo paths/runtime slots, example control references, and Markdown control coverage) + +## Validation + +```bash +bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh +``` + +Uses `check-jsonschema` when installed (`pip install check-jsonschema`). The script also runs `scripts/validation/validate-jvmtm-transaction-compliance-pack.py` to verify the canonical JSON matrix, CSV export, and execution-envelope examples stay synchronized. CI runs this in `validate-config.yml`. + +## Policy + +See `policies/exception-policy.md` and [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md). diff --git a/config/jvmtm-regulatory-closure/examples/daily-3way-reconciliation-report.example.json b/config/jvmtm-regulatory-closure/examples/daily-3way-reconciliation-report.example.json new file mode 100644 index 0000000..dafc850 --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/daily-3way-reconciliation-report.example.json @@ -0,0 +1,23 @@ +{ + "schema_version": 1, + "report_id": "3WAY-20260331-102B-CLOSURE", + "as_of": "2026-03-31", + "correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d", + "currency": "USD", + "lines": [ + { + "label": "102B interoffice notional (office 21→22)", + "ledger_major": "102000000000.00", + "bank_major": "N/A_TEMPLATE_REPLACE_WITH_NOSTRO_STATEMENT_LINE", + "chain_major": "0", + "matched": true, + "notes": "Chain leg attestation-only for this closure; replace bank_major with actual nostro/correspondent figure when applicable." + } + ], + "prepared_by": "REPLACE_OPERATOR_ID", + "reviewed_by": "REPLACE_CHECKER_ID", + "bank_statement_ref": "REPLACE_BANK_STMT_ARCHIVE_ID", + "chain_tx_hashes": [ + "0xb90f2da51d9c506f552d276d9aa57f4ae485528f2ee6025f435f188d09d405f4" + ] +} diff --git a/config/jvmtm-regulatory-closure/examples/dr-simulation-report.example.json b/config/jvmtm-regulatory-closure/examples/dr-simulation-report.example.json new file mode 100644 index 0000000..00bc8bb --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/dr-simulation-report.example.json @@ -0,0 +1,11 @@ +{ + "schema_version": 1, + "simulation_id": "DR-SIM-2026-Q1-TEMPLATE", + "executed_at": "2026-03-20T14:00:00Z", + "scenario": "Primary RPC loss; secondary RPC cut-in", + "rto_minutes": 45, + "rpo_minutes": 15, + "passed": false, + "participants": ["REPLACE_INFRA_LEAD", "REPLACE_DBA"], + "summary": "Template: set passed=true and real timings after executed drill; attach command logs." +} diff --git a/config/jvmtm-regulatory-closure/examples/failover-test-log.example.txt b/config/jvmtm-regulatory-closure/examples/failover-test-log.example.txt new file mode 100644 index 0000000..10b4801 --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/failover-test-log.example.txt @@ -0,0 +1,8 @@ +JVMTM BCP placeholder — replace with real failover test log +------------------------------------------------------------- +Test ID: BCP-RPC-2026-Q1-TEMPLATE +Start (UTC): REPLACE +End (UTC): REPLACE +Steps: (1) induce failure (2) observe alert (3) validate RTO (4) sign-off +Operator: REPLACE +Result: NOT_EXECUTED_TEMPLATE diff --git a/config/jvmtm-regulatory-closure/examples/kyt-screening-result.example.json b/config/jvmtm-regulatory-closure/examples/kyt-screening-result.example.json new file mode 100644 index 0000000..0e85bf1 --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/kyt-screening-result.example.json @@ -0,0 +1,11 @@ +{ + "schema_version": 1, + "correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d", + "tx_id": "internal-omnl-102b-chunked", + "provider_ref": "REPLACE_KYT_VENDOR_RUN_ID", + "screened_at": "2026-03-31T07:30:00Z", + "sanctions_checked": true, + "risk_score": 0, + "result": "PASS", + "notes": "Template: attach vendor attestation or export hash for examination." +} diff --git a/config/jvmtm-regulatory-closure/examples/pre-settlement-ack.example.json b/config/jvmtm-regulatory-closure/examples/pre-settlement-ack.example.json new file mode 100644 index 0000000..00f21be --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/pre-settlement-ack.example.json @@ -0,0 +1,11 @@ +{ + "schema_version": 1, + "tx_ref": "OMNL-102B-CHUNKED-20260331", + "correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d", + "status": "ACKED", + "timestamp": "2026-03-31T07:45:00Z", + "ack_source": "beneficiary_office_22_ops", + "ack_channel": "internal_maker_checker_payload", + "beneficiary_ref": "office_id:22_PT_CAKRA", + "notes": "Template: replace with signed SWIFT/ISO ACK or institution-approved equivalent before regulatory submission." +} diff --git a/config/jvmtm-regulatory-closure/examples/prefunding-proof.example.json b/config/jvmtm-regulatory-closure/examples/prefunding-proof.example.json new file mode 100644 index 0000000..6b523e8 --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/prefunding-proof.example.json @@ -0,0 +1,13 @@ +{ + "schema_version": 1, + "correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d", + "checked_at": "2026-03-31T08:00:00Z", + "currency": "USD", + "account_or_office_ref": "office:21_GL:2100", + "available_balance_before_major": "500000000000.00", + "required_amount_major": "102000000000.00", + "approved": true, + "approver_ref": "REPLACE_TREASURY_APPROVER", + "liquidity_source": "internal_omnl_gl", + "evidence_ref": "REPLACE_TICKET_OR_LIMIT_CHECK_ID" +} diff --git a/config/jvmtm-regulatory-closure/examples/real-time-balance-snapshot.example.json b/config/jvmtm-regulatory-closure/examples/real-time-balance-snapshot.example.json new file mode 100644 index 0000000..749a1cd --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/real-time-balance-snapshot.example.json @@ -0,0 +1,15 @@ +{ + "schema_version": 1, + "snapshot_at": "2026-03-31T08:05:00Z", + "source": "Fineract trial balance export (template)", + "balances": [ + { + "office_id": 21, + "account_ref": "GL-2100", + "gl_code": "2100", + "amount_major": "0.00", + "template_note": "Replace with live trial balance extract for examination.", + "currency": "USD" + } + ] +} diff --git a/config/jvmtm-regulatory-closure/examples/recovery-time-report.example.json b/config/jvmtm-regulatory-closure/examples/recovery-time-report.example.json new file mode 100644 index 0000000..cb2f870 --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/recovery-time-report.example.json @@ -0,0 +1,10 @@ +{ + "schema_version": 1, + "test_id": "BCP-RPC-2026-Q1-TEMPLATE", + "executed_at": "2026-03-15T10:00:00Z", + "component": "Chain 138 core RPC failover", + "rto_minutes_target": 60, + "rto_minutes_observed": 0, + "passed": false, + "evidence_ref": "REPLACE_DRILL_LOG_ARCHIVE_ID" +} diff --git a/config/jvmtm-regulatory-closure/examples/sample-exception-event.example.json b/config/jvmtm-regulatory-closure/examples/sample-exception-event.example.json new file mode 100644 index 0000000..bb878ba --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/sample-exception-event.example.json @@ -0,0 +1,13 @@ +{ + "schema_version": 1, + "exception_id": "EXC-20260331-PLACEHOLDER-001", + "correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d", + "severity": "LOW", + "category": "CHAIN", + "detected_at": "2026-03-31T09:15:00Z", + "resolution_status": "RESOLVED", + "narrative": "Template: RPC timeout on first cast send; succeeded on retry with same nonce policy.", + "retry_count": 1, + "ticket_ref": "REPLACE_SERVICE_DESK_ID", + "resolved_at": "2026-03-31T09:18:00Z" +} diff --git a/config/jvmtm-regulatory-closure/examples/three-way-reconciliation-result.example.json b/config/jvmtm-regulatory-closure/examples/three-way-reconciliation-result.example.json new file mode 100644 index 0000000..210d00e --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/three-way-reconciliation-result.example.json @@ -0,0 +1,41 @@ +{ + "schema_version": 1, + "report_id": "3WAY-GEN-20260331-EXAMPLE", + "as_of": "2026-03-31", + "correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d", + "currency": "USD", + "evidence_tier": "GENERATED_PARTIAL", + "evidence_gaps": ["example_only_not_live_run"], + "ledger": { + "value_major": "1000.00", + "source": "fineract:/glaccounts", + "fetched_at": "2026-03-31T12:00:00Z", + "gl_code": "2100", + "office_id": 21, + "gl_account_id": 0, + "raw_field": "organizationRunningBalance" + }, + "bank": null, + "chain": { + "value_major": "999.50", + "source": "cast:erc20_balanceOf", + "fetched_at": "2026-03-31T12:00:01Z", + "rpc_url_host": "192.168.11.211", + "chain_id": 138, + "token_address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "holder_address": "0x4A666F96fC8764181194447A7dFdb7d471b301C8", + "decimals": 6 + }, + "variance": { + "ledger_vs_bank_major": "n/a", + "ledger_vs_chain_major": "0.50", + "bank_vs_chain_major": "n/a" + }, + "matched": false, + "generated_at": "2026-03-31T12:00:02Z", + "generator": { + "script": "scripts/omnl/generate-3way-reconciliation-evidence.sh", + "argv": ["--example-shape"], + "host": "replaced-at-runtime" + } +} diff --git a/config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.blocked.example.json b/config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.blocked.example.json new file mode 100644 index 0000000..03fb8ec --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.blocked.example.json @@ -0,0 +1,90 @@ +{ + "schema_version": 1, + "matrix_version": "2026-03-31", + "transaction_id": "TX-2026-0331-BLOCKED-001", + "correlation_id": "550e8400-e29b-41d4-a716-446655440099", + "rail_mode": "chain138-primary", + "amount": "250000000.00", + "currency": "USD", + "decision_status": "BLOCKED", + "decision_reason": "Instruction blocked because prefunding failed and pre-settlement ACK has not been verified.", + "validated_at": "2026-03-31T17:20:00Z", + "approved_by": "maker-checker:ops-hold", + "instruction_ref": { + "artifact_type": "external-ref", + "ref": "instruction://hybx-ops/TX-2026-0331-BLOCKED-001" + }, + "dbis_reference": "CORE-TX-2026-0331-0099", + "control_results": [ + { + "control_id": "PT-01", + "status": "PASS", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:15:00Z", + "validator_ref": "compliance-gate:instruction-precheck", + "evidence_refs": [ + { + "artifact_type": "external-ref", + "ref": "instruction://hybx-ops/TX-2026-0331-BLOCKED-001" + } + ], + "notes": "Instruction shape is valid, but this alone does not clear funds movement." + }, + { + "control_id": "PT-02", + "status": "FAIL", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:16:00Z", + "validator_ref": "treasury:prefunding-check", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.prefunding-proof" + } + ], + "notes": "approved=false; available balance below required amount." + }, + { + "control_id": "PT-05", + "status": "PASS", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:17:00Z", + "validator_ref": "compliance:kyt-and-fraud", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.kyt-result" + } + ], + "notes": "KYT result present; transaction still cannot proceed without prefunding." + }, + { + "control_id": "TX-02", + "status": "PENDING", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:18:00Z", + "validator_ref": "ops:ack-before-credit", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.pre-settlement-ack" + } + ], + "notes": "ACK exists only as pending intake; no verified ack_before_credit proof yet." + }, + { + "control_id": "RK-03", + "status": "FAIL", + "blocking": "ESCALATE", + "validated_at": "2026-03-31T17:19:00Z", + "validator_ref": "risk:settlement-hold", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.prefunding-proof" + } + ], + "notes": "Settlement risk escalated because release would breach prefunding policy." + } + ] +} diff --git a/config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.example.json b/config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.example.json new file mode 100644 index 0000000..3df10bb --- /dev/null +++ b/config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.example.json @@ -0,0 +1,126 @@ +{ + "schema_version": 1, + "matrix_version": "2026-03-31", + "transaction_id": "TX-2026-0331-READY-001", + "correlation_id": "550e8400-e29b-41d4-a716-446655440001", + "rail_mode": "hybrid", + "amount": "1000000.00", + "currency": "USD", + "decision_status": "READY", + "decision_reason": "Pre-settlement gate cleared: validation, prefunding, ACK ordering, and settlement event linkage are present.", + "validated_at": "2026-03-31T17:10:00Z", + "approved_by": "maker-checker:treasury-ops", + "instruction_ref": { + "artifact_type": "external-ref", + "ref": "instruction://hybx-ops/TX-2026-0331-READY-001" + }, + "settlement_event_ref": { + "artifact_type": "repo-path", + "ref": "config/dbis-institutional/examples/settlement-event.example.json" + }, + "dbis_reference": "CORE-TX-2026-0331-0001", + "omnl_journal_entry_id": 12045, + "rtgs_message_ids": { + "uetr": "97ed4827-7b6f-4491-94b1-d651442ca301", + "internal_instruction_ref": "018215821582-INAAUDJVMTM-2025-MSG-001" + }, + "chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "control_results": [ + { + "control_id": "PT-01", + "status": "PASS", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:00:00Z", + "validator_ref": "compliance-gate:instruction-precheck", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.kyt-result" + }, + { + "artifact_type": "external-ref", + "ref": "instruction://hybx-ops/TX-2026-0331-READY-001" + } + ], + "notes": "KYT and canonical settlement event validation completed." + }, + { + "control_id": "PT-02", + "status": "PASS", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:01:00Z", + "validator_ref": "treasury:prefunding-check", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.prefunding-proof" + }, + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.balance-snapshot" + } + ], + "notes": "Available balance exceeds required amount prior to release." + }, + { + "control_id": "PT-04", + "status": "PASS", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:02:00Z", + "validator_ref": "maker-checker:authorization", + "evidence_refs": [ + { + "artifact_type": "external-ref", + "ref": "authz-token://ops/dual-signature/TX-2026-0331-READY-001" + } + ], + "notes": "Dual authorization verified." + }, + { + "control_id": "PT-05", + "status": "PASS", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:03:00Z", + "validator_ref": "compliance:kyt-and-fraud", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.kyt-result" + } + ], + "notes": "Credit advice supported by independent KYT and ledger evidence." + }, + { + "control_id": "TX-02", + "status": "PASS", + "blocking": "HARD_STOP", + "validated_at": "2026-03-31T17:05:00Z", + "validator_ref": "ops:ack-before-credit", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.pre-settlement-ack" + } + ], + "notes": "ACK timestamp verified before credit settlement." + }, + { + "control_id": "PS-01", + "status": "PASS", + "blocking": "POST_EVENT", + "validated_at": "2026-03-31T17:08:00Z", + "validator_ref": "reconciliation:daily-3way", + "evidence_refs": [ + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.daily-3way-report" + }, + { + "artifact_type": "runtime-slot", + "ref": "jvmtm.live.3way-result" + } + ], + "notes": "Same correlation_id tied to daily reconciliation output." + } + ] +} diff --git a/config/jvmtm-regulatory-closure/policies/exception-policy.md b/config/jvmtm-regulatory-closure/policies/exception-policy.md new file mode 100644 index 0000000..d577209 --- /dev/null +++ b/config/jvmtm-regulatory-closure/policies/exception-policy.md @@ -0,0 +1,41 @@ +# Exception handling policy (JVMTM / regulatory closure) + +**Purpose:** Define how payment and settlement exceptions are detected, classified, escalated, and resolved so audit can trace **non-happy-path** events alongside `sample-exception-event.json`. + +## Scope + +- OMNL / Fineract journal and reversal flows +- Chain 138 attestation and settlement-event emission +- Prefunding, ACK, and 3-way reconciliation mismatches + +## Classification + +| Category | Examples | Initial action | +|----------|----------|----------------| +| `VALIDATION` | Schema / amount / currency mismatch | Block submit; return to operator | +| `PREFUNDING` | Insufficient available balance vs required | No debit; notify treasury | +| `ACK_TIMEOUT` | Beneficiary ACK not received within SLA | Hold credit; escalate | +| `CHAIN` | RPC failure, tx dropped, reorg risk | Retry with idempotency key; do not double-post | +| `RECONCILIATION` | Ledger vs bank vs chain variance | Freeze related `correlation_id`; open investigation | + +## Roles + +- **Operator:** first-line detection, logging, retry within policy. +- **Checker / approver:** material amounts per institution SOP. +- **Compliance:** KYT / sanctions holds. +- **Legal / risk:** material disputes and regulatory reporting triggers (outside this file). + +## Evidence + +Each exception MUST record: + +1. Stable **`exception_id`** and link to **`correlation_id`** when known. +2. **`detected_at`** (UTC) and **`resolution_status`** lifecycle (`OPEN`, `IN_PROGRESS`, `RESOLVED`, `ESCALATED`). +3. Retain **`retry_log`** or ticket reference (append-only) until closure. + +## Settlement interaction + +- Do not mark **`SETTLEMENT_CLOSURE`** final for a `correlation_id` while a related exception remains **`OPEN`** or **`IN_PROGRESS`** without documented waiver. +- Resolved exceptions: emit a follow-up **settlement event** or append to audit manifest with resolution reference. + +**Not legal advice.** Align with counsel and supervisor rules. diff --git a/config/jvmtm-regulatory-closure/schemas/daily-3way-reconciliation-report.schema.json b/config/jvmtm-regulatory-closure/schemas/daily-3way-reconciliation-report.schema.json new file mode 100644 index 0000000..9826620 --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/daily-3way-reconciliation-report.schema.json @@ -0,0 +1,39 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/daily-3way-reconciliation-report.json", + "title": "Daily 3-way reconciliation report (ledger / bank / chain)", + "type": "object", + "required": ["schema_version", "report_id", "as_of", "correlation_id", "lines"], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "report_id": { "type": "string", "minLength": 4 }, + "as_of": { "type": "string", "description": "ISO 8601 date or date-time (UTC)." }, + "correlation_id": { "type": "string", "minLength": 8 }, + "currency": { "type": "string", "description": "ISO 4217 major unit context for amounts." }, + "lines": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "required": ["label", "ledger_major", "bank_major", "chain_major", "matched"], + "properties": { + "label": { "type": "string" }, + "ledger_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" }, + "bank_major": { "type": "string", "description": "Major units or N/A with explanation in notes." }, + "chain_major": { "type": "string", "description": "On-chain notional in major units or N/A." }, + "matched": { "type": "boolean" }, + "notes": { "type": "string" } + }, + "additionalProperties": true + } + }, + "prepared_by": { "type": "string" }, + "reviewed_by": { "type": "string" }, + "bank_statement_ref": { "type": "string" }, + "chain_tx_hashes": { + "type": "array", + "items": { "type": "string", "pattern": "^0x[a-fA-F0-9]{64}$" } + } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json b/config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json new file mode 100644 index 0000000..d0924e4 --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json @@ -0,0 +1,22 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/dr-simulation-report.json", + "title": "Disaster recovery simulation report", + "type": "object", + "required": ["schema_version", "simulation_id", "executed_at", "scenario", "passed"], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "simulation_id": { "type": "string" }, + "executed_at": { "type": "string", "format": "date-time" }, + "scenario": { "type": "string" }, + "rto_minutes": { "type": "number", "minimum": 0 }, + "rpo_minutes": { "type": "number", "minimum": 0 }, + "passed": { "type": "boolean" }, + "participants": { + "type": "array", + "items": { "type": "string" } + }, + "summary": { "type": "string" } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/kyt-screening-result.schema.json b/config/jvmtm-regulatory-closure/schemas/kyt-screening-result.schema.json new file mode 100644 index 0000000..008322b --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/kyt-screening-result.schema.json @@ -0,0 +1,19 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/kyt-screening-result.json", + "title": "KYT / sanctions screening result", + "type": "object", + "required": ["schema_version", "correlation_id", "sanctions_checked", "result"], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "correlation_id": { "type": "string", "minLength": 8 }, + "tx_id": { "type": "string" }, + "provider_ref": { "type": "string" }, + "screened_at": { "type": "string", "format": "date-time" }, + "sanctions_checked": { "type": "boolean" }, + "risk_score": { "type": "number" }, + "result": { "type": "string", "enum": ["PASS", "REVIEW", "FAIL"] }, + "notes": { "type": "string" } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json b/config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json new file mode 100644 index 0000000..a7b5c97 --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json @@ -0,0 +1,22 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/pre-settlement-ack.json", + "title": "Pre-settlement acknowledgement", + "type": "object", + "required": ["schema_version", "tx_ref", "status", "timestamp", "ack_source"], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "tx_ref": { "type": "string", "minLength": 4, "description": "Instruction id, UETR, or correlation spine." }, + "correlation_id": { "type": "string" }, + "status": { "type": "string", "enum": ["ACKED", "PENDING", "REJECTED", "EXPIRED"] }, + "timestamp": { "type": "string", "format": "date-time", "description": "ACK time (UTC). Regulatory ordering: must be strictly before credit_settled_at when both set." }, + "ack_timestamp": { "type": "string", "format": "date-time", "description": "Optional duplicate of timestamp for clarity in audits." }, + "credit_settled_at": { "type": "string", "format": "date-time", "description": "When funds were credited / journal posted (UTC)." }, + "fineract_journal_entry_id": { "type": "integer", "description": "Use with scripts/omnl/verify-ack-before-credit.sh to prove ack before credit." }, + "ack_before_credit_verified": { "type": "boolean", "description": "Set true only after automated or checker verification (ack < credit)." }, + "ack_channel": { "type": "string", "description": "e.g. SWIFT, API, signed PDF." }, + "beneficiary_ref": { "type": "string" }, + "notes": { "type": "string" } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json b/config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json new file mode 100644 index 0000000..f017b39 --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json @@ -0,0 +1,28 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/prefunding-proof.json", + "title": "Prefunding proof (available vs required)", + "type": "object", + "required": [ + "schema_version", + "correlation_id", + "checked_at", + "available_balance_before_major", + "required_amount_major", + "approved" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "correlation_id": { "type": "string", "minLength": 8 }, + "checked_at": { "type": "string", "format": "date-time" }, + "currency": { "type": "string" }, + "account_or_office_ref": { "type": "string" }, + "available_balance_before_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" }, + "required_amount_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" }, + "approved": { "type": "boolean" }, + "approver_ref": { "type": "string" }, + "liquidity_source": { "type": "string", "description": "e.g. nostro, omnibus, on-chain pool." }, + "evidence_ref": { "type": "string", "description": "Internal ticket or statement id." } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json b/config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json new file mode 100644 index 0000000..f20c59d --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json @@ -0,0 +1,29 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/real-time-balance-snapshot.json", + "title": "Real-time balance snapshot", + "type": "object", + "required": ["schema_version", "snapshot_at", "balances"], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "snapshot_at": { "type": "string", "format": "date-time" }, + "source": { "type": "string", "description": "e.g. Fineract trial balance export, core API." }, + "balances": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "required": ["account_ref", "amount_major", "currency"], + "properties": { + "office_id": { "type": "integer" }, + "account_ref": { "type": "string" }, + "gl_code": { "type": "string" }, + "amount_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" }, + "currency": { "type": "string" } + }, + "additionalProperties": true + } + } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json b/config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json new file mode 100644 index 0000000..9b9a0b2 --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json @@ -0,0 +1,18 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/recovery-time-report.json", + "title": "BCP recovery time objective report", + "type": "object", + "required": ["schema_version", "test_id", "executed_at", "rto_minutes_target", "rto_minutes_observed", "passed"], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "test_id": { "type": "string" }, + "executed_at": { "type": "string", "format": "date-time" }, + "component": { "type": "string" }, + "rto_minutes_target": { "type": "number", "minimum": 0 }, + "rto_minutes_observed": { "type": "number", "minimum": 0 }, + "passed": { "type": "boolean" }, + "evidence_ref": { "type": "string" } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/sample-exception-event.schema.json b/config/jvmtm-regulatory-closure/schemas/sample-exception-event.schema.json new file mode 100644 index 0000000..ebbae85 --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/sample-exception-event.schema.json @@ -0,0 +1,34 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/sample-exception-event.json", + "title": "Exception event (sample / template)", + "type": "object", + "required": [ + "schema_version", + "exception_id", + "severity", + "category", + "detected_at", + "resolution_status" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "exception_id": { "type": "string", "minLength": 4 }, + "correlation_id": { "type": "string" }, + "severity": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"] }, + "category": { + "type": "string", + "enum": ["VALIDATION", "PREFUNDING", "ACK_TIMEOUT", "CHAIN", "RECONCILIATION", "KYT", "OTHER"] + }, + "detected_at": { "type": "string", "format": "date-time" }, + "resolution_status": { + "type": "string", + "enum": ["OPEN", "IN_PROGRESS", "RESOLVED", "ESCALATED"] + }, + "narrative": { "type": "string" }, + "retry_count": { "type": "integer", "minimum": 0 }, + "ticket_ref": { "type": "string" }, + "resolved_at": { "type": "string", "format": "date-time" } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json b/config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json new file mode 100644 index 0000000..8e60adf --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json @@ -0,0 +1,120 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/three-way-reconciliation-result.json", + "title": "Three-way reconciliation result (machine-oriented)", + "description": "Generated from independent sources. evidence_tier distinguishes template-only from ledger/chain/bank-backed runs.", + "type": "object", + "required": [ + "schema_version", + "report_id", + "as_of", + "correlation_id", + "evidence_tier", + "ledger", + "chain", + "matched", + "generated_at", + "generator" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "report_id": { "type": "string", "minLength": 4 }, + "as_of": { "type": "string", "description": "Business date or UTC instant for reconciliation cut." }, + "correlation_id": { "type": "string", "minLength": 8 }, + "currency": { "type": "string" }, + "evidence_tier": { + "type": "string", + "enum": [ + "GENERATED_FULL", + "GENERATED_PARTIAL", + "TEMPLATE_MANUAL", + "INCOMPLETE" + ] + }, + "evidence_gaps": { + "type": "array", + "items": { "type": "string" }, + "description": "e.g. bank_statement_not_supplied, fineract_unreachable." + }, + "ledger": { + "type": "object", + "required": ["source", "fetched_at"], + "properties": { + "value_major": { + "oneOf": [ + { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" }, + { "type": "null" } + ] + }, + "source": { "type": "string", "description": "e.g. fineract:/glaccounts" }, + "fetched_at": { "type": "string", "format": "date-time" }, + "gl_code": { "type": "string" }, + "office_id": { "type": "integer" }, + "gl_account_id": { "type": "integer" }, + "raw_field": { "type": "string", "description": "Which Fineract field was read." } + }, + "additionalProperties": true + }, + "bank": { + "type": ["object", "null"], + "properties": { + "value_major": { + "oneOf": [ + { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" }, + { "type": "null" } + ] + }, + "source": { "type": "string" }, + "fetched_at": { "type": "string", "format": "date-time" }, + "statement_ref": { "type": "string" } + }, + "required": ["source", "fetched_at"], + "additionalProperties": true + }, + "chain": { + "type": "object", + "required": ["source", "fetched_at"], + "properties": { + "value_major": { + "oneOf": [ + { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" }, + { "type": "null" } + ] + }, + "source": { "type": "string", "description": "e.g. cast:balanceOf" }, + "fetched_at": { "type": "string", "format": "date-time" }, + "rpc_url_host": { "type": "string" }, + "chain_id": { "type": "integer" }, + "token_address": { "type": "string", "pattern": "^0x[a-fA-F0-9]{40}$" }, + "holder_address": { "type": "string", "pattern": "^0x[a-fA-F0-9]{40}$" }, + "decimals": { "type": "integer" } + }, + "additionalProperties": true + }, + "variance": { + "type": "object", + "properties": { + "ledger_vs_bank_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] }, + "ledger_vs_chain_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] }, + "bank_vs_chain_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] } + }, + "additionalProperties": true + }, + "matched": { "type": "boolean" }, + "generated_at": { "type": "string", "format": "date-time" }, + "generator": { + "type": "object", + "required": ["script", "argv"], + "properties": { + "script": { "type": "string" }, + "argv": { + "type": "array", + "items": { "type": "string" } + }, + "host": { "type": "string" } + }, + "additionalProperties": true + } + }, + "additionalProperties": true +} diff --git a/config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json b/config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json new file mode 100644 index 0000000..a64cdde --- /dev/null +++ b/config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json @@ -0,0 +1,163 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/jvmtm/transaction-compliance-execution.json", + "title": "Transaction compliance execution envelope", + "description": "Per-transaction go/no-go and evidence linkage record for the JVMTM transaction-grade compliance pack.", + "type": "object", + "required": [ + "schema_version", + "matrix_version", + "transaction_id", + "correlation_id", + "rail_mode", + "amount", + "currency", + "decision_status", + "decision_reason", + "validated_at", + "approved_by", + "instruction_ref", + "control_results" + ], + "properties": { + "schema_version": { + "type": "integer", + "minimum": 1 + }, + "matrix_version": { + "type": "string", + "minLength": 4 + }, + "transaction_id": { + "type": "string", + "minLength": 4 + }, + "correlation_id": { + "type": "string", + "minLength": 8 + }, + "rail_mode": { + "type": "string", + "enum": ["chain138-primary", "swift", "hybrid", "internal-only"] + }, + "amount": { + "type": "string", + "pattern": "^-?[0-9]+(\\.[0-9]+)?$" + }, + "currency": { + "type": "string", + "minLength": 3 + }, + "decision_status": { + "type": "string", + "enum": ["READY", "BLOCKED", "ESCALATE"] + }, + "decision_reason": { + "type": "string", + "minLength": 4 + }, + "validated_at": { + "type": "string", + "format": "date-time" + }, + "approved_by": { + "type": "string", + "minLength": 3 + }, + "instruction_ref": { + "$ref": "#/$defs/evidenceRef" + }, + "settlement_event_ref": { + "$ref": "#/$defs/evidenceRef" + }, + "dbis_reference": { + "type": "string" + }, + "omnl_journal_entry_id": { + "type": "integer" + }, + "rtgs_message_ids": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "chain_tx_hash": { + "type": "string", + "pattern": "^0x[a-fA-F0-9]{64}$" + }, + "control_results": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/$defs/controlResult" + } + } + }, + "$defs": { + "evidenceRef": { + "type": "object", + "required": ["artifact_type", "ref"], + "properties": { + "artifact_type": { + "type": "string", + "enum": ["repo-path", "runtime-slot", "archive-path", "external-ref"] + }, + "ref": { + "type": "string", + "minLength": 3 + }, + "sha256": { + "type": "string", + "pattern": "^[a-fA-F0-9]{64}$" + } + }, + "additionalProperties": false + }, + "controlResult": { + "type": "object", + "required": [ + "control_id", + "status", + "blocking", + "validated_at", + "validator_ref", + "evidence_refs" + ], + "properties": { + "control_id": { + "type": "string", + "pattern": "^[A-Z]{2}-[0-9]{2}$" + }, + "status": { + "type": "string", + "enum": ["PASS", "FAIL", "PENDING", "WAIVED"] + }, + "blocking": { + "type": "string", + "enum": ["HARD_STOP", "ESCALATE", "POST_EVENT"] + }, + "validated_at": { + "type": "string", + "format": "date-time" + }, + "validator_ref": { + "type": "string", + "minLength": 3 + }, + "evidence_refs": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/$defs/evidenceRef" + } + }, + "notes": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false +} diff --git a/config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv b/config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv new file mode 100644 index 0000000..f27c191 --- /dev/null +++ b/config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv @@ -0,0 +1,32 @@ +control_id,phase,domain,requirement,validation_method,blocking_level,applies_to_rail,source_audit_rows,repo_evidence_artifacts,validator_command,failure_action,high_value_override,notes +PT-01,pre-transaction,Transaction validation,"Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient.","Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #2 | Table C stage 1,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.instruction-record,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json && bash scripts/omnl/fetch-kyt-vendor-report.sh,Reject the instruction and route to compliance review.,Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes.,"Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event." +PT-02,pre-transaction,Balance verification,Prefunding must exist before instruction acceptance.,"Check available balance, required amount, approval flag, and liquidity source in the prefunding proof.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #7 | Table C stage 2 | Table D #3 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot,check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json ,Block the transaction and place it on treasury hold.,High-value transfers require named treasury sign-off in addition to approved=true.,The proof should show available_balance_before_major >= required_amount_major. +PT-03,pre-transaction,Messaging compliance,Structured messaging is mandatory for instruction intake and settlement preparation.,Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #9 | Table C stage 1,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.instruction-record,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json ,Reject malformed or uncorrelated instructions.,Require explicit rail_mode selection and a second operator review of message identifiers.,Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event. +PT-04,pre-transaction,Authorization,Multi-layer authorization must exist before funds move.,Verify maker-checker approval and signed instruction metadata before release.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table C stage 1,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions,"manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope",Block the instruction until authorization is complete.,Dual treasury and compliance approvals are mandatory for high-value mode.,This control is intentionally recorded in the per-transaction execution envelope. +PT-05,pre-transaction,Fraud detection,Credit advice cannot be the sole proof of legitimacy.,"Cross-check KYT, instruction metadata, and ledger intent before allowing release.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #2 | Table D #2,repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | runtime-slot:jvmtm.live.kyt-result,bash scripts/omnl/fetch-kyt-vendor-report.sh,Escalate to fraud workflow and freeze release.,High-value transfers require an explicit fraud-clear memo before release.,Treat unverified advice as insufficient even when operational pressure is high. +TX-01,execution,Settlement order,Debit only after validation and release gates have passed.,Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table C stage 2 | Table C stage 3,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions | runtime-slot:dbis.live.settlement-event,manual: verify decision_status=READY in the execution envelope before debit or release,Halt execution and investigate sequencing.,Require a named release operator separate from the validator.,The execution envelope is the operator cockpit record for this sequence. +TX-02,execution,Closed-loop confirmation,ACK is required before beneficiary credit or release.,Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #6 | Table C stage 3 | Table C stage 4,repo-path:config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json | repo-path:scripts/omnl/verify-ack-before-credit.sh | runtime-slot:jvmtm.live.pre-settlement-ack,bash scripts/omnl/verify-ack-before-credit.sh ,Stop settlement and keep the transaction blocked.,Manual ACK review remains mandatory even if the script passes.,ACK-before-credit is a non-waivable release gate. +TX-03,execution,Settlement finality,The finality point must be explicit and tied to the operating rail.,Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative.,HARD_STOP,chain138-primary | swift | hybrid,Table B #5 | Table D #5,repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:dbis.live.settlement-event | runtime-slot:reserve.live.provenance-package,manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail,Escalate to legal/ops hold and do not mark funds final.,High-value transfers require explicit counsel-aligned finality confirmation.,Technical finality and legal finality must not be conflated without documentation. +TX-04,execution,Liquidity control,Prefunded settlement must still be valid at release time.,Recheck the prefunding proof and balance snapshot immediately before execution.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #7 | Table C stage 2 | Table D #3 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot,manual: confirm prefunding proof checked_at is current for the release window,Cancel or pause settlement pending treasury refresh.,Require treasury to certify that no other release consumed the same liquidity.,"This is the release-time liquidity check, not the initial intake check." +TX-05,execution,Exception handling,Rollback or incident logic must exist for execution failures.,"Capture the exception event, retry log, and operator decision when execution deviates from policy.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #10,repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event,"manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries",Trigger rollback or incident workflow per exception policy.,High-value exceptions require immediate incident bridge and executive notification.,Every execution error should produce a machine-readable exception record. +PS-01,post-settlement,Reconciliation,Daily automated three-way reconciliation is mandatory.,Generate the reconciliation result and tie it back to the transaction correlation_id.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #1 | Table C stage 5 | Table D #4,repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.daily-3way-report | runtime-slot:jvmtm.live.3way-result,bash scripts/omnl/generate-3way-reconciliation-evidence.sh,"Flag discrepancy, open reconciliation incident, and hold downstream attestations.",High-value transfers require same-day review of the generated reconciliation result.,Do not substitute hand-edited matched=true JSON for generated evidence. +PS-02,post-settlement,Balance monitoring,Real-time visibility is required during and after settlement.,Capture a balance snapshot that shows the post-settlement position for the relevant account or office.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #8 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot,check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json ,Notify treasury and risk; do not treat the day as clean.,Require intraday refreshes before and after finality lock.,This supports over-credit and blind-position monitoring. +PS-03,post-settlement,Audit logging,Immutable transaction records must exist after funds movement.,Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #5 | Table B #9,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.transactions,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json ,Mark the audit trail incomplete and escalate for evidence remediation.,Require a second evidence reviewer before the transaction is considered fully closed.,The settlement event is the canonical cross-system record; the execution envelope is the operator overlay. +PS-04,post-settlement,Exception resolution,Every exception must have a documented resolution workflow.,Confirm the exception policy was followed and the retry log or incident closure exists.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #10,repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event,manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction,Escalate unresolved exceptions to incident management.,No unresolved exception may remain open at end of day for a high-value transfer.,Close the exception in both narrative and machine-readable form. +PS-05,post-settlement,Reporting,Regulatory and supervisory reporting artifacts must be assembled after settlement.,Stage the transaction execution envelope and supporting files into the audit archive path.,POST_EVENT,chain138-primary | swift | hybrid,Table B #1 | Table B #5,repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions,manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive,Mark the package incomplete and reopen evidence assembly.,High-value transfers require same-day archive rebuild after close.,"The archive is the supervisory bundle, not the operational source of truth." +SR-01,resilience,Business continuity,A continuity path must exist so a single outage does not stop the settlement spine.,Run failover smoke or equivalent continuity check and retain the execution log.,ESCALATE,chain138-primary | swift | hybrid,Table B #3 | Table B #4 | Table D #1,repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log,bash scripts/omnl/bcp-rpc-failover-smoke.sh,Escalate to platform ops and restrict the rail if continuity is unproven.,High-value release requires same-window confirmation that the fallback path is available.,"This proves reachability and fallback posture, not full data-centre certification." +SR-02,resilience,Disaster recovery,Disaster recovery evidence must exist for the environment supporting settlement.,Review the recovery-time report and DR simulation report for the active environment.,ESCALATE,chain138-primary | swift | hybrid,Table B #4,repo-path:config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json | runtime-slot:jvmtm.live.recovery-time-report | runtime-slot:jvmtm.live.dr-simulation-report,manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment,Escalate to continuity governance and consider restricting production usage.,Do not treat DR evidence as stale for high-value transfers.,This is an environment readiness control rather than a per-transaction proof. +SR-03,resilience,Failover,No single point of failure should exist for the chosen settlement path.,"Confirm a secondary route, compensating control, or manual fallback exists before go-live.",ESCALATE,chain138-primary | swift | hybrid,Table B #3 | Table D #1,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.failover-log,manual: document fallback route or compensating procedure for the active settlement rail,Escalate to architecture review and restrict unsupported paths.,Require named fallback ownership for high-value mode.,The control may be satisfied by procedural fallback when technical failover is not available. +SR-04,resilience,Messaging reliability,The messaging and evidence formats must remain schema-closed and interoperable.,Validate both settlement-event and JVMTM control-pack schemas before packaging or release.,ESCALATE,chain138-primary | swift | hybrid | internal-only,Table B #9,repo-path:scripts/validation/validate-dbis-institutional-schemas.sh | repo-path:scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh,SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh,Escalate schema drift and block package publication until fixed.,Run schema validation immediately before high-value package assembly.,This is the pack-level guard against format drift. +SR-05,resilience,System integrity,Reserve and provenance evidence must remain internally consistent with the settlement path.,Validate the reserve provenance package when reserve backing or finality support is in scope.,ESCALATE,chain138-primary | swift | hybrid,Table B #5 | Table B #7,repo-path:scripts/validation/validate-reserve-provenance-package.sh | runtime-slot:reserve.live.provenance-package,SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh,Escalate reserve-integrity risk and suspend unsupported attestations.,Treat provenance gaps as an immediate executive escalation for high-value mode.,Use this when the transaction depends on reserve or legal provenance narratives. +RK-01,systemic-risk,Operational risk,Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak.,Review continuity evidence and the active rail posture before authorizing production usage.,ESCALATE,chain138-primary | swift | hybrid,Table D #1,repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log,manual: review continuity posture before declaring the rail ready,Raise executive escalation when operational dependency is unresolved.,High-value mode requires explicit acknowledgement of dependency risk.,This is a governance-layer control rather than a message-level validation. +RK-02,systemic-risk,Fraud risk,Spoofed credit advice or misleading confirmations must trigger a hard investigation path.,"Tie advice, KYT, and execution evidence together; escalate if they diverge.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table D #2 | Table B #2,repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.transactions,"manual: compare advice, KYT result, and execution envelope references before release",Freeze the transaction and open fraud investigation.,High-value fraud signals trigger executive and legal escalation immediately.,A clean advice message does not override a failed independent check. +RK-03,systemic-risk,Settlement risk,No transaction may proceed when prefunding or reserve support is missing.,Use the prefunding proof and balance snapshot to determine whether default risk exists.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table D #3 | Table B #7,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof,manual: treat approved=false or stale liquidity evidence as an immediate settlement hold,Place the transaction on settlement hold and escalate to treasury.,No waiver permitted in high-value mode without executive risk acceptance.,This is the governance wrapper around PT-02 and TX-04. +RK-04,systemic-risk,Reconciliation risk,Missing or mismatched records must trigger audit escalation.,Review generated three-way results and open incidents for any unmatched item.,ESCALATE,chain138-primary | swift | hybrid | internal-only,Table D #4 | Table B #1,repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.3way-result,manual: review 3way-result.json and open an audit incident on mismatch,Escalate to reconciliation and audit owners.,Review same business day for high-value transfers.,Post-settlement does not mean low-risk when mismatches remain unresolved. +RK-05,systemic-risk,Legal risk,Undefined finality or reversal posture must trigger legal escalation.,Compare the rail finality point to the declared policy and reserve/finality narratives.,ESCALATE,chain138-primary | swift | hybrid,Table D #5 | Table B #5,repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:reserve.live.provenance-package,manual: escalate when technical finality and legal narrative diverge or remain undefined,Hold legal attestation and route to counsel review.,Counsel acknowledgement is mandatory for high-value finality exceptions.,This captures the legal ambiguity risk even when the chain or rail shows technical completion. +RK-06,systemic-risk,Liquidity risk,Cash-flow mismatch or blind position indicators must trigger treasury escalation.,"Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence.",ESCALATE,chain138-primary | swift | hybrid | internal-only,Table D #6 | Table B #8,repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:jvmtm.live.prefunding-proof,"manual: escalate when liquidity evidence is stale, inconsistent, or below threshold",Notify treasury and risk management immediately.,Maintain live liquidity monitoring throughout the settlement window.,This control complements prefunding by focusing on ongoing exposure. +HV-01,high-value-mode,Dual authorization,High-value transfers require dual settlement authorization beyond baseline maker-checker.,Record dual approval identities in the execution envelope before release.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode,repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions,manual: confirm two named approvers are recorded in the execution envelope before release,Do not release the transaction until both approvals are present.,Applies automatically once amount >= 100000000.00 major units.,This is additive to PT-04. +HV-02,high-value-mode,Treasury authorization,Treasury must explicitly certify liquidity and reserve readiness for high-value transfers.,"Review prefunding proof, balance snapshot, and reserve narrative immediately before release.",HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #7 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:reserve.live.provenance-package,manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot,Keep the transaction blocked until treasury certifies capacity.,No delegated approval path.,Use reserve provenance where the funding story matters to regulators. +HV-03,high-value-mode,Dual ledger evidence,High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs.,Tie the execution envelope to settlement-event and generated three-way reconciliation evidence.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #1 | Table B #5,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.3way-result,manual: require linked settlement event and three-way result references before close,Treat the transaction as evidence-incomplete and keep it under review.,No archive close without both evidence layers.,This is the mirrored-ledger analogue in the current repo model. +HV-04,high-value-mode,Settlement freeze window,Apply a post-settlement freeze or review window before treating the transfer as fully closed.,Record the freeze decision and any post-finality review notes in the execution envelope.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #5,repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions,manual: append freeze-window review notes before marking the transfer fully closed,Maintain enhanced monitoring and do not close the case yet.,Freeze review is mandatory even when the rail is technically final.,This is a policy control layered over finality. +HV-05,high-value-mode,Executive escalation,"High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts.",Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table D #1 | Table D #2 | Table D #3,repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions,manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution,Keep the transaction in BLOCKED or ESCALATE until executive review is complete.,Always on in high-value mode.,"The archive rebuild is part of the evidence closure, not a substitute for the escalation." diff --git a/config/jvmtm-regulatory-closure/transaction-compliance-matrix.json b/config/jvmtm-regulatory-closure/transaction-compliance-matrix.json new file mode 100644 index 0000000..ab28bec --- /dev/null +++ b/config/jvmtm-regulatory-closure/transaction-compliance-matrix.json @@ -0,0 +1,680 @@ +{ + "schema_version": 1, + "matrix_version": "2026-03-31", + "title": "JVMTM transaction-grade compliance matrix", + "canonical_format": "json", + "csv_export": "config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv", + "source_baseline": [ + "config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md", + "config/jvmtm-regulatory-closure/README.md", + "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md", + "config/dbis-institutional/schemas/settlement-event.schema.json" + ], + "runtime_slots": [ + { + "slot": "jvmtm.live.daily-3way-report", + "source": "JVMTM_CLOSURE_DIR/daily-3way-reconciliation-report.json", + "archive_path": "reconciliation/daily-3way-reconciliation-report.json", + "description": "Completed daily reconciliation report for the transaction date." + }, + { + "slot": "jvmtm.live.3way-result", + "source": "output/jvmtm-evidence/latest-3way-result.json", + "archive_path": "reconciliation/3way-result.json", + "description": "Generated three-way reconciliation result produced by the repo tooling." + }, + { + "slot": "jvmtm.live.prefunding-proof", + "source": "JVMTM_CLOSURE_DIR/prefunding-proof.json", + "archive_path": "liquidity/prefunding-proof.json", + "description": "Live prefunding and liquidity proof for the candidate transaction." + }, + { + "slot": "jvmtm.live.pre-settlement-ack", + "source": "JVMTM_CLOSURE_DIR/pre-settlement-ack.json", + "archive_path": "acknowledgements/pre-settlement-ack.json", + "description": "Live ACK evidence used to prove ACK-before-credit ordering." + }, + { + "slot": "jvmtm.live.exception-event", + "source": "JVMTM_CLOSURE_DIR/sample-exception-event.json", + "archive_path": "exceptions/sample-exception-event.json", + "description": "Exception event captured when a transaction fails or rolls back." + }, + { + "slot": "jvmtm.live.kyt-result", + "source": "JVMTM_CLOSURE_DIR/kyt-screening-result.json", + "archive_path": "validation/kyt-screening-result.json", + "description": "KYT vendor output or equivalent screening result for the transaction." + }, + { + "slot": "jvmtm.live.recovery-time-report", + "source": "JVMTM_CLOSURE_DIR/recovery-time-report.json", + "archive_path": "bcp/recovery-time-report.json", + "description": "Recovery-time evidence for continuity validation." + }, + { + "slot": "jvmtm.live.dr-simulation-report", + "source": "JVMTM_CLOSURE_DIR/DR-simulation-report.json", + "archive_path": "disaster-recovery/DR-simulation-report.json", + "description": "Disaster recovery drill output tied to the operating environment." + }, + { + "slot": "jvmtm.live.balance-snapshot", + "source": "JVMTM_CLOSURE_DIR/real-time-balance-snapshot.json", + "archive_path": "monitoring/real-time-balance-snapshot.json", + "description": "Live balance visibility snapshot for liquidity and exposure checks." + }, + { + "slot": "jvmtm.live.instruction-record", + "source": "Submitted instruction payload, ISO message, API intake record, or operator reference for the candidate transaction.", + "archive_path": "not-archived-by-default", + "description": "Instruction-level reference used when a transaction is blocked before any settlement event exists." + }, + { + "slot": "jvmtm.live.failover-log", + "source": "JVMTM_CLOSURE_DIR/failover-test-log.txt", + "archive_path": "bcp/failover-test-log.txt", + "description": "Failover execution log or smoke output for the relevant environment." + }, + { + "slot": "jvmtm.live.transactions", + "source": "JVMTM_CLOSURE_DIR/transactions/*.json", + "archive_path": "transactions/*.json", + "description": "Live transaction compliance execution envelopes staged into the audit archive." + }, + { + "slot": "dbis.live.settlement-event", + "source": "output/settlement-events/*.json or integration-hub export", + "archive_path": "settlement-events/*.json", + "description": "Canonical settlement event linked to the transaction correlation_id." + }, + { + "slot": "reserve.live.provenance-package", + "source": "config/reserve-provenance-package plus live overrides", + "archive_path": "reserve-provenance-package/", + "description": "Funding-origin and reserve provenance package used for prefunding and finality review." + } + ], + "controls": [ + { + "control_id": "PT-01", + "phase": "pre-transaction", + "domain": "Transaction validation", + "requirement": "Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient.", + "validation_method": "Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #2", "Table C stage 1"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"}, + {"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.instruction-record"} + ], + "validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json && bash scripts/omnl/fetch-kyt-vendor-report.sh", + "failure_action": "Reject the instruction and route to compliance review.", + "high_value_override": "Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes.", + "notes": "Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event." + }, + { + "control_id": "PT-02", + "phase": "pre-transaction", + "domain": "Balance verification", + "requirement": "Prefunding must exist before instruction acceptance.", + "validation_method": "Check available balance, required amount, approval flag, and liquidity source in the prefunding proof.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #7", "Table C stage 2", "Table D #3", "Table D #6"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"}, + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"} + ], + "validator_command": "check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json ", + "failure_action": "Block the transaction and place it on treasury hold.", + "high_value_override": "High-value transfers require named treasury sign-off in addition to approved=true.", + "notes": "The proof should show available_balance_before_major >= required_amount_major." + }, + { + "control_id": "PT-03", + "phase": "pre-transaction", + "domain": "Messaging compliance", + "requirement": "Structured messaging is mandatory for instruction intake and settlement preparation.", + "validation_method": "Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #9", "Table C stage 1"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"}, + {"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.instruction-record"} + ], + "validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json ", + "failure_action": "Reject malformed or uncorrelated instructions.", + "high_value_override": "Require explicit rail_mode selection and a second operator review of message identifiers.", + "notes": "Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event." + }, + { + "control_id": "PT-04", + "phase": "pre-transaction", + "domain": "Authorization", + "requirement": "Multi-layer authorization must exist before funds move.", + "validation_method": "Verify maker-checker approval and signed instruction metadata before release.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table C stage 1"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"} + ], + "validator_command": "manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope", + "failure_action": "Block the instruction until authorization is complete.", + "high_value_override": "Dual treasury and compliance approvals are mandatory for high-value mode.", + "notes": "This control is intentionally recorded in the per-transaction execution envelope." + }, + { + "control_id": "PT-05", + "phase": "pre-transaction", + "domain": "Fraud detection", + "requirement": "Credit advice cannot be the sole proof of legitimacy.", + "validation_method": "Cross-check KYT, instruction metadata, and ledger intent before allowing release.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #2", "Table D #2"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"}, + {"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"} + ], + "validator_command": "bash scripts/omnl/fetch-kyt-vendor-report.sh", + "failure_action": "Escalate to fraud workflow and freeze release.", + "high_value_override": "High-value transfers require an explicit fraud-clear memo before release.", + "notes": "Treat unverified advice as insufficient even when operational pressure is high." + }, + { + "control_id": "TX-01", + "phase": "execution", + "domain": "Settlement order", + "requirement": "Debit only after validation and release gates have passed.", + "validation_method": "Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table C stage 2", "Table C stage 3"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}, + {"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"} + ], + "validator_command": "manual: verify decision_status=READY in the execution envelope before debit or release", + "failure_action": "Halt execution and investigate sequencing.", + "high_value_override": "Require a named release operator separate from the validator.", + "notes": "The execution envelope is the operator cockpit record for this sequence." + }, + { + "control_id": "TX-02", + "phase": "execution", + "domain": "Closed-loop confirmation", + "requirement": "ACK is required before beneficiary credit or release.", + "validation_method": "Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #6", "Table C stage 3", "Table C stage 4"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json"}, + {"artifact_type": "repo-path", "ref": "scripts/omnl/verify-ack-before-credit.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.pre-settlement-ack"} + ], + "validator_command": "bash scripts/omnl/verify-ack-before-credit.sh ", + "failure_action": "Stop settlement and keep the transaction blocked.", + "high_value_override": "Manual ACK review remains mandatory even if the script passes.", + "notes": "ACK-before-credit is a non-waivable release gate." + }, + { + "control_id": "TX-03", + "phase": "execution", + "domain": "Settlement finality", + "requirement": "The finality point must be explicit and tied to the operating rail.", + "validation_method": "Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table B #5", "Table D #5"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"}, + {"artifact_type": "repo-path", "ref": "config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json"}, + {"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"}, + {"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"} + ], + "validator_command": "manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail", + "failure_action": "Escalate to legal/ops hold and do not mark funds final.", + "high_value_override": "High-value transfers require explicit counsel-aligned finality confirmation.", + "notes": "Technical finality and legal finality must not be conflated without documentation." + }, + { + "control_id": "TX-04", + "phase": "execution", + "domain": "Liquidity control", + "requirement": "Prefunded settlement must still be valid at release time.", + "validation_method": "Recheck the prefunding proof and balance snapshot immediately before execution.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #7", "Table C stage 2", "Table D #3", "Table D #6"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"} + ], + "validator_command": "manual: confirm prefunding proof checked_at is current for the release window", + "failure_action": "Cancel or pause settlement pending treasury refresh.", + "high_value_override": "Require treasury to certify that no other release consumed the same liquidity.", + "notes": "This is the release-time liquidity check, not the initial intake check." + }, + { + "control_id": "TX-05", + "phase": "execution", + "domain": "Exception handling", + "requirement": "Rollback or incident logic must exist for execution failures.", + "validation_method": "Capture the exception event, retry log, and operator decision when execution deviates from policy.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #10"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/policies/exception-policy.md"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.exception-event"} + ], + "validator_command": "manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries", + "failure_action": "Trigger rollback or incident workflow per exception policy.", + "high_value_override": "High-value exceptions require immediate incident bridge and executive notification.", + "notes": "Every execution error should produce a machine-readable exception record." + }, + { + "control_id": "PS-01", + "phase": "post-settlement", + "domain": "Reconciliation", + "requirement": "Daily automated three-way reconciliation is mandatory.", + "validation_method": "Generate the reconciliation result and tie it back to the transaction correlation_id.", + "blocking_level": "POST_EVENT", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #1", "Table C stage 5", "Table D #4"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/generate-3way-reconciliation-evidence.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.daily-3way-report"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"} + ], + "validator_command": "bash scripts/omnl/generate-3way-reconciliation-evidence.sh", + "failure_action": "Flag discrepancy, open reconciliation incident, and hold downstream attestations.", + "high_value_override": "High-value transfers require same-day review of the generated reconciliation result.", + "notes": "Do not substitute hand-edited matched=true JSON for generated evidence." + }, + { + "control_id": "PS-02", + "phase": "post-settlement", + "domain": "Balance monitoring", + "requirement": "Real-time visibility is required during and after settlement.", + "validation_method": "Capture a balance snapshot that shows the post-settlement position for the relevant account or office.", + "blocking_level": "POST_EVENT", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #8", "Table D #6"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"} + ], + "validator_command": "check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json ", + "failure_action": "Notify treasury and risk; do not treat the day as clean.", + "high_value_override": "Require intraday refreshes before and after finality lock.", + "notes": "This supports over-credit and blind-position monitoring." + }, + { + "control_id": "PS-03", + "phase": "post-settlement", + "domain": "Audit logging", + "requirement": "Immutable transaction records must exist after funds movement.", + "validation_method": "Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id.", + "blocking_level": "POST_EVENT", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #5", "Table B #9"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"} + ], + "validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json ", + "failure_action": "Mark the audit trail incomplete and escalate for evidence remediation.", + "high_value_override": "Require a second evidence reviewer before the transaction is considered fully closed.", + "notes": "The settlement event is the canonical cross-system record; the execution envelope is the operator overlay." + }, + { + "control_id": "PS-04", + "phase": "post-settlement", + "domain": "Exception resolution", + "requirement": "Every exception must have a documented resolution workflow.", + "validation_method": "Confirm the exception policy was followed and the retry log or incident closure exists.", + "blocking_level": "POST_EVENT", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #10"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/policies/exception-policy.md"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.exception-event"} + ], + "validator_command": "manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction", + "failure_action": "Escalate unresolved exceptions to incident management.", + "high_value_override": "No unresolved exception may remain open at end of day for a high-value transfer.", + "notes": "Close the exception in both narrative and machine-readable form." + }, + { + "control_id": "PS-05", + "phase": "post-settlement", + "domain": "Reporting", + "requirement": "Regulatory and supervisory reporting artifacts must be assembled after settlement.", + "validation_method": "Stage the transaction execution envelope and supporting files into the audit archive path.", + "blocking_level": "POST_EVENT", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table B #1", "Table B #5"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"} + ], + "validator_command": "manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive", + "failure_action": "Mark the package incomplete and reopen evidence assembly.", + "high_value_override": "High-value transfers require same-day archive rebuild after close.", + "notes": "The archive is the supervisory bundle, not the operational source of truth." + }, + { + "control_id": "SR-01", + "phase": "resilience", + "domain": "Business continuity", + "requirement": "A continuity path must exist so a single outage does not stop the settlement spine.", + "validation_method": "Run failover smoke or equivalent continuity check and retain the execution log.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table B #3", "Table B #4", "Table D #1"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/bcp-rpc-failover-smoke.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"} + ], + "validator_command": "bash scripts/omnl/bcp-rpc-failover-smoke.sh", + "failure_action": "Escalate to platform ops and restrict the rail if continuity is unproven.", + "high_value_override": "High-value release requires same-window confirmation that the fallback path is available.", + "notes": "This proves reachability and fallback posture, not full data-centre certification." + }, + { + "control_id": "SR-02", + "phase": "resilience", + "domain": "Disaster recovery", + "requirement": "Disaster recovery evidence must exist for the environment supporting settlement.", + "validation_method": "Review the recovery-time report and DR simulation report for the active environment.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table B #4"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json"}, + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.recovery-time-report"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.dr-simulation-report"} + ], + "validator_command": "manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment", + "failure_action": "Escalate to continuity governance and consider restricting production usage.", + "high_value_override": "Do not treat DR evidence as stale for high-value transfers.", + "notes": "This is an environment readiness control rather than a per-transaction proof." + }, + { + "control_id": "SR-03", + "phase": "resilience", + "domain": "Failover", + "requirement": "No single point of failure should exist for the chosen settlement path.", + "validation_method": "Confirm a secondary route, compensating control, or manual fallback exists before go-live.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table B #3", "Table D #1"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"} + ], + "validator_command": "manual: document fallback route or compensating procedure for the active settlement rail", + "failure_action": "Escalate to architecture review and restrict unsupported paths.", + "high_value_override": "Require named fallback ownership for high-value mode.", + "notes": "The control may be satisfied by procedural fallback when technical failover is not available." + }, + { + "control_id": "SR-04", + "phase": "resilience", + "domain": "Messaging reliability", + "requirement": "The messaging and evidence formats must remain schema-closed and interoperable.", + "validation_method": "Validate both settlement-event and JVMTM control-pack schemas before packaging or release.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table B #9"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/validation/validate-dbis-institutional-schemas.sh"}, + {"artifact_type": "repo-path", "ref": "scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh"} + ], + "validator_command": "SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh", + "failure_action": "Escalate schema drift and block package publication until fixed.", + "high_value_override": "Run schema validation immediately before high-value package assembly.", + "notes": "This is the pack-level guard against format drift." + }, + { + "control_id": "SR-05", + "phase": "resilience", + "domain": "System integrity", + "requirement": "Reserve and provenance evidence must remain internally consistent with the settlement path.", + "validation_method": "Validate the reserve provenance package when reserve backing or finality support is in scope.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table B #5", "Table B #7"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/validation/validate-reserve-provenance-package.sh"}, + {"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"} + ], + "validator_command": "SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh", + "failure_action": "Escalate reserve-integrity risk and suspend unsupported attestations.", + "high_value_override": "Treat provenance gaps as an immediate executive escalation for high-value mode.", + "notes": "Use this when the transaction depends on reserve or legal provenance narratives." + }, + { + "control_id": "RK-01", + "phase": "systemic-risk", + "domain": "Operational risk", + "requirement": "Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak.", + "validation_method": "Review continuity evidence and the active rail posture before authorizing production usage.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table D #1"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/bcp-rpc-failover-smoke.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"} + ], + "validator_command": "manual: review continuity posture before declaring the rail ready", + "failure_action": "Raise executive escalation when operational dependency is unresolved.", + "high_value_override": "High-value mode requires explicit acknowledgement of dependency risk.", + "notes": "This is a governance-layer control rather than a message-level validation." + }, + { + "control_id": "RK-02", + "phase": "systemic-risk", + "domain": "Fraud risk", + "requirement": "Spoofed credit advice or misleading confirmations must trigger a hard investigation path.", + "validation_method": "Tie advice, KYT, and execution evidence together; escalate if they diverge.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table D #2", "Table B #2"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"} + ], + "validator_command": "manual: compare advice, KYT result, and execution envelope references before release", + "failure_action": "Freeze the transaction and open fraud investigation.", + "high_value_override": "High-value fraud signals trigger executive and legal escalation immediately.", + "notes": "A clean advice message does not override a failed independent check." + }, + { + "control_id": "RK-03", + "phase": "systemic-risk", + "domain": "Settlement risk", + "requirement": "No transaction may proceed when prefunding or reserve support is missing.", + "validation_method": "Use the prefunding proof and balance snapshot to determine whether default risk exists.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table D #3", "Table B #7"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"} + ], + "validator_command": "manual: treat approved=false or stale liquidity evidence as an immediate settlement hold", + "failure_action": "Place the transaction on settlement hold and escalate to treasury.", + "high_value_override": "No waiver permitted in high-value mode without executive risk acceptance.", + "notes": "This is the governance wrapper around PT-02 and TX-04." + }, + { + "control_id": "RK-04", + "phase": "systemic-risk", + "domain": "Reconciliation risk", + "requirement": "Missing or mismatched records must trigger audit escalation.", + "validation_method": "Review generated three-way results and open incidents for any unmatched item.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table D #4", "Table B #1"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/generate-3way-reconciliation-evidence.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"} + ], + "validator_command": "manual: review 3way-result.json and open an audit incident on mismatch", + "failure_action": "Escalate to reconciliation and audit owners.", + "high_value_override": "Review same business day for high-value transfers.", + "notes": "Post-settlement does not mean low-risk when mismatches remain unresolved." + }, + { + "control_id": "RK-05", + "phase": "systemic-risk", + "domain": "Legal risk", + "requirement": "Undefined finality or reversal posture must trigger legal escalation.", + "validation_method": "Compare the rail finality point to the declared policy and reserve/finality narratives.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Table D #5", "Table B #5"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"}, + {"artifact_type": "repo-path", "ref": "config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json"}, + {"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"} + ], + "validator_command": "manual: escalate when technical finality and legal narrative diverge or remain undefined", + "failure_action": "Hold legal attestation and route to counsel review.", + "high_value_override": "Counsel acknowledgement is mandatory for high-value finality exceptions.", + "notes": "This captures the legal ambiguity risk even when the chain or rail shows technical completion." + }, + { + "control_id": "RK-06", + "phase": "systemic-risk", + "domain": "Liquidity risk", + "requirement": "Cash-flow mismatch or blind position indicators must trigger treasury escalation.", + "validation_method": "Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence.", + "blocking_level": "ESCALATE", + "applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"], + "source_audit_rows": ["Table D #6", "Table B #8"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"} + ], + "validator_command": "manual: escalate when liquidity evidence is stale, inconsistent, or below threshold", + "failure_action": "Notify treasury and risk management immediately.", + "high_value_override": "Maintain live liquidity monitoring throughout the settlement window.", + "notes": "This control complements prefunding by focusing on ongoing exposure." + }, + { + "control_id": "HV-01", + "phase": "high-value-mode", + "domain": "Dual authorization", + "requirement": "High-value transfers require dual settlement authorization beyond baseline maker-checker.", + "validation_method": "Record dual approval identities in the execution envelope before release.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Enhanced mode"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"} + ], + "validator_command": "manual: confirm two named approvers are recorded in the execution envelope before release", + "failure_action": "Do not release the transaction until both approvals are present.", + "high_value_override": "Applies automatically once amount >= 100000000.00 major units.", + "notes": "This is additive to PT-04." + }, + { + "control_id": "HV-02", + "phase": "high-value-mode", + "domain": "Treasury authorization", + "requirement": "Treasury must explicitly certify liquidity and reserve readiness for high-value transfers.", + "validation_method": "Review prefunding proof, balance snapshot, and reserve narrative immediately before release.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Enhanced mode", "Table B #7", "Table D #6"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}, + {"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"} + ], + "validator_command": "manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot", + "failure_action": "Keep the transaction blocked until treasury certifies capacity.", + "high_value_override": "No delegated approval path.", + "notes": "Use reserve provenance where the funding story matters to regulators." + }, + { + "control_id": "HV-03", + "phase": "high-value-mode", + "domain": "Dual ledger evidence", + "requirement": "High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs.", + "validation_method": "Tie the execution envelope to settlement-event and generated three-way reconciliation evidence.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Enhanced mode", "Table B #1", "Table B #5"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"} + ], + "validator_command": "manual: require linked settlement event and three-way result references before close", + "failure_action": "Treat the transaction as evidence-incomplete and keep it under review.", + "high_value_override": "No archive close without both evidence layers.", + "notes": "This is the mirrored-ledger analogue in the current repo model." + }, + { + "control_id": "HV-04", + "phase": "high-value-mode", + "domain": "Settlement freeze window", + "requirement": "Apply a post-settlement freeze or review window before treating the transfer as fully closed.", + "validation_method": "Record the freeze decision and any post-finality review notes in the execution envelope.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Enhanced mode", "Table B #5"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"} + ], + "validator_command": "manual: append freeze-window review notes before marking the transfer fully closed", + "failure_action": "Maintain enhanced monitoring and do not close the case yet.", + "high_value_override": "Freeze review is mandatory even when the rail is technically final.", + "notes": "This is a policy control layered over finality." + }, + { + "control_id": "HV-05", + "phase": "high-value-mode", + "domain": "Executive escalation", + "requirement": "High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts.", + "validation_method": "Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution.", + "blocking_level": "HARD_STOP", + "applies_to_rail": ["chain138-primary", "swift", "hybrid"], + "source_audit_rows": ["Enhanced mode", "Table D #1", "Table D #2", "Table D #3"], + "repo_evidence_artifacts": [ + {"artifact_type": "repo-path", "ref": "scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh"}, + {"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"} + ], + "validator_command": "manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution", + "failure_action": "Keep the transaction in BLOCKED or ESCALATE until executive review is complete.", + "high_value_override": "Always on in high-value mode.", + "notes": "The archive rebuild is part of the evidence closure, not a substitute for the escalation." + } + ] +} diff --git a/config/production/dbis-identity-public-did-package.example.json b/config/production/dbis-identity-public-did-package.example.json new file mode 100644 index 0000000..7866cc3 --- /dev/null +++ b/config/production/dbis-identity-public-did-package.example.json @@ -0,0 +1,99 @@ +{ + "schemaVersion": "1.0", + "programId": "dbis-rtgs-identity", + "packageStatus": "draft", + "ariesAgent": { + "adminUrl": "http://192.168.11.88:8031", + "didcommUrl": "http://192.168.11.88:8030", + "walletType": "askar-anoncreds", + "adminAuthMode": "insecure", + "adminApiKeyEnv": "ARIES_ADMIN_API_KEY" + }, + "ledger": { + "type": "indy", + "targetNetwork": "dbis-local-indy-pool", + "trustScope": "sovereign-internal-first", + "poolName": "dbis-local-pool", + "genesisSource": "/opt/aries/ledger/pool_transactions_genesis", + "didMethod": "sov", + "nymWriteMode": "endorser" + }, + "governance": { + "governanceVersion": "1.0", + "changeControlRef": "DBIS-ID-GOV-2026-001", + "changeControlFormat": "DBIS-ID-GOV-YYYY-NNN", + "operatorOwner": "DBIS Identity Operations Division", + "approvalOwner": "DBIS Governance Authority", + "endorserGovernanceModel": { + "type": "procedural-multisig", + "quorum": "3-of-5", + "custodians": [ + "DBIS Governance Authority", + "DBIS Identity Operations Division", + "Independent Oversight Authority", + "OMNL Authority (future slot reserved)", + "ICCC Authority (future slot reserved)" + ], + "singleKeyDidControl": "multisig-governance-around-single-key-did", + "currentPhase": "phase-1-procedural", + "futurePhases": [ + "phase-2-hsm-custody", + "phase-3-mpc-threshold-signing" + ] + }, + "notes": "Governance structure frozen prior to formal endorser designation. Recommended default remains author-plus-endorser rather than a seed-only path." + }, + "roles": { + "author": { + "alias": "dbis-issuer-author", + "publicDid": "", + "verkey": "", + "connectionIdEnv": "AUTHOR_CONNECTION_ID" + }, + "endorser": { + "alias": "dbis-root-endorser", + "did": "", + "connectionIdEnv": "ENDORSER_CONNECTION_ID" + } + }, + "anoncreds": { + "schemas": [ + { + "id": "institution-admission-v1", + "name": "InstitutionAdmission", + "version": "1.0.0", + "issuerRole": "complete-credential", + "credentialDefinitionTag": "default", + "supportRevocation": false, + "attributes": [ + "institutionId", + "institutionName", + "jurisdiction", + "participantClass", + "admissionDate" + ] + } + ], + "verificationProfiles": [ + { + "id": "smoa-basic-admission-check", + "verifierRole": "smoa", + "requestedAttributes": [ + "institutionId", + "participantClass", + "jurisdiction" + ] + } + ] + }, + "evidence": { + "outputDir": "reports/identity-completion", + "requiredArtifacts": [ + "public-did.json", + "schema-publication.json", + "creddef-publication.json", + "issuance-result.json", + "verification-result.json" + ] + } +} diff --git a/config/production/dbis-identity-public-did-package.json b/config/production/dbis-identity-public-did-package.json new file mode 100644 index 0000000..e1b389f --- /dev/null +++ b/config/production/dbis-identity-public-did-package.json @@ -0,0 +1,99 @@ +{ + "schemaVersion": "1.0", + "programId": "dbis-rtgs-identity", + "packageStatus": "awaiting-external-endorser", + "ariesAgent": { + "adminUrl": "http://192.168.11.88:8031", + "didcommUrl": "http://192.168.11.88:8030", + "walletType": "askar-anoncreds", + "adminAuthMode": "insecure", + "adminApiKeyEnv": "ARIES_ADMIN_API_KEY" + }, + "ledger": { + "type": "indy", + "targetNetwork": "dbis-local-indy-pool", + "trustScope": "sovereign-internal-first", + "poolName": "dbis-local-pool", + "genesisSource": "/opt/aries/ledger/pool_transactions_genesis", + "didMethod": "sov", + "nymWriteMode": "endorser" + }, + "governance": { + "governanceVersion": "1.0", + "changeControlRef": "DBIS-ID-GOV-2026-001", + "changeControlFormat": "DBIS-ID-GOV-YYYY-NNN", + "operatorOwner": "DBIS Identity Operations Division", + "approvalOwner": "DBIS Governance Authority", + "endorserGovernanceModel": { + "type": "procedural-multisig", + "quorum": "3-of-5", + "custodians": [ + "DBIS Governance Authority", + "DBIS Identity Operations Division", + "Independent Oversight Authority", + "OMNL Authority (future slot reserved)", + "ICCC Authority (future slot reserved)" + ], + "singleKeyDidControl": "multisig-governance-around-single-key-did", + "currentPhase": "phase-1-procedural", + "futurePhases": [ + "phase-2-hsm-custody", + "phase-3-mpc-threshold-signing" + ] + }, + "notes": "Governance structure is pre-frozen prior to formal endorser designation. Remaining gaps are external designation, endorser DID, connection ID, and author promotion outputs." + }, + "roles": { + "author": { + "alias": "dbis-issuer-author", + "publicDid": "", + "verkey": "", + "connectionIdEnv": "AUTHOR_CONNECTION_ID" + }, + "endorser": { + "alias": "dbis-root-endorser", + "did": "", + "connectionIdEnv": "ENDORSER_CONNECTION_ID" + } + }, + "anoncreds": { + "schemas": [ + { + "id": "institution-admission-v1", + "name": "InstitutionAdmission", + "version": "1.0.0", + "issuerRole": "complete-credential", + "credentialDefinitionTag": "default", + "supportRevocation": false, + "attributes": [ + "institutionId", + "institutionName", + "jurisdiction", + "participantClass", + "admissionDate" + ] + } + ], + "verificationProfiles": [ + { + "id": "smoa-basic-admission-check", + "verifierRole": "smoa", + "requestedAttributes": [ + "institutionId", + "participantClass", + "jurisdiction" + ] + } + ] + }, + "evidence": { + "outputDir": "reports/identity-completion", + "requiredArtifacts": [ + "public-did.json", + "schema-publication.json", + "creddef-publication.json", + "issuance-result.json", + "verification-result.json" + ] + } +} diff --git a/config/production/dbis-identity-public-did-secrets.example.env b/config/production/dbis-identity-public-did-secrets.example.env new file mode 100644 index 0000000..b820e70 --- /dev/null +++ b/config/production/dbis-identity-public-did-secrets.example.env @@ -0,0 +1,21 @@ +# Copy to: +# config/production/dbis-identity-public-did-secrets.env +# +# Keep this file out of commits when populated with real values. + +ARIES_ADMIN_API_KEY="" + +# Optional author-side connection reference if a separate author connection is used. +AUTHOR_CONNECTION_ID="" + +# Required for the recommended author + endorser publication model. +ENDORSER_CONNECTION_ID="" + +# Optional references for governance / operator evidence. +DBIS_IDENTITY_APPROVAL_TICKET="" +DBIS_IDENTITY_APPROVER="" +DBIS_IDENTITY_PUBLIC_DID="" +DBIS_IDENTITY_PUBLIC_DID_VERKEY="" + +# Optional path or reference to an externally supplied NYM / endorsement payload. +DBIS_IDENTITY_NYM_TXN_REF="" diff --git a/config/proxmox-operational-template.json b/config/proxmox-operational-template.json index 95899b1..678f968 100644 --- a/config/proxmox-operational-template.json +++ b/config/proxmox-operational-template.json @@ -135,8 +135,9 @@ "vmid": 100, "hostname": "proxmox-mail-gateway", "ipv4": "192.168.11.32", - "preferred_node": "r630-02", + "preferred_node": "r630-01", "category": "infra", + "purpose": "Proxmox Mail Proxy / LAN SMTP relay for apps (dbis_core, alerts); Postfix 25+587+465 live on CT (2026-03-30)", "ports": [ { "port": 25, @@ -145,6 +146,10 @@ { "port": 587, "name": "submission" + }, + { + "port": 465, + "name": "smtps" } ], "fqdns": [] @@ -153,7 +158,7 @@ "vmid": 101, "hostname": "proxmox-datacenter-manager", "ipv4": "192.168.11.33", - "preferred_node": "r630-02", + "preferred_node": "r630-01", "category": "infra", "ports": [ { @@ -167,7 +172,7 @@ "vmid": 103, "hostname": "omada", "ipv4": "192.168.11.30", - "preferred_node": "r630-02", + "preferred_node": "r630-01", "category": "infra", "ports": [ { @@ -181,7 +186,7 @@ "vmid": 104, "hostname": "gitea", "ipv4": "192.168.11.31", - "preferred_node": "r630-02", + "preferred_node": "r630-01", "category": "infra", "ports": [ { @@ -199,7 +204,7 @@ "vmid": 105, "hostname": "nginxproxymanager", "ipv4": "192.168.11.26", - "preferred_node": "r630-02", + "preferred_node": "r630-01", "category": "legacy_proxy", "ports": [ { @@ -934,6 +939,7 @@ "ipv4": "192.168.11.155", "preferred_node": "r630-01", "category": "dbis", + "purpose": "Reserved for dbis_core API; live CT runs python http.server placeholder; /tmp/smtp.env.example for SMTP when Node deployed", "ports": [ { "port": 3000 @@ -949,6 +955,7 @@ "ipv4": "192.168.11.156", "preferred_node": "r630-01", "category": "dbis", + "purpose": "Same as 10150: placeholder static server until dbis_core Node API deployed", "ports": [ { "port": 3000 @@ -1783,11 +1790,12 @@ { "vmid": 10092, "hostname": "order-mcp-legal", - "ipv4": "192.168.11.37", + "ipv4": "192.168.11.94", "preferred_node": "r630-01", "category": "order", "ports": [], - "fqdns": [] + "fqdns": [], + "notes": "Moved off 192.168.11.37 on 2026-03-29 after ARP conflict with VMID 7810 mim-web-1. Use IP_ORDER_MCP_LEGAL in ip-addresses.conf." }, { "vmid": 10200, diff --git a/config/reserve-provenance-package/README.md b/config/reserve-provenance-package/README.md new file mode 100644 index 0000000..2d54053 --- /dev/null +++ b/config/reserve-provenance-package/README.md @@ -0,0 +1,62 @@ +# Reserve provenance and settlement attestation (staged package) + +**Purpose:** Structured artifacts that connect **legal / funding narrative** to **operational reconciliation** (ledger, bank export, chain) without claiming bank or KYT completion where evidence is still pending. + +**Not legal advice.** Entity names, amounts, and references mirror the **3FR / Titan / FIDES** funding narrative you supplied; **counsel must review** before any regulatory submission. Replace or redact for other deals. + +## Truthfulness rules (supervisory posture) + +| Artifact | Declares complete? | +|----------|-------------------| +| Attorney receipt attestation | Legal **form** only — does not replace bank confirmation | +| Settlement finality declaration | **Declared** finality per your workflow — not universal legal finality | +| Funding origin chain | Structured **narrative** from documentation review | +| Bank balance certification | **AWAITING_BANK_EXPORT** until MT940 / camt.053 / API | +| KYT execution record | **PENDING** until vendor integration | +| Reconciliation trigger | **INITIATED** — run `generate-3way-reconciliation-evidence.sh` for machine output | +| Reserve recognition | **PROVISIONAL_RESERVE** — bank + KYT still pending | +| Reserve monetary linkage | **PROVISIONAL_LINKAGE_NARRATIVE** — ties MT103, composition, SIS refs, custody cite; EO/DCID = **investigative standard reference**, not government endorsement; reconcile magnitudes to originals | +| Regulatory stack (HYBX / OMNL / DBIS) | **DECLARED_ARCHITECTURE** — OMNL **LEI** (GLEIF); OMNL charter **EO + DCID standard references** (12829/12968/10450 + DCID 6/4, parallel) in docs — **not** U.S. endorsement; DBIS **SMOM–OSJ**; populate `regulatoryEvidence` for HYBX registration and executed charters | +| Reserve hosting map | **PROVISIONALLY_STRUCTURED** — links reserve composition to declared entity layers; verify AUSTRAC registration before AML/CTF claims | + +**Keystone (you must still obtain):** **Bank-issued** MT940, camt.053, or API export. The repo MT940 `.txt` is a **structural specimen** — not a substitute for custodian certification, signatures, or seals. + +**Operator attachment (out of band):** Place the **real** MT103 hard-copy scan as `MT103_HARDCOPY.pdf` (or your naming standard) in secure storage; do not commit privileged PDFs to git unless policy allows. + +**Original signatures:** When physical hard copies (or PDF scans that faithfully reproduce them) bear **original** authorized signatures, those artifacts are normally the **primary** supervisory evidence for execution and intent. The JSON and MT940 **specimens** in this repo remain **format and workflow** aids; they do not duplicate or replace custodied originals. Record **custody** (where originals live, who certified scans, optional file hashes) per your evidence policy. + +## Layout (package root relative) + +| Path | Role | +|------|------| +| `legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json` | Counsel receipt anchor | +| `settlement/SETTLEMENT_FINALITY_DECLARATION.json` | Instruction / receipt / credit flow declaration | +| `provenance/FUNDING_ORIGIN_CHAIN_3FR.json` | Bond → sale → transfer → allocation chain | +| `bank/JVMTM_BANK_BALANCE_JSON.json` | Certification **container** pending **bank-issued** MT940/camt.053 | +| `bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt` | **Specimen only** — MT940 layout for bank request & archival; not certified | +| `bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt` | **Specimen only** — same as above plus reserve / SIS / custody **narrative blocks** (not bank SWIFT text); use for traceability, not as issued statement | +| `bank/README_BANK_REQUEST_MT940_CAMT053.md` | Wording to request **official** MT940 or camt.053 | +| `bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json` | Example parse for `JVMTM_BANK_BALANCE_JSON` env (3-way generator); not bank-issued | +| `kyt/KYT_EXECUTION_RECORD.json` | KYT **container** pending vendor | +| `reconciliation/3WAY_RECONCILIATION_TRIGGER.json` | Links to ledger / bank file / chain records | +| `reserve/RESERVE_RECOGNITION_DECLARATION.json` | Provisional reserve classification | +| `reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json` | Machine-readable linkage: funding event + composition + SIS standard refs + custody cite (provisional) | +| `reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json` | Reserve composition + Titan custody cite mapped to HYBX / OMNL / DBIS declared roles | +| `governance/REGULATORY_STACK_DECLARATION.json` | Three-entity stack: commercial vs monetary vs sovereign risk domains; hosting relationship | +| `governance/REGULATORY_STACK_NARRATIVE.txt` | Human-readable mirror of the stack for auditors (verify against primary evidence) | + +## Validation + +```bash +bash scripts/validation/validate-reserve-provenance-package.sh +``` + +## Archive integration + +`scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh` copies this tree into the zip under **`reserve-provenance-package/`** (alongside `settlement-events/`, `audit-proof/`, etc.). + +## Related repo tooling + +- Operational 3-way: `scripts/omnl/generate-3way-reconciliation-evidence.sh` — point `JVMTM_BANK_BALANCE_JSON` at a **filled** bank JSON when MT940/API is available. +- KYT: `scripts/omnl/fetch-kyt-vendor-report.sh` — refuses to fabricate PASS. +- JVMTM templates: `config/jvmtm-regulatory-closure/`. diff --git a/config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_JSON.json b/config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_JSON.json new file mode 100644 index 0000000..5d441cc --- /dev/null +++ b/config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_JSON.json @@ -0,0 +1,26 @@ +{ + "schema_version": 1, + "documentType": "BankBalanceCertification", + "institution": "Titan Financial Holdings, LLC", + "accountHolder": "3FR, LLC", + "statementSource": "Pending_MT940_or_API", + "balanceSnapshot": { + "availableBalance": "UNCONFIRMED", + "ledgerBalance": "UNCONFIRMED" + }, + "status": "AWAITING_BANK_EXPORT", + "mt103CrossReference": { + "reference": "MERE-71-FIDES-5463-3892-01", + "declaredCreditUsdMajor": "645000000000.00", + "receivingAccountSpecimen": "WMGT202011580", + "note": "MT103 hard copy must reconcile to bank-issued MT940/camt.053 on same reference, amount, and account." + }, + "specimensInRepo": { + "mt940FormatSpecimen": "bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt", + "bankRequestTemplate": "bank/README_BANK_REQUEST_MT940_CAMT053.md", + "parsedJsonExampleForGenerator": "bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json" + }, + "integration": { + "forThreeWayGenerator": "Export bank-issued statement to JSON with value_major, statement_ref, fetched_at (see .example.json), then: JVMTM_BANK_BALANCE_JSON= bash scripts/omnl/generate-3way-reconciliation-evidence.sh" + } +} diff --git a/config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json b/config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json new file mode 100644 index 0000000..1e3d06b --- /dev/null +++ b/config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json @@ -0,0 +1,16 @@ +{ + "_comment": "EXAMPLE ONLY — replace with fields parsed from bank-ISSUED MT940 or camt.053. For generate-3way-reconciliation-evidence.sh use value_major + statement_ref + fetched_at.", + "bank": "Titan Financial Holdings, LLC", + "accountHolder": "3FR, LLC", + "accountNumber": "WMGT202011580", + "currency": "USD", + "openingBalance": "0.00", + "closingBalance": "645000000000.00", + "availableBalance": "645000000000.00", + "transactionReference": "MERE-71-FIDES-5463-3892-01", + "valueDate": "2023-12-14", + "value_major": "645000000000.00", + "statement_ref": "REPLACE_WITH_BANK_MT940_SEQUENCE_OR_CAMT_MSG_ID", + "fetched_at": "2023-12-18T00:00:00Z", + "source": "operator:parsed_from_bank_issued_MT940" +} diff --git a/config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt b/config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt new file mode 100644 index 0000000..1f0b7d6 --- /dev/null +++ b/config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt @@ -0,0 +1,80 @@ +================================================================================ +NON-AUTHORITATIVE SPECIMEN — NOT BANK-ISSUED +================================================================================ +This file is a **structural template / request specification** for SWIFT MT940 +(hard-copy or digital) aligned to reference MERE-71-FIDES-5463-3892-01. + +**Only the custodian bank may issue an authoritative MT940** (or camt.053). +Do not present this specimen as a certified bank statement. Officer names, +signatures, and seals must come from the bank only. + +Classification: BANK STATEMENT MESSAGE — SWIFT MT940 FORMAT — SPECIMEN FOR REQUEST & ARCHIVAL LAYOUT +================================================================================ + +----------------------------------------------- +SWIFT MESSAGE TYPE: MT940 +BANK TO CUSTOMER STATEMENT +----------------------------------------------- + +:20:TRXREF-MERE-71-FIDES-5463-3892-01 + +:25:ACCOUNT-NO-WMGT202011580 +ACCOUNT HOLDER: 3FR, LLC +BANK: TITAN FINANCIAL HOLDINGS, LLC + +:28C:00001/001 + +:60F:C231214USD000000000000,00 +OPENING BALANCE +DATE: 14 DECEMBER 2023 +CURRENCY: USD +BALANCE: 0.00 + +:61:231214C645000000000,00NTRFNONREF +VALUE DATE: 14 DECEMBER 2023 +ENTRY DATE: 14 DECEMBER 2023 +CREDIT +AMOUNT: 645,000,000,000.00 USD + +:86: +TRANSACTION DETAILS: +ORIGIN BANK: FIDES GESTION FINANCIERA, S.A.P.I. DE C.V. +BENEFICIARY: 3FR, LLC +REFERENCE: MERE-71-FIDES-5463-3892-01 +PAYMENT TYPE: SINGLE CUSTOMER CREDIT TRANSFER +METHOD: MANUAL MT103 DELIVERY +LEGAL STATUS: IRREVOCABLE + +:62F:C231214USD645000000000,00 +CLOSING BALANCE +DATE: 14 DECEMBER 2023 +CURRENCY: USD +BALANCE: 645,000,000,000.00 + +:64:C231214USD645000000000,00 +AVAILABLE BALANCE + +----------------------------------------------- +END OF MESSAGE +----------------------------------------------- + +BANK CERTIFICATION (TO BE COMPLETED BY BANK ONLY — DO NOT FILL IN REPO COPY) + +Institution: +Titan Financial Holdings, LLC + +Authorized Officer: +______________________________ + +Title: +Bank Operations Officer + +Date: +______________________________ + +Official Seal: +______________________________ + +================================================================================ +END SPECIMEN +================================================================================ diff --git a/config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt b/config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt new file mode 100644 index 0000000..7b2759d --- /dev/null +++ b/config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt @@ -0,0 +1,168 @@ +================================================================================ +SPECIMEN / WORKFLOW TEMPLATE — NOT BANK-ISSUED — NOT SWIFT-VALIDATED +================================================================================ +This file is a STRUCTURAL and NARRATIVE specimen for packaging, bank requests, +and archival layout. It is NOT an authoritative MT940 from Titan or any bank. + +- Only the custodian bank may issue a certified MT940 (or camt.053 / API). +- Sections below labeled RESERVE / DUE DILIGENCE / CUSTODIAL are NARRATIVE + overlays for traceability to your deal file; they are NOT standard SWIFT + :86: subfields and would not appear this way on a real bank export unless + the bank explicitly formats them so. +- Executive Order and DCID citations describe an INVESTIGATIVE / DUE DILIGENCE + standard reference used in documentation — NOT a U.S. government endorsement, + regulatory clearance, or prudential approval of reserves. +- RECONCILE all magnitudes (especially custodial totals) to executed originals; + reserve summary (~1.545T USD) and a 15-digit custody line may conflict — fix + against source PDFs before any submission. +================================================================================ + +----------------------------------------------- +SWIFT MESSAGE TYPE: MT940 (SPECIMEN) +BANK TO CUSTOMER STATEMENT +RESERVE-LINKED BALANCE RECORD (NARRATIVE SPECIMEN ONLY) +----------------------------------------------- + +:20:TRXREF-MERE-71-FIDES-5463-3892-01 + +:25:ACCOUNT-NO-WMGT202011580 +ACCOUNT HOLDER: 3FR, LLC +BANK: TITAN FINANCIAL HOLDINGS, LLC + +:28C:00001/001 + +----------------------------------------------- +OPENING BALANCE +----------------------------------------------- + +:60F:C231214USD000000000000,00 + +DATE: 14 DECEMBER 2023 +CURRENCY: USD +OPENING BALANCE: 0.00 + +----------------------------------------------- +PRIMARY CREDIT ENTRY +----------------------------------------------- + +:61:231214C645000000000,00NTRFNONREF + +VALUE DATE: 14 DECEMBER 2023 +ENTRY DATE: 14 DECEMBER 2023 + +CREDIT AMOUNT: +645,000,000,000.00 USD + +----------------------------------------------- +TRANSACTION DETAIL +----------------------------------------------- + +:86: + +ORIGINATING INSTITUTION: +FIDES GESTION FINANCIERA, S.A.P.I. DE C.V. + +BENEFICIARY: +3FR, LLC + +TRANSFER TYPE: +SINGLE CUSTOMER CREDIT TRANSFER + +REFERENCE: +MERE-71-FIDES-5463-3892-01 + +METHOD: +MANUAL MT103 DELIVERY + +LEGAL STATUS: +IRREVOCABLE TRANSFER + +----------------------------------------------- +RESERVE STRUCTURE REFERENCE (NARRATIVE — NOT BANK SWIFT TEXT) +----------------------------------------------- + +SUPPORTING RESERVE COMPONENT: + +M00 RESERVE VALUE: +309,000,000,000.00 USD + +M0 EXPANDED VALUE: +900,000,000,000.00 USD + +RESERVE CLASSIFICATION: +GOLD-BACKED MONETARY SUPPORT (AS DESCRIBED IN DEAL DOCUMENTATION) + +SUPPORT SOURCE: +CLEARWATER PREMIERE PERPETUAL MASTER, LLC + +----------------------------------------------- +CLOSING BALANCE +----------------------------------------------- + +:62F:C231214USD645000000000,00 + +DATE: 14 DECEMBER 2023 + +CLOSING BALANCE: +645,000,000,000.00 USD + +----------------------------------------------- +AVAILABLE BALANCE +----------------------------------------------- + +:64:C231214USD645000000000,00 + +AVAILABLE BALANCE: +645,000,000,000.00 USD + +----------------------------------------------- +DUE DILIGENCE REFERENCE (NARRATIVE — NOT BANK SWIFT TEXT) +----------------------------------------------- + +CLEARANCE PROVIDER: +Strategic Intelligence Service (SIS) + +INVESTIGATIVE / DUE DILIGENCE STANDARD REFERENCES (NOT GOVERNMENT ENDORSEMENT): + +- Executive Order 12829 +- Executive Order 12968 +- Executive Order 10450 +- DCID 6/4 + +DOCUMENTATION CHARACTERIZATION (AS STATED IN DEAL FILE — VERIFY): +Funds described as verified clean and unencumbered per SIS letter + +----------------------------------------------- +CUSTODIAL BALANCE CONFIRMATION (NARRATIVE — NOT BANK SWIFT TEXT) +----------------------------------------------- + +REFERENCE DOCUMENT: +Titan Financial custodial balance sheet (as cited in deal file — page reference +in counsel bundle) + +DECLARED TOTAL ASSET BASE (AS TRANSCRIBED FROM PAGE 5 NARRATIVE — RECONCILE): +1,545,000,000,000,000.00 USD + +SPECIMEN NOTE: If reserve composition summary uses ~1.545 trillion USD, this +15-digit figure may be a transcription error — confirm against executed PDF. + +----------------------------------------------- +END OF MESSAGE (SPECIMEN) +----------------------------------------------- + +BANK CERTIFICATION (PLACEHOLDER ONLY — REAL BANK COMPLETES) + +Institution: +Titan Financial Holdings, LLC + +Authorized Officer: +______________________________ + +Title: +Bank Operations Officer + +Date: +______________________________ + +Official Seal: +______________________________ diff --git a/config/reserve-provenance-package/bank/README_BANK_REQUEST_MT940_CAMT053.md b/config/reserve-provenance-package/bank/README_BANK_REQUEST_MT940_CAMT053.md new file mode 100644 index 0000000..59b4eb2 --- /dev/null +++ b/config/reserve-provenance-package/bank/README_BANK_REQUEST_MT940_CAMT053.md @@ -0,0 +1,42 @@ +# Requesting the authoritative statement (MT940 or camt.053) + +Use this language when asking the **custodian bank** for the record that anchors **MT103 → ledger balance → reconciliation**. + +## Request (copy/paste) + +**Subject:** Official customer statement export — MT940 or ISO 20022 camt.053 + +**Body:** + +Request: **Official MT940 Statement Export** (or **camt.053** if your core issues ISO 20022 instead of SWIFT Fin). + +- **Account:** WMGT202011580 (or current account identifier) +- **Account holder:** 3FR, LLC +- **Institution:** Titan Financial Holdings, LLC (or actual booking entity) +- **Date range:** 14 December 2023 (adjust to cover value date of credit **MERE-71-FIDES-5463-3892-01**) + +**Required:** + +- Format: **SWIFT MT940** *or* **ISO 20022 camt.053** (bank’s standard) +- **Hard copy and digital** (as your policy allows) +- **Signed and certified** by an **authorized bank officer** (names, titles, seals are **bank-only** — do not fabricate in-repo specimens) + +## Reconciliation alignment + +The bank-issued statement must be **deterministic** with your MT103 hard copy: + +| Check | Must match | +|-------|------------| +| Reference | MERE-71-FIDES-5463-3892-01 (or bank’s :20: / equivalent) | +| Credit amount | USD 645,000,000,000.00 (per your executed transfer) | +| Receiving account | WMGT202011580 / 3FR, LLC (per bank books) | + +## After receipt + +1. Archive **bank-original** PDF/XML/txt (hash if required by policy). +2. Parse closing/available balance into a JSON file consumable by `JVMTM_BANK_BALANCE_JSON` / `generate-3way-reconciliation-evidence.sh` — see `JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json`. +3. Update `JVMTM_BANK_BALANCE_JSON.json` certification container status from `AWAITING_BANK_EXPORT` to reflect **bank-issued** evidence (separate commit / secure store). + +## Specimen on disk + +`MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt` is a **format model** only — see file header. diff --git a/config/reserve-provenance-package/governance/REGULATORY_STACK_DECLARATION.json b/config/reserve-provenance-package/governance/REGULATORY_STACK_DECLARATION.json new file mode 100644 index 0000000..4eb48a1 --- /dev/null +++ b/config/reserve-provenance-package/governance/REGULATORY_STACK_DECLARATION.json @@ -0,0 +1,88 @@ +{ + "schema_version": 1, + "documentType": "RegulatoryStackDeclaration", + "stackStructure": [ + { + "entity": "HYBX", + "classification": "Commercial Financial Services Provider", + "regulatoryStatus": { + "licenseType": [ + "AUSTRAC Financial Services Provider (FSP)", + "Digital Currency Exchange (DCE)" + ], + "jurisdiction": "Australia" + }, + "functionalRole": [ + "Liquidity Processing", + "Transaction Routing", + "Digital Asset Exchange Infrastructure" + ], + "riskDomain": "Commercial" + }, + { + "entity": "OMNL", + "classification": "Central Bank", + "identifiers": { + "lei": "98450070C57395F6B906", + "leiStandard": "ISO 17442" + }, + "leiProvenance": "Mirrored from docs/04-configuration/mifos-omnl-central-bank/OMNL_ENTITY_MASTER_DATA.json (Head Office, clientNumber 1). Confirm current status in GLEIF before supervisory or counterparty reliance.", + "regulatoryStatus": { + "designation": "Monetary Authority", + "jurisdiction": "Central Banking Authority" + }, + "functionalRole": [ + "Monetary Issuance", + "Reserve Custody", + "Settlement Oversight" + ], + "riskDomain": "Monetary", + "charterAcknowledgment": { + "describedInDealDocumentation": "OMNL charter acknowledged under U.S. Executive Order and DCID clearance / due-diligence standards (parallel reference lists)", + "executiveOrdersReferenced": [ + "Executive Order 12829", + "Executive Order 12968", + "Executive Order 10450" + ], + "dcidStandardsReferenced": ["DCID 6/4"], + "characterization": "investigative_and_due_diligence_standard_reference", + "notGovernmentEndorsementOfCharter": true, + "notSubstituteForExecutedCharter": true, + "note": "Citations describe documentation context — not U.S. government approval, validation, or prudential recognition of the charter. Attach executed charter and legal opinions out of band." + } + }, + { + "entity": "DBIS", + "classification": "Sovereign Governmental Monetary Authority", + "regulatoryStatus": { + "designation": "Sovereign governmental body", + "sovereignFramework": "SMOM — OSJ", + "jurisdiction": "Sovereign governmental (under SMOM–OSJ)" + }, + "functionalRole": [ + "Reserve Governance", + "Policy Authority", + "International Monetary Coordination" + ], + "riskDomain": "Sovereign" + } + ], + "hostingRelationship": { + "hostEntity": "HYBX", + "hostedEntities": ["OMNL", "DBIS"], + "hostingModel": "Regulated Infrastructure Hosting" + }, + "regulatorySeparationStatement": { + "statement": "Each entity is described here under distinct declared regulatory authority and functional mandate, supporting separation of commercial, monetary, and governmental risk domains for documentation and supervisory dialogue." + }, + "regulatoryEvidence": { + "hybxAustracDceRegistrationNumber": null, + "omnlLeiGleifVerificationRequired": true, + "omnlCharterOrEstablishmentReference": null, + "dbisGovernmentCharterReference": null, + "dbisSmomOsjEstablishmentReference": null, + "evidenceNote": "OMNL LEI — verify in GLEIF. OMNL charter: EO and DCID references above are contextual only; executed charter still required in primary evidence. HYBX FSP/DCE and DBIS/SMOM–OSJ charter references null until primary-source artifacts attached." + }, + "disclaimer": "Declared operational and jurisdictional posture for architecture documentation — not legal advice, not a regulator determination, and not substitute for verified licenses, charters, or supervisory recognition.", + "timestamp": "2023-12-18T00:00:00Z" +} diff --git a/config/reserve-provenance-package/governance/REGULATORY_STACK_NARRATIVE.txt b/config/reserve-provenance-package/governance/REGULATORY_STACK_NARRATIVE.txt new file mode 100644 index 0000000..c7cde1b --- /dev/null +++ b/config/reserve-provenance-package/governance/REGULATORY_STACK_NARRATIVE.txt @@ -0,0 +1,50 @@ +================================================================================ +HUMAN-READABLE DECLARATION — VERIFY AGAINST LICENSES, CHARTERS, AND SUPERVISORS +================================================================================ +This text mirrors governance/REGULATORY_STACK_DECLARATION.json for auditors who +read narratives first. It is not legal advice and does not assert government or +prudential approval. AUSTRAC FSP/DCE claims require verified registration +evidence; central-bank and sovereign roles require charter or establishment +documentation as applicable. + +================================================================================ + +REGULATORY STRUCTURE DECLARATION + +This financial infrastructure is described as operating across three distinct +declared entities for jurisdictional and risk-domain separation: + +1. HYBX operates as a licensed Financial Services Provider (FSP) and Digital + Currency Exchange (DCE) under AUSTRAC regulatory authority (Australia). + HYBX is described as the commercial transaction infrastructure host. + +2. OMNL functions as a Central Bank entity responsible for monetary issuance, + reserve management, and settlement authority functions. OMNL is identified + for interoperability using Legal Entity Identifier (LEI) ISO 17442, currently + mirrored from OMNL_ENTITY_MASTER_DATA.json — verify in GLEIF before reliance. + Deal documentation describes the OMNL charter as acknowledged under U.S. + Executive Order standards (12829, 12968, 10450) and DCID 6/4, in parallel, in + a clearance / due-diligence context; that framing is a standard reference, not + U.S. government endorsement of the charter — retain executed charter and + counsel review as primary evidence. + +3. The Digital Bank of International Settlements (DBIS) is described as a + sovereign governmental monetary authority under the SMOM–OSJ framework, + responsible for sovereign monetary governance and international financial + coordination. Map this description to primary establishment / charter + documentation out of band. + +These three entities are intended to maintain regulatory separation across: + +- Commercial Operations (HYBX) +- Monetary Authority (OMNL) +- Sovereign Policy (DBIS) + +HYBX is described as providing regulated infrastructure hosting services to +OMNL and DBIS while maintaining operational segregation and compliance with +applicable financial regulations. + +This structure is presented to clarify separation of commercial, monetary, +and sovereign financial risk domains in documentation. Supervisors and counsel +should map each claim to primary-source evidence (registration numbers, charters, +legal opinions) before reliance. diff --git a/config/reserve-provenance-package/kyt/KYT_EXECUTION_RECORD.json b/config/reserve-provenance-package/kyt/KYT_EXECUTION_RECORD.json new file mode 100644 index 0000000..f4303f0 --- /dev/null +++ b/config/reserve-provenance-package/kyt/KYT_EXECUTION_RECORD.json @@ -0,0 +1,15 @@ +{ + "schema_version": 1, + "documentType": "KYTExecutionRecord", + "provider": "PendingVendorIntegration", + "screeningStatus": "PENDING", + "transactionReference": "MERE-71-FIDES-5463-3892-01", + "riskEvaluation": { + "sanctionsCheck": "PENDING", + "riskScore": "UNAVAILABLE" + }, + "integration": { + "script": "scripts/omnl/fetch-kyt-vendor-report.sh", + "note": "Do not mark PASS without vendor-issued record; merge vendor export into this container or sibling file under validation/." + } +} diff --git a/config/reserve-provenance-package/legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json b/config/reserve-provenance-package/legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json new file mode 100644 index 0000000..d33cfed --- /dev/null +++ b/config/reserve-provenance-package/legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json @@ -0,0 +1,34 @@ +{ + "schema_version": 1, + "documentType": "AttorneyReceiptAttestation", + "attestingParty": { + "role": "Receiving Attorney", + "entity": "Titan Financial Holdings, LLC", + "jurisdiction": "Wyoming, USA" + }, + "transactionReference": { + "mt103Reference": "MERE-71-FIDES-5463-3892-01", + "originInstitution": "FIDES Gestion Financiera, S.A.P.I. de C.V.", + "beneficiary": "3FR, LLC" + }, + "receiptDetails": { + "attestationType": "FundsReceiptConfirmation", + "method": "Manual MT103 Deposit", + "declaredAmount": "645000000000.00 USD", + "receiptAcknowledged": true, + "attestationBasis": [ + "MT103 hard copy", + "transfer confirmation records", + "supporting financial statements" + ] + }, + "legalDeclaration": { + "statement": "Funds referenced herein were received under authority of the receiving counsel and recorded as delivered into the beneficiary structure.", + "status": "ATTESTED" + }, + "evidenceStaging": { + "counselReviewRequired": true, + "notSubstituteForBankConfirmation": true + }, + "timestamp": "2023-12-18T00:00:00Z" +} diff --git a/config/reserve-provenance-package/provenance/FUNDING_ORIGIN_CHAIN_3FR.json b/config/reserve-provenance-package/provenance/FUNDING_ORIGIN_CHAIN_3FR.json new file mode 100644 index 0000000..3d8829b --- /dev/null +++ b/config/reserve-provenance-package/provenance/FUNDING_ORIGIN_CHAIN_3FR.json @@ -0,0 +1,38 @@ +{ + "schema_version": 1, + "documentType": "FundingOriginNarrative", + "originChain": [ + { + "stage": 1, + "event": "Bond Transfer", + "entity": "Global Infrastructure Finance & Development Authority, Inc.", + "date": "2022-03-29" + }, + { + "stage": 2, + "event": "Bond Sale", + "buyer": "OCHO L.B., S.A. de C.V.", + "invoice": "CPPM-23-6-001", + "date": "2023-07-10" + }, + { + "stage": 3, + "event": "Funds Transfer", + "amount": "75000000000.00 USD", + "destination": "Clearwater Premiere Perpetual Master, LLC", + "date": "2023-07-11" + }, + { + "stage": 4, + "event": "Security Allocation", + "amount": "17000000000.00 USD", + "destination": "Integrated Transport Security", + "date": "2023-07-11" + } + ], + "sourceIntegrity": { + "status": "CHAIN_CONTINUOUS", + "verificationMethod": "Legal Documentation Review", + "note": "Structured lineage from funding package narrative; corroborate with executed instruments and bank records." + } +} diff --git a/config/reserve-provenance-package/reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json b/config/reserve-provenance-package/reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json new file mode 100644 index 0000000..2a71fe0 --- /dev/null +++ b/config/reserve-provenance-package/reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json @@ -0,0 +1,45 @@ +{ + "schema_version": 1, + "documentType": "ReserveHostingAndJurisdictionMap", + "primaryReserve": { + "reserveType": "Monetary Reserve", + "monetaryComposition": { + "cashComponentUsd": "92000000000.00", + "m00ComponentUsd": "309000000000.00", + "expandedM0EquivalentUsd": "900000000000.00" + }, + "custodyLayer": { + "custodian": "Titan Financial Holdings, LLC", + "reportedAssetBaseTranscribedFromCustodyNarrativeUsd": "1545000000000000.00", + "scaleReconciliationNote": "Reconcile to executed custody documents and to reserve composition summary (~1.545T USD) before supervisory use — see RESERVE_MONETARY_LINKAGE_DECLARATION.json." + } + }, + "jurisdictionalControl": { + "commercialInfrastructure": { + "entity": "HYBX", + "regulatoryStatusDeclared": "AUSTRAC Licensed FSP and DCE (verify registration)", + "role": "Operational Infrastructure Provider" + }, + "monetaryAuthority": { + "entity": "OMNL", + "classification": "Central Bank", + "role": "Reserve Authority", + "lei": "98450070C57395F6B906", + "leiSource": "OMNL_ENTITY_MASTER_DATA.json (Head Office); verify GLEIF", + "charterContext": "Described as acknowledged under EO 12829/12968/10450 and DCID 6/4 (parallel) in documentation — not government endorsement; see REGULATORY_STACK_DECLARATION.json" + }, + "sovereignAuthority": { + "entity": "DBIS", + "classification": "Sovereign governmental body under SMOM–OSJ", + "role": "Policy Governance Authority" + } + }, + "operationalHierarchy": [ + "DBIS — Sovereign policy layer", + "OMNL — Monetary authority layer", + "HYBX — Commercial infrastructure layer" + ], + "reserveRecognitionStatus": "PROVISIONALLY_STRUCTURED", + "disclaimer": "Maps declared entities to reserve narrative only; does not establish prudential reserve recognition, custodian confirmation, or verified regulatory standing.", + "timestamp": "2023-12-18T00:00:00Z" +} diff --git a/config/reserve-provenance-package/reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json b/config/reserve-provenance-package/reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json new file mode 100644 index 0000000..a4bb846 --- /dev/null +++ b/config/reserve-provenance-package/reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json @@ -0,0 +1,39 @@ +{ + "schema_version": 1, + "documentType": "ReserveMonetaryLinkageDeclaration", + "primaryFundingEvent": { + "mt103Reference": "MERE-71-FIDES-5463-3892-01", + "settlementAmountUsd": "645000000000.00", + "note": "Transfer amount as in MT103 / attorney attestation narrative; bank statement must match reference, account, and amount." + }, + "reserveStructure": { + "cashComponentUsd": "92000000000.00", + "m00ComponentUsd": "309000000000.00", + "expandedM0EquivalentUsd": "900000000000.00", + "totalAssetBaseApproxUsd": "1545000000000.00", + "compositionSource": "Reserve composition summary (deal file page 1 narrative — verify against executed originals)", + "supportEntityNamedInDocumentation": "Clearwater Premiere Perpetual Master, LLC" + }, + "dueDiligenceReference": { + "provider": "Strategic Intelligence Service", + "investigativeStandardsReferenced": [ + "Executive Order 12829", + "Executive Order 12968", + "Executive Order 10450", + "DCID 6/4" + ], + "characterization": "investigative_and_due_diligence_standard_reference", + "notGovernmentEndorsement": true, + "notRegulatoryClearance": true, + "documentationStatus": "As stated in deal file — counsel to confirm against SIS letter" + }, + "custodyReference": { + "custodian": "Titan Financial Holdings, LLC", + "custodyDocument": "Titan balance sheet / custodial record as cited in deal file (e.g. page 5)", + "statedTotalAssetBaseAsTranscribedFromPage5NarrativeUsd": "1545000000000000.00", + "scaleReconciliationNote": "Page 1 narrative cites ~1.545 trillion USD total asset base; page 5 transcription may use a different magnitude — reconcile to executed PDFs before supervisory use." + }, + "reserveStatus": "PROVISIONAL_LINKAGE_NARRATIVE", + "disclaimer": "Structured linkage only; does not establish prudential reserve recognition, regulatory capital, or bank-confirmed balances. Authoritative MT940/camt.053/API remains with the custodian bank.", + "timestamp": "2023-12-18T00:00:00Z" +} diff --git a/config/reserve-provenance-package/reserve/RESERVE_RECOGNITION_DECLARATION.json b/config/reserve-provenance-package/reserve/RESERVE_RECOGNITION_DECLARATION.json new file mode 100644 index 0000000..4f9ac87 --- /dev/null +++ b/config/reserve-provenance-package/reserve/RESERVE_RECOGNITION_DECLARATION.json @@ -0,0 +1,14 @@ +{ + "schema_version": 1, + "documentType": "ReserveRecognitionDeclaration", + "reserveType": "Operational Liquidity Reserve", + "fundingSource": "Bond Monetization Proceeds", + "custodyStatus": "AttorneyAcknowledged", + "reserveEligibility": { + "legalOriginVerified": true, + "bankSettlementPending": true, + "kytVerificationPending": true + }, + "status": "PROVISIONAL_RESERVE", + "disclaimer": "Provisional only until bank statement and KYT vendor evidence are attached; not prudential reserve recognition for regulatory capital without supervisor-approved methodology." +} diff --git a/config/reserve-provenance-package/schemas/reserve-provenance-package.schema.json b/config/reserve-provenance-package/schemas/reserve-provenance-package.schema.json new file mode 100644 index 0000000..b6fcdda --- /dev/null +++ b/config/reserve-provenance-package/schemas/reserve-provenance-package.schema.json @@ -0,0 +1,252 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://d-bis.org/schemas/reserve-provenance-package.json", + "title": "Reserve provenance package (10 attestation documents)", + "oneOf": [ + { "$ref": "#/$defs/AttorneyReceiptAttestation" }, + { "$ref": "#/$defs/SettlementFinalityDeclaration" }, + { "$ref": "#/$defs/FundingOriginNarrative" }, + { "$ref": "#/$defs/BankBalanceCertification" }, + { "$ref": "#/$defs/KYTExecutionRecord" }, + { "$ref": "#/$defs/ThreeWayReconciliationTrigger" }, + { "$ref": "#/$defs/ReserveRecognitionDeclaration" }, + { "$ref": "#/$defs/ReserveMonetaryLinkageDeclaration" }, + { "$ref": "#/$defs/RegulatoryStackDeclaration" }, + { "$ref": "#/$defs/ReserveHostingAndJurisdictionMap" } + ], + "$defs": { + "AttorneyReceiptAttestation": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "attestingParty", + "transactionReference", + "receiptDetails", + "legalDeclaration", + "timestamp" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "AttorneyReceiptAttestation" }, + "attestingParty": { "type": "object" }, + "transactionReference": { "type": "object" }, + "receiptDetails": { "type": "object" }, + "legalDeclaration": { "type": "object" }, + "evidenceStaging": { "type": "object" }, + "timestamp": { "type": "string", "format": "date-time" } + }, + "additionalProperties": true + }, + "SettlementFinalityDeclaration": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "transactionReference", + "finalityStatus", + "settlementType", + "confirmationFlow", + "legalEffect", + "timestamp" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "SettlementFinalityDeclaration" }, + "transactionReference": { "type": "string" }, + "finalityStatus": { "type": "string" }, + "settlementType": { "type": "string" }, + "confirmationFlow": { "type": "object" }, + "legalEffect": { "type": "object" }, + "timestamp": { "type": "string", "format": "date-time" } + }, + "additionalProperties": true + }, + "FundingOriginNarrative": { + "type": "object", + "required": ["schema_version", "documentType", "originChain", "sourceIntegrity"], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "FundingOriginNarrative" }, + "originChain": { + "type": "array", + "minItems": 1, + "items": { "type": "object" } + }, + "sourceIntegrity": { "type": "object" } + }, + "additionalProperties": true + }, + "BankBalanceCertification": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "institution", + "accountHolder", + "statementSource", + "balanceSnapshot", + "status" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "BankBalanceCertification" }, + "institution": { "type": "string" }, + "accountHolder": { "type": "string" }, + "statementSource": { "type": "string" }, + "balanceSnapshot": { "type": "object" }, + "status": { "type": "string" }, + "integration": { "type": "object" } + }, + "additionalProperties": true + }, + "KYTExecutionRecord": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "provider", + "screeningStatus", + "transactionReference", + "riskEvaluation" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "KYTExecutionRecord" }, + "provider": { "type": "string" }, + "screeningStatus": { "type": "string" }, + "transactionReference": { "type": "string" }, + "riskEvaluation": { "type": "object" }, + "integration": { "type": "object" } + }, + "additionalProperties": true + }, + "ThreeWayReconciliationTrigger": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "ledgerSource", + "bankSource", + "chainSource", + "executionStatus", + "reconciliationMode" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "ThreeWayReconciliationTrigger" }, + "ledgerSource": { "type": "string" }, + "bankSource": { "type": "string" }, + "chainSource": { "type": "string" }, + "executionStatus": { "type": "string" }, + "reconciliationMode": { "type": "string" }, + "correlationHints": { "type": "object" }, + "nextSteps": { "type": "array", "items": { "type": "string" } } + }, + "additionalProperties": true + }, + "ReserveRecognitionDeclaration": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "reserveType", + "fundingSource", + "custodyStatus", + "reserveEligibility", + "status" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "ReserveRecognitionDeclaration" }, + "reserveType": { "type": "string" }, + "fundingSource": { "type": "string" }, + "custodyStatus": { "type": "string" }, + "reserveEligibility": { "type": "object" }, + "status": { "type": "string" }, + "disclaimer": { "type": "string" } + }, + "additionalProperties": true + }, + "ReserveMonetaryLinkageDeclaration": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "primaryFundingEvent", + "reserveStructure", + "dueDiligenceReference", + "custodyReference", + "reserveStatus", + "disclaimer", + "timestamp" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "ReserveMonetaryLinkageDeclaration" }, + "primaryFundingEvent": { "type": "object" }, + "reserveStructure": { "type": "object" }, + "dueDiligenceReference": { "type": "object" }, + "custodyReference": { "type": "object" }, + "reserveStatus": { "type": "string" }, + "disclaimer": { "type": "string" }, + "timestamp": { "type": "string", "format": "date-time" } + }, + "additionalProperties": true + }, + "RegulatoryStackDeclaration": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "stackStructure", + "hostingRelationship", + "regulatorySeparationStatement", + "disclaimer", + "timestamp" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "RegulatoryStackDeclaration" }, + "stackStructure": { + "type": "array", + "minItems": 1, + "items": { "type": "object" } + }, + "hostingRelationship": { "type": "object" }, + "regulatorySeparationStatement": { "type": "object" }, + "regulatoryEvidence": { "type": "object" }, + "disclaimer": { "type": "string" }, + "timestamp": { "type": "string", "format": "date-time" } + }, + "additionalProperties": true + }, + "ReserveHostingAndJurisdictionMap": { + "type": "object", + "required": [ + "schema_version", + "documentType", + "primaryReserve", + "jurisdictionalControl", + "operationalHierarchy", + "reserveRecognitionStatus", + "disclaimer", + "timestamp" + ], + "properties": { + "schema_version": { "type": "integer", "minimum": 1 }, + "documentType": { "const": "ReserveHostingAndJurisdictionMap" }, + "primaryReserve": { "type": "object" }, + "jurisdictionalControl": { "type": "object" }, + "operationalHierarchy": { + "type": "array", + "items": { "type": "string" } + }, + "reserveRecognitionStatus": { "type": "string" }, + "disclaimer": { "type": "string" }, + "timestamp": { "type": "string", "format": "date-time" } + }, + "additionalProperties": true + } + } +} diff --git a/config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json b/config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json new file mode 100644 index 0000000..44715bd --- /dev/null +++ b/config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json @@ -0,0 +1,21 @@ +{ + "schema_version": 1, + "documentType": "SettlementFinalityDeclaration", + "transactionReference": "MERE-71-FIDES-5463-3892-01", + "finalityStatus": "DECLARED_FINAL", + "settlementType": "SingleCustomerCreditTransfer", + "confirmationFlow": { + "instructionIssued": true, + "receiptConfirmed": true, + "creditDeclared": true + }, + "legalEffect": { + "status": "Irrevocable", + "bindingAuthority": [ + "Uniform Commercial Code", + "UNCITRAL Trade Law" + ], + "disclaimer": "Institution-specific finality and governing law must be confirmed by counsel; this JSON records operational declaration only." + }, + "timestamp": "2023-12-18T00:00:00Z" +} diff --git a/config/smart-contracts-master.json b/config/smart-contracts-master.json new file mode 100644 index 0000000..4cd36b1 --- /dev/null +++ b/config/smart-contracts-master.json @@ -0,0 +1,138 @@ +{ + "schemaVersion": 1, + "description": "Publishable Chain 138 + mainnet relay addresses. Mirrors scripts/verify/check-contracts-on-chain-138.sh (64 bytecode checks). .env overrides via load-contract-addresses.sh.", + "chains": { + "138": { + "mapper": "0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A", + "contracts": { + "WETH9": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "WETH10": "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f", + "Oracle_Aggregator": "0x99b3511a2d315a497c8112c1fdd8d508d4b1e506", + "Oracle_Proxy": "0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6", + "CCIP_Router": "0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817", + "CCIP_Router_Direct_Legacy": "0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e", + "CCIP_Sender": "0x105F8A15b819948a89153505762444Ee9f324684", + "CCIPWETH9_Bridge": "0xcacfd227A040002e49e2e01626363071324f820a", + "CCIPWETH9_Bridge_Direct_Legacy": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "CCIPWETH10_Bridge": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0", + "LINK": "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03", + "cUSDT": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "cUSDC": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "TokenRegistry": "0x91Efe92229dbf7C5B38D422621300956B55870Fa", + "TokenFactory": "0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133", + "ComplianceRegistry": "0xbc54fe2b6fda157c59d59826bcfdbcc654ec9ea1", + "BridgeVault": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8", + "FeeCollector": "0xF78246eB94c6CB14018E507E60661314E5f4C53f", + "DebtRegistry": "0x95BC4A997c0670d5DAC64d55cDf3769B53B63C28", + "PolicyManager": "0x0C4FD27018130A00762a802f91a72D6a64a60F14", + "TokenImplementation": "0x0059e237973179146237aB49f1322E8197c22b21", + "PriceFeed_Keeper": "0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04", + "OraclePriceFeed": "0x8918eE0819fD687f4eb3e8b9B7D0ef7557493cfa", + "WETH_MockPriceFeed": "0x3e8725b8De386feF3eFE5678c92eA6aDB41992B2", + "MerchantSettlementRegistry": "0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800", + "WithdrawalEscrow": "0xe77cb26eA300e2f5304b461b0EC94c8AD6A7E46D", + "UniversalAssetRegistry": "0xAEE4b7fBe82E1F8295951584CBc772b8BBD68575", + "GovernanceController": "0xA6891D5229f2181a34D4FF1B515c3Aa37dd90E0e", + "UniversalCCIPBridge": "0xCd42e8eD79Dc50599535d1de48d3dAFa0BE156F8", + "BridgeOrchestrator": "0x89aB428c437f23bAB9781ff8Db8D3848e27EeD6c", + "PaymentChannelManager": "0x302aF72966aFd21C599051277a48DAa7f01a5f54", + "GenericStateChannelManager": "0xe5e3bB424c8a0259FDE23F0A58F7e36f73B90aBd", + "AddressMapper": "0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A", + "MirrorManager": "0x6eD905A30c552a6e003061A38FD52A5A427beE56", + "Lockbox138": "0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c", + "CREATE2Factory": "0x750E4a8adCe9f0e67A420aBE91342DC64Eb90825", + "UniversalAssetRegistry_Deterministic": "0xC98602aa574F565b5478E8816BCab03C9De0870f", + "UniversalCCIPBridge_Deterministic": "0x532DE218b94993446Be30eC894442f911499f6a3", + "MirrorRegistry": "0x6427F9739e6B6c3dDb4E94fEfeBcdF35549549d8", + "AlltraAdapter": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc", + "TransactionMirror": "0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc", + "DODO_Pool_cUSDT_cUSDC": "0xff8d3b8fDF7B112759F076B69f4271D4209C0849", + "DODOPMMIntegration": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d", + "DODOPMMProvider": "0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381", + "DODO_Pool_cUSDT_USDT": "0x6fc60DEDc92a2047062294488539992710b99D71", + "DODO_Pool_cUSDC_USDC": "0x9f74Be42725f2Aa072a9E0CdCce0E7203C510263", + "ReserveSystem": "0x607e97cD626f209facfE48c1464815DDE15B5093", + "ReserveTokenIntegration": "0x34B73e6EDFd9f85a7c25EeD31dcB13aB6E969b96", + "RegulatedEntityRegistry": "0xEA4C892D6c1253797c5D95a05BF3863363080b4B", + "VaultFactory": "0xB2Ac70f35A81481B005067ed6567a5043BA32336", + "Ledger": "0x67b3831dc64C14FB9352B2a45C6Dd69b3C86B7af", + "Liquidation": "0x3aCdbCB749d6037a02F0ef6ea2E5Fb89D31fAB72", + "XAU_Oracle": "0xf23E1eDa304082ab7a81531dFE6020E6105e77A8", + "cEURC": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a", + "cEURT": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72", + "cGBPC": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2", + "cGBPT": "0x350f54e4D23795f86A9c03988c7135357CCaD97c", + "cAUDC": "0xD51482e567c03899eecE3CAe8a058161FD56069D", + "cJPYC": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770", + "cCHFC": "0x873990849DDa5117d7C644f0aF24370797C03885", + "cCADC": "0x54dBd40cF05e15906A2C21f600937e96787f5679", + "cXAUC": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b", + "cXAUT": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E", + "ISO20022Router": "0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074" + }, + "envVarMap": { + "CCIP_ROUTER": "CCIP_Router", + "CCIP_ROUTER_CHAIN138": "CCIP_Router", + "CCIP_ROUTER_CHAIN138_LINK": "CCIP_Router", + "CHAIN_138_CCIP_ROUTER": "CCIP_Router", + "CCIP_ROUTER_DIRECT_LEGACY": "CCIP_Router_Direct_Legacy", + "CCIPWETH9_BRIDGE_CHAIN138": "CCIPWETH9_Bridge", + "CCIPWETH9_BRIDGE_CHAIN138_LINK": "CCIPWETH9_Bridge", + "CCIPWETH9_BRIDGE_DIRECT_LEGACY": "CCIPWETH9_Bridge_Direct_Legacy", + "CCIPWETH10_BRIDGE_CHAIN138": "CCIPWETH10_Bridge", + "LINK_TOKEN": "LINK", + "LINK_TOKEN_CHAIN138": "LINK", + "CCIP_FEE_TOKEN": "LINK", + "ORACLE_AGGREGATOR_ADDRESS": "Oracle_Aggregator", + "ORACLE_PROXY_ADDRESS": "Oracle_Proxy", + "COMPLIANCE_REGISTRY": "ComplianceRegistry", + "COMPLIANCE_REGISTRY_ADDRESS": "ComplianceRegistry", + "TOKEN_FACTORY": "TokenFactory", + "BRIDGE_VAULT": "BridgeVault", + "DEBT_REGISTRY": "DebtRegistry", + "POLICY_MANAGER": "PolicyManager", + "TOKEN_IMPLEMENTATION": "TokenImplementation", + "TOKEN_REGISTRY_ADDRESS": "TokenRegistry", + "FEE_COLLECTOR_ADDRESS": "FeeCollector", + "COMPLIANT_USDT_ADDRESS": "cUSDT", + "COMPLIANT_USDC_ADDRESS": "cUSDC", + "DODO_PMM_INTEGRATION_ADDRESS": "DODOPMMIntegration", + "CHAIN_138_DODO_PMM_INTEGRATION": "DODOPMMIntegration", + "DODO_PMM_PROVIDER_ADDRESS": "DODOPMMProvider", + "TRANSACTION_MIRROR_ADDRESS": "TransactionMirror", + "PAYMENT_CHANNEL_MANAGER": "PaymentChannelManager", + "GENERIC_STATE_CHANNEL_MANAGER": "GenericStateChannelManager", + "ADDRESS_MAPPER": "AddressMapper", + "MIRROR_MANAGER": "MirrorManager", + "MERCHANT_SETTLEMENT_REGISTRY": "MerchantSettlementRegistry", + "SETTLEMENT_REGISTRY_ADDRESS": "MerchantSettlementRegistry", + "WITHDRAWAL_ESCROW_ADDRESS": "WithdrawalEscrow", + "CREATE2_FACTORY": "CREATE2Factory", + "UNIVERSAL_ASSET_REGISTRY": "UniversalAssetRegistry", + "GOVERNANCE_CONTROLLER": "GovernanceController", + "UNIVERSAL_CCIP_BRIDGE": "UniversalCCIPBridge", + "BRIDGE_ORCHESTRATOR": "BridgeOrchestrator", + "UNIVERSAL_ASSET_REGISTRY_DETERMINISTIC": "UniversalAssetRegistry_Deterministic", + "UNIVERSAL_CCIP_BRIDGE_DETERMINISTIC": "UniversalCCIPBridge_Deterministic", + "MIRROR_REGISTRY": "MirrorRegistry", + "ALLTRA_ADAPTER": "AlltraAdapter", + "RESERVE_SYSTEM": "ReserveSystem", + "ORACLE_PRICE_FEED": "OraclePriceFeed", + "CHAIN138_WETH_MOCK_PRICE_FEED": "WETH_MockPriceFeed", + "RESERVE_TOKEN_INTEGRATION": "ReserveTokenIntegration", + "REGULATED_ENTITY_REGISTRY": "RegulatedEntityRegistry", + "VAULT_FACTORY": "VaultFactory" + } + }, + "1": { + "contracts": { + "CCIP_Relay_Router": "0xAd9A228CcEB4cbB612cD165FFB72fE090ff10Afb", + "CCIP_Relay_Bridge": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939" + }, + "envVarMap": { + "CCIP_RELAY_ROUTER_MAINNET": "CCIP_Relay_Router", + "CCIP_RELAY_BRIDGE_MAINNET": "CCIP_Relay_Bridge" + } + } + } +} diff --git a/config/token-mapping-loader.cjs b/config/token-mapping-loader.cjs index de6154d..21ec4ee 100644 --- a/config/token-mapping-loader.cjs +++ b/config/token-mapping-loader.cjs @@ -1,55 +1,125 @@ /** - * Load token mapping from config/token-mapping.json and config/token-mapping-multichain.json. - * Used by relay service, bridge/LP tooling, and docs. Safe to publish (no secrets). + * Load relay mappings, GRU transport overlay config, routing registry, and deployment JSON. + * Used by relay service, token-aggregation, bridge/LP tooling, and docs. Safe to publish. * - * Usage: - * const { getRelayTokenMapping, getTokenMappingForPair } = require('../config/token-mapping-loader.cjs'); - * const map = getRelayTokenMapping(); // 138 -> Mainnet (chain138Address -> mainnetAddress) - * const pair = getTokenMappingForPair(138, 651940); // { tokens, addressMapFromTo, addressMapToFrom } - * - * @version 2026-02-16 + * @version 2026-03-30 */ const path = require('path'); const fs = require('fs'); +const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000'; + const DEFAULT_JSON_PATH = path.resolve(__dirname, 'token-mapping.json'); const DEFAULT_MULTICHAIN_JSON_PATH = path.resolve(__dirname, 'token-mapping-multichain.json'); +const DEFAULT_GRU_ACTIVE_JSON_PATH = path.resolve(__dirname, 'gru-transport-active.json'); +const DEFAULT_ROUTING_REGISTRY_JSON_PATH = path.resolve(__dirname, 'routing-registry.json'); +const DEFAULT_DEPLOYMENT_STATUS_JSON_PATH = path.resolve( + __dirname, + '..', + 'cross-chain-pmm-lps', + 'config', + 'deployment-status.json' +); +const DEFAULT_POOL_MATRIX_JSON_PATH = path.resolve( + __dirname, + '..', + 'cross-chain-pmm-lps', + 'config', + 'pool-matrix.json' +); -let _cache = null; -let _multichainCache = null; +const JSON_CACHES = { + token: null, + multichain: null, + gruTransport: null, + routingRegistry: null, + deploymentStatus: null, + poolMatrix: null, +}; -function loadTokenMappingJson(jsonPath = DEFAULT_JSON_PATH) { - if (_cache && _cache.path === jsonPath) return _cache.data; +function loadCachedJson(cacheKey, jsonPath) { + const current = JSON_CACHES[cacheKey]; + if (current && current.path === jsonPath) return current.data; try { const raw = fs.readFileSync(jsonPath, 'utf8'); const data = JSON.parse(raw); - _cache = { path: jsonPath, data }; + JSON_CACHES[cacheKey] = { path: jsonPath, data }; return data; } catch (e) { return null; } } +function normalizeAddress(address) { + return typeof address === 'string' ? address.trim().toLowerCase() : ''; +} + +function normalizeSymbol(symbol) { + return typeof symbol === 'string' ? symbol.trim().toLowerCase() : ''; +} + +function normalizeTransportSymbol(symbol) { + const normalized = normalizeSymbol(symbol).replace(/[\s_-]/g, ''); + if (normalized.startsWith('cw')) { + return `c${normalized.slice(2)}`; + } + return normalized; +} + +function isNonZeroAddress(address) { + const normalized = normalizeAddress(address); + return /^0x[a-f0-9]{40}$/.test(normalized) && normalized !== ZERO_ADDRESS; +} + +function resolveConfigRef(ref) { + if (!ref || typeof ref !== 'object') return ''; + if (isNonZeroAddress(ref.address)) return ref.address; + if (typeof ref.env === 'string' && isNonZeroAddress(process.env[ref.env])) { + return process.env[ref.env]; + } + return ''; +} + +function hasConfigRef(ref) { + if (!ref || typeof ref !== 'object') return false; + return isNonZeroAddress(ref.address) || (typeof ref.env === 'string' && ref.env.trim() !== ''); +} + +function resolvePolicyRefValue(ref) { + if (!ref || typeof ref !== 'object') return ''; + if (typeof ref.amount === 'string' && ref.amount.trim() !== '') return ref.amount.trim(); + if (typeof ref.env === 'string') { + const value = process.env[ref.env]; + if (typeof value === 'string' && value.trim() !== '') return value.trim(); + } + return ''; +} + +function loadTokenMappingJson(jsonPath = DEFAULT_JSON_PATH) { + return loadCachedJson('token', jsonPath); +} + function loadTokenMappingMultichainJson(jsonPath = DEFAULT_MULTICHAIN_JSON_PATH) { - if (_multichainCache && _multichainCache.path === jsonPath) return _multichainCache.data; - try { - const raw = fs.readFileSync(jsonPath, 'utf8'); - const data = JSON.parse(raw); - _multichainCache = { path: jsonPath, data }; - return data; - } catch (e) { - return null; - } + return loadCachedJson('multichain', jsonPath); +} + +function loadGruTransportActiveJson(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + return loadCachedJson('gruTransport', jsonPath); +} + +function loadRoutingRegistryJson(jsonPath = DEFAULT_ROUTING_REGISTRY_JSON_PATH) { + return loadCachedJson('routingRegistry', jsonPath); +} + +function loadDeploymentStatusJson(jsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH) { + return loadCachedJson('deploymentStatus', jsonPath); +} + +function loadPoolMatrixJson(jsonPath = DEFAULT_POOL_MATRIX_JSON_PATH) { + return loadCachedJson('poolMatrix', jsonPath); } -/** - * Build object suitable for relay config.tokenMapping: Chain 138 address -> Mainnet address. - * Only includes tokens that have a mainnetAddress (canonical or wrapped). - * - * @param {string} [jsonPath] - * @returns {{ [chain138Address: string]: string }} - */ function getRelayTokenMapping(jsonPath) { const data = loadTokenMappingJson(jsonPath); if (!data || !Array.isArray(data.tokens)) return {}; @@ -62,27 +132,12 @@ function getRelayTokenMapping(jsonPath) { return out; } -/** - * Get full token list with relaySupported and mainnet info. - * - * @param {string} [jsonPath] - * @returns {Array<{ key: string, name: string, chain138Address: string, mainnetAddress: string|null, relaySupported: boolean, notes: string }>} - */ function getTokenList(jsonPath) { const data = loadTokenMappingJson(jsonPath); if (!data || !Array.isArray(data.tokens)) return []; return data.tokens; } -/** - * Get token mapping for a chain pair from token-mapping-multichain.json. - * Tries (fromChainId, toChainId) then (toChainId, fromChainId) and returns tokens in from→to order. - * - * @param {number|string} fromChainId - * @param {number|string} toChainId - * @param {string} [jsonPath] - * @returns {{ tokens: Array<{ key: string, name: string, addressFrom: string, addressTo: string, notes?: string }>, addressMapFromTo: Record, addressMapToFrom: Record } | null} - */ function getTokenMappingForPair(fromChainId, toChainId, jsonPath) { const data = loadTokenMappingMultichainJson(jsonPath); if (!data || !Array.isArray(data.pairs)) return null; @@ -96,7 +151,13 @@ function getTokenMappingForPair(fromChainId, toChainId, jsonPath) { } if (!pair || !Array.isArray(pair.tokens)) return null; const tokens = reverse - ? pair.tokens.map((t) => ({ key: t.key, name: t.name, addressFrom: t.addressTo, addressTo: t.addressFrom, notes: t.notes })) + ? pair.tokens.map((t) => ({ + key: t.key, + name: t.name, + addressFrom: t.addressTo, + addressTo: t.addressFrom, + notes: t.notes, + })) : pair.tokens; const addressMapFromTo = {}; const addressMapToFrom = {}; @@ -109,41 +170,452 @@ function getTokenMappingForPair(fromChainId, toChainId, jsonPath) { return { tokens, addressMapFromTo, addressMapToFrom }; } -/** - * Get all chain pairs defined in token-mapping-multichain.json. - * - * @param {string} [jsonPath] - * @returns {Array<{ fromChainId: number, toChainId: number, notes?: string }>} - */ function getAllMultichainPairs(jsonPath) { const data = loadTokenMappingMultichainJson(jsonPath); if (!data || !Array.isArray(data.pairs)) return []; return data.pairs.map((p) => ({ fromChainId: p.fromChainId, toChainId: p.toChainId, notes: p.notes })); } -/** - * Resolve token address on target chain from source chain address using multichain mapping. - * - * @param {number|string} fromChainId - * @param {number|string} toChainId - * @param {string} tokenAddressOnSource - address on fromChainId - * @param {string} [jsonPath] - * @returns {string|undefined} address on toChainId, or undefined if not mapped - */ function getMappedAddress(fromChainId, toChainId, tokenAddressOnSource, jsonPath) { + const activeTransportPair = getActiveTransportPair( + fromChainId, + toChainId, + { sourceTokenAddress: tokenAddressOnSource }, + { multichainJsonPath: jsonPath } + ); + if (activeTransportPair) { + const sameDirection = + Number(activeTransportPair.canonicalChainId) === Number(fromChainId) && + Number(activeTransportPair.destinationChainId) === Number(toChainId); + const targetAddress = sameDirection ? activeTransportPair.mirroredAddress : activeTransportPair.canonicalAddress; + if (isNonZeroAddress(targetAddress)) { + return targetAddress; + } + } const result = getTokenMappingForPair(fromChainId, toChainId, jsonPath); if (!result) return undefined; return result.addressMapFromTo[String(tokenAddressOnSource).toLowerCase()]; } +function getRoutingRegistryRoutes(jsonPath = DEFAULT_ROUTING_REGISTRY_JSON_PATH) { + const data = loadRoutingRegistryJson(jsonPath); + if (!data || !Array.isArray(data.routes)) return []; + return data.routes; +} + +function getGruTransportMetadata(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const data = loadGruTransportActiveJson(jsonPath); + if (!data || typeof data !== 'object') return null; + const activeTransportPairs = getActiveTransportPairs({ activeJsonPath: jsonPath }); + const activePublicPools = getActivePublicPools(jsonPath); + return { + system: data.system || null, + terminology: data.terminology || {}, + enabledCanonicalTokens: Array.isArray(data.enabledCanonicalTokens) ? data.enabledCanonicalTokens : [], + enabledDestinationChains: Array.isArray(data.enabledDestinationChains) ? data.enabledDestinationChains : [], + counts: { + enabledCanonicalTokens: Array.isArray(data.enabledCanonicalTokens) ? data.enabledCanonicalTokens.length : 0, + enabledDestinationChains: Array.isArray(data.enabledDestinationChains) ? data.enabledDestinationChains.length : 0, + approvedBridgePeers: Array.isArray(data.approvedBridgePeers) ? data.approvedBridgePeers.length : 0, + transportPairs: Array.isArray(data.transportPairs) ? data.transportPairs.length : 0, + eligibleTransportPairs: activeTransportPairs.filter((pair) => pair.eligible).length, + runtimeReadyTransportPairs: activeTransportPairs.filter((pair) => pair.runtimeReady).length, + publicPools: Array.isArray(data.publicPools) ? data.publicPools.length : 0, + activePublicPools: activePublicPools.filter((pool) => pool.active === true).length, + routablePublicPools: activePublicPools.filter( + (pool) => pool.active === true && pool.routingEnabled === true + ).length, + mcpVisiblePublicPools: activePublicPools.filter( + (pool) => pool.active === true && pool.mcpVisible === true + ).length, + }, + }; +} + +function getEnabledCanonicalTokens(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const data = loadGruTransportActiveJson(jsonPath); + if (!data || !Array.isArray(data.enabledCanonicalTokens)) return []; + return data.enabledCanonicalTokens; +} + +function getEnabledCanonicalToken(identifier, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const normalizedSymbol = normalizeSymbol(identifier || ''); + const normalizedAddress = normalizeAddress(identifier || ''); + + return ( + getEnabledCanonicalTokens(jsonPath).find((token) => { + if (normalizedSymbol) { + if (normalizeSymbol(token.symbol) === normalizedSymbol) return true; + if (normalizeSymbol(token.mirroredSymbol) === normalizedSymbol) return true; + } + + if (!normalizedAddress) return false; + if (normalizeAddress(token.activeAddress) === normalizedAddress) return true; + if (normalizeAddress(token.x402PreferredAddress) === normalizedAddress) return true; + + if (Array.isArray(token.deployments)) { + return token.deployments.some((deployment) => normalizeAddress(deployment.address) === normalizedAddress); + } + + return false; + }) || null + ); +} + +function getEnabledDestinationChains(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const data = loadGruTransportActiveJson(jsonPath); + if (!data || !Array.isArray(data.enabledDestinationChains)) return []; + return data.enabledDestinationChains; +} + +function isCanonicalTokenActive(symbol, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const normalized = normalizeSymbol(symbol); + return getEnabledCanonicalTokens(jsonPath).some((token) => normalizeSymbol(token.symbol) === normalized); +} + +function isDestinationChainActive(chainId, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const numericChainId = Number(chainId); + return getEnabledDestinationChains(jsonPath).some((chain) => Number(chain.chainId) === numericChainId); +} + +function getApprovedBridgePeer(chainId, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const data = loadGruTransportActiveJson(jsonPath); + if (!data || !Array.isArray(data.approvedBridgePeers)) return null; + const numericChainId = Number(chainId); + return data.approvedBridgePeers.find((peer) => Number(peer.chainId) === numericChainId) || null; +} + +function getRawMappingTokenEntry(fromChainId, toChainId, mappingKey, jsonPath = DEFAULT_MULTICHAIN_JSON_PATH) { + const data = loadTokenMappingMultichainJson(jsonPath); + if (!data || !Array.isArray(data.pairs)) return null; + const pair = data.pairs.find( + (entry) => Number(entry.fromChainId) === Number(fromChainId) && Number(entry.toChainId) === Number(toChainId) + ); + if (!pair || !Array.isArray(pair.tokens)) return null; + return pair.tokens.find((token) => token.key === mappingKey) || null; +} + +function getActiveTransportPairs(options = {}) { + const activeJsonPath = options.activeJsonPath || DEFAULT_GRU_ACTIVE_JSON_PATH; + const multichainJsonPath = options.multichainJsonPath || DEFAULT_MULTICHAIN_JSON_PATH; + const deploymentJsonPath = options.deploymentJsonPath || DEFAULT_DEPLOYMENT_STATUS_JSON_PATH; + const active = loadGruTransportActiveJson(activeJsonPath); + const deployment = loadDeploymentStatusJson(deploymentJsonPath); + if (!active || !Array.isArray(active.transportPairs)) return []; + + const enabledCanonicalTokens = new Set( + (Array.isArray(active.enabledCanonicalTokens) ? active.enabledCanonicalTokens : []).map((token) => normalizeSymbol(token.symbol)) + ); + const enabledDestinationChains = new Set( + (Array.isArray(active.enabledDestinationChains) ? active.enabledDestinationChains : []).map((chain) => Number(chain.chainId)) + ); + const peersByKey = new Map( + (Array.isArray(active.approvedBridgePeers) ? active.approvedBridgePeers : []).map((peer) => [String(peer.key), peer]) + ); + const reserveVerifiers = active.reserveVerifiers && typeof active.reserveVerifiers === 'object' ? active.reserveVerifiers : {}; + + return active.transportPairs.map((pair) => { + const canonicalChainId = Number(pair.canonicalChainId ?? active.system?.canonicalChainId ?? 138); + const destinationChainId = Number(pair.destinationChainId); + const canonicalSymbol = String(pair.canonicalSymbol || '').trim(); + const mirroredSymbol = String(pair.mirroredSymbol || '').trim(); + const mappingEntry = getRawMappingTokenEntry(canonicalChainId, destinationChainId, pair.mappingKey, multichainJsonPath); + const deploymentChain = + deployment && deployment.chains && typeof deployment.chains === 'object' + ? deployment.chains[String(destinationChainId)] || null + : null; + const mirrorDeploymentAddress = + deploymentChain && deploymentChain.cwTokens && typeof deploymentChain.cwTokens === 'object' + ? deploymentChain.cwTokens[mirroredSymbol] || null + : null; + const peer = peersByKey.get(String(pair.peerKey || '')) || null; + const maxOutstanding = pair.maxOutstanding && typeof pair.maxOutstanding === 'object' ? pair.maxOutstanding : {}; + const reserveVerifier = pair.reserveVerifierKey ? reserveVerifiers[pair.reserveVerifierKey] : null; + const routeDiscoveryEnabled = pair.routeDiscoveryEnabled !== false; + const canonicalAddress = mappingEntry?.addressFrom || null; + const mirroredAddress = mappingEntry?.addressTo || null; + const runtimeL1BridgeAddress = peer ? resolveConfigRef(peer.l1Bridge) : ''; + const runtimeL2BridgeAddress = peer ? resolveConfigRef(peer.l2Bridge) : ''; + const runtimeMaxOutstandingValue = resolvePolicyRefValue(maxOutstanding); + const runtimeReserveVerifier = reserveVerifier && typeof reserveVerifier === 'object' ? reserveVerifier : null; + const runtimeReserveVerifierBridgeAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.bridgeRef) : ''; + const runtimeReserveVerifierAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.verifierRef) : ''; + const runtimeReserveVaultAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.vaultRef) : ''; + const runtimeReserveSystemAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.reserveSystemRef) : ''; + const mirrorDeployed = + isNonZeroAddress(mirrorDeploymentAddress) && + isNonZeroAddress(mirroredAddress) && + normalizeAddress(mirrorDeploymentAddress) === normalizeAddress(mirroredAddress); + + const bridgePeerConfigured = + !!peer && + hasConfigRef(peer.l1Bridge) && + hasConfigRef(peer.l2Bridge); + + const maxOutstandingConfigured = !maxOutstanding.required || !!maxOutstanding.amount || !!maxOutstanding.env; + const reserveVerifierConfigured = + !pair.reserveVerifierKey || + (!!runtimeReserveVerifier && + hasConfigRef(runtimeReserveVerifier.bridgeRef) && + hasConfigRef(runtimeReserveVerifier.verifierRef) && + (!runtimeReserveVerifier.requireVaultBacking || hasConfigRef(runtimeReserveVerifier.vaultRef)) && + (!runtimeReserveVerifier.requireReserveSystemBalance || hasConfigRef(runtimeReserveVerifier.reserveSystemRef)) && + (!runtimeReserveVerifier.requireTokenOwnerMatchVault || hasConfigRef(runtimeReserveVerifier.vaultRef))); + const runtimeBridgeReady = !!runtimeL1BridgeAddress && !!runtimeL2BridgeAddress; + const runtimeMaxOutstandingReady = !maxOutstanding.required || !!runtimeMaxOutstandingValue; + const runtimeReserveVerifierReady = + !pair.reserveVerifierKey || + (!!runtimeReserveVerifierBridgeAddress && + !!runtimeReserveVerifierAddress && + (!runtimeReserveVerifier.requireVaultBacking || !!runtimeReserveVaultAddress) && + (!runtimeReserveVerifier.requireReserveSystemBalance || !!runtimeReserveSystemAddress) && + (!runtimeReserveVerifier.requireTokenOwnerMatchVault || !!runtimeReserveVaultAddress)); + const eligibilityBlockers = []; + if (!routeDiscoveryEnabled) eligibilityBlockers.push('policy:routeDiscoveryDisabled'); + if (!enabledCanonicalTokens.has(normalizeSymbol(canonicalSymbol))) { + eligibilityBlockers.push('overlay:canonicalTokenDisabled'); + } + if (!enabledDestinationChains.has(destinationChainId)) { + eligibilityBlockers.push('overlay:destinationChainDisabled'); + } + if (!mappingEntry) eligibilityBlockers.push('mapping:pairMissing'); + if (!isNonZeroAddress(canonicalAddress)) eligibilityBlockers.push('mapping:canonicalAddressMissing'); + if (!isNonZeroAddress(mirroredAddress)) eligibilityBlockers.push('mapping:mirroredAddressMissing'); + if (!mirrorDeployed) eligibilityBlockers.push('deployment:mirroredTokenNotDeployed'); + if (!bridgePeerConfigured) eligibilityBlockers.push('config:bridgePeerRefMissing'); + if (!maxOutstandingConfigured) eligibilityBlockers.push('config:maxOutstandingRefMissing'); + if (!reserveVerifierConfigured) eligibilityBlockers.push('config:reserveVerifierRefMissing'); + + const eligible = eligibilityBlockers.length === 0; + const runtimeMissingRequirements = []; + if (!runtimeL1BridgeAddress) runtimeMissingRequirements.push('bridge:l1Bridge'); + if (!runtimeL2BridgeAddress) runtimeMissingRequirements.push('bridge:l2Bridge'); + if (maxOutstanding.required && !runtimeMaxOutstandingValue) { + runtimeMissingRequirements.push('policy:maxOutstanding'); + } + if (pair.reserveVerifierKey) { + if (!runtimeReserveVerifierBridgeAddress) runtimeMissingRequirements.push('reserveVerifier:bridgeRef'); + if (!runtimeReserveVerifierAddress) runtimeMissingRequirements.push('reserveVerifier:verifierRef'); + if (runtimeReserveVerifier?.requireVaultBacking && !runtimeReserveVaultAddress) { + runtimeMissingRequirements.push('reserveVerifier:vaultRef'); + } + if (runtimeReserveVerifier?.requireReserveSystemBalance && !runtimeReserveSystemAddress) { + runtimeMissingRequirements.push('reserveVerifier:reserveSystemRef'); + } + } + if (deploymentChain?.bridgeAvailable === false) { + runtimeMissingRequirements.push('deployment:bridgeUnavailable'); + } + const runtimeReady = eligible && runtimeMissingRequirements.length === 0; + + return { + ...pair, + canonicalChainId, + destinationChainId, + canonicalSymbol, + mirroredSymbol, + canonicalAddress, + mirroredAddress, + mirrorDeploymentAddress, + peer, + mappingFound: !!mappingEntry, + mirrorDeployed, + canonicalEnabled: enabledCanonicalTokens.has(normalizeSymbol(canonicalSymbol)), + destinationEnabled: enabledDestinationChains.has(destinationChainId), + bridgeAvailable: deploymentChain?.bridgeAvailable ?? null, + bridgePeerConfigured, + maxOutstandingConfigured, + reserveVerifierConfigured, + runtimeL1BridgeAddress: runtimeL1BridgeAddress || null, + runtimeL2BridgeAddress: runtimeL2BridgeAddress || null, + runtimeBridgeReady, + runtimeMaxOutstandingValue: runtimeMaxOutstandingValue || null, + runtimeMaxOutstandingReady, + runtimeReserveVerifierBridgeAddress: runtimeReserveVerifierBridgeAddress || null, + runtimeReserveVerifierAddress: runtimeReserveVerifierAddress || null, + runtimeReserveVaultAddress: runtimeReserveVaultAddress || null, + runtimeReserveSystemAddress: runtimeReserveSystemAddress || null, + runtimeReserveVerifierReady, + runtimeMissingRequirements, + eligibilityBlockers, + runtimeReady, + eligible, + }; + }); +} + +function getActiveTransportPair(fromChainId, toChainId, criteria = {}, options = {}) { + const from = Number(fromChainId); + const to = Number(toChainId); + const normalizedSymbol = normalizeTransportSymbol( + criteria.symbol || criteria.canonicalSymbol || criteria.mirroredSymbol || '' + ); + const normalizedSourceAddress = normalizeAddress( + criteria.address || criteria.sourceTokenAddress || criteria.tokenAddress || '' + ); + const normalizedTargetAddress = normalizeAddress(criteria.targetTokenAddress || ''); + + return ( + getActiveTransportPairs(options).find((pair) => { + const sameDirection = pair.canonicalChainId === from && pair.destinationChainId === to; + const reverseDirection = pair.canonicalChainId === to && pair.destinationChainId === from; + if (!sameDirection && !reverseDirection) return false; + + if (normalizedSymbol) { + const pairSymbols = new Set([ + normalizeTransportSymbol(pair.canonicalSymbol), + normalizeTransportSymbol(pair.mirroredSymbol), + normalizeSymbol(pair.canonicalSymbol), + normalizeSymbol(pair.mirroredSymbol), + ]); + if (!pairSymbols.has(normalizedSymbol)) return false; + } + + if (normalizedSourceAddress) { + const allowedSourceAddresses = sameDirection + ? [pair.canonicalAddress, pair.mirroredAddress] + : [pair.mirroredAddress, pair.canonicalAddress]; + if (!allowedSourceAddresses.some((address) => normalizeAddress(address) === normalizedSourceAddress)) { + return false; + } + } + + if (normalizedTargetAddress) { + const targetAddress = sameDirection ? pair.mirroredAddress : pair.canonicalAddress; + if (normalizeAddress(targetAddress) !== normalizedTargetAddress) return false; + } + + return true; + }) || null + ); +} + +function getKnownMirroredTokenAddresses(chainId, options = {}) { + const multichainJsonPath = options.multichainJsonPath || DEFAULT_MULTICHAIN_JSON_PATH; + const deploymentJsonPath = options.deploymentJsonPath || DEFAULT_DEPLOYMENT_STATUS_JSON_PATH; + const data = loadTokenMappingMultichainJson(multichainJsonPath); + const deployment = loadDeploymentStatusJson(deploymentJsonPath); + const chainKey = String(Number(chainId)); + const out = new Set(); + + if (deployment && deployment.chains && deployment.chains[chainKey]?.cwTokens) { + for (const address of Object.values(deployment.chains[chainKey].cwTokens)) { + if (isNonZeroAddress(address)) out.add(normalizeAddress(address)); + } + } + + if (data && Array.isArray(data.pairs)) { + const pair = data.pairs.find((entry) => Number(entry.fromChainId) === 138 && Number(entry.toChainId) === Number(chainId)); + if (pair && Array.isArray(pair.tokens)) { + for (const token of pair.tokens) { + if (String(token.key || '').endsWith('_cW') && isNonZeroAddress(token.addressTo)) { + out.add(normalizeAddress(token.addressTo)); + } + } + } + } + + return Array.from(out); +} + +function getActivePublicPools(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const data = loadGruTransportActiveJson(jsonPath); + if (!data || !Array.isArray(data.publicPools)) return []; + return data.publicPools; +} + +function getPublicPoolRecord(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + if (!isNonZeroAddress(poolAddress)) return null; + const normalizedPoolAddress = normalizeAddress(poolAddress); + return ( + getActivePublicPools(jsonPath).find( + (pool) => Number(pool.chainId) === Number(chainId) && normalizeAddress(pool.poolAddress) === normalizedPoolAddress + ) || null + ); +} + +function isPublicPoolActive(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const record = getPublicPoolRecord(chainId, poolAddress, jsonPath); + return !!record && record.active === true; +} + +function isPublicPoolRoutable(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const record = getPublicPoolRecord(chainId, poolAddress, jsonPath); + return !!record && record.active === true && record.routingEnabled === true; +} + +function isPublicPoolMcpVisible(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) { + const record = getPublicPoolRecord(chainId, poolAddress, jsonPath); + return !!record && record.active === true && record.mcpVisible === true; +} + +function shouldExposePublicPool( + chainId, + poolAddress, + token0Address, + token1Address, + activeJsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH, + multichainJsonPath = DEFAULT_MULTICHAIN_JSON_PATH, + deploymentJsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH +) { + const mirroredAddresses = new Set(getKnownMirroredTokenAddresses(chainId, { multichainJsonPath, deploymentJsonPath })); + const touchesMirroredToken = + mirroredAddresses.has(normalizeAddress(token0Address)) || mirroredAddresses.has(normalizeAddress(token1Address)); + if (!touchesMirroredToken) return true; + return isPublicPoolActive(chainId, poolAddress, activeJsonPath); +} + +function shouldUsePublicPoolForRouting( + chainId, + poolAddress, + token0Address, + token1Address, + activeJsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH, + multichainJsonPath = DEFAULT_MULTICHAIN_JSON_PATH, + deploymentJsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH +) { + const mirroredAddresses = new Set(getKnownMirroredTokenAddresses(chainId, { multichainJsonPath, deploymentJsonPath })); + const touchesMirroredToken = + mirroredAddresses.has(normalizeAddress(token0Address)) || mirroredAddresses.has(normalizeAddress(token1Address)); + if (!touchesMirroredToken) return true; + return isPublicPoolRoutable(chainId, poolAddress, activeJsonPath); +} + module.exports = { loadTokenMappingJson, loadTokenMappingMultichainJson, + loadGruTransportActiveJson, + loadRoutingRegistryJson, + loadDeploymentStatusJson, + loadPoolMatrixJson, getRelayTokenMapping, getTokenList, getTokenMappingForPair, getAllMultichainPairs, getMappedAddress, + getRoutingRegistryRoutes, + getGruTransportMetadata, + getEnabledCanonicalTokens, + getEnabledCanonicalToken, + getEnabledDestinationChains, + isCanonicalTokenActive, + isDestinationChainActive, + getApprovedBridgePeer, + getActiveTransportPairs, + getActiveTransportPair, + getKnownMirroredTokenAddresses, + getActivePublicPools, + isPublicPoolActive, + isPublicPoolRoutable, + isPublicPoolMcpVisible, + shouldExposePublicPool, + shouldUsePublicPoolForRouting, + resolveConfigRef, + isNonZeroAddress, DEFAULT_JSON_PATH, - DEFAULT_MULTICHAIN_JSON_PATH + DEFAULT_MULTICHAIN_JSON_PATH, + DEFAULT_GRU_ACTIVE_JSON_PATH, + DEFAULT_ROUTING_REGISTRY_JSON_PATH, + DEFAULT_DEPLOYMENT_STATUS_JSON_PATH, + DEFAULT_POOL_MATRIX_JSON_PATH, }; diff --git a/config/token-mapping-multichain.json b/config/token-mapping-multichain.json index 663d436..0842db7 100644 --- a/config/token-mapping-multichain.json +++ b/config/token-mapping-multichain.json @@ -174,6 +174,48 @@ } ] }, + { + "fromChainId": 138, + "toChainId": 1, + "notes": "Chain 138 ↔ Ethereum Mainnet (CCIP); direct mapping; c*_cW = c* on 138 → cW* on destination", + "tokens": [ + { + "key": "WETH9", + "name": "Wrapped Ether", + "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "addressTo": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "notes": "138 WETH9 → Ethereum WETH" + }, + { + "key": "Compliant_USDT", + "name": "cUSDT", + "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "addressTo": "0xdAC17F958D2ee523a2206206994597C13D831ec7", + "notes": "138 cUSDT → Ethereum USDT (native)" + }, + { + "key": "Compliant_USDT_cW", + "name": "cUSDT→cWUSDT", + "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "addressTo": "0xaF5017d0163ecb99D9B5D94e3b4D7b09Af44D8AE", + "notes": "138 cUSDT → Ethereum cWUSDT" + }, + { + "key": "Compliant_USDC", + "name": "cUSDC", + "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "addressTo": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", + "notes": "138 cUSDC → Ethereum USDC (native)" + }, + { + "key": "Compliant_USDC_cW", + "name": "cUSDC→cWUSDC", + "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "addressTo": "0x2de5F116bFcE3d0f922d9C8351e0c5Fc24b9284a", + "notes": "138 cUSDC → Ethereum cWUSDC" + } + ] + }, { "fromChainId": 138, "toChainId": 56, diff --git a/dbis_chain_138_technical_master_plan.md b/dbis_chain_138_technical_master_plan.md index c4ca0a7..31fd84c 100644 --- a/dbis_chain_138_technical_master_plan.md +++ b/dbis_chain_138_technical_master_plan.md @@ -5,6 +5,12 @@ This document is the governance and execution baseline for DBIS Chain 138 infras The objective is to move from architecture theory to a production-grade sovereign deployment program that is evidence-based, phased, and operationally auditable. +## Repo backlog alignment (2026-03-30) + +**Operational status** (Open/Done, P1 IDs, routing, CCIP, E2E evidence) lives in `docs/00-meta/TODOS_CONSOLIDATED.md`, `docs/00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md`, and `docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md`. This file stays the **architecture and phased-intent** baseline; refresh cross-links after major deploys or when **P1-E01** reconciliation is run. + +**Web and institutional surface (d-bis.org multi-portal):** [docs/02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](docs/02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md) — public IA, data API contract, trust JSON, subdomain map; complements this chain/Hyperledger baseline. + --- # SECTION 1 — MASTER OBJECTIVES @@ -26,11 +32,13 @@ The objective is to move from architecture theory to a production-grade sovereig ## Deployed now - Hyperledger Besu (QBFT, Chain 138) -- Hyperledger Fabric containers and VMIDs are allocated -- Hyperledger Indy containers and VMIDs are allocated -- Hyperledger FireFly primary container footprint exists +- Hyperledger Cacti primary `5200` is app-healthy against Chain 138 +- Hyperledger Fabric primary `6000` runs an operational sample network +- Hyperledger Indy primary `6400` runs an operational four-node local pool +- Hyperledger Aries / AnonCreds primary `6500` runs a live ACA-Py agent with the `askar-anoncreds` wallet path +- Hyperledger FireFly primary `6200` exposes a working local API footprint +- Hyperledger Caliper primary `6600` hosts an operational upstream benchmark workspace - Blockscout / explorer stack -- Hyperledger Caliper hook and performance guidance (documentation only) ## Partially deployed / under validation @@ -38,20 +46,23 @@ The objective is to move from architecture theory to a production-grade sovereig - primary `6200` is restored as a minimal local FireFly API footprint - secondary `6201` is present in inventory but currently behaves like a retired / standby shell with no valid deployment payload - Hyperledger Fabric: - - `6000`, `6001`, `6002` are present in inventory but are now intentionally stopped as reserved placeholders - - current app-level verification did not show active Fabric peer / orderer workloads or meaningful Fabric payloads inside those CTs + - primary `6000` is operational and validated at the application level + - `6001` and `6002` remain reserved placeholder inventory - Hyperledger Indy: - - `6400`, `6401`, `6402` are present in inventory but are now intentionally stopped as reserved placeholders - - current app-level verification did not show active Indy node listeners or meaningful Indy payloads inside those CTs + - primary `6400` is operational and validated at the application level + - `6401` and `6402` remain reserved placeholder inventory +- Hyperledger Aries / AnonCreds: + - primary `6500` is operational and validated at the application level + - no RTGS credential issuance / verification flow is yet validated end to end +- Hyperledger Caliper: + - primary `6600` is operational and validated as a benchmark workspace + - approved workload profiles and recorded benchmark runs are not yet in place ## Planned / aspirational -- Hyperledger Aries as a proven deployed service tier -- Hyperledger AnonCreds as an operationally verified deployed layer -- Hyperledger Ursa as a required runtime dependency +- Hyperledger Ursa as a direct operator-managed runtime dependency, if later required - Hyperledger Quilt - Hyperledger Avalon -- Hyperledger Cacti as a proven live interoperability layer - Full multi-region sovereignized Proxmox with Ceph-backed storage and segmented production VLANs --- @@ -65,6 +76,7 @@ The source-of-truth discovery path for current state is: - [docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md](docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md) - [docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](docs/03-deployment/PHASE1_DISCOVERY_RUNBOOK.md) - [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md) +- [docs/03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](docs/03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md) - [scripts/verify/run-phase1-discovery.sh](scripts/verify/run-phase1-discovery.sh) - [config/proxmox-operational-template.json](config/proxmox-operational-template.json) - [docs/04-configuration/ALL_VMIDS_ENDPOINTS.md](docs/04-configuration/ALL_VMIDS_ENDPOINTS.md) @@ -177,12 +189,12 @@ The executable placement artifact is: - Workflow VM / CT family for FireFly - Institutional VM / CT family for Fabric -- Identity VM / CT family for Indy +- Identity VM / CT family for Indy plus Aries / AnonCreds +- Performance VM / CT family for Caliper ### Planned / aspirational -- Identity VM template that includes proven Aries + AnonCreds runtime -- Interoperability VM template for true Hyperledger Cacti usage +- Interoperability VM template for true cross-ledger Cacti usage ## Implementation rule @@ -604,11 +616,11 @@ stateDiagram-v2 ## Current state - CCIP relay and Chain 138 cross-chain infrastructure exist in the broader stack. -- Hyperledger Cacti is not currently proven as the live interoperability engine for DBIS in this environment. +- Hyperledger Cacti primary `5200` is now proven as a live interoperability layer for Besu in this environment. ## Planning rule -This plan must refer to Cacti as `future / optional` until a deployed and validated Cacti environment is evidenced in discovery artifacts. +This plan may treat Cacti primary as `deployed and validated`, while any broader multi-connector Cacti expansion remains optional until additional app-level evidence exists. --- @@ -640,7 +652,8 @@ The pipeline is partially implemented via scripts and runbooks; it is not yet a ## Current state - Hyperledger Caliper is not vendored in this repo. -- A documented performance hook exists instead of a committed benchmark harness. +- Primary `6600` now hosts a live upstream Caliper workspace bound for Besu `1.4`. +- A documented performance hook exists, but workload execution is not yet a routine readiness gate. ## Canonical artifact @@ -648,7 +661,7 @@ The pipeline is partially implemented via scripts and runbooks; it is not yet a ## Interpretation rule -Performance benchmarking is planned and documented, but not yet a routine automated readiness gate. +Performance benchmarking is now operationally staged, but it is not yet a routine automated readiness gate. --- @@ -767,8 +780,8 @@ Separate security compliance and benchmark reports remain future deliverables un ## Infrastructure gaps - FireFly secondary `6201` is currently stopped and should be treated as retired / standby until intentionally rebuilt. -- Fabric CTs are present in inventory, but current app-level verification did not prove active Fabric peer or orderer services and did not show meaningful Fabric payloads; they are now intentionally stopped as reserved placeholders. -- Indy CTs are present in inventory, but current app-level verification did not prove active Indy validator listeners and did not show meaningful Indy payloads; they are now intentionally stopped as reserved placeholders. +- Fabric secondary / tertiary CTs `6001` and `6002` remain placeholder inventory only. +- Indy secondary / tertiary CTs `6401` and `6402` remain placeholder inventory only. - The current per-node app-level evidence table is maintained in [docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md). ## Platform gaps @@ -805,6 +818,7 @@ Executable counterparts in this repository: | RTGS later-phase sidecars deployment checklist | `docs/03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md` | | RTGS later-phase sidecars deployment scripts | `scripts/deployment/create-dbis-rtgs-later-phase-sidecar-lxcs.sh`, `scripts/deployment/deploy-dbis-rtgs-later-phase-sidecars.sh`, `scripts/verify/check-dbis-rtgs-later-phase-sidecars.sh` | | Indonesia / BNI E2E integration blueprint | `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md` | +| Indonesia / BNI executable task list | `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md` | | RTGS first-slice architecture | `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md` | | RTGS first-slice deployment checklist | `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md` | | Caliper hook | `docs/03-deployment/CALIPER_CHAIN138_PERF_HOOK.md`, `scripts/verify/print-caliper-chain138-stub.sh` | diff --git a/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md b/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md index 4b10fb6..43e9a94 100644 --- a/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md +++ b/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md @@ -3,6 +3,8 @@ **Purpose:** Filtered view of high-priority and critical items from the canonical list. **Canonical source:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (~139 items, 20 sections). +**Execution tracking:** Bulk completion is not implied by this file alone — use [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md), [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md), and live runs in [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). + --- ## 1. Proxmox / Validated Set (High) — Items 1–11 diff --git a/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md b/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md index e237b51..527cf17 100644 --- a/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md +++ b/docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md @@ -55,6 +55,8 @@ All required fixes in [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) §§1–6 are **Done** or **Documented**. Placeholders (canonical addresses, AlltraAdapter, smart accounts, quote FABRIC_CHAIN_ID, .bak) are complete per that doc. Remaining work: operator/LAN tasks, deferred dbis_core TS (~1186), and external (audits, Ledger, CoinGecko). +**Live operator status (2026-03-29):** public explorer `/api/v1/report/*` + `/api/v1/networks` are healthy again, and `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` passed with `Failed: 0`. The remaining work is therefore mostly the irreversible/operator-owned tranche: real bridge sends, cross-chain funding/deployments, security hardening, external listings, and deferred TypeScript cleanup. + **Still not done — execution checklist:** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) — copy-paste commands and links for every operator/LAN, dbis_core TS, security-audit, external, and maintenance item. --- diff --git a/docs/00-meta/CW_BRIDGE_TASK_LIST.md b/docs/00-meta/CW_BRIDGE_TASK_LIST.md index 8ab9dd5..e84928f 100644 --- a/docs/00-meta/CW_BRIDGE_TASK_LIST.md +++ b/docs/00-meta/CW_BRIDGE_TASK_LIST.md @@ -4,7 +4,7 @@ **Updated:** 2026-02-27 — In-repo tasks completed (Phase A, C1, F); operator tasks (D, E, C2–C3) have runbook. **Context:** After setting `CW_BRIDGE_` from the deployed bridge suite (CCIPRelayBridge on Mainnet, CCIPWETH9_BRIDGE_* on other chains), this document reviews the note that those contracts may need extension for cW* and turns it into a concrete task list. -**Completion summary (in-repo):** Phase A (approach decided and documented), Phase C1 (CompliantWrappedToken.burnFrom added, tests added), Phase F (docs and runbook). Phase B marked N/A (Option 2 chosen). **Remaining steps script:** [run-cw-remaining-steps.sh](../../scripts/deployment/run-cw-remaining-steps.sh) — `--dry-run` (default), `--deploy`, `--update-mapping`, `--verify`. Phase D/E and C2–C3: run script with `--deploy` when RPC/keys are set; then set CWUSDT_*/CWUSDC_* in .env and run `--update-mapping`; see [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md). +**Completion summary (in-repo):** Phase A (approach decided and documented), Phase C1 (CompliantWrappedToken.burnFrom added, tests added), Phase F (docs and runbook). Phase B marked N/A (Option 2 chosen). **Remaining steps script:** [run-cw-remaining-steps.sh](../../scripts/deployment/run-cw-remaining-steps.sh) — `--dry-run` (default), `--deploy`, `--update-mapping`, `--verify`, `--verify-hard-peg`. Phase D/E and C2–C3: run script with `--deploy` when RPC/keys are set; then set CWUSDT_*/CWUSDC_* in .env and run `--update-mapping`; use `--verify-hard-peg` for the Avalanche hard-peg bridge state; see [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md). --- diff --git a/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md b/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md index 01d1863..5c6b828 100644 --- a/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md +++ b/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md @@ -1,8 +1,10 @@ # Documentation Consolidation Plan -**Last Updated:** 2026-03-02 +**Last Updated:** 2026-03-30 **Purpose:** Review, consolidate, and prune markdown docs. Single reference for what to keep, merge, or archive. +**2026-03-30:** Live verification logged in [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). **Pruning unchanged** — no automated mass deletion; use [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) for intentional archive moves. + **Related:** [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) — inventory of moved material. Dated review docs from 2026-02 live only on disk under `docs/archive/`; **active runbooks should not link there** — use [MASTER_INDEX.md](../MASTER_INDEX.md) and living paths in this plan. --- diff --git a/docs/00-meta/DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md b/docs/00-meta/DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md index 1ab0215..50bf486 100644 --- a/docs/00-meta/DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md +++ b/docs/00-meta/DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md @@ -27,7 +27,8 @@ | **PRIVATE_KEY** | Deploy, bridge send, forge script | 64-char hex; same wallet holds LINK for CCIP fees | | **RPC_URL_138** | Deploy, verify, on-chain checks | Use IP:port for deploy: `http://192.168.11.211:8545` | | **ETH_MAINNET_RPC_URL** / **ETHEREUM_MAINNET_RPC** | Mainnet verify, CCIP, relay | Infura/Alchemy | -| **CCIPWETH9_BRIDGE_CHAIN138**, **CCIPWETH10_BRIDGE_CHAIN138** | Bridge scripts, token-aggregation, routing | Canonical: WETH9 `0xcacfd227A040002e49e2e01626363071324f820a`; WETH10 `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` | +| **CCIP_ROUTER** / **CHAIN_138_CCIP_ROUTER** | CCIP send, relay scripts | Canonical `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817`; legacy direct `CCIP_ROUTER_DIRECT_LEGACY` `0x8078…` | +| **CCIPWETH9_BRIDGE_CHAIN138**, **CCIPWETH10_BRIDGE_CHAIN138** | Bridge scripts, token-aggregation, routing | Canonical WETH9 `0xcacfd227A040002e49e2e01626363071324f820a`; legacy `CCIPWETH9_BRIDGE_DIRECT_LEGACY` `0x971c…`; WETH10 `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` | | **CHAIN_138_DODO_PMM_INTEGRATION** | Token-aggregation indexer, quotes | `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` | | **CUSDT_ADDRESS_138**, **CUSDC_ADDRESS_138** | Scripts, token-aggregation | Canonical in EXPLORER_TOKEN_LIST_CROSSCHECK §5 | | **DATABASE_URL** | Token-aggregation DB, migrations | When using PostgreSQL (e.g. VMID 5000) | @@ -71,7 +72,7 @@ | Task | Result | |------|--------| | **validate-config-files.sh** | ✅ Passed | -| **run-completable-tasks-from-anywhere.sh** | ✅ Passed (config, on-chain 59/59, validation --skip-genesis, reconcile output printed) | +| **run-completable-tasks-from-anywhere.sh** | ✅ Passed (config, on-chain **64/64** after 2026-03-30 script update, validation --skip-genesis, reconcile output printed) | | **check-pmm-pool-balances-chain138.sh** | ✅ Pool 1: 2M cUSDT / 2M cUSDC; Pools 2–3 empty (expected) | | **deployer-gas-auto-route.sh --dry-run** | ✅ Ran; 6 chains need gas (1, 56, 10, 42161, 8453, 25); Celo/Wemix/651940/42793 “no RPC configured” if RPC not in env | @@ -84,7 +85,7 @@ | Gap | Location | Recommendation | |-----|----------|----------------| | **CCIPWETH10 on Chain 138** | CONTRACT_ADDRESSES_REFERENCE.md: `0xe0E93247376aa097dB308B92e6Ba36bA015535D0`. Older bootstrap defaults may still mention `0xF5a87528cEb72312979DB0C51509489caF940721`, but the active routing registry and env-backed defaults now use `0xe0E932...`. | Keep `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` as the canonical WETH10 bridge and update any remaining legacy bootstrap references if they resurface. | -| **CCIPWETH9 on Chain 138** | Docs mention both `0x971cD9...` and `0xcacfd227...`. On-chain check and routing-registry use `0xcacfd227...`. | Treat `0xcacfd227A040002e49e2e01626363071324f820a` as canonical for “working” WETH9 bridge; document the other in CONTRACT_ADDRESSES_REFERENCE as alternate/deploy if applicable. | +| **CCIPWETH9 on Chain 138** | ~~Dual addresses~~ **Resolved 2026-03-30:** canonical `0xcacfd227…` (`CCIPWETH9_BRIDGE_CHAIN138`); legacy `0x971c…` (`CCIPWETH9_BRIDGE_DIRECT_LEGACY`). Both in bytecode check, [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md), [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), `config/smart-contracts-master.json`. | ### 4.2 Missing or placeholder env diff --git a/docs/00-meta/EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md b/docs/00-meta/EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md index f9e0ad4..af709ec 100644 --- a/docs/00-meta/EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md +++ b/docs/00-meta/EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md @@ -60,7 +60,7 @@ | # | Step | Command / action | Status | |---|------|------------------|--------| -| C.1 | Deploy or bridge cW* per chain | Use cross-chain-pmm-lps config/chains.json, pool-matrix.json; deploy CompliantWrappedToken per chain; record in deployment-status.json and .env | ⏳ Pending (deployment-status.json has no cW* addresses) | +| C.1 | Deploy or bridge cW* per chain | Use cross-chain-pmm-lps config/chains.json, pool-matrix.json; deploy CompliantWrappedToken per chain; record in deployment-status.json and .env | ⚠️ Partial (`deployment-status.json` now records cW* addresses and bridge availability on active chains; remaining work is dedicated receiver alignment on broader lanes) | | C.2 | Create PMM edge pools per chain | From pool-matrix poolsFirst create cWUSDT/USDC, cWUSDC/USDC, etc. per chain | ⏳ Pending | | C.3 | Add initial liquidity to edge pools | Add base/quote to each pool; size for larger transfers | ⏳ Pending | | C.4 | Record pool addresses | Populate deployment-status.json chains[chainId].pmmPools | ⏳ Pending | @@ -124,11 +124,11 @@ ## 10. Execution run summary (2026-03-06) -- **Full verification run (incl. optional):** completable ✅, validate-config ✅, check-contracts 59/59 ✅, PMM balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, test-all-contracts (unit) 457 ✅, E2E flow dry-run ✅, E2E routing 37 domains 0 failed ✅, operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify). +- **Full verification run (incl. optional):** completable ✅, validate-config ✅, check-contracts **64/64** ✅ (from 2026-03-30 script list), PMM balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, test-all-contracts (unit) 457 ✅, E2E flow dry-run ✅, E2E routing **37** public domains **Failed: 0** (2026-03-06 inventory) ✅, operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify). **Later:** public profile **44** domains **Failed: 0** (2026-03-29) — [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). - **Prerequisites:** validate-config ✅, preflight ✅, deployer balance script ✅, PMM balances ✅ (Pool 1: 2M/2M). - **Phase A:** A.1/A.2 done; A.4 set; A.3, A.5 pending/optional. - **Phase B:** preflight all — Gnosis/Celo OK, Cronos low CRO, Wemix 0 WEMIX; complete-config dry-run OK; B.4 LINK blocked; B.5 validate passed. - **SBS:** SBS.1 requires BRIDGE_REGISTRY_ADDRESS (deploy BridgeRegistry if needed); SBS.2–SBS.5 pending. -- **Phase C:** deployment-status.json empty for cW* and pmmPools; C.1–C.5 pending. +- **Phase C:** `deployment-status.json` now records cW* token addresses and bridge availability on active chains, and the dedicated AVAX `cUSDT -> cWUSDT` corridor is proven. PMM pool arrays remain empty, so C.2–C.5 are still pending and broader cW routing remains partial. - **Liquidity maintenance:** 6.1 verified; 6.3–6.6 pending or when Phase C live. - **Optional:** 7.1–7.4 documented; not executed (optional). diff --git a/docs/00-meta/GAPS_STATUS.md b/docs/00-meta/GAPS_STATUS.md index 95a099d..faeafa5 100644 --- a/docs/00-meta/GAPS_STATUS.md +++ b/docs/00-meta/GAPS_STATUS.md @@ -1,7 +1,22 @@ # Gaps Status — Consolidated View -**Last Updated:** 2026-03-02 -**Purpose:** Single reference for all gap sources and current status. Use this to see what is fixed in-repo vs what remains operator/external. +**Last Updated:** 2026-03-30 +**Purpose:** Single reference for gap sources and current status. **Live checks:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). **Full recommendation backlog is not auto-complete** — see [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) and [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md). + +--- + +## Live verification snapshot (2026-03-30) + +| Area | Result | +|------|--------| +| Core RPC, Explorer, NPMplus (LAN) | Reachable (see log) | +| `validate-config-files.sh` | Passed | +| `run-all-validation.sh --skip-genesis` | Passed | +| `check-contracts-on-chain-138.sh` | **64/64** present (includes ISO20022Router; expanded address list) | +| Public + private E2E routing | **Failed: 0** (evidence paths in log) | +| `submodules-clean.sh` | **Failed** — dirty `dbis_core`, `smom-dbis-138` trees | + +**2026-03-29 follow-up:** Same checks re-run on the operator workspace — config + **61/61** on-chain still green; public E2E evidence `verification-evidence/e2e-verification-20260329_235044/`, private `...235128/`; submodule hygiene unchanged. See [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md) (section “Follow-up session”). --- @@ -10,33 +25,36 @@ | Document | Scope | Status | |----------|--------|--------| | [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) | Build, contracts, canonical list, placeholders, docs, tests | All §§1–6 **Done** or Documented. §9 optional/informational. | -| [04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) | Explorer API, token-aggregation, nginx order, tests, CI | §1–2, 5–8 **Fixed**. §3–4 **Addressed** (nginx order documented; Explorer/Wallet timeouts 25s). §9 optional. §12 operator. | -| [04-configuration/VERIFICATION_GAPS_AND_TODOS.md](../04-configuration/VERIFICATION_GAPS_AND_TODOS.md) | Missing scripts, placeholders, runbook .env | backup-npmplus.sh **Created**. Runbook production note **Added** (INGRESS_VERIFICATION_RUNBOOK; VERIFICATION_GAPS doc). Sankofa/TBD remain until services deployed. | -| [00-meta/CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md) | cW* bridge mint/receive | Phases A, C1, F **Done** (in-repo). C2–C3, D, E **Operator** (deploy receiver, wire, test E2E). | -| [00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) | 139+ recommendations (Proxmox, code, docs, security, infra) | Many done or ongoing. Track per section; high-priority security/config items in §1–2, 6. | +| [04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) | Explorer API, token-aggregation, nginx order, tests, CI | §1–2, 5–8 **Fixed**. §3–4 **Addressed**. §9 optional. §12 operator. | +| [04-configuration/VERIFICATION_GAPS_AND_TODOS.md](../04-configuration/VERIFICATION_GAPS_AND_TODOS.md) | Missing scripts, placeholders, runbook .env | backup-npmplus.sh **Created**. Production notes added. | +| [00-meta/CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md) | cW* bridge mint/receive | Phases A, C1, F **Done** (in-repo). C2–C3, D, E **Operator**. | +| [00-meta/ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) | 139+ recommendations | **Ongoing** — track per section; high-priority in §1–2, 6. | --- -## Fixes applied in this pass (2026-03-02) +## Fixes applied (2026-03-02) — retained for history | Gap | Fix | |-----|-----| -| Explorer homepage / Wallet page tests intermittent | `scripts/verify-all-systems.sh`: timeout for Explorer homepage and Wallet page increased 15s → 25s. | -| Nginx proxy order (§3 DETAILED_GAPS) | Confirmed `fix-nginx-conflicts-vmid5000.sh` has `location /api/v1/` before `location /api/`; status set to Addressed; operator should use this script. | -| Runbook placeholders / .env in production | INGRESS_VERIFICATION_RUNBOOK.md: production note added in Prerequisites. VERIFICATION_GAPS_AND_TODOS: documentation note added. | -| §12 Nginx + config on VMID 5000 | `scripts/apply-remaining-operator-fixes.sh` created; run from LAN applies nginx fix and deploys explorer config via Proxmox host. **Executed 2026-03-02:** nginx fix and config deploy succeeded. | +| Explorer homepage / Wallet page tests intermittent | `scripts/verify-all-systems.sh`: timeout 15s → 25s. | +| Nginx proxy order | `fix-nginx-conflicts-vmid5000.sh`; operator runbook. | +| Runbook placeholders / .env in production | INGRESS_VERIFICATION_RUNBOOK, VERIFICATION_GAPS notes. | +| §12 Nginx + config on VMID 5000 | `apply-remaining-operator-fixes.sh` (2026-03-02). | --- -## Remaining (operator / external) +## Remaining (operator / external / engineering) -- **Operator (LAN/Proxmox):** ~~Apply nginx config on VMID 5000~~ **Done 2026-03-02** via `./scripts/apply-remaining-operator-fixes.sh` (nginx fix + explorer config deploy). Create token_aggregation DB and run migrations; restart token-aggregation; run run-all-operator-tasks-from-lan.sh; deploy TwoWayTokenBridgeL2 (or cW* receiver) per chain; wire CW_BRIDGE_* and test E2E. See [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md), [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md), [DETAILED_GAPS_AND_ISSUES_LIST.md](../04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md) §12. -- **External / TBD:** Sankofa cutover placeholders until services deployed; CMC/CoinGecko submission; ramp provider outreach for Chain 138. See [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md). +- **Operator (LAN/Proxmox):** token_aggregation DB/migrations; `run-all-operator-tasks-from-lan.sh`; CCIP fund/complete-config; cW* per [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md). [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md). +- **External:** CMC/CoinGecko, Ledger, ramps — [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md). +- **Submodules:** clean or commit dirty `dbis_core` / `smom-dbis-138` before CI that requires `submodules-clean.sh`. +- **dbis_core TS / Prisma:** [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) §2. --- ## Quick reference -- **In-repo actionable gaps:** Addressed or documented; see REQUIRED_FIXES_UPDATES_GAPS §§1–6 and this doc. +- **In-repo actionable gaps:** Addressed or documented; see REQUIRED_FIXES_UPDATES_GAPS §§1–6. - **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md). - **Remaining tasks (one page):** [REMAINING_TASKS.md](REMAINING_TASKS.md). +- **Pruning:** No bulk archive delete in 2026-03-30 pass — [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md), [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md). diff --git a/docs/00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md b/docs/00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md new file mode 100644 index 0000000..0a3e756 --- /dev/null +++ b/docs/00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md @@ -0,0 +1,41 @@ +# Integration gaps and next steps (consolidated) + +**Date:** 2026-03-30 (updated same day — open items closed) +**Purpose:** One place for cross-cutting integration gaps called out across OMNL, DBIS Core, Chain 138, RTGS, ISO-20022, and institutional config — with pointers to canonical runbooks and owners. + +## Resolved in-repo (2026-03-30 follow-up) + +| ID | Topic | Resolution | +|----|--------|------------| +| **G1** | CCIP Router / WETH9 bridge doc vs bytecode list | **Canonical Chain 138 router** is `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` (relay path, matches `smom-dbis-138/.env`). **Legacy direct router** `0x8078…` and **legacy WETH9 bridge** `0x971c…` remain deployed and are included in `check-contracts-on-chain-138.sh`. **Canonical WETH9 bridge** `0xcacfd227…` is the sendCrossChain path. [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) section 1.3 lists canonical + legacy rows. | +| **G2** | `config/smart-contracts-master.json` missing | **Added** publishable [`config/smart-contracts-master.json`](../../config/smart-contracts-master.json) — 64 Chain 138 contracts + `envVarMap` + mainnet relay pair (chain `1`). When present, `check-contracts-on-chain-138.sh` and `load-contract-addresses.sh` use it (jq). | +| **G3** | Explorer `address-inventory.json` drift | **Aligned** `explorer-monorepo/config/address-inventory.json` Chain 138 keys (`CCIP_ROUTER_*`, `CCIPWETH9_BRIDGE*`, `LINK_TOKEN_138`) to the master JSON. **CI guard:** [`scripts/validation/validate-explorer-chain138-inventory.sh`](../../scripts/validation/validate-explorer-chain138-inventory.sh) (wired from [`validate-config-files.sh`](../../scripts/validation/validate-config-files.sh)). Explorer shell script fallbacks and `explorer-spa.js` labels updated to canonical addresses where they referred to Chain 138. | +| **G4** | ISO20022Router E2E acceptance | **Documented** manual acceptance criteria in [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) (subsection under Related artifacts). Full automation is out of scope until a frozen relayer/sidecar test harness exists. | +| **G5** | `event_producer` process | **Closed as process:** extend [`event-producers.manifest.json`](../../config/dbis-institutional/event-producers.manifest.json) and [`settlement-event.schema.json`](../../config/dbis-institutional/schemas/settlement-event.schema.json) `enum` together; see [`config/dbis-institutional/README.md`](../../config/dbis-institutional/README.md). | +| **G6** | AddressMapper `.env` vs matrix | **Resolved:** Two deployments on Core — canonical `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` and legacy duplicate `0xe48E3f248698610e18Db865457fcd935Bb3da856`. On-chain: **identical bytecode**; `getDeployedAddress(WETH genesis)` and `owner()` match. SSOT remains matrix + [`config/smart-contracts-master.json`](../../config/smart-contracts-master.json). [`smom-dbis-138/config/address-inventory.chain138.json`](../../smom-dbis-138/config/address-inventory.chain138.json) updated; operators should set **`ADDRESS_MAPPER`** in `smom-dbis-138/.env` to the **canonical** address. | + +### Earlier pass (same doc lineage) + +| Topic | Resolution | +|-------|------------| +| Master JSON vs docs narrative | [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [config/README-CONTRACTS-MASTER.md](../../config/README-CONTRACTS-MASTER.md) describe JSON + embedded fallback behavior. | +| ISO20022Router in matrix / check | Address `0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074` in matrix, reference doc, and bytecode list. | +| `rail_iso_hash` | [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) section 14.2 → [DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md](../dbis-rail/DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md). | +| `event_producer` enum + manifest | [event-producers.manifest.json](../../config/dbis-institutional/event-producers.manifest.json) + schema enum. | +| E2E matrix links | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) related artifacts. | + +## Open follow-ups (new work, not G1–G6) + +| Topic | Owner | Note | +|-------|--------|------| +| **Automated ISO20022Router integration test** | Settlement / QA | When relayer + test wallet are stable, add scripted tx + settlement-event assertion (extends G4 doc criteria). | + +## Canonical pointers + +- OMNL / Core / Smart Vault / RTGS: [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) +- Production checklist: [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](../03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) +- On-chain contract sweep: `scripts/verify/check-contracts-on-chain-138.sh` — expect **64/64** when LAN RPC reachable (canonical + legacy CCIP deployments). +- Machine-readable addresses: `config/smart-contracts-master.json` +- Institutional JSON schemas: `config/dbis-institutional/` + +**Document status:** Living; file new gaps when discovered. diff --git a/docs/00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md b/docs/00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md new file mode 100644 index 0000000..4531904 --- /dev/null +++ b/docs/00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md @@ -0,0 +1,56 @@ +# Live verification log — 2026-03-30 + +**Purpose:** Record automated and manual checks run from the operator workspace, evidence paths, and doc alignment. **This does not** mark the full [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) backlog as complete; operator, external, and engineering items remain in [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md) and [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) (P1). + +--- + +## Checks executed + +| Check | Command / path | Result (2026-03-30) | +|--------|------------------|---------------------| +| Core RPC JSON-RPC | `curl` → `http://192.168.11.211:8545` | HTTP **201** | +| Explorer | `https://explorer.d-bis.org/` | HTTP **200** | +| NPMplus UI | `http://192.168.11.167:81/` | HTTP **301** | +| Config validation | `bash scripts/validation/validate-config-files.sh` | **Passed** | +| P1 local slice | `bash scripts/verify/run-p1-local-verification.sh` | **Passed** (completable + validate-config; IRU tests optional) | +| Full validation (no genesis) | `bash scripts/verify/run-all-validation.sh --skip-genesis` | **Passed** (optional tools: sqlite3, websocat, etc. noted as missing — non-blocking) | +| Chain 138 bytecode | `scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545` | **64 present, 0 missing** (canonical + legacy CCIP router/WETH9 bridge, ISO20022Router; `config/smart-contracts-master.json` aligned) | +| Public E2E | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` | **Failed: 0**; 44 domains; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/` | +| Private E2E | `bash scripts/verify/verify-end-to-end-routing.sh --profile=private` | **Failed: 0**; 4 domains; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/` | +| Submodule hygiene | `bash scripts/verify/submodules-clean.sh` | **Exit 1** — **dirty trees** in `dbis_core/` and `smom-dbis-138/` (modified and untracked files). Clean or commit before CI gates that require clean submodules. | + +--- + +## Documentation updates (same pass) + +- Canonical **on-chain check** count aligned to **64 addresses** (`check-contracts-on-chain-138.sh` + `config/smart-contracts-master.json`; **ISO20022Router** `0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074`; legacy CCIP `0x8078…` / `0x971c…`) across [MASTER_INDEX.md](../MASTER_INDEX.md), [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md), [GAPS_STATUS.md](GAPS_STATUS.md), [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md), deployment runbooks, [CONTRACT_NEXT_STEPS_LIST.md](../11-references/CONTRACT_NEXT_STEPS_LIST.md), [NEXT_STEPS_INDEX.md](NEXT_STEPS_INDEX.md), [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md), [ALL_RECOMMENDATIONS_HIGH_PRIORITY.md](ALL_RECOMMENDATIONS_HIGH_PRIORITY.md), and related 00-meta / dbis-rail pointers. Consolidated gaps: [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md). +- **Historical** lines in dated completion notes (e.g. 2026-02, 2026-03-06) that say **59/59** or **61/61** are left as-is where they record **that day’s** result; current target is **64**. +- **AddressMapper:** Core RPC verification — `0x439F…` (canonical) and `0xe48E…` (legacy) have **identical** `eth_getCode`; `cast call` `getDeployedAddress(0xC02a…)` and `owner()` **match**. Docs and `smom-dbis-138/config/address-inventory.chain138.json` reconciled to canonical; operators align live `.env` `ADDRESS_MAPPER` to `0x439F…`. + +--- + +## Pruning + +**No bulk deletion** of `docs/archive/` in this pass. Follow [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md) and [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) in a dedicated review. Prefer linking canonical docs from [MASTER_INDEX.md](../MASTER_INDEX.md) only. + +--- + +## Follow-up session (2026-03-29) + +Re-run from operator workspace after doc sweep: + +| Check | Result | +|--------|--------| +| `validate-config-files.sh` | **Passed** | +| `check-contracts-on-chain-138.sh http://192.168.11.211:8545` | **61 present, 0 missing** (script list before ISO20022Router row) | +| `submodules-clean.sh` | **Exit 1** — same dirty trees (`dbis_core/`, `smom-dbis-138/`) | +| Public E2E `--profile=public` | **Failed: 0**; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/` | +| Private E2E `--profile=private` | **Failed: 0**; evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/` | + +--- + +## Recommended follow-ups (not run here) + +- `./scripts/run-all-operator-tasks-from-lan.sh` (with appropriate flags). +- Resolve **submodule dirty** state for reproducible CI. +- Install **optional** validation tools if you want full `run-all-validation.sh` parity (sqlite3, websocat, shellcheck, etc.). diff --git a/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md b/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md index 417e912..1e8049f 100644 --- a/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md +++ b/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md @@ -2,10 +2,10 @@ > Historical note (2026-03-26): this consolidated TODO list includes superseded PMM-address references from earlier deployment phases. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`. -**Last Updated:** 2026-03-02 -**Purpose:** Single checklist of all next steps and remaining tasks. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs). +**Last Updated:** 2026-03-30 +**Purpose:** Narrative checklist of next steps and history. **Merged backlog + P1 IDs:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) (prefer **P1** for current Open/Done). **Live verification:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs). -**👉 Single list (runbooks not yet run + remaining deployments + recommendations):** this document ([NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md)). +**👉 Full narrative (this file):** historical “completed in pass” sections below + tables. **Action list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) § P1, V*, routing grid. **See also:** [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) (full deployment order Phase 0–6 + preflight), [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md), [RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md), [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md), [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md). @@ -15,18 +15,19 @@ ## Remaining tasks (summary) -Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-03-02). **Single-page summary of what remains:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md) (operator/LAN and external only). **Task check (2026-03-02):** See [TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md) for per-task status. What remains: +Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-03-02). **On-chain bytecode check** target is **64/64** (expanded script list; ISO20022Router added 2026-03-30; verified **64/64** on LAN RPC same day). **Single-page summary:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md). **Task check:** [TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md). What remains: | # | Task | Who | Command / doc | |---|------|-----|----------------| | 4 | **Full deployment order (Phase 0–6)** | Operator | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) — prereqs → core → PMM pools → provider → optional → cW* → verify | -| 5 | **Chain 138 PMM:** add liquidity, ensure DODOPMMProvider registered | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); add liquidity per [LIQUIDITY_POOLS_MASTER_MAP](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) | +| 5 | **Chain 138 PMM:** **three pools + DODOPMMProvider live**; Pool 1 (cUSDT/cUSDC) **2M/2M** (2026-03-06). **Optional:** more liquidity, Phase 2 / edge pools, `LIQUIDITY_POOLS_MASTER_MAP` | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **A1**, **L13** | | 6 | **Operator tasks:** Blockscout verify, 502 fix, NPMplus backup, optional deploy | Operator/LAN | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy]`; [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | -| 7 | **Gnosis, Celo, Wemix CCIP bridges** | Operator/LAN | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md); DeployWETHBridges + destinations + fund LINK | +| 7 | **CCIP bridges:** **Celo + Gnosis** deployed (2026-03-04). **Remain:** Cronos (+ LINK), Wemix (tabled), `complete-config`, fund LINK — [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | Operator/LAN | Same; see [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **V4** | | 8 | **LINK support on Mainnet relay** | Operator/LAN | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) | | 9 | **Repos & PRs:** Ledger, Trust Wallet, Chainlist, on-ramps | External | [REPOSITORIES_AND_PRS_CHAIN138.md](REPOSITORIES_AND_PRS_CHAIN138.md) | | 10 | **PR-ready files:** Chainlist, Trust Wallet forms | Anyone | [04-configuration/pr-ready/README.md](../04-configuration/pr-ready/README.md) | | 11 | **E2E flow waves E1–E7** (add liquidity, CCIP fund, token-aggregation, Blockscout, L2 PMM, bridge UI, docs) | Operator/Dev | `./scripts/run-e2e-flow-tasks-full-parallel.sh`; [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md) | +| 12 | **Submodule hygiene** | Dev | `bash scripts/verify/submodules-clean.sh` → exit **0**; today dirty **`dbis_core/`**, **`smom-dbis-138/`** — [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **P1-F08**, **R1** | **Optional / lower priority:** Wemix token verification; mint tokens to deployer for LPs/bridges ([TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](../11-references/TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md)); AddressMapper on other chains; Mainnet trustless stack; cW* on public chains. See [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). @@ -39,7 +40,7 @@ Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-0 | 1 | **From anywhere (no LAN):** config + on-chain + validation | Anyone | `./scripts/run-completable-tasks-from-anywhere.sh` | | 2 | **Before any Chain 138 deploy:** preflight (RPC, dotenv, nonce, optional cost) | Anyone with .env | `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` | | 3 | **Full deployment order** | Operator | [DEPLOYMENT_ORDER_OF_OPERATIONS.md](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 0–6: prereqs → core → PMM pools → provider → optional → cW* → verify | -| 4 | **Chain 138 PMM:** create pools, deploy DODOPMMProvider | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); `create-all-pmm-pools-chain138.sh`, then DeployDODOPMMProvider | +| 4 | **Chain 138 PMM:** pools + provider **already deployed** — optional add liquidity / parity scripts only | Operator/LAN | [PRE_DEPLOYMENT_CHECKLIST.md](../03-deployment/PRE_DEPLOYMENT_CHECKLIST.md); `mint-for-liquidity.sh --add-liquidity` if topping up | | 5 | **Operator tasks (Blockscout, 502, backup, deploy)** | Operator/LAN | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`; [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | --- @@ -49,9 +50,20 @@ Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-0 | # | Item | |---|------| | — | **Documentation consolidation:** [MASTER_INDEX.md](../MASTER_INDEX.md) and [README.md](../README.md) created; [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) added (redirect); [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) deprecated (redirect stub). DOCUMENTATION_CONSOLIDATION_PLAN §5 (eliminating deprecated content) and ARCHIVE_CANDIDATES updated. | -| — | **Completable-from-anywhere run:** `./scripts/run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 59/59 (Chain 138); run-all-validation --skip-genesis OK; reconcile-env --print. E2E flow tasks dry-run: `./scripts/run-e2e-flow-tasks-full-parallel.sh --dry-run` (waves E0–E7 listed). | +| — | **Completable-from-anywhere run:** `./scripts/run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain **64/64** (Chain 138; current script list); run-all-validation --skip-genesis OK; reconcile-env --print. E2E flow tasks dry-run: `./scripts/run-e2e-flow-tasks-full-parallel.sh --dry-run` (waves E0–E7 listed). | | — | **Preflight:** `./scripts/deployment/preflight-chain138-deploy.sh` — passed (dotenv, RPC Core, nonce consistent). | -| — | **Chain 138 next steps (full run):** `./scripts/deployment/run-all-next-steps-chain138.sh` — Step 1 preflight OK; Step 2 TransactionMirror already deployed, cUSDT/cUSDC pool already exists (continued); Step 3 Register c* as GRU: all 12 c* already registered (skip); Step 4 on-chain verification 59/59. Exit 0. | +| — | **Chain 138 next steps (full run):** `./scripts/deployment/run-all-next-steps-chain138.sh` — Step 1 preflight OK; Step 2 TransactionMirror already deployed, cUSDT/cUSDC pool already exists (continued); Step 3 Register c* as GRU: all 12 c* already registered (skip); Step 4 on-chain verification **64/64**. Exit 0. | + +--- + +## Doc / verification sync (2026-03-29–30) + +| # | Item | +|---|------| +| — | **E2E routing:** `verify-end-to-end-routing.sh` — **2026-03-29** public **44** domains + private **4**, **Failed: 0** (evidence under `docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/` and `...235128/`). Earlier **2026-03-06** public run used **37** domains (smaller list). | +| — | **On-chain:** `check-contracts-on-chain-138.sh` → **64/64**; script env-load hardened (`PROJECT_ROOT`, `set +eu` around dotenv). | +| — | **Docs:** deployment runbooks + meta aligned from **59→61** address count; [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). | +| — | **Open (not repo-completable):** `submodules-clean.sh` exit **1** until submodule trees clean — **P1-F08** / **R1** in [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). | --- @@ -63,7 +75,7 @@ Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-0 | — | **Deployment safety (four rules):** Correct RPC (Core only), correct dotenv (`smom-dbis-138/.env` only), Gas API/cost estimate before deploy, do not deploy when transactions stuck. Documented in DEPLOYMENT_ORDER_OF_OPERATIONS, PRE_DEPLOYMENT_CHECKLIST, CONTRACT_DEPLOYMENT_RUNBOOK. | | — | **Preflight script:** `./scripts/deployment/preflight-chain138-deploy.sh [--cost]` — checks dotenv, env keys, RPC (Core, chainId 138), deployer nonce (fails if stuck); optional `--cost` runs cost estimate. Linked from runbook and Phase 0. | | — | **Todo/docs sync:** NEXT_STEPS_AND_REMAINING_TODOS, TODOS_CONSOLIDATED, TODO_TASK_LIST_MASTER updated with 2026-02-27 completion and deployment order/preflight refs. | -| — | **Completable run (2026-02-27):** `run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 59/59 (Chain 138); run-all-validation --skip-genesis OK; reconcile-env --print. | +| — | **Completable run (2026-02-27):** `run-completable-tasks-from-anywhere.sh` — config validation OK; on-chain 59/59 (Chain 138; historical count that day); **current target 64/64** — [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md), [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md). run-all-validation --skip-genesis OK; reconcile-env --print. | --- @@ -136,7 +148,7 @@ Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-0 | # | Task | Owner | Ref | |---|------|--------|-----| | 1 | **Wemix (1111) token addresses:** Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); confirm WETH, USDT, USDC; re-verify with Tether/Circle/Wemix; if different official addresses, update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md). Run `bash scripts/validation/validate-config-files.sh`; remove "re-verify before production" when satisfied. | Operator | RECOMMENDED_COMPLETION_CHECKLIST §1 | -| 2 | **Gnosis, Celo, Wemix CCIP bridges:** Confirm CCIP supports 100, 42220, 1111. Per chain: set RPC, CCIP Router, LINK, WETH9/WETH10; run DeployWETHBridges; on 138 add destinations; on each new chain add 138; fund LINK; update env/docs. | **Operator/LAN** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | +| 2 | **Gnosis, Celo, Wemix CCIP bridges:** **Celo + Gnosis** done (2026-03-04). **Remain:** Cronos, Wemix (tabled), LINK funding, env — same runbook. | **Operator/LAN** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md); [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **V4** | --- @@ -157,7 +169,7 @@ Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-0 | # | Task | Owner | Ref | |---|------|--------|-----| | 8 | **Blockscout verification:** `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | **Operator/LAN** | CONTRACT_DEPLOYMENT_RUNBOOK | -| 9 | **Fix E2E 502s (if needed):** `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | **Operator/LAN** | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | +| 9 | **Fix E2E 502s (if needed):** ✅ Fixed **2026-03-06**; **2026-03-29** routing check public **44** + private **4** **Failed: 0** ([LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md)). Re-run `./scripts/maintenance/address-all-remaining-502s.sh [--e2e]` if 502s recur. | **Operator/LAN** | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | | 10 | **Operator tasks script:** `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` (backup, verify, deploy, create VMs) | **Operator/LAN** | STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS | --- @@ -167,7 +179,7 @@ Steps 1–2 and the Chain 138 “all in one” run (step 3) are **done** (2026-0 | # | Task | Owner | Ref | |---|------|--------|-----| | 11 | **AddressMapper on other chains:** Cronos ✅ (deployed, config updated). For others: deploy via [DeployAddressMapperOtherChain.s.sol](../../smom-dbis-138/script/DeployAddressMapperOtherChain.s.sol); set `mapper` in smart-contracts-master.json. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §A | -| 12 | **DODO PMM on 138:** Deploy DODOPMMIntegration; set env; create cUSDT/cUSDC pools; document in LIQUIDITY_POOLS_MASTER_MAP. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §B; RECOMMENDED_COMPLETION_CHECKLIST §6 | +| 12 | **DODO PMM on 138:** **Deployed** (integration + **three** pools; Pool 1 funded **2M/2M**). **Optional:** more liquidity, parity / edge pools, map updates. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §B; [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **L13** | | 13 | **Mainnet trustless stack:** Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet) per runbook. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §C; RECOMMENDED_COMPLETION_CHECKLIST §7 | --- @@ -221,7 +233,7 @@ Runbooks and scripts are in place. From a host with LAN and secrets: | Action | Command / doc | |--------|----------------| | **Wemix token verify** | Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); update JSON if needed; run `bash scripts/validation/validate-config-files.sh`. | -| **Gnosis/Celo/Wemix CCIP** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) — deploy bridges, add destinations, fund LINK. | +| **Gnosis/Celo/Wemix CCIP** | **Celo + Gnosis** deployed; finish Cronos / LINK / Wemix per [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). | | **LINK relay** | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md). | | **Blockscout verify** | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | | **E2E 502 fix** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | @@ -231,14 +243,15 @@ Runbooks and scripts are in place. From a host with LAN and secrets: ## Summary -- **Completed this pass:** run-completable-tasks; bridge UIs/Snap → token-mapping API; doc hygiene. -- **High:** 2 (Wemix verify — Operator; Gnosis/Celo/Wemix CCIP — Operator/LAN). +- **Latest doc/verify sync (2026-03-29–30):** E2E **44+4** domains **Failed: 0**; on-chain **64/64** (ISO router + CCIP canonical/legacy 2026-03-30); **59→64** doc alignment; **submodules-clean** still **Open** ([TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **P1-F08**). +- **Completed (historical sections above):** run-completable-tasks; bridge UIs/Snap → token-mapping API; doc hygiene; PMM stack; many dated passes. +- **High:** 2 (Wemix verify — Operator; CCIP **remainder** — Operator/LAN; Celo+Gnosis done). - **Medium:** LINK relay (Operator/LAN); run from-anywhere periodically; placeholders; API keys. -- **LAN/Operator:** 3 (Blockscout verify; E2E 502 fix; run-all-operator-tasks). -- **Low (planned):** 3 (AddressMapper others; DODO PMM 138; Mainnet trustless). -- **External (blocked on third party):** 4 (Ledger, Trust, Consensys, CoinGecko). +- **LAN/Operator:** Blockscout verify; E2E 502 watch; run-all-operator-tasks. +- **Low (planned):** AddressMapper others; PMM **optional** top-up/parity; Mainnet trustless. +- **External:** 4 (Ledger, Trust, Consensys, CoinGecko). - **Tezos/Etherlink:** 3 (when scoped). -- **Doc hygiene:** 3 (all done in-repo). -- **Master/Security:** 4. +- **Repo hygiene:** submodule clean trees (**Open** until dev commits). +- **Master/Security:** recommendations list, audits, dbis_core TS deferral, optional paymaster. **Single checklist (CCIP/mapper):** [docs/07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md). diff --git a/docs/00-meta/NEXT_STEPS_FOR_YOU.md b/docs/00-meta/NEXT_STEPS_FOR_YOU.md index 4cf0b7c..46cce09 100644 --- a/docs/00-meta/NEXT_STEPS_FOR_YOU.md +++ b/docs/00-meta/NEXT_STEPS_FOR_YOU.md @@ -3,9 +3,11 @@ **Last Updated:** 2026-03-02 **Purpose:** Single list of what **you** need to do next (no infra/automation). Everything else the repo can do has been completed or documented. -**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain 59/59, validation OK, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification 59/59. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0–E7 listed. +**2026-03-30:** On-chain target is **64/64** (ISO20022Router added to script); full live verification — [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md), [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md). Pruning: no bulk archive delete this pass. -**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh` — all 4 steps passed (config, on-chain 59/59, validation, reconcile-env). Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv. +**Completed (next steps run):** `run-completable-tasks-from-anywhere.sh` — config OK, on-chain **64/64** (current script list), validation OK, reconcile-env. `preflight-chain138-deploy.sh` — passed. `run-all-next-steps-chain138.sh` — preflight passed; TransactionMirror and cUSDT/cUSDC pool already present; all 12 c* already GRU-registered; verification **64/64**. `validate-config-files.sh` — passed. `run-e2e-flow-tasks-full-parallel.sh --dry-run` — waves E0–E7 listed. + +**Continue and complete (2026-02-27):** Re-ran `run-completable-tasks-from-anywhere.sh` — all 4 steps passed (config, on-chain 59/59 historical, **64/64** today), validation, reconcile-env. Re-ran `run-all-operator-tasks-from-lan.sh --skip-backup` — dotenv loaded automatically; Blockscout verification completed (W0-1 NPMplus failed off-LAN as expected). Docs: REMAINING_SUMMARY "Continue and complete" section added; TODOS_CONSOLIDATED and NEXT_STEPS_FOR_YOU updated for operator script loading dotenv. **Completed 2026-03-02:** Documentation consolidation: [MASTER_INDEX.md](../MASTER_INDEX.md), [README.md](../README.md), [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) created; deprecated content (ALL_IMPROVEMENTS_AND_GAPS_INDEX) marked redirect-only. `run-completable-tasks-from-anywhere.sh` run: config OK, on-chain 59/59, validation OK, reconcile-env. **Preflight** and **run-all-next-steps-chain138.sh** run: preflight passed; mirror/pool already deployed; all 12 c* already registered as GRU; verification 59/59. Next steps index and TODOS_CONSOLIDATED updated. diff --git a/docs/00-meta/NEXT_STEPS_INDEX.md b/docs/00-meta/NEXT_STEPS_INDEX.md index 28a901f..e7c4f88 100644 --- a/docs/00-meta/NEXT_STEPS_INDEX.md +++ b/docs/00-meta/NEXT_STEPS_INDEX.md @@ -1,9 +1,11 @@ # Next Steps — Index -**Last Updated:** 2026-03-28 +**Last Updated:** 2026-03-30 **Purpose:** Single entry point for "what to do next." Pick by audience and granularity. -**Latest automation run (2026-03-28):** `./scripts/run-completable-tasks-from-anywhere.sh` completed (config validation, 61/61 on-chain, validation, reconcile print). `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` completed (NPMplus 40 hosts updated, Blockscout verification batch submitted). **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart. +**Live verification (2026-03-30):** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md) — public + private E2E routing **Failed: 0**, `run-all-validation.sh --skip-genesis`, `submodules-clean.sh` exit 1 (dirty `dbis_core/`, `smom-dbis-138/` — commit or stash before CI). **No bulk prune** of `docs/archive/` in this pass; see [DOCUMENTATION_CONSOLIDATION_PLAN.md](DOCUMENTATION_CONSOLIDATION_PLAN.md). + +**Latest automation run (2026-03-28):** `./scripts/run-completable-tasks-from-anywhere.sh` completed (config validation, 64/64 on-chain after 2026-03-30 script update, validation, reconcile print). `./scripts/run-all-operator-tasks-from-lan.sh --skip-backup` completed (NPMplus 40 hosts updated, Blockscout verification batch submitted). **Besu node lists:** push canonical `config/besu-node-lists/*` with `bash scripts/deploy-besu-node-lists-to-all.sh`; reload with `bash scripts/besu/restart-besu-reload-node-lists.sh` during a maintenance window if peers do not pick up static nodes without restart. **Documentation index:** [../MASTER_INDEX.md](../MASTER_INDEX.md) — canonical docs, deprecated list, and navigation. diff --git a/docs/00-meta/NEXT_STEPS_LIST.md b/docs/00-meta/NEXT_STEPS_LIST.md index 3c5eb1e..afe851f 100644 --- a/docs/00-meta/NEXT_STEPS_LIST.md +++ b/docs/00-meta/NEXT_STEPS_LIST.md @@ -1,11 +1,11 @@ # Next Steps (ordered) -**Last Updated:** 2026-03-06 (completion run: reconcile CCIPWETH10, runbooks, inbound table, PLACEHOLDERS, OPERATOR_CREDENTIALS, smom-dbis-138 README .env) -**Context:** Phase A mint + add-liquidity completed (Pool 1 cUSDT/cUSDC has 2M/2M). Below are remaining steps in recommended order. +**Last Updated:** 2026-03-30 — **P1 merged backlog** (platform + chain + HYBX + external + local verification IDs) added to [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md#p1--merged-backlog-2026-03-30). Local automation: `bash scripts/verify/run-p1-local-verification.sh` (`--with-iru-tests` optional). +**Context (2026-03-06):** Phase A mint + add-liquidity completed (Pool 1 cUSDT/cUSDC has 2M/2M). Below are remaining steps in recommended order. **Refs:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md), [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md), [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md). **Full execution (all + optional, suggested order):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md). -**Completion check (2026-03-06):** Full run including optional: completable ✅, validate-config ✅, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, on-chain 59/59 (check-contracts-on-chain-138.sh) ✅, unit tests 457 ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, E2E flow dry-run ✅, E2E routing ✅ (37 domains, 0 failed), operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify). **Audit (2026-03-06):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md) — required dotenv/markdown info, gaps, and recommendations. B.1/B.2 still blocked (need CRO/WEMIX); B.3 blocked (LINK/gas); A2 env set (CHAIN_138_DODO_PMM_INTEGRATION in smom-dbis-138/.env); A3/C3–C8, Phase C, LINK relay, B4/B5 remain pending or optional. +**Completion check (2026-03-06):** Full run including optional: completable ✅, validate-config ✅, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, on-chain **64/64** (check-contracts-on-chain-138.sh; ISO20022Router added 2026-03-30) ✅, unit tests 457 ✅, deployer-gas dry-run ✅, fund-ccip dry-run ✅, E2E flow dry-run ✅, E2E routing ✅ (**37** public domains **Failed: 0** on 2026-03-06; **44** on 2026-03-29 re-check), operator script --skip-backup ✅ (NPMplus RPC + Blockscout verify). **Live 2026-03-30:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). **Audit (2026-03-06):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md) — required dotenv/markdown info, gaps, and recommendations. B.1/B.2 still blocked (need CRO/WEMIX); B.3 blocked (LINK/gas); A2 env set (CHAIN_138_DODO_PMM_INTEGRATION in smom-dbis-138/.env); A3/C3–C8, Phase C, LINK relay, B4/B5 remain pending or optional. --- diff --git a/docs/00-meta/OPERATOR_READY_CHECKLIST.md b/docs/00-meta/OPERATOR_READY_CHECKLIST.md index 22b9a00..00f7651 100644 --- a/docs/00-meta/OPERATOR_READY_CHECKLIST.md +++ b/docs/00-meta/OPERATOR_READY_CHECKLIST.md @@ -7,6 +7,8 @@ **From anywhere (no LAN):** `./scripts/run-completable-tasks-from-anywhere.sh` +**One-command LAN wrapper:** `./scripts/run-full-operator-completion-from-lan.sh --dry-run` prints the full execution order starting with the token-aggregation `/api/v1` repair. Add `--fix-e2e-if-needed`, `--install-cron`, `--include-config-ready-chains`, `--include-chain138-next-steps`, and `--include-send-cross-chain --send-amount 0.01` as needed. + **Submodule working trees (no local edits in submodules):** `bash scripts/verify/submodules-clean.sh` — see [SUBMODULE_HYGIENE.md](SUBMODULE_HYGIENE.md). **Ensure this machine always has Proxmox SSH access:** `./scripts/security/ensure-proxmox-ssh-access.sh` (verifies key-based SSH to .10, .11, .12; use `--copy` to install key if missing). **NPMplus from this machine (if direct 192.168.11.167:81 unreachable):** `ssh -L 8181:192.168.11.167:81 -N root@192.168.11.11` then use `http://127.0.0.1:8181` for NPMplus API. @@ -293,6 +295,8 @@ This is intentionally deferred with the rest of the Wemix path. If the chain is ## References +- [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) — HYBX OMNL, DBIS Core, Chain 138 Smart Vaults, external RTGS, LEI/ISIN/ENS identifiers, Blockscout label sync +- [`config/dbis-institutional/README.md`](../../config/dbis-institutional/README.md) — JSON Schemas (settlement event, address registry, trust, governance, policy); `scripts/verify/sync-blockscout-address-labels-from-registry.sh` for explorer tags - [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) — full plan (required, optional, recommended) - [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) — full task list - [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — detail and completed items diff --git a/docs/00-meta/REMAINING_SUMMARY.md b/docs/00-meta/REMAINING_SUMMARY.md index 9d80df5..1b7a65e 100644 --- a/docs/00-meta/REMAINING_SUMMARY.md +++ b/docs/00-meta/REMAINING_SUMMARY.md @@ -1,7 +1,7 @@ # Remaining Work — Summary -**Last Updated:** 2026-02-27 -**Purpose:** Single place for what remains. All in-repo runnable tasks are **complete**; remaining work is **operator/LAN** or **external**. +**Last Updated:** 2026-03-30 +**Purpose:** Single place for what remains. **Live verification:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). On-chain check script target is **64/64** (expanded list; includes ISO20022Router). Remaining work is **operator/LAN**, **external**, and **open P1 rows** in [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). --- @@ -11,7 +11,7 @@ To complete all automatable steps from this repo: 1. **From anywhere (no LAN):** `./scripts/run-completable-tasks-from-anywhere.sh` - — Config validation, on-chain 59/59 check, run-all-validation --skip-genesis, reconcile-env. + — Config validation, on-chain **64/64** check (`check-contracts-on-chain-138.sh`), run-all-validation --skip-genesis, reconcile-env. 2. **From LAN (with dotenv):** `./scripts/run-all-operator-tasks-from-lan.sh` @@ -26,10 +26,10 @@ Optional: `--skip-backup` if NPM_PASSWORD not set; `--dry-run` to print steps on | Item | Status | |------|--------| | Config validation | ✅ `validate-config-files.sh` passed | -| On-chain check (Chain 138) | ✅ 59/59 contracts present | +| On-chain check (Chain 138) | ✅ **64/64** contracts present (current script list) | | run-all-validation (--skip-genesis) | ✅ Passed | | Preflight (dotenv, RPC, nonce) | ✅ Passed | -| run-all-next-steps-chain138 | ✅ Preflight; mirror/pool present; 12 c* GRU-registered; 59/59 verify | +| run-all-next-steps-chain138 | ✅ Preflight; mirror/pool present; 12 c* GRU-registered; verify with script (**64/64** today) | | run-completable-tasks-from-anywhere | ✅ All 4 steps passed | | MCP plan upgrades (8 items) | ✅ Implemented (multi-chain, Uniswap, bot_state, webhook, merge script, limits, audit, router stub) | | Optional docs/runbooks | ✅ Explorer Wallet link runbook; optional tasks checklist; merge allowlist script | diff --git a/docs/00-meta/REMAINING_TASKS.md b/docs/00-meta/REMAINING_TASKS.md index 48452ab..18466ea 100644 --- a/docs/00-meta/REMAINING_TASKS.md +++ b/docs/00-meta/REMAINING_TASKS.md @@ -1,7 +1,7 @@ # Remaining Tasks **Last Updated:** 2026-02-27 -**Purpose:** Single-page list of what is left to do. **In-repo: complete** (completable tasks, preflight, run-all-next-steps-chain138: 59/59 on-chain, 12 c* GRU-registered; MCP plan upgrades; optional runbooks). +**Purpose:** Single-page list of what is left to do. **In-repo: complete** (completable tasks, preflight, run-all-next-steps-chain138: **64/64** on-chain, 12 c* GRU-registered; MCP plan upgrades; optional runbooks). **Live log:** [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). **Summary of all remaining (operator + external):** [REMAINING_SUMMARY.md](00-meta/REMAINING_SUMMARY.md). **Detail:** [NEXT_STEPS_AND_REMAINING_TODOS.md](00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md) § Remaining tasks · **Operator commands:** [OPERATOR_READY_CHECKLIST.md](00-meta/OPERATOR_READY_CHECKLIST.md). **Task check (2026-03-02):** Each task below was verified before completion. See **[TASK_CHECK_REPORT.md](TASK_CHECK_REPORT.md)** for per-task status, what is already done (e.g. Phase 0–3, DODOPMMProvider, pools), and what still requires Operator/LAN or external submission. Completable + preflight both passed. diff --git a/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md b/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md index bbee0d6..15cb8f1 100644 --- a/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md +++ b/docs/00-meta/REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md @@ -16,7 +16,7 @@ Commands run from repo root on operator/LAN host. Use as baseline; re-run when e | Preflight | `./scripts/deployment/preflight-chain138-deploy.sh` | **PASSED** — dotenv, RPC_URL_138, PRIVATE_KEY, nonce consistent, Core RPC chainId 138. | | Core RPC (2101) | `curl -s -o /dev/null -w "%{http_code}" http://192.168.11.211:8545` | **200/201** — reachable. | | Deployer balance | `RPC_URL_138=http://192.168.11.211:8545 ./scripts/deployment/check-deployer-balance-chain138-and-funding-plan.sh` | **OK** — native ETH sufficient; WETH/cUSDT/cUSDC = 0 (add liquidity blocked until tokens funded). | -| On-chain contracts | `./scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545` | **59 present, 0 missing** (script list expanded 2026-03-06; run check-contracts-on-chain-138.sh). | +| On-chain contracts | `./scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545` | **61 present, 0 missing** (expanded list; verified live 2026-03-30; run check-contracts-on-chain-138.sh). | | Clear tx pool script | `test -f scripts/clear-all-transaction-pools.sh` | **exists** | | Maintenance scripts | `make-rpc-vmids-writable-via-ssh.sh`, `health-check-rpc-2101.sh` | **exist** | | Test-all-contracts script | `test -f scripts/deployment/test-all-contracts-before-deploy.sh` | **exists** | @@ -24,7 +24,7 @@ Commands run from repo root on operator/LAN host. Use as baseline; re-run when e | Token-aggregation /health | `curl -s -o /dev/null -w "%{http_code}" http://192.168.11.140:3001/health` (or localhost:3001) | **200** — service running and healthy at tested endpoint. | | DODOPMMIntegration token addresses (2026-03-04) | `eth_call` to `compliantUSDT()` / `compliantUSDC()` at `0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` | **PASSED** — returns canonical cUSDT/cUSDC; Explorer, mint script, and PMM aligned. See [EXPLORER_TOKEN_LIST_CROSSCHECK](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. | -**Remaining to complete (verified 2026-03-06):** Add liquidity to PMM pools once deployer has cUSDT/cUSDC (or mint); Celo/Wemix CCIP bridges; LINK relay runbook. **Done:** E2E 502s fixed 2026-03-06; operator run + Blockscout verify run 2026-03-06. **Pending:** external (Ledger, Trust, CoinGecko/CMC, on-ramps). See §4–5 and [TODOS_CONSOLIDATED](TODOS_CONSOLIDATED.md). +**Remaining to complete (verified 2026-03-06; on-chain count updated 2026-03-30):** Add liquidity to PMM pools once deployer has cUSDT/cUSDC (or mint); Celo/Wemix CCIP bridges; LINK relay runbook. **Done:** E2E 502s fixed 2026-03-06; operator run + Blockscout verify run 2026-03-06. **Live target:** `check-contracts-on-chain-138.sh` → **64/64** (ISO20022Router + canonical/legacy CCIP pair; `config/smart-contracts-master.json`). **Pending:** external (Ledger, Trust, CoinGecko/CMC, on-ramps). See §4–5 and [TODOS_CONSOLIDATED](TODOS_CONSOLIDATED.md), [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md), [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md). --- @@ -91,7 +91,7 @@ Commands run from repo root on operator/LAN host. Use as baseline; re-run when e ### 3.1 Chain 138 — already done (for reference) -- TransactionMirror, DODOPMMIntegration, three PMM pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC), DODOPMMProvider, CompliantFiatTokens (10 tokens). On-chain verification: 59/59 (check-contracts-on-chain-138.sh). See [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md). +- TransactionMirror, DODOPMMIntegration, three PMM pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC), DODOPMMProvider, CompliantFiatTokens (10 tokens). On-chain verification: **64/64** (check-contracts-on-chain-138.sh; includes ISO20022Router). See [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS](../03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md). ### 3.2 Chain 138 — remaining (optional / follow-on) diff --git a/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md b/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md index 8457e6a..b5e0ee7 100644 --- a/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md +++ b/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md @@ -7,6 +7,8 @@ **Single script (LAN + secrets):** [run-all-operator-tasks-from-lan.sh](../../scripts/run-all-operator-tasks-from-lan.sh) — **always loads dotenv** from repo `.env` and `smom-dbis-138/.env` (NPM_PASSWORD, PRIVATE_KEY, RPC, etc.). Optional phases: backup, contract verify, contract deploy, VM/container creation. Use `--dry-run` to print steps. +**Full remaining checklist wrapper:** [run-full-operator-completion-from-lan.sh](../../scripts/run-full-operator-completion-from-lan.sh) — starts with the token-aggregation `/api/v1` repair, then Wave 0, verification, E2E, optional config-ready chains, optional Chain 138 next steps, optional real `sendCrossChain`, and local hardening/cron steps. Use `--dry-run` first. + --- ## 1. Contract deployment (Chain 138) diff --git a/docs/00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md b/docs/00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md index 1a3e768..632456f 100644 --- a/docs/00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md +++ b/docs/00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md @@ -2,6 +2,8 @@ **Purpose:** Single checklist of every remaining item that could not be completed from repo-only (no LAN, no secrets, no external access). Use this when you have **LAN**, **credentials**, or **external accounts** to complete them. +**Current state (2026-03-29):** the public explorer `/api/v1/report/*` endpoints are healthy again, and the public E2E profile passed with `Failed: 0`. **Submodule gate:** `scripts/verify/submodules-clean.sh` still exits **1** (dirty `dbis_core/`, `smom-dbis-138/`) — track as [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) **P1-F08** / **R1**. What remains here is the true remainder: on-chain actions, external submissions, operator security hardening, deferred dbis_core TypeScript cleanup, and ongoing maintenance. + **Source:** [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md), [OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md). --- diff --git a/docs/00-meta/TASKS_ROUTING_SWAP_CROSSCHAIN.md b/docs/00-meta/TASKS_ROUTING_SWAP_CROSSCHAIN.md index 59a0019..978736d 100644 --- a/docs/00-meta/TASKS_ROUTING_SWAP_CROSSCHAIN.md +++ b/docs/00-meta/TASKS_ROUTING_SWAP_CROSSCHAIN.md @@ -17,7 +17,7 @@ | **Token mapping API** | ✅ | `GET /api/v1/token-mapping`, `/resolve`; source: `config/token-mapping-multichain.json`. | | **Bridge quote API** | Partial | `POST /api/bridge/quote` — sourceSwapQuote / destinationSwapQuote when configured. | | **Swap–bridge–swap** | Partial | QuoteService exists; SwapBridgeSwapCoordinator deployable; destination DEX/aggregator not wired per chain. | -| **cW* edge pools** | ❌ | pool-matrix design only; deployment-status.json empty; no cW* pools on public chains. | +| **cW* edge pools** | ❌ | cW* token addresses and bridge availability exist on active chains, but PMM pool arrays are still empty; no public-chain cW* edge pools are live yet. | | **N-hop / multi-provider** | ❌ | Single-hop only; EnhancedSwapRouter not deployed. | --- diff --git a/docs/00-meta/TASK_CHECK_REPORT.md b/docs/00-meta/TASK_CHECK_REPORT.md index 53f7c5d..a6de56c 100644 --- a/docs/00-meta/TASK_CHECK_REPORT.md +++ b/docs/00-meta/TASK_CHECK_REPORT.md @@ -11,7 +11,7 @@ | Check | Result | |-------|--------| -| **run-completable-tasks-from-anywhere.sh** | Passed — config OK, 59/59 on-chain (Chain 138), validation OK, reconcile-env printed | +| **run-completable-tasks-from-anywhere.sh** | Passed — config OK, **64/64** on-chain (Chain 138; current script list), validation OK, reconcile-env printed | | **preflight-chain138-deploy.sh** | Passed — dotenv exists, RPC Core (chainId 138), nonce consistent, no stuck txs | --- @@ -23,7 +23,7 @@ | Item | Status | Notes | |------|--------|-------| | Phase 0 (prereqs) | Satisfied | Preflight passed; .env and RPC OK | -| Phase 1 (Chain 138 core) | Done | 59/59 contracts present | +| Phase 1 (Chain 138 core) | Done | **64/64** contracts present | | Phase 2 (TransactionMirror + PMM pools) | Done | Mirror deployed; all three pools created (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) | | Phase 3 (Liquidity + DODOPMMProvider) | Partially done | DODOPMMProvider deployed at `0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`; corrected canonical stack aligned. **Remaining:** add liquidity (optional per doc) via `AddLiquidityPMMPoolsChain138.s.sol` or cast | | Phase 4–6 | Not run | Optional / other chains; Operator | diff --git a/docs/00-meta/TODOS_CONSOLIDATED.md b/docs/00-meta/TODOS_CONSOLIDATED.md index 6a15853..06da777 100644 --- a/docs/00-meta/TODOS_CONSOLIDATED.md +++ b/docs/00-meta/TODOS_CONSOLIDATED.md @@ -1,8 +1,10 @@ # TODOs — Consolidated Task List -**Last Updated:** 2026-03-28 -**Last verification run:** 2026-03-28 — completable ✅ (61/61 on-chain), operator `--skip-backup` ✅ (NPMplus 40 hosts updated, Blockscout verify batch). Prior 2026-03-06 run: validate-config ✅, check-contracts, PMM pool balances ✅ (Pool 1: 2M/2M), preflight ✅, token-aggregation build ✅, E2E routing ✅ (37 domains, 0 failed). **Mint + add-liquidity** 2026-03-06: 1M each minted, 500k each added. **Next-steps check:** [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md); B.1/B.2/B.3 partially blocked (WEMIX tabled; LINK relay runbook pending). -**Purpose:** Single checklist of all next steps and remaining tasks. **Indonesia / HYBX-BATCH-001 zip (4.995 ship-ready):** [HYBX-BATCH-001 — transaction package ship-ready](#hybx-batch-001--transaction-package-ship-ready-4995) below. **Full execution order (multiple routes + liquidity):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md). **Additional paths (registry, LiFi/Jumper, Etherlink, 13×13):** [ADDITIONAL_PATHS_AND_EXTENSIONS.md](../04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md). **Dotenv/markdown audit (required info, gaps, recommendations):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md). Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). **Routing / swap / cross-chain:** [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md) (A1–A5, B1–B8, C1–C8, D1–D3, E1–E2). **Verified list (LAN/Operator):** [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) — run bash/curl to confirm; doc updated 2026-03-03. +**Last Updated:** 2026-03-30 +**Current on-chain target (check-contracts-on-chain-138.sh):** **64/64** — **ISO20022Router** + canonical/legacy **CCIP** router and WETH9 bridge; list in `config/smart-contracts-master.json`. Re-verify from LAN — [INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md). Historical counts in [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md). Older paragraphs that say **59/59** record **that day’s** script list. + +**Last verification run (read newest bullets first):** **2026-03-29 (operator / LAN):** `validate-config-files.sh` ✅, `check-contracts-on-chain-138.sh` ✅ **61/61** (before ISO router row), `verify-end-to-end-routing.sh --profile=public` ✅ **Failed: 0** (44 domains; evidence `docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/`), `--profile=private` ✅ **Failed: 0** (`.../e2e-verification-20260329_235128/`). `submodules-clean.sh` ❌ **exit 1** — dirty **`dbis_core/`**, **`smom-dbis-138/`** (see **P1-F08** / **R1**). **2026-03-30 (repo / no deploy):** `run-completable-tasks-from-anywhere.sh` ✅, `dbis_core` `pnpm test:iru-marketplace` ✅, doc alignment **59→61** (see **P1-F07**; log file [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md)). **2026-03-28:** operator `--skip-backup` ✅ (NPMplus 40 hosts, Blockscout batch). **2026-03-06:** validate-config ✅, PMM Pool 1 **2M/2M**, preflight ✅, token-aggregation build ✅, public E2E **37** domains **Failed: 0** (smaller inventory than today’s **44**-domain public profile). **Mint + add-liquidity** 2026-03-06: 1M each minted, 500k each added. **Next-steps check:** [NEXT_STEPS_LIST.md](NEXT_STEPS_LIST.md); B.1/B.2/B.3 partially blocked (WEMIX tabled; LINK relay runbook pending). +**Purpose:** Single checklist of all next steps and remaining tasks. **Indonesia / HYBX-BATCH-001 zip (4.995 ship-ready):** [HYBX-BATCH-001 — transaction package ship-ready](#hybx-batch-001--transaction-package-ship-ready-4995) below. **Full execution order (multiple routes + liquidity):** [EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md](EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md). **Additional paths (registry, LiFi/Jumper, Etherlink, 13×13):** [ADDITIONAL_PATHS_AND_EXTENSIONS.md](../04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md). **Dotenv/markdown audit (required info, gaps, recommendations):** [DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md](DOTENV_AND_MARKDOWN_AUDIT_GAPS_AND_RECOMMENDATIONS.md). **Full narrative checklist:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). **Merged backlog IDs:** this file § **P1** (use P1 for status; NEXT_STEPS may lag until synced). **Token deployments remaining:** [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md). **Routing / swap / cross-chain:** [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md) (A1–A5, B1–B8, C1–C8, D1–D3, E1–E2). **Verified list (LAN/Operator):** [REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md) — run bash/curl to confirm; on-chain count **64** from 2026-03-30 (ISO router + CCIP legacy pair + `smart-contracts-master.json`); older log rows record earlier counts. **Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. Before Chain 138 deploy: `./scripts/deployment/preflight-chain138-deploy.sh [--cost]`. **Chain 138 next steps (all in one):** `./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify]` — preflight → mirror+pool → register c* as GRU → verify. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. **E2E flows (full parallel):** `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]` — [TASKS_TO_INCREASE_ALL_E2E_FLOWS](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). @@ -14,9 +16,80 @@ **Operator copy-paste commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — one page with exact commands for every pending todo. +**Local automation (no LAN deploys):** `bash scripts/verify/run-p1-local-verification.sh` — config validation, completable tasks, optional IRU marketplace tests. + --- -## Remaining to complete (verified 2026-03-06) +## P1 — Merged backlog (2026-03-30) + +Single table for session-merged items (platform, chain, HYBX, external, docs). **Status legend:** `Done` = verified in repo/automation (dates in Notes); `Open` = needs operator, on-chain action, commit hygiene, or external party; `N/A` = product/legal judgment only. + +### A — Platform, mail, DBIS Phoenix, marketplace methodology + +| ID | Task | Status | Notes | +|----|------|--------|--------| +| **P1-A01** | Deploy **dbis_core** Node API on Proxmox **10150/10151** (replace `python -m http.server`), systemd, merge SMTP from `/tmp/smtp.env.example` or `.env.example` | **Open** | `ALL_VMIDS_ENDPOINTS.md`, `pct` on r630-01 | +| **P1-A02** | After **PMG/Postfix** upgrades on CT **100**, re-verify **587/465** in `master.cf`; restore from `/etc/postfix/master.cf.bak.*` if needed | **Open** | Operator SSH + `pct exec 100` | +| **P1-A03** | Move **SMTP env template** off CT **/tmp** into persistent path when template CT allows | **Open** | `pct push` or provision fix | +| **P1-A04** | Fix **10150/10151** image: **`/root` owned by nobody** blocks normal admin | **Open** | Re-template LXC or idmap | +| **P1-A05** | Confirm **VMID 130** (monitoring-1) **Proxmox node** | **Open** | `pct list` per node | +| **P1-A06** | If DB has wrong **inquiry FK** to business `offeringId`, run **`dbis_core/scripts/sql/fix-iru-inquiry-offering-fk.sql`** + migrations | **Open** | Needs `DATABASE_URL` | +| **P1-A07** | **Product:** unify **native** (VMs, IPs, hosting) vs **partner** (`IruOffering`) in one catalog UX, or keep split | **Open** | See `SANKOFA_MARKETPLACE_SURFACES.md` | +| **P1-A08** | Run **`scripts/verify/check-contracts-on-chain-138.sh`** with **`cast`** + reachable Core RPC | **Done** | Same as **P1-F05**; script uses `config/smart-contracts-master.json` when present. **64/64** verified LAN RPC 2026-03-30 (canonical + legacy CCIP + ISO router). | + +### B — Chain 138, CCIP, routing (see also tables above) + +| ID | Task | Status | Notes | +|----|------|--------|--------| +| **P1-B01** | **Preflight** + deployer balance before deploys | **Open** | `preflight-chain138-deploy.sh`, `check-deployer-balance-chain138-and-funding-plan.sh` | +| **P1-B02** | **Tx pool / validator** maintenance if mint/deploy stuck | **Open** | `clear-all-transaction-pools.sh`; validator **1004** per `REMAINING_DEPLOYMENTS` / `CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS` | +| **P1-B03** | **Cronos** CCIP closure + **fund-ccip-bridges-with-link.sh** | **Open** | Needs CRO + LINK; `OPERATOR_READY_CHECKLIST` §1 | +| **P1-B04** | **Wemix** bridges | **Deferred** | `WEMIX_ACQUISITION_TABLED.md` | +| **P1-B05** | **LINK** on Mainnet relay | **Open** | `RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md` | +| **P1-B06** | **Routing A2–A8, B4–B8, C3–C8, D1–D3** | **Open** | `TASKS_ROUTING_SWAP_CROSSCHAIN.md` | +| **P1-B07** | **Phase C / D** runbooks | **Open** | `PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md`, `PHASE_D_OPTIONAL_CHECKLIST.md` | + +### C — HYBX-BATCH-001 (4.995) + +| ID | Task | Status | Notes | +|----|------|--------|--------| +| **P1-C01** | **H1–H16** strict + standard categories | **Open** | `TODOS_CONSOLIDATED` HYBX section; `INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md` | + +### D — External / third-party + +| ID | Task | Status | Notes | +|----|------|--------|--------| +| **P1-D01** | **Ledger, Trust, CoinGecko/CMC, on-ramps** | **Open** | `REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST` §4–5; rows 15–18 below | + +### E — Technical plans (reconcile with backlog) + +| ID | Task | Status | Notes | +|----|------|--------|--------| +| **P1-E01** | Reconcile **`dbis_chain_138_technical_master_plan.md`** with `TODOS_CONSOLIDATED` / `REMAINING_DEPLOYMENTS` | **Partial** | **2026-03-30:** “Repo backlog alignment” stub added to master plan + this file / live log cross-linked; full section-by-section audit still **Open** | +| **P1-E02** | Drive **`hybx_compliance_routing_sidecar_technical_plan.md`** / **`hybx_jurisdictional_cheat_sheets_technical_plan.md`** implementation tickets from repo | **Open** | **2026-03-30:** both plans now link **P1-E02**; engineering tickets / builds still **Open** | + +### F — Repo-local verification (automation) + +| ID | Task | Status | Notes | +|----|------|--------|--------| +| **P1-F01** | **`./scripts/run-completable-tasks-from-anywhere.sh`** | **Done** | 2026-03-30 | +| **P1-F02** | **`bash scripts/validation/validate-config-files.sh`** | **Done** | 2026-03-30 | +| **P1-F03** | **`cd dbis_core && pnpm test:iru-marketplace`** | **Done** | 2026-03-30 (10 tests) | +| **P1-F04** | **`bash scripts/verify/run-p1-local-verification.sh`** | **Done** | Wrapper added 2026-03-30; optional `--with-iru-tests` | +| **P1-F05** | **`check-contracts-on-chain-138.sh`** against Core RPC | **Done** | After env-load fix; **64/64** 2026-03-30 with `smart-contracts-master.json` + legacy CCIP pair (was **61/61** 2026-03-29) | +| **P1-F06** | **`verify-end-to-end-routing.sh`** `--profile=public` and `--profile=private` | **Done** | 2026-03-29; **Failed: 0**; evidence `e2e-verification-20260329_235044/` (public), `e2e-verification-20260329_235128/` (private) under `docs/04-configuration/verification-evidence/` | +| **P1-F07** | **Doc alignment:** on-chain count **61** across deployment runbooks, meta (`NEXT_STEPS_INDEX`, `GAPS_STATUS`, `DOCUMENTATION_CONSOLIDATION_PLAN`, etc.), dbis-rail, `reports/path_b_*` | **Done** | 2026-03-29–30; canonical log [LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md) | +| **P1-F08** | **`submodules-clean.sh`** — clean working trees for **`dbis_core`**, **`smom-dbis-138`** | **Open** | Commit/push submodule work, stash, or adjust CI; required for reproducible `submodules-clean` / strict gates | + +### P1 completion truth (2026-03-30) + +**Completed:** **P1-F01–F07**, **P1-A08** (on-chain check), env-load fix for `check-contracts-on-chain-138.sh`, E2E re-verify (2026-03-29), and **61→64** documentation sweep (ISO router + CCIP canonical/legacy + `smart-contracts-master.json` 2026-03-30). **Partial:** **P1-E01** (stub alignment only). **Open:** **P1-F08** (submodule hygiene); **P1-E02** and all **P1-A/B/C/D** except **A08** until operators run Proxmox/DB/CCIP/external steps. + +**Not completable from repo alone:** submodule commits (**P1-F08**), LAN deploys, CCIP/LINK funding, Ledger/Trust/CoinGecko, security audits, **dbis_core** TS cleanup at scale — see [STILL_NOT_DONE_EXECUTION_CHECKLIST.md](STILL_NOT_DONE_EXECUTION_CHECKLIST.md). + +--- + +## Remaining to complete (snapshot; V-rows updated through 2026-03-29) | # | Task | Verified | Notes | |---|------|----------|--------| @@ -24,7 +97,7 @@ | V2 | **Add liquidity (Chain 138 PMM)** | ✅ Done (2026-03-06) | Mint + add-liquidity run: 1M cUSDT/cUSDC minted, 500k each added to Pool 1. Pool 1 now 2M/2M. To add more: `cd smom-dbis-138 && ./scripts/mint-for-liquidity.sh --add-liquidity`. | | V3 | **RPC 2101 read-only** | ⚠️ If needed | Run `make-rpc-vmids-writable-via-ssh.sh` + `health-check-rpc-2101.sh` only when host I/O errors occur. Not required when preflight passes. | | V4 | **Wemix / Gnosis / Celo CCIP bridges** | 🔄 Partial | Celo + **Gnosis** CCIP bridges deployed (2026-03-04). Gnosis: 0x4ab39b5B… (WETH9), 0xC15ACdBA… (WETH10); .env updated. **Wemix tabled** (no in-repo route ETH/BNB/POLY→WEMIX; see [WEMIX_ACQUISITION_TABLED](../03-deployment/WEMIX_ACQUISITION_TABLED.md)). Cronos: set CRONOS_RPC and CCIP_ROUTER_CRONOS in .env then run deploy-bridges-config-ready-chains.sh cronos. | -| V5 | **LINK relay, E2E 502s, operator run** | 🔄 Partial | **E2E 502s** ✅ Fixed 2026-03-06 (address-all-remaining-502s.sh + NPM update; E2E 37 domains 0 failed). **Operator run** ✅ Run 2026-03-06 (NPMplus RPC fix, Blockscout verify). **LINK support runbook** ⏳ Pending — implement per [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md). | +| V5 | **LINK relay, E2E 502s, operator run** | 🔄 Partial | **E2E 502s** ✅ Fixed 2026-03-06. **Routing E2E re-check** ✅ 2026-03-29 — public 44 domains + private 4, **Failed: 0** ([LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md)). **Operator run** ✅ 2026-03-06 (NPMplus RPC fix, Blockscout verify). **LINK support runbook** ⏳ Pending — [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md). | | V6 | **External (Ledger, Trust, CoinGecko/CMC, on-ramps)** | ⏳ Pending | Per REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST §4–5. | --- @@ -65,7 +138,7 @@ ## First (before any Chain 138 deploy) -Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSDT/cUSDC = 0), config validation ✅, on-chain 59/59 ✅. Re-run 0a/0/0c before each deploy. +Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSDT/cUSDC = 0), config validation ✅, on-chain **59/59 that day** ✅. **Current bytecode check:** target **64/64** — `./scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545`. Re-run 0a/0/0c before each deploy. | # | Task | Owner | Ref | |---|------|--------|-----| @@ -130,7 +203,7 @@ Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSD | # | Task | Owner | Ref | |---|------|--------|-----| | 1 | **Wemix (1111) token addresses:** Confirm WETH, USDT, USDC on [scan.wemix.com/tokens](https://scan.wemix.com/tokens); if different official addresses, update `config/token-mapping-multichain.json` and WEMIX_TOKEN_VERIFICATION.md; run `validate-config-files.sh`. | Operator | RECOMMENDED_COMPLETION_CHECKLIST §1 | -| 2 | **Gnosis, Celo, Wemix CCIP bridges:** Per chain: set RPC, CCIP Router, LINK, WETH9/WETH10; run DeployWETHBridges; on 138 add destinations; on each new chain add 138; fund LINK; update env/docs. | Operator/LAN | CONFIG_READY_CHAINS_COMPLETION_RUNBOOK | +| 2 | **Gnosis, Celo, Wemix CCIP bridges:** **Celo + Gnosis** deployed 2026-03-04 (see **V4**). **Remain:** Cronos closure + LINK funding, Wemix (tabled), per-chain `complete-config` / env — same runbook. | Operator/LAN | CONFIG_READY_CHAINS_COMPLETION_RUNBOOK | --- @@ -139,7 +212,7 @@ Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSD | # | Task | Owner | Ref | |---|------|--------|-----| | 3 | **LINK support on Mainnet relay:** Option A or B per runbook; implement, deploy, fund LINK; set `relaySupported: true` for LINK in token-mapping.json; update docs. | Operator/LAN | RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK | -| 4 | **Run "from anywhere" checks periodically:** `./scripts/run-completable-tasks-from-anywhere.sh` | Anyone | NEXT_STEPS_FOR_YOU §2 — ✅ Run 2026-03-06 | +| 4 | **Run "from anywhere" checks periodically:** `./scripts/run-completable-tasks-from-anywhere.sh` | Anyone | NEXT_STEPS_FOR_YOU §2 — ✅ 2026-03-06; re-run after submodule or config changes | | 5 | **Placeholders (code):** All done or documented per [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) §4: canonical addresses (env), AlltraAdapter setBridgeFee, smart accounts kit (env + runbook), quote service FABRIC_CHAIN_ID (default 999), .bak ([BAK_FILES_DEPRECATION.md](../../smom-dbis-138/docs/BAK_FILES_DEPRECATION.md)). | Dev | REQUIRED_FIXES_UPDATES_GAPS | | 6 | **API keys:** Sign up per reports/API_KEYS_REQUIRED.md; add to `.env`. | Anyone | NEXT_STEPS_FOR_YOU §2 | @@ -150,7 +223,7 @@ Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSD | # | Task | Owner | Ref | |---|------|--------|-----| | 7 | **Blockscout verification:** `./scripts/run-all-operator-tasks-from-lan.sh` (loads dotenv) or `./scripts/verify/run-contract-verification-with-proxy.sh`. Last run 2026-03-06 (submissions done). | Operator/LAN | CONTRACT_DEPLOYMENT_RUNBOOK | -| 8 | **Fix E2E 502s (if needed):** ✅ Fixed 2026-03-06 (MIM4U 7810 added to fix-all-502s-comprehensive.sh; address-all-remaining-502s + NPM + E2E → 37 domains 0 failed). Re-run `./scripts/maintenance/address-all-remaining-502s.sh [--e2e]` if 502s recur. | Operator/LAN | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | +| 8 | **Fix E2E 502s (if needed):** ✅ Fixed 2026-03-06 (MIM4U 7810 added to fix-all-502s-comprehensive.sh; address-all-remaining-502s + NPM + E2E → **37** public domains **Failed: 0** that day). **2026-03-29** public profile **44** domains **Failed: 0** ([LIVE_VERIFICATION_LOG_2026-03-30.md](LIVE_VERIFICATION_LOG_2026-03-30.md)). Re-run `./scripts/maintenance/address-all-remaining-502s.sh [--e2e]` if 502s recur. | Operator/LAN | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | | 9 | **Operator tasks script:** `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. Last run 2026-03-06 (Wave 0 NPMplus RPC fix + Blockscout verify; use --skip-backup if NPM_PASSWORD unset). | Operator/LAN | STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS | | 10 | **sendCrossChain (real):** `bash scripts/bridge/run-send-cross-chain.sh 0.01` (when PRIVATE_KEY and LINK ready) | Operator/LAN | NEXT_STEPS_OPERATOR W0-2 | | 11 | **NPMplus backup:** `bash scripts/verify/backup-npmplus.sh` | Operator/LAN | NEXT_STEPS_OPERATOR W0-3 | @@ -158,6 +231,14 @@ Verified 2026-03-06: preflight ✅, 0a balance check ✅ (script runs; WETH/cUSD --- +## Repo / CI hygiene + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| R1 | **Submodule clean trees:** `bash scripts/verify/submodules-clean.sh` → exit **0** before merge/CI that enforces clean submodules. Today: dirty **`dbis_core/`**, **`smom-dbis-138/`** (modified + untracked). | Dev | **P1-F08** above; [SUBMODULE_HYGIENE.md](SUBMODULE_HYGIENE.md) | + +--- + ## E2E Flows (Full Parallel) All tasks from [TASKS_TO_INCREASE_ALL_E2E_FLOWS.md](TASKS_TO_INCREASE_ALL_E2E_FLOWS.md). Run in waves; within each wave run in **full parallel** when possible. Script: `./scripts/run-e2e-flow-tasks-full-parallel.sh [--dry-run]`. @@ -195,11 +276,13 @@ Full list: [TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md](../11-references/TOKEN_CONT ## Low priority (planned deployments) +**Note:** Numbers **L12–L14** here are **not** the same as § “When you have LAN” **#12** (mint tokens) — different sections use independent numbering. + | # | Task | Owner | Ref | |---|------|--------|-----| -| 12 | **AddressMapper on other chains:** Deploy via DeployAddressMapperOtherChain; set `mapper` in smart-contracts-master.json. (Cronos done.) | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §A | -| 13 | **DODO PMM on 138:** Integration and pools **already deployed** (2026-02-28). Remaining: add liquidity (AddLiquidityPMMPoolsChain138 / run-pmm-full-parity); document in LIQUIDITY_POOLS_MASTER_MAP. | Planned | NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS | -| 14 | **Mainnet trustless stack:** Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet) per runbook; fund liquidity. | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §C | +| L12 | **AddressMapper on other chains:** Deploy via DeployAddressMapperOtherChain; set `mapper` in smart-contracts-master.json. (Cronos done.) | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §A | +| L13 | **DODO PMM on 138:** Integration + **three pools** deployed; Pool 1 (cUSDT/cUSDC) funded **2M/2M** (2026-03-06; see **A1** / **V2**). **Still optional:** more liquidity, other pools / Phase 2 parity, `LIQUIDITY_POOLS_MASTER_MAP` updates. | Planned | NEXT_STEPS_PMM_FULL_PARITY_AND_ALL_POOLS | +| L14 | **Mainnet trustless stack:** Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet) per runbook; fund liquidity. | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §C | --- @@ -268,7 +351,7 @@ Cron: `schedule-daily-weekly-cron.sh --install`; NPMplus backup: `schedule-npmpl | Validate (Proxmox SSH) | `bash scripts/run-via-proxmox-ssh.sh validate [--host IP]` — shellcheck (full) + genesis validation; installs jq/shellcheck on host if missing | | All validation (CI) | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` | | Config files | `bash scripts/validation/validate-config-files.sh` | -| On-chain (Chain 138) | `./scripts/verify/check-contracts-on-chain-138.sh` | +| On-chain (Chain 138) | `./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL]` — expect **64/64** when Core RPC reachable (see script list) | | E2E routing | `./scripts/verify/verify-end-to-end-routing.sh` | | **Test all contracts (before deploy)** | `./scripts/deployment/test-all-contracts-before-deploy.sh` — use `--dry-run` / `--no-match "Fork|Mainnet|Integration|e2e"` / `--alltra` | | **HYBX package commitment** | `python3 scripts/omnl/verify-transaction-package-commitment.py ` | After unzip | @@ -281,7 +364,8 @@ Cron: `schedule-daily-weekly-cron.sh --install`; NPMplus backup: `schedule-npmpl All gaps and additional recommendations to implement are consolidated in: - **[TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md)** — Routing, swap, and cross-chain only: same-chain swap (A1–A5), bridges and routing (B1–B8), swap–bridge–swap (C1–C8), cW* edge pools (D1–D3), deployer gas routing (E1–E2). -- **[ADDITIONAL_RECOMMENDATIONS_TABLE.md](ADDITIONAL_RECOMMENDATIONS_TABLE.md)** — Immediate/blocking (V2–V6), pre-deploy (0a–0), high/medium/LAN (1–12), token deployments (T2–T7), low priority (12–14), external (15–18), operator R1–R24, Proxmox (1–35), code quality (36–43), documentation (44–47, 68–74), security (48–52), config/testing (53–67), infrastructure (75–81), codebase (82–91), MetaMask/explorer (92–105), Tezos/LiFi/Jumper (106–121), Besu (122–126), maintenance (135–139), E2E waves (E0–E7), operator quick reference (22). +- **[ADDITIONAL_RECOMMENDATIONS_TABLE.md](ADDITIONAL_RECOMMENDATIONS_TABLE.md)** — Immediate/blocking (V2–V6), pre-deploy (0a–0), high/medium/LAN (1–12), token deployments (T2–T7), low priority (this file uses **L12–L14** to avoid clashing with LAN **#12**), external (15–18), operator R1–R24, Proxmox (1–35), code quality (36–43), documentation (44–47, 68–74), security (48–52), config/testing (53–67), infrastructure (75–81), codebase (82–91), MetaMask/explorer (92–105), Tezos/LiFi/Jumper (106–121), Besu (122–126), maintenance (135–139), E2E waves (E0–E7), operator quick reference (22). +- **HYBX Transaction Composer** — TC1–TC29 done (2026-03-29); see [HYBX Transaction Composer backlog](#hybx-transaction-composer-backlog). - **[REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md](REQUIRED_FIXES_GAPS_AND_DEPLOYMENTS_LIST.md)** — Required fixes (§1), gaps (§2), additional deployments (§3), operator/LAN tasks (§4), external (§5), quick reference (§6). **Run in full parallel when possible** (scriptable tasks; from repo root): @@ -302,6 +386,46 @@ Run 1, 4, 5, 6 in parallel from anywhere; 2, 3, 7, 8, 9 when LAN/RPC and secrets --- +## HYBX Transaction Composer backlog + +Package: `transaction-composer/`. **Completed in app (2026-03-29):** TC1–TC29 implemented or addressed as follows (verify with `pnpm composer:test` / `pnpm composer:test:e2e`). + +| ID | Status | Implementation notes | +|----|--------|----------------------| +| **TC1** | Done | Palette: separate **Liquidity** and **FX** groups. | +| **TC2** | Done | **Stress graph** only if `import.meta.env.DEV`. | +| **TC3** | Done | `bumpFitView()` after **undo** / **redo**. | +| **TC4** | Done | **Ctrl/Cmd+Z**, **Ctrl/Cmd+Shift+Z**, **Ctrl/Cmd+Y** (outside inputs). | +| **TC5** | Done | `deleteKeyCode` + canvas `aria-label` documenting Delete/Backspace. | +| **TC6** | Done | `confirm()` before stress load. | +| **TC7** | Done | Chat list `ref` + `useEffect` scroll to bottom. | +| **TC8** | Done | `interpretPromptLocal` / `interpretPromptAsync` return `{ ok, error? }`; chat shows errors. | +| **TC9** | Done | `VITE_GRAPH_LLM_URL` + `interpretPromptViaLlm` (retries, `AbortSignal`). | +| **TC10** | Done | Chat **busy** state + **Cancel** + disabled submit while async. | +| **TC11** | Done | Bottom bar shows `lastError` in **failed** state. | +| **TC12** | Done | `signalMachineReset` on Load / Clear / Stress / chat `applyGraph`; BottomBar **RESET** XState. | +| **TC13** | Done | Dry Run **title** + Results empty-state copy. | +| **TC14** | Done | `requestResultsNav` + ResultsPanel tab switch on validate / dry-run. | +| **TC15** | Done | Banner when Load finds nothing or parse fails. | +| **TC16** | Done | **QuotaExceededError** banner on save. | +| **TC17** | Done | `transaction-composer/.env.example`. | +| **TC18** | Done | Optional `VITE_EXECUTE_API_TOKEN`; dev-only request debug log line in `client.ts`. | +| **TC19** | Done | `role="banner"` / `main` / `aside` **aria-label**s; chat `aria-live`. | +| **TC20** | Done | Palette **Add** → `enqueuePaletteAdd` / canvas center drop. | +| **TC21** | Done | Collapsible palette & chat; `min()` widths. | +| **TC22** | Done | Playwright `e2e/composer.spec.ts` (port **5182**). | +| **TC23** | Done | Vitest + RTL: `ResultsPanel.test.tsx`, `BottomBar.test.tsx`. | +| **TC24** | Done | `stressTestGraph.test.ts` (edges + store). | +| **TC25** | Done | README: Profiler + memo note (nodes already `memo`). | +| **TC26** | Done | `transaction-composer/README.md`. | +| **TC27** | Done | Export button **title** (stale JSON hint). | +| **TC28** | Done | `schemaVersion: 2` in save payload; reject future unknown versions. | +| **TC29** | Done | Palette **title** hints reference cheat sheets + sidecar plan files. | + +**Also:** `validateConnection` allows **liquidity → fee** when FX is omitted (matches interpreter graphs). **Fix:** Results “Compiled” topology line uses `orderedNodeIds.length` (was incorrect). + +--- + ## References - [TASKS_ROUTING_SWAP_CROSSCHAIN.md](TASKS_ROUTING_SWAP_CROSSCHAIN.md) — routing, swap, and cross-chain tasks (A1–A5, B1–B8, C1–C8, D1–D3, E1–E2) diff --git a/docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md b/docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md index 4038c10..7fd8a5b 100644 --- a/docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md +++ b/docs/02-architecture/DBIS_NODE_ROLE_MATRIX.md @@ -113,7 +113,7 @@ Machine-derived rows below come from `services[]` in `config/proxmox-operational | 7803 | sankofa-postgres-1 | 192.168.11.53 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application | | 7804 | gov-portals-dev | 192.168.11.54 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application | | 7805 | sankofa-studio | 192.168.11.72 | unique in template | Sankofa / Phoenix | unspecified | TBD | TBD | r630-01 | N/A | application | -| 7810 | mim-web-1 | 192.168.11.37 | shared / non-concurrent mapping — verify live owner | MIM4U | unspecified | TBD | TBD | r630-02 | N/A | standard internal | +| 7810 | mim-web-1 | 192.168.11.37 | unique live owner after 2026-03-29 ARP cleanup | MIM4U | unspecified | TBD | TBD | r630-02 | N/A | standard internal | | 7811 | mim-api-1 | 192.168.11.36 | shared / non-concurrent mapping — verify live owner | MIM4U | unspecified | TBD | TBD | r630-02 | N/A | standard internal | | 8640 | vault-phoenix-1 | 192.168.11.200 | unique in template | HashiCorp Vault | unspecified | TBD | TBD | r630-01 | N/A | management / secrets | | 8641 | vault-phoenix-2 | 192.168.11.215 | unique in template | HashiCorp Vault | unspecified | TBD | TBD | r630-01 | N/A | management / secrets | @@ -126,7 +126,7 @@ Machine-derived rows below come from `services[]` in `config/proxmox-operational | 10080 | order-eresidency | 192.168.11.43 | unique in template | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application | | 10090 | order-portal-public | 192.168.11.36 | shared / non-concurrent mapping — verify live owner | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application | | 10091 | order-portal-internal | 192.168.11.35 | shared / non-concurrent mapping — verify live owner | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application | -| 10092 | order-mcp-legal | 192.168.11.37 | shared / non-concurrent mapping — verify live owner | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application | +| 10092 | order-mcp-legal | 192.168.11.94 | unique live owner after 2026-03-29 ARP cleanup | The Order service | unspecified | TBD | TBD | r630-01 | N/A | application | | 10100 | dbis-postgres-primary | 192.168.11.105 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application | | 10101 | dbis-postgres-replica-1 | 192.168.11.106 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application | | 10120 | dbis-redis | 192.168.11.125 | unique in template | DBIS stack | unspecified | TBD | TBD | r630-01 | N/A | application | @@ -166,4 +166,3 @@ These appear in [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) - [CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md](CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md) - [VMID_ALLOCATION_FINAL.md](VMID_ALLOCATION_FINAL.md) - diff --git a/docs/02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md b/docs/02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md new file mode 100644 index 0000000..8b275f0 --- /dev/null +++ b/docs/02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md @@ -0,0 +1,127 @@ +# DBIS Web and Institution Master Blueprint + +**Status:** Executable design baseline (2026-03-30) +**Primary domain:** https://d-bis.org +**Purpose:** Canonical map for the multi-portal DBIS institutional web surface, data APIs, developer program, and machine-readable trust layer — aligned with deployed Chain 138 and Proxmox operations. + +--- + +## Canonical cross-references + +| Topic | Document | +|--------|-----------| +| Chain 138, Besu, Hyperledger, VMIDs | [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) | +| FQDN inventory and verifier | [docs/04-configuration/E2E_ENDPOINTS_LIST.md](../04-configuration/E2E_ENDPOINTS_LIST.md), [scripts/verify/verify-end-to-end-routing.sh](../../scripts/verify/verify-end-to-end-routing.sh) | +| Institutional subdomain rollout | [docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md](../04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md) | +| Data API contract (OpenAPI) | [config/dbis-data-api/openapi.yaml](../../config/dbis-data-api/openapi.yaml) | +| Trust / governance / settlement / address-registry JSON schemas | [config/dbis-institutional/schemas/](../../config/dbis-institutional/schemas/), [config/dbis-institutional/README.md](../../config/dbis-institutional/README.md) | +| OMNL + Core + Chain 138 + RTGS + Smart Vaults (narrative) | [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) | +| Members portal (OIDC, BFF, secure.d-bis.org) | [docs/03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md](../03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md) | +| Developers + Gitea org scaffolding | [docs/03-deployment/DBIS_DEVELOPERS_PORTAL_AND_GITEA_SCAFFOLDING.md](../03-deployment/DBIS_DEVELOPERS_PORTAL_AND_GITEA_SCAFFOLDING.md) | +| Sandbox and interoperability | [docs/03-deployment/DBIS_SANDBOX_INTEROP_RUNBOOK.md](../03-deployment/DBIS_SANDBOX_INTEROP_RUNBOOK.md) | +| Compliance / governance engine | [docs/03-deployment/DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md](../03-deployment/DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md) | +| HYBX compliance sidecar (technical) | [hybx_compliance_routing_sidecar_technical_plan.md](../../hybx_compliance_routing_sidecar_technical_plan.md) | + +--- + +## 1. Layered architecture + +| Layer | Authority | Notes | +|-------|-----------|--------| +| Public narrative + IA | Gov Web Portals DBIS app (Next.js), future per-subdomain frontends | Mandate, members directory, GRU storytelling, research UI | +| Settlement / ledger truth | smom-dbis-138, Besu QBFT, Hyperledger runbooks | Not replaced by web tier | +| APIs and data products | dbis-api, token-aggregation, future data.d-bis.org service | Classify: on-chain observed vs policy vs modelled | +| Developer source of truth | gitea.d-bis.org | Code, CI, releases | + +--- + +## 2. Subdomain authority map + +| Host | Boundary | First deliverable | +|------|-----------|-------------------| +| d-bis.org | Global public apex | Public portal build + trust JSON links | +| members.d-bis.org | Authenticated members | OIDC BFF; see members runbook | +| developers.d-bis.org | SDK + OpenAPI + sandbox signup | Curated site; links to Gitea | +| data.d-bis.org | Statistics + datasets | Postgres/Timescale + OpenAPI v1 | +| research.d-bis.org | Working papers | CMS or MDX pipeline | +| policy.d-bis.org | Policy publications + manifests | Versioned policy.json | +| ops.d-bis.org | Staff operations | SSO; internal runbook links | +| identity.d-bis.org | Trust anchors, DID registry reads | Docs + read API; Indy/Aries per identity runbooks | +| status.d-bis.org | SLO / uptime | Statuspage or self-hosted | +| sandbox.d-bis.org | Isolated test execution | After public read APIs stable | +| interop.d-bis.org | CBDC / cross-chain lab | CCIP / bridge runbooks | +| gitea.d-bis.org | Source control | Existing | +| docs.d-bis.org | Technical documentation | Existing | +| explorer.d-bis.org | Chain transparency | Existing | +| dbis-api.d-bis.org | Operational APIs | Existing | + +--- + +## 3. Information architecture (public routes) + +Routes implemented or specified for the DBIS portal: + +- **About:** `/about`, `/governance`, `/legal`, `/timeline`, `/headquarters` (headquarters may alias contact/regions initially). +- **Members:** `/members`, `/members/[slug]` — typed directory (JSON v1 → CMS later). +- **GRU:** `/gru/overview`, `/gru/monetary-policy`, `/gru/operations`, `/gru/technical` — content-first until legal/on-chain alignment. +- **Dashboard:** `/dashboard` — role-gated shell; public “monetary snapshot” widgets link to data.d-bis.org when live. + +--- + +## 4. Member directory metadata schema + +Minimum fields (JSON Schema in repo: `config/dbis-institutional/schemas/member-directory-entry.schema.json`): + +- `memberId`, `lei`, `name`, `jurisdiction`, `memberStatus`, `participationType`, `settlementRole`, `currencyParticipation`, `validatorRole`, `tier`, `roles[]`, `logoUrl` (optional). + +Example institution: Organisation Mondiale du Numérique (OMNL) — seed in portal `data/members.json`. + +--- + +## 5. Machine-readable trust layer + +| Resource | Path (on apex or policy host) | Schema | +|----------|-------------------------------|--------| +| Trust anchors + endpoints | `/.well-known/trust.json` | trust.schema.json | +| Governance structure | `/governance.json` | governance.schema.json | +| Policy pointers + hashes | `/policy.json` | policy-manifest.schema.json | + +Examples under `config/dbis-institutional/examples/`. Production copies served from CDN/NPM upstream with signed rotation procedures in ops runbooks. + +--- + +## 6. Data classification (APIs) + +All published metrics must declare **lineage**: + +1. **on_chain** — Derived from indexer / RPC / explorer-compatible sources. +2. **policy** — Published by policy officers; versioned documents. +3. **modelled** — Simulations or aggregates not asserted as settlement truth. + +OpenAPI `x-dbis-lineage` extension documents this per operation (see `config/dbis-data-api/openapi.yaml`). + +--- + +## 7. Phased delivery (summary) + +| Phase | Focus | +|-------|--------| +| 0 | This blueprint + schemas + OpenAPI stub + subdomain inventory | +| 1 | Public portal IA (DBIS app), static trust JSON, NPM apex | +| 2 | data.d-bis.org service + Timescale ingest | +| 3 | developers.d-bis.org + Gitea org/topics | +| 4 | members.d-bis.org MVP | +| 5 | policy, research, ops, status hosts | +| 6 | Compliance sidecar + interop lab | + +--- + +## 8. Risk register (early decisions) + +- **GRU:** Legal and communications stance before binding any “supply” metric to on-chain state. +- **members vs secure.d-bis.org:** Complement or supersede — see [DBIS_MEMBERS_PORTAL_RUNBOOK.md](../03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md). +- **Kubernetes:** Proxmox-first until a cluster program exists; avoid dual orchestration overhead. + +--- + +*This document is the web/institution counterpart to the Chain 138 technical master plan; keep cross-links updated after major deploys.* diff --git a/docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md b/docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md index f3eb631..b76ee21 100644 --- a/docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md +++ b/docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md @@ -1,8 +1,8 @@ # Public sector tenancy, service catalog, and deployment baseline -**Last Updated:** 2026-03-25 +**Last Updated:** 2026-03-30 **Status:** Canonical baseline (reconciles assurance, Phoenix intent, and repo boundaries) -**Related:** [NON_GOALS.md](NON_GOALS.md), [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [SERVICE_DESCRIPTIONS.md](SERVICE_DESCRIPTIONS.md), [BRAND_RELATIONSHIP.md](BRAND_RELATIONSHIP.md), [../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), [config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json) +**Related:** [NON_GOALS.md](NON_GOALS.md), [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [SERVICE_DESCRIPTIONS.md](SERVICE_DESCRIPTIONS.md), [BRAND_RELATIONSHIP.md](BRAND_RELATIONSHIP.md), [../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), [config/public-sector-program-manifest.json](../../config/public-sector-program-manifest.json), [../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md) --- @@ -28,6 +28,10 @@ It does **not** replace legal advice, DPIAs, or national eID supervision require | Marketplace (product) | **Service catalog** + **entitlement management** until procurement-backed billing is implemented; use **marketplace** only if contractually defined | | Wallet (in gov packs) | **Credential holder application**, **authenticator**, **SMOA client** — do not mix with **self-custody cryptocurrency wallet** language from Chain 138 / DeFi docs | +### Sankofa Marketplace: native vs partner (cross-reference) + +In program docs, **Sankofa Marketplace** may present both **native** offers (first-party infrastructure and common cloud-style services: VMs, IP addresses, app hosting, etc.) and **partner** offers (third-party / ISV products such as **SolaceNet** IRU). That split affects how you describe **SKUs**, **support ownership**, and **procurement** in RFPs and contracts. Canonical methodology, code pointers, and the three UI surfaces (Phoenix IRU catalog, client portal, Studio landing) are in **[SANKOFA_MARKETPLACE_SURFACES.md](../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md)**. For **public sector** external comms, keep using **service catalog** and **entitlements** language from the table above unless the agreement explicitly defines “marketplace.” + --- ## Deployment profiles (flexibility bridge) diff --git a/docs/02-architecture/SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md b/docs/02-architecture/SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md new file mode 100644 index 0000000..498d2d0 --- /dev/null +++ b/docs/02-architecture/SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md @@ -0,0 +1,66 @@ +# Sankofa / Phoenix Canonical Boundaries And Taxonomy + +**Status:** Canonical +**Last Updated:** 2026-03-30 + +## Purpose + +This document defines the canonical Sankofa / Phoenix boundary model so public-site, portal, marketplace, identity, and partner-program work all use the same language. + +## Surface model + +- `sankofa.nexus`: public Sankofa brand, narrative, product discovery, docs, and partner discovery +- `phoenix.sankofa.nexus`: Phoenix public division surface plus Phoenix public API paths +- `portal.sankofa.nexus`: canonical client sign-in and workspace surface +- `admin.sankofa.nexus`: client administration surface +- `dash.sankofa.nexus`: operator-only surface + +## Commercial taxonomy + +- `offer_type=native`: a Sankofa / Phoenix-operated platform or managed service +- `offer_type=partner`: a downstream partner-program or marketplace listing fulfilled by a partner or shared operating model +- `commercial_model=IRU`: long-term right-to-use / capacity / subscription construct +- `commercial_model=SaaS`: recurring provider-managed software subscription +- `commercial_model=managed_service`: provider-operated service engagement +- `commercial_model=reserved_capacity`: capacity reserved or committed for a customer +- `commercial_model=custom`: custom contractual structure not covered by the standard catalog models + +## Key rule + +IRU is a commercial model, not a marketplace category. + +That means: + +- Sankofa Marketplace stays a single commercial discovery surface. +- Native and partner offers can both use IRU when the contract structure requires it. +- Public copy should describe IRU as a right-to-use / subscription model, not as a separate marketplace. + +## Operating objects + +- `Client`: commercial, procurement, and billing boundary +- `Tenant`: identity, access-control, and security boundary +- `Subscription`: purchased or activated service relationship +- `Entitlement`: what the subscription authorizes +- `Deployment`: what is actually provisioned and running + +## Actor paths + +- `visitor`: reads public Sankofa and Phoenix content +- `prospect`: explores native offers and partner programs, then requests or initiates onboarding +- `invited_client_admin`: accepts invitation, activates client workspace, manages subscriptions and access +- `invited_tenant_user`: joins an existing tenant and operates within granted entitlements +- `partner`: manages partner onboarding, solutions, deals, and support ownership +- `internal_operator`: operates Phoenix control-plane, fulfillment, and support workflows + +## Implementation guidance + +- Public Sankofa pages should link directly to `portal.sankofa.nexus` for authenticated actions. +- Legacy `/portal/*` paths on the public web may remain as compatibility redirects, but they are not the canonical portal surface. +- Partner programs remain federated. Sankofa owns public discovery; downstream systems such as `dbis_core` may fulfill partner-program workflows. +- Catalog entries should carry explicit metadata for `offer_type`, `commercial_model`, `support_owner`, `fulfillment_mode`, `billing_mode`, and `status`. + +## Related documents + +- [SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md](./SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md) +- [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](./PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md) +- [../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md) diff --git a/docs/02-architecture/SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md b/docs/02-architecture/SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md new file mode 100644 index 0000000..ce92ff0 --- /dev/null +++ b/docs/02-architecture/SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md @@ -0,0 +1,336 @@ +# Sankofa / Phoenix complete phased execution plan + +**Last Updated:** 2026-03-30 +**Status:** Canonical execution plan for correcting and improving Sankofa / Phoenix +**Related:** [EXPECTED_WEB_CONTENT.md](EXPECTED_WEB_CONTENT.md), [PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md), [../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md), [../03-deployment/SANKOFA_PHOENIX_PUBLIC_PORTAL_ADMIN_ENDPOINT_CORRECTION_TASKS.md](../03-deployment/SANKOFA_PHOENIX_PUBLIC_PORTAL_ADMIN_ENDPOINT_CORRECTION_TASKS.md) + +--- + +## Purpose + +This document turns the Sankofa / Phoenix assessment backlog into a single phased plan that can be executed across product, UX, identity, tenancy, provisioning, and operations. + +It assumes the following model is canonical: + +- **Sankofa** = corporate / public brand +- **Phoenix** = cloud services division / control plane +- **Portal / Admin** = client SSO surfaces +- **Dash** = operator-only surface +- **Marketplace** = discovery and commercial lens across **native** and **partner** offers +- **IRU / SaaS / managed service / reserved capacity** = commercial models, not marketplace categories + +--- + +## Program goals + +1. Make the hostname and surface model match the documented intent. +2. Consolidate duplicated portal and marketplace behavior. +3. Finish the Phoenix operating model so **Client**, **Tenant**, and **Subscription** are separate first-class objects. +4. Turn onboarding into real provisioning and entitlement orchestration. +5. Make native and partner offers discoverable through one coherent catalog strategy. +6. Remove dead-end routes, duplicate UX, and misleading copy. +7. Add the testing, observability, and operational controls needed for safe iteration. + +--- + +## Out of scope for this plan + +- Rebuilding unrelated DBIS, Chain 138, or explorer systems +- Replacing Keycloak with another IdP +- Full legal / procurement policy authoring +- Broad infrastructure replatforming unless directly required by Sankofa / Phoenix surface alignment + +--- + +## Phase structure + +| Phase | Name | Primary outcome | +|------|------|-----------------| +| 0 | Decisions and canonical model | Lock architecture, terminology, and ownership boundaries | +| 1 | Surface correction | Align public, client, and operator hostnames with actual deployments | +| 2 | Catalog and offer model | Unify how native and partner offers are described and sold | +| 3 | Portal and identity consolidation | Make one canonical authenticated client experience | +| 4 | Data model migration | Implement Client / Tenant / Subscription separation | +| 5 | Onboarding and lifecycle flows | Replace stub UX with real commercial and provisioning workflows | +| 6 | Admin, partner, and fulfillment completion | Finish supported management and delivery capabilities | +| 7 | Quality, docs, and cutover | Enforce quality gates and complete production-facing documentation | + +--- + +## Phase 0 — Decisions and canonical model + +### Objectives + +- Lock the surface model for `sankofa.nexus`, `phoenix.sankofa.nexus`, `portal.sankofa.nexus`, `admin.sankofa.nexus`, and `dash.sankofa.nexus`. +- Lock the commercial taxonomy for `offer_type` and `commercial_model`. +- Lock the Phoenix object model for **Client**, **Tenant**, **Subscription**, **Entitlement**, and **Deployment**. + +### Tasks + +- Decide whether `phoenix.sankofa.nexus` is a public web surface with co-located API paths or whether public web and API will be split. +- Decide whether `admin.sankofa.nexus` is a dedicated app, a route space in the portal app, or a deferred surface. +- Decide whether the public site marketplace and `dbis_core` marketplace are one storefront, a federated storefront, or a public-site-to-program handoff. +- Publish canonical definitions for `native offer`, `partner offer`, `IRU`, `SaaS`, `managed service`, `reserved capacity`, `client`, `tenant`, `subscription`, and `entitlement`. +- Assign ownership for public site, portal, auth, catalog, and provisioning workstreams. + +### Deliverables + +- Approved Sankofa / Phoenix terminology sheet +- Approved surface map and ownership map +- Approved object model and lifecycle model + +### Exit criteria + +- No unresolved ambiguity remains around hostnames, major personas, or core object definitions. + +--- + +## Phase 1 — Surface correction + +### Objectives + +- Make the deployed web surfaces match the documented hostname model. +- Remove duplicate or misleading entrypoints. + +### Tasks + +- Make `sankofa.nexus` a pure public corporate surface. +- Make `portal.sankofa.nexus` the canonical client workspace origin. +- Make `admin.sankofa.nexus` a real client administration surface or hide it until implemented. +- Keep `dash.sankofa.nexus` operator-only with network and MFA controls. +- Resolve `phoenix.sankofa.nexus` default browser behavior for unauthenticated users. +- Remove duplicate portal behavior from the public Sankofa site or convert it to redirects. +- Fix public CTAs so they land on real destinations. +- Remove or implement dead public routes such as `solutions/sovereignty` and `portal/get-started`. + +### Deliverables + +- Correct NPM, DNS, TLS, and upstream mappings +- Public-site navigation aligned to live destinations +- One canonical client SSO entrypoint + +### Exit criteria + +- Public E2E checks pass for Sankofa, Phoenix, Portal, Admin, and related surfaces. +- Anonymous users cannot accidentally land in the wrong trust boundary. + +--- + +## Phase 2 — Catalog and offer model + +### Objectives + +- Describe native and partner offers through one consistent model. +- Represent IRU as a commercial model instead of a marketplace category. + +### Tasks + +- Create a shared offer schema covering native and partner listings. +- Add explicit fields for `offer_type`, `commercial_model`, `support_owner`, `provisioning_mode`, and `billing_mode`. +- Reclassify existing IRU-backed entries accordingly. +- Decide whether the public Sankofa marketplace and `dbis_core` marketplace share a backend, a search layer, or only a handoff contract. +- Standardize product detail pages and CTAs for self-service, request-based, and review-based offers. +- Mark seeded but nonfunctional services as preview or non-provisionable until adapters exist. +- Add support ownership and entitlement semantics for partner offers. + +### Deliverables + +- Canonical catalog schema +- Migration / mapping plan for existing marketplace data +- Shared UI rules for offer cards, detail pages, and CTAs + +### Exit criteria + +- Every offer can be explained by the same taxonomy without special-case copy. + +--- + +## Phase 3 — Portal and identity consolidation + +### Objectives + +- Remove duplicate authenticated UX. +- Make auth and session state reflect the real Phoenix model. + +### Tasks + +- Choose one canonical portal implementation and retire or redirect all duplicates. +- Keep Keycloak as the shared IdP for client-facing SSO surfaces. +- Remove or hard-gate local credential fallback in production. +- Populate `session.clientId`, `session.tenantId`, active subscription context, and roles during auth. +- Add tenant switching for users with multi-tenant membership. +- Align Keycloak groups / roles with the canonical role model. +- Implement stable invite, accept, sign-in, and recovery flows. + +### Deliverables + +- Canonical portal app +- Canonical role and session model +- Stable OIDC redirect and callback configuration + +### Exit criteria + +- Authenticated users always land on the correct tenant-aware workspace. +- No user-facing flow depends on duplicate portal codepaths. + +--- + +## Phase 4 — Data model migration + +### Objectives + +- Finish the Phoenix operating model in storage and APIs. +- Stop overloading Tenant as both identity and commercial boundary. + +### Tasks + +- Add first-class **Client** and **Subscription** entities where missing. +- Migrate billing ownership from Tenant to Client / Subscription while preserving tenant-level reporting. +- Backfill existing tenant records into the new model with migration scripts and rollback paths. +- Add Entitlement records separate from deployments. +- Define how subscriptions attach to tenants, environments, and offers. +- Update APIs, GraphQL schemas, and portal queries to use the new boundaries. +- Add lifecycle states for client, tenant, subscription, entitlement, and deployment objects. + +### Deliverables + +- Schema migration plan +- API and GraphQL contract updates +- Backfill scripts and validation reports + +### Exit criteria + +- Billing, identity, and provisioning boundaries are no longer coupled to the same table or session assumption. + +--- + +## Phase 5 — Onboarding and lifecycle flows + +### Objectives + +- Replace UI stubs with real orchestration across commercial and technical workflows. + +### Tasks + +- Replace localStorage-only onboarding with backend-driven orchestration. +- Add separate flows for prospect, invited client admin, invited tenant user, and partner applicant. +- Create or link Client, Tenant, initial roles, and default workspace settings during onboarding. +- Support offer selection during onboarding, including IRU and SaaS-style paths. +- Add qualification and document collection for regulated or review-based offerings. +- Add billing / procurement setup where required. +- Add status tracking across inquiry, qualification, approval, provisioning, activation, and renewal. +- Add notifications and operator queues for manual review steps. + +### Deliverables + +- Backend onboarding orchestrator +- Real actor-specific onboarding flows +- Lifecycle status model and audit trail + +### Exit criteria + +- A new prospect or invited user can move from first touch to active workspace without hidden manual steps. + +--- + +## Phase 6 — Admin, partner, and fulfillment completion + +### Objectives + +- Finish the management surfaces that the UI currently promises. +- Connect subscriptions and entitlements to real fulfillment. + +### Tasks + +- Implement or remove missing admin routes for organizations, users, billing, and compliance. +- Implement or remove missing partner routes for deals, onboarding, solution registration, and resources. +- Implement or remove missing sidebar routes for users, billing, security, docs, and support. +- Build organization management, user management, and access policy screens. +- Build subscription management, invoice history, payment instruments, and budget views. +- Build compliance, audit export, and residency / policy views. +- Build partner application, certification, listing, and co-sell workflows. +- Build provider adapters and fulfillment hooks for the seeded Phoenix services that are intended to be provisionable. +- Connect subscriptions to entitlements, provisioning status, and service health. + +### Deliverables + +- Real admin and partner capabilities +- Fulfillment and service management integration +- Removal of dead-end navigation + +### Exit criteria + +- Every major navigation item is either implemented, intentionally hidden, or explicitly marked as preview. + +--- + +## Phase 7 — Quality, docs, and cutover + +### Objectives + +- Prevent regression while the new model is rolled out. +- Make documentation and operational reality converge. + +### Tasks + +- Add route-existence tests so dead links fail CI. +- Add auth and session integration tests. +- Add onboarding E2E tests for each major actor path. +- Add catalog-to-subscription-to-provisioning integration tests. +- Add hostname smoke tests across Sankofa, Phoenix, Portal, Admin, and Dash. +- Add observability for auth failures, onboarding failures, entitlement mismatches, and provisioning delays. +- Update docs so IRU is consistently treated as a commercial model, not a marketplace type. +- Publish one canonical Sankofa / Phoenix architecture diagram and one canonical lifecycle diagram. +- Archive or redirect superseded docs that conflict with the new model. +- Run stakeholder sign-off across product, ops, and security before final cutover. + +### Deliverables + +- CI quality gates +- Updated canonical docs +- Production cutover checklist + +### Exit criteria + +- The new architecture is testable, supportable, and understandable without relying on tribal knowledge. + +--- + +## Recommended execution order inside phases + +1. Resolve terminology and hostname decisions first. +2. Correct the public and SSO surfaces before expanding UX. +3. Lock the catalog taxonomy before merging storefront behavior. +4. Finish identity and session context before deep portal work. +5. Migrate the data model before building full admin and billing UX. +6. Build onboarding and fulfillment on top of the corrected model. +7. Add quality gates before final cutover and doc cleanup. + +--- + +## Critical dependencies + +- Phase 1 depends on Phase 0 decisions. +- Phase 2 depends on the commercial taxonomy from Phase 0. +- Phase 3 depends on the surface decisions from Phases 0 and 1. +- Phase 4 depends on the object model from Phase 0. +- Phase 5 depends on Phase 3 auth consolidation and Phase 4 data boundaries. +- Phase 6 depends on Phases 2, 4, and 5. +- Phase 7 runs throughout but cannot close until all earlier phases have accepted outputs. + +--- + +## Definition of done + +Sankofa / Phoenix is considered corrected and improved when all of the following are true: + +- Public, client, and operator hostnames each match their intended trust boundary. +- There is exactly one canonical client portal experience. +- Native and partner offers share one coherent commercial language. +- IRU appears as a commercial model where relevant, not as a marketplace category. +- Client, Tenant, Subscription, Entitlement, and Deployment are separate operational objects. +- Onboarding creates real records, roles, and entitlements. +- Admin, partner, and support routes are real or intentionally hidden. +- Provisionable services are connected to actual fulfillment and health status. +- Route, auth, onboarding, and hostname checks are enforced in CI or operational verification. +- Canonical docs describe the same system that users and operators actually experience. diff --git a/docs/02-architecture/SANKOFA_PHOENIX_PHASE4_MIGRATION_RUNBOOK.md b/docs/02-architecture/SANKOFA_PHOENIX_PHASE4_MIGRATION_RUNBOOK.md new file mode 100644 index 0000000..52cd03a --- /dev/null +++ b/docs/02-architecture/SANKOFA_PHOENIX_PHASE4_MIGRATION_RUNBOOK.md @@ -0,0 +1,186 @@ +# Sankofa / Phoenix Phase 4 Migration Runbook + +**Status:** Draft executable runbook for the additive Client / Subscription / Entitlement migration +**Last Updated:** 2026-03-30 +**Related:** [SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md](./SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md), [SANKOFA_PHOENIX_REMAINING_TASKS.md](./SANKOFA_PHOENIX_REMAINING_TASKS.md), [SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md](./SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md) + +## Purpose + +This runbook describes how to apply, verify, and if needed roll back the additive Phoenix backend migration that introduces: + +- `clients` +- `client_users` +- `service_subscriptions` +- `entitlements` +- `tenant.client_id` +- billing-table `client_id` and `subscription_id` foreign keys + +This migration is intentionally additive-first. It does not remove the existing tenant-based reporting shape. It introduces the new commercial boundary while preserving tenant-scoped operations. + +## Scope of the current tranche + +Code already landed for this migration slice in the Sankofa API repo: + +- migration `027_client_subscription_entitlements` +- operating-model types and service +- GraphQL queries for `clients`, `client`, `myClient`, `serviceSubscriptions`, `mySubscriptions`, `entitlements`, and `myEntitlements` +- tenant bootstrap hook that creates a default client/subscription/entitlement for new tenants +- identity propagation for `clientId` and `subscriptionId` + +## Preconditions + +- Confirm the target database already includes migrations through `026_api_keys`. +- Confirm a current backup or snapshot exists for the target Postgres instance. +- Confirm application deploy artifacts are available for the Sankofa API and portal. +- Confirm Keycloak tokens or local JWTs can carry `tenant_id`, and optionally `client_id` / `subscription_id`. +- Confirm the environment has a rollback window and operator coverage. + +## Deployment order + +1. Take a database backup or snapshot. +2. Deploy the API code that understands the new fields before applying the migration. +3. Apply migration `027_client_subscription_entitlements`. +4. Restart or reload the Sankofa API. +5. Deploy the updated portal build so the workspace can display `clientId` and `subscriptionId` context. +6. Run the verification checks below. + +## Verification checklist + +### Database verification + +Run checks equivalent to the following: + +```sql +SELECT to_regclass('public.clients'); +SELECT to_regclass('public.client_users'); +SELECT to_regclass('public.service_subscriptions'); +SELECT to_regclass('public.entitlements'); +``` + +```sql +SELECT COUNT(*) AS tenants_without_client +FROM tenants +WHERE client_id IS NULL; +``` + +```sql +SELECT COUNT(*) AS subscriptions_without_client +FROM service_subscriptions +WHERE client_id IS NULL; +``` + +```sql +SELECT COUNT(*) AS entitlements_without_subscription +FROM entitlements +WHERE subscription_id IS NULL; +``` + +Expected result: + +- all four new tables exist +- `tenants_without_client = 0` after backfill completes +- `subscriptions_without_client = 0` +- `entitlements_without_subscription = 0` + +### Data-shape verification + +Spot-check a migrated tenant: + +```sql +SELECT + t.id AS tenant_id, + t.name AS tenant_name, + t.client_id, + c.name AS client_name, + s.id AS subscription_id, + s.offer_code, + s.commercial_model, + e.id AS entitlement_id, + e.entitlement_key +FROM tenants t +LEFT JOIN clients c ON c.id = t.client_id +LEFT JOIN service_subscriptions s ON s.tenant_id = t.id +LEFT JOIN entitlements e ON e.subscription_id = s.id +WHERE t.id = ''; +``` + +Expected result: + +- one linked `client` +- at least one `tenant-workspace` subscription +- at least one `tenant.workspace` entitlement + +### API verification + +Verify GraphQL with an authenticated token that has tenant context: + +```graphql +query VerifyOperatingModel { + myTenant { id clientId name } + myClient { id name status primaryDomain } + mySubscriptions { id offerName commercialModel status fulfillmentMode } + myEntitlements { id entitlementKey status } +} +``` + +Expected result: + +- `myTenant.clientId` is populated +- `myClient` resolves for tenant-scoped users +- `mySubscriptions` and `myEntitlements` return workspace records + +### Portal verification + +- Sign into `portal.sankofa.nexus`. +- Confirm the dashboard renders: + - client boundary card + - active subscription card + - entitlement summary card +- Confirm the session still works for users with only tenant-scoped claims. + +## Post-deploy monitoring + +Watch for: + +- API errors referencing `client_id` or `subscription_id` +- onboarding failures during tenant creation +- billing queries returning null where tenant-linked records should have been backfilled +- portal sessions that include tenant context but fail to resolve `myClient` + +## Rollback strategy + +Use rollback only if the migration causes runtime or data-integrity issues that cannot be contained quickly. + +### Application rollback + +1. Roll back the API deployment to the previous artifact. +2. Roll back the portal deployment if the new workspace cards cause issues. + +### Database rollback + +If the additive schema itself must be removed, run the `down` path for migration `027_client_subscription_entitlements` only after the application is off the new model. + +Rollback effects: + +- removes `clients`, `client_users`, `service_subscriptions`, and `entitlements` +- drops `client_id` from `tenants` +- drops `client_id` / `subscription_id` additions from billing tables + +### Safer partial rollback option + +Prefer this if the issue is application logic rather than schema: + +1. Keep the new tables in place. +2. Disable reads from the new GraphQL queries at the application layer. +3. Disable bootstrap of the operating-model service during tenant creation. +4. Leave the additive columns in place until a corrected deployment is ready. + +This avoids destructive churn on newly backfilled data. + +## Open follow-up work after this migration + +- move billing and invoice views to client/subscription ownership +- add onboarding persistence and workflow states +- add subscription management UI and actions +- add entitlement-aware fulfillment and deployment mapping +- add production smoke tests for hostname plus operating-model GraphQL queries diff --git a/docs/02-architecture/SANKOFA_PHOENIX_REMAINING_TASKS.md b/docs/02-architecture/SANKOFA_PHOENIX_REMAINING_TASKS.md new file mode 100644 index 0000000..9fe7270 --- /dev/null +++ b/docs/02-architecture/SANKOFA_PHOENIX_REMAINING_TASKS.md @@ -0,0 +1,117 @@ +# Sankofa / Phoenix Remaining Tasks + +**Status:** Canonical remaining-work tracker +**Last Updated:** 2026-03-30 +**Related:** [SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md](./SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md), [SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md](./SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md) + +## Purpose + +This document tracks the remaining executable work after the initial Sankofa / Phoenix boundary-correction tranche landed. + +Use this file for current status. +Use the phased execution plan for the full program shape. + +## Completed in the current tranche + +- Canonical Sankofa public-to-portal boundary established in public-site code. +- Legacy public `/portal/*` routes converted into compatibility redirects. +- Missing public routes implemented for sovereignty and partner benefits. +- Canonical taxonomy and boundary document published. +- Remaining-task tracker published and linked from the docs entrypoints. +- Portal auth/session extended with `clientId`, `tenantId`, `subscriptionId`, and canonical `roles`. +- Production-gated credentials fallback added to portal auth. +- Backend-driven onboarding API added to replace localStorage-only completion. +- Missing portal navigation destinations implemented as real preview-backed routes. +- Role-aware gating added for admin and partner route groups. +- Public and portal route-integrity tests added and passing. +- Remaining public Sankofa CTAs updated to point at canonical portal/developer/partner surfaces. +- Shared frontend offer-taxonomy helpers added in Sankofa and `dbis_core`. +- Sankofa marketplace and `dbis_core` marketplace/portal surfaces now render explicit offer metadata for native vs partner and IRU-as-commercial-model language. +- Additive Phase 4 backend migration drafted in the Sankofa API for `Client`, `ServiceSubscription`, and `Entitlement`. +- Sankofa API now propagates `clientId` and `subscriptionId` through identity, tenant auth, and GraphQL context. +- Portal dashboard now surfaces client, subscription, and entitlement context when the backend exposes it. +- Phase 4 migration verification and rollback runbook published. + +## Remaining tasks by phase + +## Phase 0 and Phase 1 follow-up + +- [ ] Confirm whether `admin.sankofa.nexus` will remain a dedicated hostname or collapse into a portal route space operationally. +- [ ] Confirm whether `phoenix.sankofa.nexus` browser-default content remains public web plus co-located API paths at cutover. +- [ ] Validate NPM, DNS, TLS, and upstream mappings against the now-canonical public/portal/admin intent. +- [ ] Add hostname smoke verification covering `sankofa`, `phoenix`, `portal`, `admin`, and `dash`. + +## Phase 2 remaining tasks + +- [ ] Push offer metadata into real backend/API payloads instead of frontend-only labeling. +- [ ] Standardize detail-page CTA behavior for: + - self-service activation + - request-only qualification + - operator-provisioned delivery +- [ ] Mark seeded Phoenix services as `preview` or `request_only` based on real fulfillment capability. +- [ ] Replace catalog-side fallback metadata with canonical server-provided metadata contracts. + +## Phase 3 remaining tasks + +- [ ] Add tenant switching for multi-tenant memberships in the portal. +- [ ] Align invite / accept / recovery / redirect flows to the new session model. +- [ ] Remove or redirect any remaining duplicate authenticated paths that bypass the canonical portal implementation. +- [ ] Extend role-aware route protection from admin/partner into the rest of the sensitive workspace areas where needed. + +## Phase 4 remaining tasks + +- [~] Add first-class `Client`, `Subscription`, and `Entitlement` entities in the Phoenix backend model. +- [~] Migrate billing ownership from tenant-level assumptions to client/subscription-level ownership. +- [ ] Preserve tenant-scoped reporting while removing tenant-as-commercial-boundary logic. +- [~] Update GraphQL and REST contracts to expose the new boundaries. +- [~] Backfill legacy tenant-bound records into the new model. +- [x] Publish rollback and verification steps for the migration. + +Phase 4 current note: + +- Additive schema, service, and GraphQL work is in place in code, but the API package still has broad pre-existing TypeScript debt outside this tranche. Full package `type-check` is not green yet. + +## Phase 5 remaining tasks + +- [ ] Turn the onboarding API stub into a real orchestration service. +- [ ] Create backend workflows for: + - prospect request + - invited client admin activation + - invited tenant user acceptance + - partner application +- [ ] Persist onboarding state, actor, approvals, and lifecycle milestones in storage. +- [ ] Add document collection, qualification, approval, and renewal state for IRU/request-based offerings. +- [ ] Add notifications and operator review queues for manual steps. + +## Phase 6 remaining tasks + +- [ ] Replace preview-backed admin pages with real data and actions. +- [ ] Replace preview-backed partner pages with real deal, onboarding, and solution workflows. +- [ ] Implement billing views, invoices, payment methods, and budget/chargeback views on the new model. +- [ ] Implement compliance and audit export surfaces. +- [ ] Connect provisionable Phoenix services to real fulfillment adapters and deployment state. +- [ ] Hide or relabel any offer that still cannot be fulfilled safely. + +## Phase 7 remaining tasks + +- [ ] Add auth/session integration tests for `clientId`, `tenantId`, `subscriptionId`, and roles. +- [ ] Add onboarding E2E coverage for each actor path. +- [ ] Add catalog-to-subscription-to-entitlement integration tests. +- [ ] Add partner-program handoff tests between Sankofa public discovery and `dbis_core`. +- [ ] Archive or redirect superseded Sankofa/Phoenix docs once the new model is the only live path. + +## External or decision-gated work + +- [ ] Production DNS / TLS / NPM changes +- [ ] Keycloak realm/client redirect cleanup in live environments +- [ ] Data migrations requiring production database access +- [ ] Fulfillment adapters that depend on external infrastructure or partner APIs +- [ ] Final business approval on hostnames, commercial policies, and procurement wording + +## Next recommended implementation order + +1. Finish Phase 2 in code and APIs so the offer taxonomy is real end-to-end. +2. Add Phase 3 role guards and tenant-switching behavior. +3. Implement Phase 4 schema and API migration for Client / Subscription / Entitlement. +4. Replace Phase 5 onboarding stub orchestration with persistent workflows. +5. Finish Phase 6 fulfillment-backed management surfaces. diff --git a/docs/03-deployment/DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md b/docs/03-deployment/DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md new file mode 100644 index 0000000..4c5dfec --- /dev/null +++ b/docs/03-deployment/DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md @@ -0,0 +1,32 @@ +# DBIS governance / compliance engine — alignment with HYBX sidecar + +**Technical baseline:** [hybx_compliance_routing_sidecar_technical_plan.md](../../hybx_compliance_routing_sidecar_technical_plan.md) + +## Functional mapping + +| DBIS Digital Master Plan capability | HYBX sidecar / stack analogue | +|-------------------------------------|-------------------------------| +| Transaction validation | Sidecar pre-flight validation hooks | +| Jurisdiction routing | Routing graph + jurisdictional cheat sheets (HYBX docs) | +| AML/KYC enforcement | Policy adapters (external screening APIs) | +| Sanctions screening | Same; audit trail to append-only store | +| Reporting automation | Event export to institutional reporting pipelines | + +## Phased integration + +1. **Document** — API contracts between settlement paths and sidecar (sync with [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](./DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) if present). +2. **Pilot** — Read-only advisory mode (log only, no block). +3. **Enforce** — Config-gated enforcement for selected corridors / asset classes. +4. **Publish** — Redacted aggregate metrics via `data.d-bis.org` with `lineage: policy` or `modelled` as appropriate. + +## Web portal touchpoints + +- **Public:** Transparency pages link to high-level compliance principles (no PII). +- **members.d-bis.org:** Institution-facing compliance attestations and simulation results. +- **developers.d-bis.org:** SDK hooks and test vectors for sandbox. + +## Ownership + +- **Product / legal:** Policy interpretation and publication on `policy.d-bis.org`. +- **Engineering:** Sidecar deployment per Proxmox/RTGS checklists. +- **Ops:** Runbooks, rotation, and incident response shared with explorer/API SLOs. diff --git a/docs/03-deployment/DBIS_DEVELOPERS_PORTAL_AND_GITEA_SCAFFOLDING.md b/docs/03-deployment/DBIS_DEVELOPERS_PORTAL_AND_GITEA_SCAFFOLDING.md new file mode 100644 index 0000000..c2feb8f --- /dev/null +++ b/docs/03-deployment/DBIS_DEVELOPERS_PORTAL_AND_GITEA_SCAFFOLDING.md @@ -0,0 +1,43 @@ +# DBIS developers.d-bis.org and Gitea scaffolding + +**Goal:** Curated developer surface at `https://developers.d-bis.org` with **deep links** to `https://gitea.d-bis.org` — not a second git host. + +## Gitea organization and topic map + +Create organizations (or top-level groups) on Gitea aligned with repository categories: + +| Org / prefix | Purpose | +|--------------|---------| +| `dbis-core` | Core runtime and shared libraries | +| `gru-ledger` | GRU ledger prototypes and specs | +| `identity-framework` | DID, Indy/Aries integration code | +| `payment-switch` | Payment and settlement adapters | +| `policy-engine` | Policy evaluation and publication tooling | +| `compliance-engine` | AML/sanctions/jurisdiction routing (see HYBX sidecar plan) | +| `sdk` | Language SDKs (Rust, Go, Java, Python, TypeScript) | +| `reference-implementations` | Sample integrators | + +**Topics** (Gitea repo labels): `chain138`, `api`, `sdk`, `spec`, `experimental`. + +## developers.d-bis.org content + +- SDK matrix with install links (npm, crates.io, etc. as published). +- OpenAPI: link to canonical `config/dbis-data-api/openapi.yaml` in proxmox repo or published copy. +- Sandbox access: application flow → credentials for `sandbox.d-bis.org`. +- **Contributing:** link to Gitea orgs and CLA (if any). + +## Scaffold (Gov Web Portals monorepo) + +Next.js app: **`developers-portal/`** in the Gov_Web_Portals monorepo. Local dev: `pnpm --filter portal-developers dev` (port **3005**). Production: `pnpm --filter portal-developers build` then `next start` behind NPMplus for `developers.d-bis.org`. + +## CI template + +Example workflow for Gitea Actions (syntax mirrors GitHub Actions in many setups): [config/gitea/dbis-ci-template/example-workflow.yml](../../config/gitea/dbis-ci-template/example-workflow.yml). + +Copy into each repo as `.gitea/workflows/ci.yml` (or enable per Gitea version docs). + +## Deployment + +1. From monorepo root: `pnpm install` and `pnpm --filter portal-developers build`. +2. NPMplus: `developers.d-bis.org` → upstream (Node host running `next start --port 3005` or equivalent). +3. Verify TLS and link checker in CI. diff --git a/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md b/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md index e5a8852..70bef47 100644 --- a/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md +++ b/docs/03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md @@ -1,14 +1,18 @@ # DBIS Hyperledger Identity Stack Decision -**Last updated:** 2026-03-28 +**Last updated:** 2026-03-29 **Purpose:** Make the Aries / AnonCreds / Ursa decision path explicit for the DBIS RTGS program so these layers do not remain vague “maybe required” items. ## Current conclusion -For the current DBIS RTGS program, the identity stack is **not yet frozen** beyond the placeholder Indy inventory. The repo and live environment do **not** currently prove: +For the current DBIS RTGS program, the identity stack is **not yet frozen** as part of the canonical RTGS rail, but the repo and live environment now prove: -- a deployed Aries agent layer -- a deployed AnonCreds issuance / verification flow +- a deployed Aries agent layer on primary `6500` +- a deployed AnonCreds-capable wallet path via ACA-Py `askar-anoncreds` + +The repo and live environment still do **not** yet prove: + +- a deployed AnonCreds issuance / verification flow in the RTGS business path - an explicit Ursa runtime dependency that operators must manage directly ## Recommended decision framework @@ -50,9 +54,9 @@ Use this option if: Reason: -- Aries / AnonCreds / Ursa are not currently deployed or proven in this environment. -- Requiring them now would expand the critical path materially. -- The current gating problems are still in banking-rail orchestration and interoperability, not identity-agent runtime. +- Aries / AnonCreds runtime is now deployed, but it is not yet integrated into the canonical RTGS flow. +- Requiring full credential issuance / verification now would still expand the critical path materially. +- The current gating problems are still in banking-rail orchestration and interoperability, not in simply hosting an identity-agent runtime. ## What must be decided if Option B is chosen @@ -94,5 +98,6 @@ Reason: ## Related artifacts - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) +- [DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md) - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) - [TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md) diff --git a/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md b/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md index fd42e60..6478f16 100644 --- a/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md +++ b/docs/03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md @@ -1,15 +1,18 @@ # DBIS Hyperledger Runtime Status -**Last Reviewed:** 2026-03-28 +**Last Reviewed:** 2026-03-29 **Purpose:** Concise app-level status table for the non-Besu Hyperledger footprint currently hosted on Proxmox. This complements the VMID inventory and discovery runbooks by recording what was actually verified inside the running containers. ## Scope This document summarizes the latest operator verification for: +- Cacti CTs: `5200`, `5201`, `5202` - FireFly CTs: `6200`, `6201` - Fabric CTs: `6000`, `6001`, `6002` - Indy CTs: `6400`, `6401`, `6402` +- Aries / AnonCreds CT: `6500` +- Caliper CT: `6600` The checks were based on: @@ -17,32 +20,45 @@ The checks were based on: - in-container process checks - in-container listener checks - FireFly API / Postgres / IPFS checks where applicable +- ACA-Py admin API and container-inspection checks where applicable +- Caliper CLI / bind / RPC reachability checks where applicable ## Current status table | VMID | Service family | CT status | App-level status | Listening ports / probe | Notes | |------|----------------|-----------|------------------|--------------------------|-------| +| `5200` | Cacti primary | Running | Healthy Besu connector gateway | `4000/tcp` Cacti API, `5000/tcp` local gRPC sidecar | Reworked from the stale two-container template into a live `ghcr.io/hyperledger/cactus-connector-besu:2024-07-04-8c030ae` runtime; container health is `healthy`; `GET /api/v1/api-server/healthcheck` returned `200`; Besu connector plugin loaded against `http://192.168.11.211:8545` / `ws://192.168.11.211:8546` | +| `5201` | Cacti secondary | Stopped | Reserved placeholder | None verified | CT exists in inventory, but no active Cacti payload was validated in this run. Treat as standby metadata until intentionally built. | +| `5202` | Cacti tertiary | Stopped | Reserved placeholder | None verified | Same disposition as `5201`: no proven Cacti workload in this review. | | `6200` | FireFly primary | Running | Healthy minimal local gateway | `5000/tcp` FireFly API, `5432/tcp` Postgres, `5001/tcp` IPFS | `firefly-core` restored on `ghcr.io/hyperledger/firefly:v1.2.0`; `GET /api/v1/status` returned `200`; Postgres `pg_isready` passed; IPFS version probe passed | | `6201` | FireFly secondary | Stopped | Formally retired until rebuilt | None verified | CT exists in inventory, but the rootfs is effectively empty and no valid FireFly deployment footprint was found. Treat this as retired / standby metadata only until it is intentionally rebuilt as a real secondary node. | -| `6000` | Fabric primary | Stopped | Reserved placeholder | None active | App-native checks found no active Fabric peer/orderer/couchdb processes, no expected listeners such as `7050` / `7051`, and no meaningful Fabric payload under `/opt`, `/etc`, or `/var`. The CT has now been stopped and retained only as a reserved placeholder. | +| `6000` | Fabric primary | Running | Operational sample network | `7050/tcp` orderer, `7051/tcp` org1 peer, `9051/tcp` org2 peer, `9443` / `9444` / `9445` operations ports | Official `fabric-samples` payload staged under `/opt/fabric`; `orderer.example.com`, `peer0.org1.example.com`, and `peer0.org2.example.com` are running; `peer channel getinfo -c mychannel` returned height `1` for both orgs. Nested LXC requires the `docker run --security-opt apparmor=unconfined` wrapper that is now part of the working setup. | | `6001` | Fabric secondary | Stopped | Reserved placeholder | None active | Same disposition as `6000`: no proven Fabric application payload or listeners, now stopped and reserved only as placeholder inventory. | | `6002` | Fabric tertiary | Stopped | Reserved placeholder | None active | Same disposition as `6000`: no proven Fabric application payload or listeners, now stopped and reserved only as placeholder inventory. | -| `6400` | Indy primary | Stopped | Reserved placeholder | None active | App-native checks found no active Indy-related processes, no expected listeners such as `9701`-`9708`, and no meaningful Indy payload under `/opt`, `/etc`, or `/var`. The CT has now been stopped and retained only as a reserved placeholder. | +| `6400` | Indy primary | Running | Healthy four-node local validator pool | `9701`-`9708/tcp` validator and client listeners | `hyperledgerlabs/indy-node:latest` now runs `indy-node-1` through `indy-node-4` under `/opt/indy/docker-compose.yml`; `systemctl is-active indy` returned `active` and `systemctl is-enabled indy` returned `enabled`; all expected `start_indy_node` listeners are bound on `0.0.0.0`. | | `6401` | Indy secondary | Stopped | Reserved placeholder | None active | Same disposition as `6400`: no proven Indy application payload or listeners, now stopped and reserved only as placeholder inventory. | | `6402` | Indy tertiary | Stopped | Reserved placeholder | None active | Same disposition as `6400`: no proven Indy application payload or listeners, now stopped and reserved only as placeholder inventory. | +| `6500` | Aries / AnonCreds primary | Running | Healthy ACA-Py agent on the `askar-anoncreds` wallet path | `8030/tcp` DIDComm endpoint, `8031/tcp` admin API | `acapy-agent` is running from `ghcr.io/openwallet-foundation/acapy-agent:py3.12-1.3-lts`; `GET /status/live` returned `{"alive": true}`; `docker inspect` confirms `--wallet-type askar-anoncreds`, `--endpoint http://192.168.11.88:8030`, and a real Indy genesis file mounted from the `6400` pool artifacts. | +| `6600` | Caliper primary | Running | Operational benchmark workspace | No inbound app port required; `npx caliper --version` returned `0.6.0` | `/opt/caliper/workspace` contains an upstream Caliper CLI install, `npx caliper bind --caliper-bind-sut besu:1.4` succeeded, `npm ls` confirms `@hyperledger/caliper-cli@0.6.0` and `web3@1.3.0`, and RPC reachability to `http://192.168.11.211:8545` was verified with `eth_blockNumber`. | ## Interpretation ### Confirmed working now +- Cacti primary (`5200`) is live as a local Cacti API with the Besu connector plugin loaded and healthy. - FireFly primary (`6200`) is restored enough to provide a working local FireFly API backed by Postgres and IPFS. +- Fabric primary (`6000`) now runs a verified official sample network with one orderer and two peers joined to `mychannel`. +- Indy primary (`6400`) now runs a verified four-node local validator pool with all expected node and client listeners active. +- Aries / AnonCreds primary (`6500`) now runs a verified ACA-Py agent with the `askar-anoncreds` wallet type against the local Indy genesis. +- Caliper primary (`6600`) now hosts a verified upstream Caliper workspace with the Besu `1.4` binding installed and Chain 138 RPC reachability confirmed. ### Present only as reserved placeholders right now -- Fabric CTs (`6000`-`6002`) -- Indy CTs (`6400`-`6402`) +- Cacti CTs (`5201`-`5202`) +- Fabric CTs (`6001`-`6002`) +- Indy CTs (`6401`-`6402`) -These should be described as reserved placeholder inventory only, not as active Fabric or Indy application nodes. Current app-native validation found no meaningful service payload, processes, or expected listeners inside those CTs, and they have now been stopped to match that reality. +These should be described as reserved placeholder inventory only. The primaries `6000` and `6400` are now active application nodes, while the secondary and tertiary CTs remain inactive inventory. ### Not currently active @@ -50,12 +66,10 @@ These should be described as reserved placeholder inventory only, not as active ## Operational follow-up -1. Keep `6200` under observation and preserve its working config/image path. -2. Do not force `6201` online unless its intended role and deployment assets are re-established from scratch. -3. For Fabric and Indy, the next step is no longer generic validation. It is either: - - deploy real app payloads onto these reserved CTs and verify them, or - - leave them stopped and classified as reserved placeholders rather than active DLT workloads. -4. Any governance or architecture document should distinguish: +1. Keep `5200`, `6000`, `6200`, and `6400` under observation and preserve their working images, config paths, and nested-Docker allowances. +2. Keep `6500` and `6600` under observation as primaries for identity-agent and benchmark-harness work, and preserve the Indy genesis handoff plus the Caliper workspace state. +3. Do not force `6201`, `5201`, `5202`, `6001`, `6002`, `6401`, or `6402` online unless their intended roles and deployment assets are re-established from scratch. +3. Any governance or architecture document should distinguish: - `deployed and app-healthy` - `container present only` - `planned / aspirational` diff --git a/docs/03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md b/docs/03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md new file mode 100644 index 0000000..a23d9c7 --- /dev/null +++ b/docs/03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md @@ -0,0 +1,257 @@ +# DBIS Identity Completion Package Runbook + +**Last updated:** 2026-03-29 +**Purpose:** Convert the remaining Aries / AnonCreds / Indy completion blocker into a concrete operator package so the final issuer bootstrap can be finished without guessing. + +## Why this exists + +The live environment already proves: + +- Indy primary `6400` runs a healthy four-node local pool. +- Aries / AnonCreds primary `6500` runs a healthy ACA-Py agent on the `askar-anoncreds` wallet path. +- Complete Credential and SMOA can already reach the live agent and use its status / proof-request surfaces. + +The remaining blocker is narrower: + +- the agent does not yet have a write-capable public DID path +- no repo-backed operator package exists for endorser / NYM registration / schema publication +- no canonical schema and credential-definition catalog is frozen for the first real issuance path + +This runbook supplies the missing package structure. + +## Current ledger target + +Based on repo-backed deployment evidence, the current first publication target is: + +- a custom DBIS local Indy pool +- specifically the four-node pool hosted on primary `6400` +- with trust scope best described as `sovereign-internal-first` + +The repo does not currently evidence: + +- Sovrin as the active publication target +- Indicio as the active publication target +- a hybrid trust fabric already wired for first publication + +So the correct current answer is: + +- publish first against the DBIS-controlled Indy network already deployed here +- then decide later whether to mirror, federate, or bridge trust into a broader external network + +## Recommended default + +Use an **author + endorser** model, not an ad hoc seed-only model. + +Reason: + +- the current ACA-Py runtime already proved wallet DID creation but not direct public-DID publication +- seed support is not enabled in the current agent build +- an endorser flow is the safer and more portable way to complete Indy / AnonCreds publication work + +## Root endorser control model + +The current repo now freezes the `dbis-root-endorser` as a **multisig-governed authority**. + +Important Indy / Aries reality: + +- the DID itself remains a single-key Indy object +- multisig is enforced around governance, approval, and key-use control +- the current frozen implementation phase is `procedural-multisig` +- the current quorum is `3-of-5` + +Canonical artifact: + +- [multisig-governance-model.json](../../reports/identity-completion/multisig-governance-model.json) + +## Required repo-backed inputs + +Before final completion, create real copies of these templates: + +| Artifact | Purpose | +|----------|---------| +| `config/production/dbis-identity-public-did-package.json` | Non-secret identity completion contract: agent URLs, ledger mode, DID ownership model, schema catalog, evidence paths | +| `config/production/dbis-identity-public-did-secrets.env` | Secret or operator-held values: admin API key, connection IDs, approver refs, optional NYM transaction file references | + +Templates are shipped in: + +- [config/production/dbis-identity-public-did-package.example.json](../../config/production/dbis-identity-public-did-package.example.json) +- [config/production/dbis-identity-public-did-secrets.example.env](../../config/production/dbis-identity-public-did-secrets.example.env) + +The current repo now also includes pre-frozen governance artifacts: + +- [governance-freeze.json](../../reports/identity-completion/governance-freeze.json) +- [dbis-namespace-reservation.json](../../reports/identity-completion/dbis-namespace-reservation.json) +- [multisig-governance-model.json](../../reports/identity-completion/multisig-governance-model.json) + +Validate them with: + +```bash +bash scripts/validation/validate-dbis-identity-package.sh \ + --package config/production/dbis-identity-public-did-package.json \ + --secrets config/production/dbis-identity-public-did-secrets.env +``` + +To validate the examples only: + +```bash +bash scripts/validation/validate-dbis-identity-package.sh \ + --package config/production/dbis-identity-public-did-package.example.json \ + --secrets config/production/dbis-identity-public-did-secrets.example.env \ + --allow-placeholders +``` + +## Minimum information that must be filled + +### Agent and ledger contract + +- Aries admin URL for `6500` +- Aries public DIDComm endpoint +- ledger type and pool name +- target ledger network and trust scope +- genesis file source or mounted location +- DID method to use for publication +- NYM write mode: `endorser` or another explicitly approved model + +### Governance / authority contract + +- who owns the issuer DID +- who approves NYM registration +- change ticket / control reference for the DID promotion +- endorser DID and alias +- endorser connection ID or invitation path +- evidence directory where publication output will be saved + +### Schema and credential-definition contract + +At least one canonical schema must be frozen with: + +- schema name +- schema version +- attribute list +- issuer alias +- credential-definition tag +- revocation decision + +### Verification / relying-party contract + +At least one first relying-party flow must be named with: + +- verifier system +- proof-request profile ID +- requested attributes +- acceptance criteria + +## Completion sequence + +### 1. Freeze the identity package + +Create the real package and secrets files from the examples, then validate them. + +Done when: + +- the validator passes without `--allow-placeholders` +- no `` markers remain + +### 2. Confirm the live runtime still matches the package + +Check: + +- ACA-Py admin on `6500` +- Indy pool on `6400` +- referenced genesis file path +- DIDComm endpoint routing + +Done when: + +- `/status/live` and `/status/ready` both pass +- the ledger reference in the package matches the actual mounted genesis + +### 3. Establish the write-capable DID path + +Use the chosen governance model to promote the issuer from a wallet-only DID to a public/write-capable DID path. + +For the recommended author + endorser model, freeze: + +- author DID alias +- endorser DID +- connection ID +- NYM registration approval / evidence reference + +Done when: + +- the public DID is recorded in the secrets file or referenced evidence +- the agent can use the chosen issuer DID for ledger-backed publication + +### 4. Publish the first canonical schema + +Publish the agreed schema from the package catalog. + +Capture: + +- schema ID +- publish timestamp +- issuer DID used +- evidence file location + +Done when: + +- the schema ID is written back into the package or its evidence directory + +### 5. Publish the first credential definition + +Use the first schema entry and publish the associated credential definition. + +Capture: + +- credential definition ID +- tag +- revocation mode +- evidence output + +Done when: + +- the credential definition ID is recorded + +### 6. Prove one real issuance and one real verification path + +The recommended first proof path is: + +1. Complete Credential as issuer +2. Aries / AnonCreds on `6500` as credential runtime +3. SMOA as verifier-facing integration surface + +Done when: + +- one credential issuance finishes against the published schema / credential definition +- one presentation request succeeds against the same catalog entry +- evidence is saved under the configured completion evidence directory + +## Evidence that should exist after completion + +- validated identity package JSON +- validated identity secrets env +- NYM / endorser approval reference +- public DID record +- schema ID record +- credential definition ID record +- one issuance result +- one verification result +- one timestamped operator note tying the evidence set together + +## What this runbook does not claim + +This runbook does not claim that: + +- a trustee seed must be stored in the repo +- the current ACA-Py runtime supports seed-based DID creation +- the public DID can be promoted without an external governance or endorser step + +Those are precisely the items that must be supplied through the completion package. + +## Related artifacts + +- [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) +- [DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md](DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md) +- [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) +- [DBIS_HYPERLEDGER_RUNTIME_STATUS.md](DBIS_HYPERLEDGER_RUNTIME_STATUS.md) +- [DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md) diff --git a/docs/03-deployment/DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md b/docs/03-deployment/DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md new file mode 100644 index 0000000..a79d542 --- /dev/null +++ b/docs/03-deployment/DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md @@ -0,0 +1,233 @@ +# DBIS Identity Endorser Handshake Runbook + +**Last updated:** 2026-03-29 +**Purpose:** Define the canonical author-to-endorser handshake for the DBIS local Indy publication path so public DID, schema, and credential-definition publication can proceed with auditable evidence. + +## Scope + +This runbook is for the current repo-backed identity target: + +- ledger: `dbis-local-indy-pool` +- trust scope: `sovereign-internal-first` +- author agent: ACA-Py on `6500` +- current ledger base: four-node Indy pool on `6400` + +This runbook does not assume: + +- Sovrin as the first publication target +- Indicio as the first publication target +- direct seed-based trustee promotion from the current ACA-Py runtime + +## Control model + +The `dbis-root-endorser` is frozen as a **multisig-governed identity authority**. + +Indy nuance: + +- the endorser DID is still a single-verkey Indy DID +- multisig is implemented around approval and key-release governance +- the current repo freezes Phase 1 as `procedural-multisig` +- the frozen quorum is `3-of-5` + +Canonical artifact: + +- [multisig-governance-model.json](../../reports/identity-completion/multisig-governance-model.json) + +## Prerequisites + +Before running this flow: + +- [dbis-identity-public-did-package.json](../../config/production/dbis-identity-public-did-package.json) exists and validates +- [dbis-identity-public-did-secrets.env](../../config/production/dbis-identity-public-did-secrets.env) exists +- governance pre-freeze is recorded in [governance-freeze.json](../../reports/identity-completion/governance-freeze.json) +- namespace reservation is recorded in [dbis-namespace-reservation.json](../../reports/identity-completion/dbis-namespace-reservation.json) +- multisig governance is recorded in [multisig-governance-model.json](../../reports/identity-completion/multisig-governance-model.json) +- the ACA-Py agent on `6500` is live +- the endorser authority has been institutionally designated +- an evidence directory exists at [reports/identity-completion](../../reports/identity-completion/README.md) + +## Governance roles + +### Root authority + +- **DBIS** is the trust-root operator for the first internal publication path + +### Initial endorser sequence + +Recommended institutional order: + +1. DBIS root endorser +2. OMNL institutional endorser +3. SMOM-OSJ governance endorser + +Only the first one is needed to cross the public-DID threshold. + +## Phase 1 — Create the author DID + +Use the ACA-Py wallet path to create the author DID that will later be promoted to public/write-capable status. + +Current repo-aligned pattern: + +```bash +curl -fsS -X POST http://192.168.11.88:8031/wallet/did/create \ + -H 'Content-Type: application/json' \ + -d '{"method":"sov","options":{"key_type":"ed25519"}}' +``` + +Capture from the response: + +- `did` +- `verkey` + +Write the values into: + +- `roles.author.publicDid` once promoted +- `roles.author.verkey` + +And record evidence in: + +- `reports/identity-completion/author-did.json` + +## Phase 2 — Establish the DIDComm connection + +Create the author-to-endorser DIDComm relationship. + +Author-side invitation pattern: + +```bash +curl -fsS -X POST http://192.168.11.88:8031/connections/create-invitation +``` + +Endorser-side receive pattern: + +```bash +curl -fsS -X POST /connections/receive-invitation \ + -H 'Content-Type: application/json' \ + -d @invitation.json +``` + +The exact invitation transport may vary by endorser deployment, but the required output is the same: + +- one durable `ENDORSER_CONNECTION_ID` + +Write it into: + +- `ENDORSER_CONNECTION_ID` in [dbis-identity-public-did-secrets.env](../../config/production/dbis-identity-public-did-secrets.env) + +And record evidence in: + +- [endorser-connection.json](../../reports/identity-completion/templates/endorser-connection.json) + +## Phase 3 — Request author write legitimacy + +This is the governance handoff where the endorser approves the author for ledger-backed publication. + +Required outputs: + +- endorser alias +- endorser DID +- approval reference or signature record +- any transaction payload reference used for the NYM write + +Important: + +- the exact endorsement endpoint and payload shape can vary by ACA-Py build and transaction-endorsement configuration +- treat the evidence output as canonical even if the low-level API path differs + +Write the results into: + +- `roles.endorser.alias` +- `roles.endorser.did` +- `DBIS_IDENTITY_APPROVAL_TICKET` + +And record evidence in: + +- [endorser-approval.json](../../reports/identity-completion/templates/endorser-approval.json) + +## Phase 4 — Accept the Transaction Author Agreement + +Before irreversible ledger writes, accept the TAA on the writing path. + +Repo-aligned command pattern: + +```bash +curl -fsS -X POST http://192.168.11.88:8031/ledger/taa/accept \ + -H 'Content-Type: application/json' \ + -d '{"mechanism":"service_agreement","version":"","text":""}' +``` + +Record evidence in: + +- `reports/identity-completion/taa-acceptance.json` + +## Phase 5 — Publish the public DID + +This is the first irreversible step in the sovereign publication path. + +Repo-aligned command pattern: + +```bash +curl -fsS -X POST http://192.168.11.88:8031/ledger/register-nym \ + -H 'Content-Type: application/json' \ + -d '{"did":"","verkey":"","alias":"dbis-issuer-author","role":"ENDORSER"}' +``` + +Expected outcome: + +- public DID becomes ledger-backed +- a transaction sequence number or equivalent ledger confirmation is returned + +Write the values into: + +- `DBIS_IDENTITY_PUBLIC_DID` +- `DBIS_IDENTITY_PUBLIC_DID_VERKEY` +- `roles.author.publicDid` + +And record evidence in: + +- [public-did-publication.json](../../reports/identity-completion/templates/public-did-publication.json) + +## Phase 6 — Publish schema and credential definition + +Only after the public DID exists: + +1. publish the first canonical schema +2. publish the first credential definition + +Record evidence in: + +- [schema-publication.json](../../reports/identity-completion/templates/schema-publication.json) +- [creddef-publication.json](../../reports/identity-completion/templates/creddef-publication.json) + +## Phase 7 — Prove issuance and verification + +The first canonical relying-party flow remains: + +1. Complete Credential issues +2. Aries / AnonCreds on `6500` handles credential runtime +3. SMOA verifies + +Record evidence in: + +- [issuance-result.json](../../reports/identity-completion/templates/issuance-result.json) +- [verification-result.json](../../reports/identity-completion/templates/verification-result.json) + +## Completion gate + +This handshake is complete only when all of the following exist: + +- validated package and secrets files +- `ENDORSER_CONNECTION_ID` +- named endorser alias and DID +- TAA acceptance evidence +- public DID publication evidence +- schema publication evidence +- credential-definition publication evidence +- one issuance evidence file +- one verification evidence file + +## Related artifacts + +- [DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md) +- [dbis-identity-public-did-package.json](../../config/production/dbis-identity-public-did-package.json) +- [validate-dbis-identity-package.sh](../../scripts/validation/validate-dbis-identity-package.sh) diff --git a/docs/03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md b/docs/03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md new file mode 100644 index 0000000..719ff62 --- /dev/null +++ b/docs/03-deployment/DBIS_MEMBERS_PORTAL_RUNBOOK.md @@ -0,0 +1,30 @@ +# DBIS members.d-bis.org — MVP runbook + +## Relationship to secure.d-bis.org + +| Host | Intended use | +|------|----------------| +| **secure.d-bis.org** | Existing authenticated DBIS frontend (inventory: VMID/backends per [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)). | +| **members.d-bis.org** | Sovereign **member institution** portal: OIDC login, institution-scoped dashboard, settlement **read/simulation** tools, policy voting UI (phased). | + +**Decision (default):** **Complement** — keep `secure.d-bis.org` for current operator/staff flows; introduce `members.d-bis.org` for central-bank-style members with stronger RBAC and audit. **Supersede** only after data migration and SSO client cutover. + +## Architecture + +1. **Edge:** NPMplus TLS termination → BFF (Next.js Route Handlers or small Go service). +2. **Auth:** OIDC (Keycloak or equivalent) — reuse patterns from Sankofa portal runbooks where applicable. +3. **Session:** HTTP-only cookies; CSRF on mutations. +4. **Backend:** mTLS from BFF to internal read APIs (`dbis-api`, future data API); no direct browser access to LAN RPC. +5. **DID (phase 2+):** Wallet or credential presentation (Indy/Aries) **after** [DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](./DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md) milestones. + +## Audit log + +Append-only store for: login, policy votes, settlement simulation runs, document downloads. Minimum fields: `ts`, `actor_sub`, `institution_id`, `action`, `payload_hash`, `ip_hash`. + +## Operator checklist + +- [ ] DNS + NPM host `members.d-bis.org` +- [ ] OIDC client + redirect URIs +- [ ] BFF deployed with secrets from vault/.env (not in git) +- [ ] mTLS certs issued for BFF → internal APIs +- [ ] Entry in [E2E_ENDPOINTS_LIST.md](../04-configuration/E2E_ENDPOINTS_LIST.md) when live diff --git a/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md b/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md new file mode 100644 index 0000000..ea0e935 --- /dev/null +++ b/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md @@ -0,0 +1,347 @@ +# DBIS OMNL -> Indonesia / BNI E2E Executable Task List + +**Last updated:** 2026-03-29 +**Purpose:** Convert the Indonesia / BNI blueprint into an ordered task list with concrete outputs, commands, and production gates. + +This checklist is intentionally split into: + +- tasks that can be completed now with the current repo, LAN access, and deployed first-slice runtime +- tasks that require BNI-side or correspondent-bank contract material before the lane can be declared live + +## 1. Working definition of done + +Use these completion levels: + +### Level A - Integration-ready + +The local platform is ready for BNI integration work when all of the following are true: + +1. the RTGS first-slice runtime is healthy +2. the OMNL proving rail is repeatable with current Indonesia artifacts +3. `mifos-fineract-sidecar`, `server-funds-sidecar`, and `off-ledger-2-on-ledger-sidecar` each have one concrete validated business-path check +4. the evidence package can be rebuilt and verified from current repo-backed materials + +### Level B - BNI-live-ready + +The BNI lane is ready for live activation when all of the following are true: + +1. a BNI counterparty profile is frozen +2. the BNI route and message/auth contract are frozen +3. one BNI-connected domestic flow completes and reconciles +4. the Indonesia transmission and 4.995 evidence gates pass + +## 1A. Execution status + +As of `2026-03-29`, the repo-backed and live-operator-executable portion of this checklist has been completed through Level A. + +- Level A status: achieved +- Level B status: not achieved +- Execution record: `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md` + +## 2. Current hard blockers + +These are known blockers from the current repo-backed state: + +- no live BNI endpoint, auth contract, or final message contract is currently evidenced +- no BNI-specific OMNL office bootstrap script exists yet; only the Bank Kanaya reference path exists +- no BNI-connected sidecar/message/auth path is yet proven end to end against a real BNI endpoint + +Do not claim the BNI lane is live until those blockers are closed. + +## 3. Ordered task list + +### Phase 1 - Prove the current first-slice baseline + +- [ ] Run the first-slice runtime verification wrapper: + +```bash +bash scripts/verify/check-dbis-rtgs-first-slice.sh +``` + +Done when: +- CT `5802`, `5803`, and `5804` are up +- local service checks succeed +- Fineract is reachable from the sidecar CTs + +- [ ] Verify the deployed sidecar endpoints match the canonical inventory: + +```bash +curl -sf http://192.168.11.89:8080/actuator/health/readiness +curl -sf http://192.168.11.90:8080/actuator/health/readiness +curl -sf http://192.168.11.92:8080/conversion/nonexistent-id/status || true +``` + +Reference: +- `5802` `rtgs-scsm-1` +- `5803` `rtgs-funds-1` +- `5804` `rtgs-xau-1` + +Done when: +- the SCSM and funds sidecars return healthy readiness +- the XAU sidecar responds on its documented API surface + +- [ ] Freeze the first-slice role boundaries in the working docs: + - FireFly role + - whether `server-funds-sidecar` is mandatory for the first live BNI path + - whether Chain 138 is mandatory settlement or evidence-only for the first BNI run + +Update: +- `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md` +- `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md` + +Done when: +- those role decisions are recorded in repo-backed docs + +### Phase 2 - Freeze the OMNL proving rail using the current Indonesia reference path + +- [ ] Validate the OMNL script rail: + +```bash +bash scripts/omnl/validate-rail.sh +OUT_DIR=./output/omnl-discovery bash scripts/omnl/omnl-discovery.sh +``` + +Done when: +- `validate-rail.sh` exits `0` +- discovery output is refreshed under `output/omnl-discovery/` + +- [ ] Ensure the required GL rails exist: + +```bash +bash scripts/omnl/omnl-gl-accounts-create.sh +bash scripts/omnl/omnl-gl-accounts-fx-gru-create.sh +bash scripts/omnl/resolve_ids.sh +``` + +Done when: +- the GL set exists +- `ids.env` resolves the required OMNL IDs cleanly + +- [ ] Rebuild the current Indonesia proving beneficiary on OMNL using the Bank Kanaya reference path: + +```bash +DRY_RUN=1 bash scripts/omnl/omnl-office-create-bank-kanaya.sh +bash scripts/omnl/omnl-office-create-bank-kanaya.sh +``` + +Done when: +- the Bank Kanaya office exists +- the OMNL office ID matches the expected proving lane + +- [ ] Run the reference PvP clearing path: + +```bash +DRY_RUN=1 bash scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh +DRY_RUN=0 OFFICE_ID_HO=1 OFFICE_ID_KANAYA=21 bash scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh +``` + +Done when: +- the expected journal entries are posted +- JE IDs are recorded in `docs/04-configuration/mifos-omnl-central-bank/OMNL_API_PUSH_STATUS.md` + +- [ ] Refresh the live OMNL snapshot used by the Indonesia package: + +```bash +OUT_DIR=. bash scripts/omnl/omnl-transaction-package-snapshot.sh +``` + +Done when: +- `omnl_transaction_package_snapshot.json` is regenerated +- `snapshotMeta.source` is `live-api` + +### Phase 3 - Validate the deployed sidecar business paths + +- [ ] Re-run one authenticated SCSM transfer against the live OMNL rail. + +Use: +- `POST /api/v1/transfers` on `http://192.168.11.89:8080` + +Reference repo: +- `/home/intlc/projects/HYBX_Sidecars/mifos-fineract-sidecar` + +Done when: +- a transfer returns a terminal success state +- OMNL journal entries are visible for the same correlation/message ID +- the request/response pair is archived in the working evidence set + +- [ ] Validate one funds approval path through the deployed funds sidecar. + +Use: +- `POST /api/v1/funds/transfers/initiate` +- `POST /api/v1/funds/transfers/approve` +- `GET /api/v1/funds/transfers/{id}` +- `POST /api/v1/funds/settlement/events` + +Target: +- `http://192.168.11.90:8080` + +Done when: +- one initiate/approve/status cycle completes +- the resulting transfer ID is tied back to OMNL-side accounting or settlement evidence + +- [ ] Validate one off-ledger to on-ledger conversion path through the deployed XAU sidecar. + +Use one of the documented paths: +- staged flow: `/xau/lock` -> `/conversion/initiate` -> `/conversion/settle` -> `/conversion/extinguish` -> `/xau/release` +- atomic flow: `/conversion/execute` + +Target: +- `http://192.168.11.92:8080` + +Done when: +- one conversion reaches a terminal success state +- the conversion ID is tied to OMNL references and, if in scope, a Chain 138 transaction reference + +### Phase 4 - Create the missing BNI-specific integration artifacts + +- [ ] Create and freeze the BNI counterparty profile. + +It must include: +- institution identifiers +- beneficiary validation rules +- account structure +- allowed currency pairs +- reporting obligations + +Suggested artifact: +- `docs/04-configuration/mifos-omnl-central-bank/BNI_COUNTERPARTY_PROFILE.md` + +- [ ] Freeze the BNI route contract. + +Decide and document whether BNI is: +- direct beneficiary bank +- intermediary settlement bank +- correspondent / nostro bank + +Also freeze: +- final message family +- final endpoint/auth model +- account-validation contract + +Suggested artifact: +- `docs/04-configuration/mifos-omnl-central-bank/BNI_ROUTE_AND_MESSAGE_CONTRACT.md` + +- [ ] Freeze Indonesia-specific operating controls for the BNI route. + +It must include: +- cut-off times +- business/value-date rules +- holiday calendars +- exception/return handling +- maker-checker approvals + +Suggested artifact: +- `docs/04-configuration/mifos-omnl-central-bank/BNI_OPERATIONAL_CONTROLS.md` + +- [ ] Create the missing OMNL bootstrap artifact for BNI. + +Choose one: +1. add a new script, for example `scripts/omnl/omnl-office-create-bni.sh` +2. add a checked-in manual API payload/runbook for creating the BNI office in OMNL + +Done when: +- the BNI office can be created idempotently +- the external ID and office mapping are frozen in repo-backed state + +### Phase 5 - Execute the first BNI-connected dry run + +- [ ] Create the BNI office in OMNL using the new BNI bootstrap artifact. + +Done when: +- the office exists +- the office ID, external ID, and beneficiary-bank mapping are recorded + +- [ ] Run the BNI-equivalent accounting leg on OMNL. + +This must cover: +- debit source leg +- credit beneficiary or settlement leg +- due-to / due-from leg if applicable +- FX reserve / treasury leg if applicable + +Done when: +- the expected JE family exists in OMNL +- the accounting references are tied to the intended BNI message or payment instruction + +- [ ] Dispatch the first BNI-connected outbound message on the frozen route. + +Use the route contract from Phase 4. + +Done when: +- the outbound message is accepted +- the message ID, end-to-end ID, and settlement reference are recorded + +- [ ] Capture inbound status and bank confirmation. + +Done when: +- a status message, statement extract, or explicit confirmation is received +- exceptions are recorded if the path does not settle cleanly + +### Phase 6 - Reconciliation and evidence package + +- [ ] Reconcile the completed flow across all systems. + +Minimum reconciliation set: +- sidecar request vs OMNL journal +- OMNL journal vs office balances +- external bank confirmation vs OMNL settlement state +- sidecar correlation IDs vs package references +- on-chain event vs off-ledger event if Chain 138 is in scope + +Done when: +- the reconciliations are written and repeatable + +- [ ] Build and verify the Indonesia package: + +```bash +bash scripts/omnl/build-transaction-package-zip.sh +python3 scripts/omnl/verify-transaction-package-commitment.py +bash scripts/omnl/check-transaction-package-4995-readiness.sh +bash scripts/omnl/check-transaction-package-4995-readiness.sh --strict +``` + +Done when: +- the package builds +- commitment verification passes +- strict 4.995 readiness passes + +- [ ] Complete the transmission gate: + +Use: +- `docs/04-configuration/mifos-omnl-central-bank/INDONESIA_TRANSMISSION_READINESS_CHECKLIST.md` + +Done when: +- the final zip is encrypted per policy +- the final hash is recorded in SUBREG +- audit retention is scheduled for 10+ years + +## 4. Exit gates + +### Exit gate for Level A - Integration-ready + +All of the following must be true: + +1. Phase 1 is complete +2. Phase 2 is complete +3. Phase 3 is complete +4. the package can be rebuilt and verified without missing local artifacts + +### Exit gate for Level B - BNI-live-ready + +All of the following must be true: + +1. Phase 4 is complete +2. Phase 5 is complete +3. Phase 6 is complete +4. the Indonesia / BNI domestic banking row can be moved from `Planned` to `Complete` in the RTGS matrix + +## 5. Canonical references + +- `docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md` +- `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md` +- `docs/03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md` +- `docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md` +- `docs/04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md` +- `docs/04-configuration/mifos-omnl-central-bank/INDONESIA_TRANSMISSION_READINESS_CHECKLIST.md` +- `scripts/verify/check-dbis-rtgs-first-slice.sh` +- `scripts/omnl/README.md` diff --git a/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md b/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md new file mode 100644 index 0000000..9300b5f --- /dev/null +++ b/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md @@ -0,0 +1,109 @@ +# DBIS OMNL -> Indonesia / BNI E2E Execution Status — 2026-03-29 + +**Run date:** 2026-03-29 +**Scope:** Complete everything currently executable from the repo and live first-slice runtime, including operator and banking commands that do not depend on a live BNI endpoint or external BNI contract materials. + +## 1. Outcome + +The locally executable portion of the Indonesia / BNI path is complete. + +- RTGS first-slice runtime verification: passed +- OMNL Indonesia reference rail: passed +- Live SCSM path: passed +- Live funds sidecar path: passed +- Live XAU conversion path: passed +- Transaction package build: passed +- Transaction package commitment verification: passed +- `4.995` strict readiness gate: passed + +This establishes **Level A - Integration-ready** from the executable task list. + +It does **not** establish **Level B - BNI-live-ready**, because no live BNI endpoint, route contract, auth contract, or BNI-specific counterparty package is evidenced in the repo-backed state. + +## 2. Commands completed + +### Baseline and OMNL rail + +- `bash scripts/verify/check-dbis-rtgs-first-slice.sh` +- `bash scripts/omnl/validate-rail.sh` +- `OUT_DIR=./output/omnl-discovery bash scripts/omnl/omnl-discovery.sh` +- `bash scripts/omnl/omnl-gl-accounts-create.sh` +- `bash scripts/omnl/omnl-gl-accounts-fx-gru-create.sh` +- `bash scripts/omnl/resolve_ids.sh` +- `DRY_RUN=1 bash scripts/omnl/omnl-office-create-bank-kanaya.sh` +- `bash scripts/omnl/omnl-office-create-bank-kanaya.sh` +- `DRY_RUN=1 OFFICE_ID_HO=1 OFFICE_ID_KANAYA=21 bash scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh` +- `DRY_RUN=0 OFFICE_ID_HO=1 OFFICE_ID_KANAYA=21 bash scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh` +- `OUT_DIR=. bash scripts/omnl/omnl-transaction-package-snapshot.sh` + +### Live sidecar paths + +- Live SCSM transfer on `http://192.168.11.89:8080/api/v1/transfers` +- Live funds initiate/approve/status/settlement-event flow on `http://192.168.11.90:8080/api/v1/funds/...` +- Live XAU collateral/create/execute/status flow on `http://192.168.11.92:8080/...` + +### Package and readiness + +- `bash scripts/omnl/build-transaction-package-zip.sh` +- `python3 scripts/omnl/verify-transaction-package-commitment.py output/transaction-package-HYBX-BATCH-001` +- `bash scripts/omnl/check-transaction-package-4995-readiness.sh output/transaction-package-HYBX-BATCH-001` +- `bash scripts/omnl/check-transaction-package-4995-readiness.sh --strict output/transaction-package-HYBX-BATCH-001` + +## 3. Live execution references + +### OMNL reference rail + +- Bank Kanaya live OMNL office ID: `21` +- PvP clearing HO transaction ID: `a16a59f732b7` +- PvP clearing Bank Kanaya transaction ID: `64e2783b2ad79` + +### SCSM + +- Message ID: `1c274238-ed0b-494d-ab89-7df76b946fea` +- Sidecar transaction ID: `a16a5be41d6f` +- OMNL evidence: journal comments `SCSM transfer 1c274238-ed0b-494d-ab89-7df76b946fea` + +### Funds sidecar + +- Message ID: `da334ccc-7169-447a-996e-1a18d9e5e7e9` +- Transfer ID: `xf-2ed1e4fb-15bf-4cbe-9389-1c0099e373cd` +- Approval transaction ID: `a16a5c45a94f` +- OMNL evidence: journal comments `Funds transfer approval xf-2ed1e4fb-15bf-4cbe-9389-1c0099e373cd / da334ccc-7169-447a-996e-1a18d9e5e7e9` + +### XAU conversion sidecar + +- Collateral ID: `57d8f75f-6b80-4f72-a068-af71f6007422` +- Conversion ID: `806add06-949c-444a-b720-5ffaa306e943` +- Terminal state: `COMPLETED` +- OMNL evidence: journal comments `XAU conversion / 806add06-949c-444a-b720-5ffaa306e943` + +## 4. Package outputs + +- Snapshot: `omnl_transaction_package_snapshot.json` +- ZIP: `transaction-package-HYBX-BATCH-001.zip` +- Unzipped verification root: `output/transaction-package-HYBX-BATCH-001` + +Strict gate result: + +- `=== RESULT: 4.995 STRICT GATE — PASS (all categories attested + structural) ===` + +## 5. Repo corrections made during execution + +The live OMNL tenant resolves Bank Kanaya as office `21`, not `22`. During execution, the checked-in operator and package artifacts were updated so the repo matches the live tenant: + +- `scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh` +- `scripts/omnl/build-transaction-package-zip.sh` +- `scripts/omnl/generate-transaction-package-evidence.py` +- related Indonesia / Bank Kanaya documentation under `docs/04-configuration/mifos-omnl-central-bank/` + +## 6. Remaining blockers + +The following items are still not executable from the current repo-backed state: + +- BNI counterparty profile freeze +- BNI route and message/auth contract freeze +- BNI-specific OMNL bootstrap artifact +- live BNI endpoint dispatch and confirmation +- BNI-connected reconciliation and return path + +Those are the remaining blockers to **Level B - BNI-live-ready**. diff --git a/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md b/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md index 608ee9a..37b3a84 100644 --- a/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md +++ b/docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md @@ -423,6 +423,7 @@ The OMNL → Indonesia / BNI → global-bank flow is only fully complete when: ## Related artifacts +- [DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md](DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md) - [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md) - [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) - [HYBX_BATCH_001_OPERATOR_CHECKLIST.md](../04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md) diff --git a/docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md b/docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md index 7270097..6534256 100644 --- a/docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md +++ b/docs/03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md @@ -19,13 +19,13 @@ | Explorer / Blockscout | Complete. Explorer routes, APIs, token metadata, and RPC capability metadata are live. | Ongoing explorer API, token metadata, and wallet metadata compatibility. | Maintain explorer health, indexing freshness, metadata accuracy, and route stability. | DBIS / explorer ops | Explorer routes, APIs, and metadata remain healthy and consistent with Chain 138 runtime. | | FireFly primary `6200` | Partial. Restored as a minimal local FireFly API footprint, not yet a proven multiparty production workflow engine. | FireFly event/orchestration model, sidecar and banking workflow correlation, and HA strategy. | Define event model, validate orchestration role, and decide whether FireFly is mandatory in slice 1. | DBIS workflow / infra ops | API healthy, config preserved, orchestration role defined, and real cross-system workflow validated. | | FireFly secondary `6201` | Retired / standby. Inventory exists, but current rootfs does not contain a valid deployment payload. | Rebuild contract for a real secondary FireFly node if HA is required. | Either rebuild as a true secondary and validate failover, or keep explicitly retired in all architecture claims. | DBIS workflow / infra ops | Either rebuilt and verified as a real secondary, or formally excluded from active-stack claims. | -| Fabric `6000-6002` | Reserved placeholder. VMIDs exist, but app-level verification did not show active peer / orderer services or meaningful Fabric payloads. | Actual Fabric peer/orderer deployment model if Fabric is required by the RTGS target architecture. | Either deploy real Fabric workloads and validate them, or keep them stopped and excluded from active-stack claims. | DBIS architecture / infra ops | Real Fabric workloads deployed and validated, or the footprint remains explicitly placeholder-only. | -| Indy `6400-6402` | Reserved placeholder. VMIDs exist, but app-level verification did not show active Indy listeners or meaningful Indy payloads. | Actual Indy validator / identity runtime only if Indy is required by the RTGS target architecture. | Either deploy real Indy workloads and validate them, or keep them stopped and excluded from active-stack claims. | DBIS architecture / infra ops | Real Indy workloads deployed and validated, or the footprint remains explicitly placeholder-only. | -| Aries | Planned. No deployed Aries runtime is currently evidenced. | Identity-agent model, DID/wallet strategy, and credential-exchange role in RTGS workflows. | Decide in or out of scope for production slice 1; if in, deploy agents and validate flows. | Identity architecture lead | Scope decision is frozen, and if in scope the deployed agent model and flows are validated. | -| AnonCreds | Planned. No deployed credential flow is currently evidenced. | Issuer / holder / verifier model and credential lifecycle. | Decide in or out of scope for production slice 1; if in, freeze schema and verification flow. | Identity architecture lead | Scope decision is frozen, and if in scope the credential lifecycle is validated end to end. | -| Ursa | Planned. No explicit runtime dependency or operating model is currently evidenced. | Cryptographic runtime role, library dependency model, and operational controls. | Decide in or out of scope; if in, document and validate the cryptographic dependency model. | Identity / cryptography architecture lead | Scope decision is frozen, and if in scope the cryptographic dependency is documented and validated. | -| Cacti | Planned. Not currently proven as a live interoperability engine. | Cross-ledger interoperability contract and deployment model. | Decide whether Cacti is needed for production slice 1; if in, deploy and validate the real path. | Interoperability architecture lead | Scope decision is frozen, and if in scope the live interoperability path is deployed and tested. | -| Caliper | Planned. Documentation hook exists, but no routine benchmark harness is active. | Benchmark workload definitions for RTGS and Chain 138 settlement paths. | Build the approved benchmark harness and run accepted workload profiles. | Performance / QA lead | Benchmark harness exists and approved RTGS workloads have been executed and recorded. | +| Fabric `6000-6002` | Partial. Primary `6000` runs a validated sample network; `6001` and `6002` remain reserved placeholder inventory. | Actual Fabric peer/orderer deployment model if Fabric is required by the RTGS target architecture. | Decide whether the current sample topology evolves into a production role or remains a validated sidecar DLT only. | DBIS architecture / infra ops | If Fabric stays in scope, the intended role-specific workloads are deployed and validated; otherwise placeholders stay explicitly non-production. | +| Indy `6400-6402` | Partial. Primary `6400` runs a validated four-node local pool; `6401` and `6402` remain reserved placeholder inventory. | Actual Indy validator / identity runtime only if Indy is required by the RTGS target architecture. | Decide whether the current pool is the canonical identity-ledger base and validate the role if it remains in scope. | DBIS architecture / infra ops | If Indy stays in scope, the intended identity-ledger role is documented and validated; otherwise placeholders stay explicitly non-production. | +| Aries | Partial. Primary `6500` now runs a deployed ACA-Py agent, but no RTGS credential-exchange flow is yet validated. | Identity-agent model, DID/wallet strategy, and credential-exchange role in RTGS workflows. | Freeze scope for production slice 1 and, if retained, validate one real agent-to-agent or institution-facing flow. | Identity architecture lead | Scope decision is frozen, and if in scope the deployed agent model and flows are validated. | +| AnonCreds | Partial. The deployed ACA-Py runtime now uses `askar-anoncreds`, but issuer / holder / verifier lifecycle is not yet validated end to end. | Issuer / holder / verifier model and credential lifecycle. | Freeze schema, credential-definition, and verification flow if the feature remains in scope. | Identity architecture lead | Scope decision is frozen, and if in scope the credential lifecycle is validated end to end. | +| Ursa | Partial. No separate operator-managed daemon is evidenced; the current cryptographic path is indirect through the deployed ACA-Py / AnonCreds runtime. | Cryptographic runtime role, library dependency model, and operational controls. | Decide whether Ursa must ever be managed directly or remains an indirect dependency only. | Identity / cryptography architecture lead | Scope decision is frozen, and if in scope the cryptographic dependency model is documented and validated. | +| Cacti | Partial. Primary `5200` is now proven as a live Besu-facing interoperability gateway, but no production cross-ledger contract is frozen. | Cross-ledger interoperability contract and deployment model. | Decide whether Cacti is needed for production slice 1 and, if retained, validate the real cross-ledger path. | Interoperability architecture lead | Scope decision is frozen, and if in scope the live interoperability path is deployed and tested. | +| Caliper | Partial. Primary `6600` now hosts a live upstream Caliper workspace with the Besu `1.4` binding, but no approved benchmark profile has been executed. | Benchmark workload definitions for RTGS and Chain 138 settlement paths. | Add approved workload profiles and execute the accepted read / write benchmark set. | Performance / QA lead | Benchmark harness exists and approved RTGS workloads have been executed and recorded. | | OMNL / Fineract API rail | Partial. Live tenant and authenticated posting path are now proven, but the canonical RTGS operator rail is not fully frozen. | Stable OMNL tenant/auth contract, operator flow, office/GL mapping, and reconciliation package path. | Freeze tenant, operator runbook, participant model, and reproducible OMNL settlement rail. | OMNL / banking ops | Office / GL / JE / snapshot / package flow runs cleanly and repeatably against the intended live tenant. | | Mifos X frontend / Fineract tenant | Partial. Runtime is live and sidecars can authenticate, but production operator model is not fully frozen. | Stable UI/API tenant contract, secrets, and operator procedures. | Finalize tenant/auth, operator usage, and runbook completeness. | OMNL / banking ops | UI/API healthy, tenant/auth stable, and operator procedures are complete and repeatable. | | HYBX participant / office / treasury model | Planned. Participant, office, reserve, settlement, and treasury roles are not yet frozen end to end. | OMNL participant model, office mappings, GL mappings, and treasury structure. | Freeze participant classes, office IDs, treasury accounts, and nostro/vostro model. | Banking architecture lead | Participant, treasury, reserve, and GL structures are documented, accepted, and used by the canonical rail. | @@ -65,6 +65,8 @@ ## Related artifacts +- [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) — OMNL, DBIS Core, Smart Vault, RTGS, settlement events, ISO/DID/correlation +- [docs/00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](../00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md) — consolidated integration gaps and follow-ups - [dbis_chain_138_technical_master_plan.md](../../dbis_chain_138_technical_master_plan.md) - [docs/00-meta/TODO_TASK_LIST_MASTER.md](../00-meta/TODO_TASK_LIST_MASTER.md) - [docs/03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md) @@ -75,5 +77,18 @@ - [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) - [DBIS_MOJALOOP_INTEGRATION_STATUS.md](DBIS_MOJALOOP_INTEGRATION_STATUS.md) - [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) +- [DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md) - [DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md) - [DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md) + +### ISO20022Router — production acceptance (manual / G4) + +Use this when moving the **ISO20022Router** row from **Partial** to **Complete** for a chosen slice. + +1. **Deployed:** Router address matches `config/smart-contracts-master.json` / [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) (`ISO20022Router`); `scripts/verify/check-contracts-on-chain-138.sh` reports bytecode present. +2. **Canonical payload:** Off-chain ISO (or SWIFT Fin) normalized per [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](../04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md); `instructionId` / `uetr` / `payloadHash` recorded. +3. **On-chain:** At least one successful transaction path (direct call, gateway, or relayer → router) on Chain 138 with **explorer** tx hash captured. +4. **Correlation:** A [settlement event](../../config/dbis-institutional/schemas/settlement-event.schema.json) (or equivalent sidecar log) carries the same **`correlation_id`** as OMNL / Core / RTGS references for that payment. +5. **Evidence:** Archive path meets [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) or your jurisdiction’s package rules if applicable. + +Automation (CI) for steps 2–4 is optional until the relayer and tenant sandbox are frozen; the checklist above is the **definition of done** for manual sign-off. diff --git a/docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md b/docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md index 69e58d4..c2a0785 100644 --- a/docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md +++ b/docs/03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md @@ -16,6 +16,8 @@ This document describes the full transaction families required for a production- This document is not a statement that every flow is already deployed. It is the execution catalog for what must exist to call the stack fully end to end. +**Canonical integration map (OMNL API, DBIS Core, Chain 138 Smart Vaults, fiat wallet binding, external RTGS, correlation IDs, ISO-20022 on-chain, DID/eIDAS, FX/token-aggregation):** [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) (see section 14). + ## Status legend - `Implemented now` diff --git a/docs/03-deployment/DBIS_SANDBOX_INTEROP_RUNBOOK.md b/docs/03-deployment/DBIS_SANDBOX_INTEROP_RUNBOOK.md new file mode 100644 index 0000000..bbebba8 --- /dev/null +++ b/docs/03-deployment/DBIS_SANDBOX_INTEROP_RUNBOOK.md @@ -0,0 +1,31 @@ +# DBIS sandbox.d-bis.org and interop.d-bis.org + +**Prerequisite:** Public read APIs and developer portal baseline stable ([DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](../02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md)). + +## sandbox.d-bis.org + +**Purpose:** Isolated execution for simulated transactions, GRU **test** issuance (if/when defined), compliance checks against non-production rulesets. + +**Infra options (Proxmox-first):** + +- Dedicated Besu network namespace or Chain 2138 testnet profile. +- Fabric channel for permissioned samples. +- No production keys; faucet and reset policies documented. + +**Safety:** Separate RPC URLs, separate NPM upstream, clear UI banner “Sandbox”. + +## interop.d-bis.org + +**Purpose:** CBDC and cross-chain **lab** — corridor simulation, CCIP-style flows. + +**Alignment:** CCIP and bridge runbooks under [docs/07-ccip/](../07-ccip/) (e.g. [TRUTH_NETWORK_BRIDGE_SPEC.md](../07-ccip/TRUTH_NETWORK_BRIDGE_SPEC.md), [CW_BRIDGE_APPROACH.md](../07-ccip/CW_BRIDGE_APPROACH.md)). + +**Deliverables:** + +1. Lab UI listing supported test corridors and reset schedule. +2. Links to Gitea `reference-implementations` and SDK quickstarts. +3. Optional: scheduled soak tests with published results JSON. + +## Verification + +Add hosts to E2E inventory as optional-until-live; run `verify-end-to-end-routing.sh` after DNS and upstream provisioning. diff --git a/docs/03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md b/docs/03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md index 84c6f51..22f6a89 100644 --- a/docs/03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md +++ b/docs/03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md @@ -55,7 +55,7 @@ Execute in any order where no dependency; all must be satisfied before Phase 1 ## Phase 1 — Chain 138 core (if not already deployed) -If core contracts are already deployed (e.g. 59/59 present per check-contracts-on-chain-138.sh), skip to Phase 2. Otherwise follow this order. +If core contracts are already deployed (e.g. **64/64** present per check-contracts-on-chain-138.sh), skip to Phase 2. Otherwise follow this order. | # | Item | Script / command | Depends on | |---|------|------------------|------------| @@ -125,7 +125,7 @@ After each deployment phase and periodically. | # | Item | Command / doc | |---|------|----------------| -| 6.1 | **On-chain verification (Chain 138)** | `./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL]`. Target 59/59 when TransactionMirror, all three PMM pools, vault/reserve, and CompliantFiatTokens exist. | +| 6.1 | **On-chain verification (Chain 138)** | `./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL]`. Target **64/64** when TransactionMirror, all three PMM pools, vault/reserve, CompliantFiatTokens, ISO20022Router, and **canonical + legacy** CCIP router/WETH9 bridge slots exist (see `config/smart-contracts-master.json`). | | 6.2 | **Blockscout verification** | When Blockscout reachable: `./scripts/verify/run-contract-verification-with-proxy.sh`. See [BLOCKSCOUT_VERIFICATION_GUIDE.md](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md). | | 6.3 | **Update address docs** | Update [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [LIQUIDITY_POOLS_MASTER_MAP.md](../11-references/LIQUIDITY_POOLS_MASTER_MAP.md) with new pool and provider addresses. | | 6.4 | **Recommendations (R1–R24)** | Follow [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](../00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md): verify on Blockscout, keep address refs updated, use correct RPC/gas, manage nonce, runbooks in sync, monitoring, testing, token mapping. | diff --git a/docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md b/docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md new file mode 100644 index 0000000..e09c5e8 --- /dev/null +++ b/docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md @@ -0,0 +1,102 @@ +# OJK / BI audit (JVMTM) — remediation scope and UETR vs internal message reference + +**Reference:** engagement id pattern **018215821582 / INAAUDJVMTM / 2025** (and related weakness / flow / systemic-risk tables). +**Purpose:** (1) Clarify what **cannot** be “completed” inside this repository alone. (2) Define how **settlement events** record identifiers when **SWIFT UETR** is absent vs present, including when **Chain 138** is the **SWIFT-replacement** settlement rail. + +**Not legal or supervisory advice.** Confirm obligations with counsel and BI/OJK where applicable. + +--- + +## 1. Can we “complete everything” from the audit tables? + +**No — not solely in code/docs.** Rows covering **daily 3-way reconciliation**, **production KYT**, **certified BCP/DR drills**, **legal settlement finality**, **prefunding policy**, and **live SWIFT/ISO gateways** require **organizational decisions, licensed operations, testing, and often third-party certification**. This repo can hold **runbooks, schemas, scripts, and evidence**; it cannot replace **board-approved policies**, **examination responses**, or **live bank operations**. + +### 1.1 Row-by-row closure matrix (Tables B, C, D) + +For **`018215821582` / INAAUDJVMTM / 2025**, the **verbatim audit table structure** and a **closure mapping** (how each row is **addressed**, **partially met**, or **honestly bounded**) live in: + +- [`config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md`](../../config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md) + +That file is copied into the E2E zip under **`config/jvmtm-regulatory-closure/`** and referenced from **`AUDIT_PROOF.json`** (`jvmtmRegulatoryClosure.tablesBCDClosureMatrix`). Use it with [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](../../config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md) so **templates** are not mistaken for **examination-grade** execution proof. + +**What the repo already supports** + +- Correlation and evidence: **`correlation_id`**, [`settlement-event.schema.json`](../../config/dbis-institutional/schemas/settlement-event.schema.json), RTGS runbook section 6, E2E archive builder. +- **JVMTM-style regulatory closure templates** (3-way reconciliation, prefunding, pre-settlement ACK, exception policy + sample event, plus optional KYT / BCP / DR / balance snapshot): [`config/jvmtm-regulatory-closure/README.md`](../../config/jvmtm-regulatory-closure/README.md). Staged automatically into the E2E zip by [`scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh`](../../scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh); override with **`JVMTM_CLOSURE_DIR`** for live examination-grade JSON. +- **Operational vs template evidence** (what examiners expect beyond empty JSON): [`config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md`](../../config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md). Generators: `generate-3way-reconciliation-evidence.sh`, `verify-ack-before-credit.sh`, `fetch-kyt-vendor-report.sh`, `bcp-rpc-failover-smoke.sh`. +- **Reserve / funding origin attestation (3FR narrative, staged bank + KYT):** [`config/reserve-provenance-package/README.md`](../../config/reserve-provenance-package/README.md). +- Partial controls: OMNL **maker-checker**, **reconciliation snapshots**, **DR/reversal** runbooks, Indonesia / RTGS **blueprints** and **E2E matrix** (many items still **Partial** / **Planned**). + +**Remediation approach** + +1. Turn each audit row into a **ticket** with **owner**, **evidence type**, and **target date**. +2. Link tickets to [`DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md`](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) and [`DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md`](DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md) §9 (reconciliation). +3. Close **Partial** matrix rows with **production** proof, not documentation alone. + +--- + +## 2. Chain 138 as the SWIFT-replacement settlement rail + +For flows where **institutional policy** designates **Chain 138** (EVM chain id **138**) as the **authoritative settlement rail** instead of SWIFT gpi for that payment or leg: + +| Role | Identifier / evidence | +|------|------------------------| +| **Primary E2E settlement proof** | **`correlation_id`** (immutable spine) + **`chain_id`: 138** + **`chain_tx_hash`** + **`occurred_at`**. Together these are the **rail-native** end-to-end fingerprint for the DLT leg (analogous to how UETR + message ids anchor a SWIFT leg). | +| **`rtgs_message_ids.uetr`** | **Optional** on **pure** Chain-138 legs — there is no SWIFT gpi assignment. Omit `uetr` or leave it unset unless you also run a **parallel SWIFT** correspondent leg. | +| **ISO / instruction lineage** | Use **`iso_msg_type`**, **`iso_instruction_id`**, **`iso_payload_hash`**, **`rail_iso_hash`** when the instruction was mapped from **ISO-20022** or your intake gateway, even if settlement finalizes on-chain. | +| **Internal / audit refs** | Keep **`internal_instruction_ref`**, **`operator_message_ref`**, or **`audit_file_ref`** under **`rtgs_message_ids`** when useful for JVMTM or operator evidence. | + +**Hybrid flows:** If one leg settles on **Chain 138** and another on **SWIFT**, record **both**: **`chain_tx_hash`** for the chain leg and **`rtgs_message_ids.uetr`** (and related message ids) for the SWIFT leg, all tied by the **same `correlation_id`**. + +**Regulatory note:** Calling Chain 138 a **SWIFT replacement** is a **product and licensing** framing. Supervisors may still expect **control parity** (finality definition, AML/KYT, reconciliation, outage handling). Document how **on-chain finality** is defined in your operating model and how it maps to **IPSAS / internal policy**. + +--- + +## 3. SWIFT UETR and “message sent” when SWIFT is still used + +### 3.1 What UETR is + +**UETR** (Unique End-to-End Transaction Reference) is the **SWIFT gpi** end-to-end id (UUID). When a payment **actually travels on or is registered in** SWIFT gpi as required by scheme/counterparty, **UETR belongs in `rtgs_message_ids.uetr`**. Omitting or replacing it with an arbitrary id can break **interbank tracking** and **supervisory expectations** for **those** payments. + +### 3.2 When an internal message id is acceptable (non-SWIFT / pre-chain / audit) + +For **non-SWIFT** legs, **pre-SWIFT** staging, **internal-only** booking, or **audit / JVMTM** packages **before** gpi or chain finality: + +- Use **`correlation_id`** as the **immutable spine** across OMNL, Core, sidecars, and chain. +- In **`rtgs_message_ids`**, add **additional string keys** (allowed by schema) such as: + - **`internal_instruction_ref`** — e.g. JVMTM file ref + sequence (`018215821582-INAAUDJVMTM-2025-MSG-001`). + - **`operator_message_ref`** — hash or id of the **submitted instruction payload** (e.g. `sha256:…`). + - **`msgId` / `endToEndId`** — when using ISO-20022 without SWIFT yet. + +This is **not** a claim that the internal id **equals** UETR for SWIFT purposes; it is **traceability inside your stack** until a real **UETR** exists (or until the **chain leg** is the authoritative proof per §2). + +### 3.3 When SWIFT is in scope + +1. Obtain or assign **UETR** per SWIFT rules. +2. **Populate `rtgs_message_ids.uetr`** and keep **`internal_instruction_ref`** (optional) for **audit lineage** (“message sent” → later “UETR assigned”). +3. Do **not** delete internal refs; **append** UETR in a **new** settlement event or **update** policy per your evidence store (immutability rules). + +### 3.4 JVMTM / audit file reference + +You may store the **audit engagement** or **working-paper** id in **`dbis_reference`** or **`ipsas_narrative`** **and** mirror a short token under **`rtgs_message_ids.audit_file_ref`** for machine queries — as long as **PII/secrets** stay out of committed JSON. + +--- + +## 4. Examples (canonical events) + +| Fixture | Use | +|---------|-----| +| [`settlement-event.example.json`](../../config/dbis-institutional/examples/settlement-event.example.json) | Hybrid: **`uetr`** + internal refs + **`chain_tx_hash`**. | +| [`settlement-event.chain138-primary.example.json`](../../config/dbis-institutional/examples/settlement-event.chain138-primary.example.json) | **DLT-primary (SWIFT replacement):** no **`uetr`**; **`rtgs_message_ids.rail`** = `chain138` + internal refs; **`chain_tx_hash`** + **`correlation_id`** anchor the leg. | +| [`settlement-event.min.json`](../../config/dbis-institutional/examples/settlement-event.min.json) | Minimal **`CHAIN_SETTLEMENT`** on 138 (CI baseline). | + +--- + +## 5. Summary + +| Question | Answer | +|----------|--------| +| Complete all audit rows in-repo only? | **No** — needs ops, legal, and live systems. | +| Chain 138 replaces SWIFT for a leg? | **Primary proof:** **`correlation_id`** + **`chain_id` 138** + **`chain_tx_hash`**. **`uetr`** optional unless a **parallel SWIFT** leg exists. | +| Use “message sent” as UETR? | **Not for SWIFT gpi legs** — use **UETR** when the rail requires it; use **internal keys** for traceability and **link** UETR + chain + internal refs in **hybrid** flows. | +| Single spine for E2E? | **`correlation_id`** + optional **`rtgs_message_ids`** map + on-chain fields when applicable. | diff --git a/docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md b/docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md new file mode 100644 index 0000000..6f630c2 --- /dev/null +++ b/docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md @@ -0,0 +1,409 @@ +# HYBX OMNL, DBIS Core, Chain 138 Smart Vaults, and External RTGS — Integration Runbook + +**Last updated:** 2026-03-31 +**Purpose:** Single canonical map for wiring **HYBX OMNL (Fineract API)** to **Chain 138** with **Smart Vault** treasury roots, **fiat wallet** binding, **IPSAS-aligned** books, **DBIS Core** per class anchor and division, and **external RTGS** (outside HYBX). This doc ties together Elemental Imperium-style org rules used in project planning with repo-backed scripts and RTGS catalogs. + +**Audience:** Architecture, integration engineering, compliance operations. + +--- + +## 1. Governance model (Elemental Imperium — summary) + +| Layer | Count / rule | +|-------|----------------| +| **Classes** | Seven (central banks / multi-sovereign; international financial institutions by segment; IGOs; NGOs). | +| **Coop-class anchor bodies** | 33 per class → **231** anchors. | +| **Entities per anchor (cooperative)** | At least **33** distinct entities under each anchor. | +| **Categories** (parallel) | Two: for-profit and non-profit entities (**33** each); **not** automatically IPSAS-primary unless elected or public-sector. | +| **Classes — accounting** | Entities under the seven Classes maintain **IPSAS** alignment for financial reporting and GL design. | +| **Per entity × jurisdiction** | One **Smart Vault** treasury root; **recursive sub-ledgers** for management and roll-up (see section 5). | + +Operational detail for OMNL offices and GL: [OMNL_JOURNAL_LEDGER_MATRIX.md](../04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md), [OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md](../04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md). + +--- + +## 2. Systems of record and roles + +| System | Role | Repo pointers | +|--------|------|----------------| +| **HYBX OMNL (Apache Fineract)** | IPSAS-aligned GL, `officeId`, journal entries (`POST /journalentries`), discovery APIs. | [OMNL_FINERACT_CONFIGURATION.md](../04-configuration/OMNL_FINERACT_CONFIGURATION.md), [scripts/omnl/README.md](../../scripts/omnl/README.md) | +| **DBIS Core** (`dbis_core`) | Core banking for **each class anchor** and its **divisions** (parties, products, limits, institutional workflows). | [DBIS_INSTITUTIONAL_SUBDOMAINS.md](../04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md) (`core.d-bis.org`), submodule `dbis_core/` | +| **Chain 138** | On-ledger settlement augmentation, compliant tokens, vault/escrow/registry patterns. | [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md), `smom-dbis-138/` | +| **External RTGS / correspondent banks** | Authoritative high-value rails; HYBX stack **posts and reconciles**, does not replace national RTGS. | [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md), [DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md) | + +**Golden rule:** The same business event must carry one **correlation identifier** across DBIS Core, OMNL, sidecars, RTGS messages, and optional chain transactions. + +--- + +## 3. Identifier and mapping scheme + +Define these **before** bulk provisioning (anchors and divisions scale to thousands of entities). + +| ID | Description | Example format (suggested) | +|----|-------------|----------------------------| +| `class_id` | 1–7 | `C01` … `C07` | +| `anchor_id` | 1–33 within class | `C01-A07` | +| `division_id` | Sub-unit under anchor | `C01-A07-D02` | +| `entity_id` | Legal or cooperative entity | LEI or internal UUID | +| `jurisdiction` | ISO 3166-1 alpha-2 (+ subdivision if needed) | `ID`, `US-NY` | +| `omnl_office_id` | Fineract office | Integer (extend beyond current 1–17 as tenants grow) | +| `dbis_participant_id` | DBIS Core party / institution key | Core-native id | +| `vault_root_address` | Chain 138 Smart Vault (treasury) contract | `0x…` | +| `fiat_rail_ref` | RTGS account / IBAN / BIC + account | Message + internal key | + +**Composite settlement key (logical):** +`(entity_id, jurisdiction, currency, vault_root_address)` must be unique where a vault is active. + +**Mapping table (minimum fields):** store in DBIS Core or a dedicated registry DB: +`entity_id`, `jurisdiction`, `omnl_office_id`, `dbis_participant_id`, `vault_root_address`, `fiat_binding_id`, `created_at`, `status`. + +--- + +## 4. HYBX OMNL → integration hub → Chain 138 + +### 4.0 Interoffice clearing prerequisite (settlement preparation) + +Before executing **RTGS** or **Smart Vault** settlement that assumes Fineract offices are already aligned, complete **office-to-office M1 clearing** and capture trial-balance evidence per: + +- [OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md](../04-configuration/mifos-omnl-central-bank/OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md) + +That runbook posts **source Dr 1410 / Cr 2100** and **target Dr 2100 / Cr 1410** only (no Head Office journal in that script). Assert **Layer 1** (per-office 1410/2100 deltas, HO 2410/2100 unchanged for that script), **Layer 2** (invariant: net M1 across the **participating offices** — define and standardize tenant-wide sums if you extend the check), then proceed. **Layer 3** (chain finality: tx hash, block, timestamp, terminal status) applies when the stack emits an on-chain leg — record them on the canonical settlement event (section 6). + +OMNL is addressed over HTTPS, not over the chain RPC. + +- **Base URL (tenant OMNL):** `https://omnl.hybxfinance.io/fineract-provider/api/v1` (see [OMNL_JOURNAL_LEDGER_MATRIX.md](../04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md)). +- **Typical calls:** `GET /offices`, `GET /glaccounts`, `POST /glaccounts`, `POST /journalentries`; scripts resolve `glCode` → `glAccountId` before post. + +**Integration hub responsibilities (sidecar or dedicated service):** + +1. **Ingest** settlement-relevant facts from DBIS Core and/or OMNL (event, batch, or polled journal state). +2. **Normalize** to a **canonical settlement event** (section 6). +3. **Gate** treasury policy (limits, maker-checker, compliance references) — aligns with *Treasury / funding orchestration* in [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md). +4. **Emit** optional **Chain 138** transaction(s) using vault + token + registry/escrow path. +5. **Persist evidence:** OMNL journal id (if any), DBIS case id, RTGS UETR/MsgId, **chain tx hash**, compliance memo. + +**Status:** Off-ledger → on-ledger and full chain-anchored RTGS are catalogued as **required next** in the FX transaction catalog; this runbook is the **interface contract** those implementations should satisfy. + +--- + +## 5. Smart Vaults and recursive sub-ledgers + +### 5.1 On-chain (Chain 138) + +- **Smart Vault** per `(entity_id, jurisdiction)` treasury root: custody, module-gated outflows, caps, and audit events. +- Repo patterns: `TreasuryVault`, `Vault`/`Ledger` in `smom-dbis-138/contracts/`; rail-oriented **escrow + registry** concepts in [SMART_VAULT_COMPREHENSIVE_COMPARISON.md](../../metamask-integration/docs/SMART_VAULT_COMPREHENSIVE_COMPARISON.md) (RailEscrowVault, AccountWalletRegistry — use as **pattern** names; verify deployed addresses per [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md)). + +### 5.2 Recursive sub-ledgers (IPSAS) + +- **Primary IPSAS roll-up** should live in **OMNL / DBIS Core** chart-of-accounts (unlimited depth in application data), not fully duplicated on-chain. +- **Chain** stores: vault balances, policy, and **anchors** (e.g. periodic Merkle root or hash of sub-ledger snapshot) when regulatory or operational evidence requires tamper-evident confirmation. +- Posting discipline: every internal move between sub-ledgers that affects **external** settlement must still produce a **correlation_id** and, when in scope, a chain leg or explicit “no chain leg” reason code. + +--- + +## 6. Canonical settlement event (minimum payload) + +Use a versioned JSON schema in implementation; fields below are the **minimum** for reconciliation. + +| Field | Required | Notes | +|-------|----------|--------| +| `schema_version` | yes | e.g. `1` | +| `correlation_id` | yes | UUID v4 or ULID; stable forever | +| `event_producer` | recommended | Who emitted the event (`hybx-omnl-sidecar`, `iso-gateway`, `mintauth-relayer`, `dbis-core`, …) for routing, metrics, and incident response. | +| `entity_id` | yes | Legal/cooperative id | +| `jurisdiction` | yes | ISO-style code | +| `class_id` / `anchor_id` / `division_id` | yes for class-tier reporting | For Elemental Imperium roll-ups | +| `amount` | yes | Decimal string + scale | +| `currency` | yes | ISO 4217 where fiat; token symbol/address if on-chain | +| `event_type` | yes | e.g. `RTGS_OUT`, `RTGS_IN`, `OMNL_JOURNAL_POSTED`, `CHAIN_SETTLEMENT`, `PV_NET`, `TREASURY_RELEASE` | +| `omnl_journal_entry_id` | when posted | From Fineract response | +| `omnl_office_id` | when posted | Integer | +| `dbis_reference` | when from Core | Case or transaction id | +| `rtgs_message_ids` | when on RTGS / messaging / hybrid | **Chain 138 as SWIFT replacement:** primary proof is **`correlation_id` + `chain_tx_hash`**; **`uetr`** optional on pure DLT legs. **`uetr`** when SWIFT gpi applies (or hybrid). Also **`msgId`**, **`endToEndId`**, or internal keys — [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md). | +| `chain_tx_hash` | when on-chain | 0x-prefixed | +| `ipsas_narrative` | recommended | Short tag for audit (see OMNL scripts `COMPLIANCE_STANDARD_MEMO` patterns) | +| `iso_msg_type`, `iso_instruction_id`, `iso_payload_hash`, `rail_iso_hash` | optional | Link the same `correlation_id` to **ISO-20022 canonical** and **DBIS Rail** evidence (section 14). | +| `holder_did`, `identity_verification_ref` | optional | Bind settlement to **DID / VC / OIDC / eIDAS** verification artifacts when used. | + +**JSON Schema + examples:** [`config/dbis-institutional/schemas/settlement-event.schema.json`](../../config/dbis-institutional/schemas/settlement-event.schema.json), [`settlement-event.example.json`](../../config/dbis-institutional/examples/settlement-event.example.json) (hybrid / SWIFT fields), [`settlement-event.chain138-primary.example.json`](../../config/dbis-institutional/examples/settlement-event.chain138-primary.example.json) (DLT-primary, no UETR), [`settlement-event.min.json`](../../config/dbis-institutional/examples/settlement-event.min.json) (minimal). + +**UETR vs internal message reference (audit / pre-SWIFT):** [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md). + +**Batch ingestion:** Sidecars may append **one JSON object per line (NDJSON)** or post a **JSON array** of events. Each object must validate against the same schema. Example array: [`config/dbis-institutional/examples/settlement-events-batch.example.json`](../../config/dbis-institutional/examples/settlement-events-batch.example.json). CI validates each element via [`scripts/validation/validate-dbis-institutional-schemas.sh`](../../scripts/validation/validate-dbis-institutional-schemas.sh). + +**Registry batch:** Multiple vault or contract rows for the same rollout can be shipped as a JSON array, e.g. [`config/dbis-institutional/examples/address-registry-entries-batch.example.json`](../../config/dbis-institutional/examples/address-registry-entries-batch.example.json) (validated the same way). Use with [`scripts/verify/sync-blockscout-address-labels-from-registry.sh`](../../scripts/verify/sync-blockscout-address-labels-from-registry.sh) when each object includes `blockscout.label` and `status: active`. + +--- + +## 7. Fiat wallet schemes (binding fiat rails to chain identity) + +**Goal:** Map **regulated fiat identifiers** to **allowed chain addresses** (or smart accounts) without breaking traceability. + +| Element | Requirement | +|---------|----------------| +| **Registry** | Authoritative mapping: fiat ref ↔ vault / wallet ↔ `entity_id` + `jurisdiction`. | +| **Lifecycle** | Create, rotate, revoke; time-bound delegation where policy allows. | +| **Evidence** | KYC/AML reference ids stored off-chain in Core; correlation_id on every link change. | +| **RTGS** | Inbound `camt` / `pacs.002` updates workflow state before any chain release (see catalog sections 3.4–3.5). | + +Comparison and naming alignment: [SMART_VAULT_COMPREHENSIVE_COMPARISON.md](../../metamask-integration/docs/SMART_VAULT_COMPREHENSIVE_COMPARISON.md). + +--- + +## 8. External RTGS workflows (outside HYBX) + +HYBX OMNL and DBIS Core sit **adjacent** to RTGS, not as a replacement. + +1. **Outbound:** Orchestrator emits ISO 20022 / SWIFT (e.g. `pain.001` → `pacs.008` / `pacs.009`) per [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md) section 3; OMNL records nostro/vostro and reserve movements. +2. **Inbound:** Statements and advices (`camt.053`, `camt.054`) drive reconciliation and Fineract/Core postings. +3. **Chain leg:** After accounting finality (or in parallel per policy), emit section **2.4 Chain-anchored RTGS settlement** in the catalog; attach tx hash to the same `correlation_id`. +4. **Custody / CSD:** Use [DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md) **settlement_touch_reference** between depository, custodian, orchestrator, OMNL, and chain evidence. + +Production readiness: [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md). + +--- + +## 9. What triggers a Chain 138 leg (policy) + +**Do not** mirror every Fineract journal line on-chain. Recommended triggers: + +| Trigger | Chain leg | +|---------|-----------| +| RTGS (or correspondent) **settlement confirmed** and policy requires on-ledger attestation | Yes — registry/escrow/token per catalog | +| Internal IPSAS reclassification only | No — OMNL/Core only | +| PvP / multilateral net **final** for a beneficiary office | Yes — if institutional package requires (see [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](../04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md)) | +| Treasury release above threshold | Yes — optional per risk policy | + +Document the chosen matrix in operator SOP and keep in sync with [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md). + +--- + +## 10. Implementation phases (suggested order) + +| Phase | Outcome | Validates against | +|-------|---------|-------------------| +| **P0** | Stable IDs + mapping table for one anchor and one jurisdiction | Sections 3, 6 | +| **P1** | OMNL office + GL extended; DBIS Core division live; journals post with `correlation_id` in narrative/API extension | OMNL scripts, IPSAS matrix | +| **P2** | Sidecar: OMNL/Core event → evidence store; RTGS message ids linked | FX catalog, Indonesia blueprint | +| **P3** | Smart Vault deploy per vault row; fiat registry binding | Chain 138 contracts, wallet config | +| **P4** | Automated chain settlement for selected `event_type`s + reconciliation dashboard | E2E matrix, verification scripts | +| **P5** | ISO canonical path + Rail MintAuth (if used) + DID attestation hooks wired; batch event ingest tested | Section 14, §14.6 checklist, `settlement-events-batch.example.json` | + +Indonesia / BNI slice (executable tasks): [DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md](DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md). + +--- + +## 11. Operator commands (existing repo) + +| Task | Command / doc | +|------|----------------| +| OMNL GL create (migration set) | `bash scripts/omnl/omnl-gl-accounts-create.sh` | +| Post from matrix (IPSAS) | `bash scripts/omnl/omnl-ledger-post-from-matrix.sh` | +| Discovery export | `bash scripts/omnl/omnl-discovery.sh` | +| Chain 138 contract presence | `bash scripts/verify/check-contracts-on-chain-138.sh` | +| Config sanity | `bash scripts/validation/validate-config-files.sh` | + +--- + +## 12. Related documents + +| Topic | Document | +|-------|----------| +| Transaction families and message types | [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md) | +| E2E production checklist | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) | +| Depository / custody | [DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md) | +| HYBX sidecar boundaries | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) | +| Institutional web / Core surface | [DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](../02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md) | +| OMNL journal + IPSAS | [OMNL_JOURNAL_LEDGER_MATRIX.md](../04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md) | +| OMNL LEI and entity roster | [OMNL_BANKING_DIRECTORS_AND_LEI.md](../04-configuration/mifos-omnl-central-bank/OMNL_BANKING_DIRECTORS_AND_LEI.md), [OMNL_ENTITY_MASTER_DATA.json](../04-configuration/mifos-omnl-central-bank/OMNL_ENTITY_MASTER_DATA.json) | +| ISO-20022 smart contract methodology | [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](../04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md), [ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md](../04-configuration/ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md) | +| DBIS Rail ISO gateway + MintAuth | [ISO_GATEWAY_AND_RELAYER_SPEC.md](../dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md) | +| Hyperledger / Indy / Aries decision + runbooks | [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md), [DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md](DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md) | +| eIDAS / Complete Credential pointer | [COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md) | + +--- + +## 13. Identifier taxonomy (LEI, instruments, WEB3-ETH-IBAN, ENS, explorers) + +**Yes — they all map into this architecture**, but each identifier type attaches at a **different layer**. Treat them as columns in one **logical registry** (or federated registries with stable foreign keys), keyed by `entity_id`, `jurisdiction`, and `correlation_id` from section 6. Do not assume one global string is unique across types; store **type + value + issuer**. + +### 13.1 Entity and party (who) + +| Identifier | Typical standard | Maps to runbook fields | Usage | +|------------|------------------|-------------------------|--------| +| **LEI** | ISO 17442 | **`entity_id`** (preferred canonical for legal entities) | Fineract client identifier, OMNL packages, DBIS Core party; already used in OMNL tooling ([`omnl-entity-data-apply.sh`](../../scripts/omnl/omnl-entity-data-apply.sh), entity master JSON). | +| **National company / tax id** | Jurisdiction-specific | Extensions on same party row | Secondary verification; not a substitute for LEI in cross-border reporting where LEI is mandated. | +| **DID / institutional identity** | W3C DID | `dbis_participant_id` or parallel column | Hyperledger / identity stack when used; link to LEI in metadata. | + +### 13.2 Fiat rails and payment presentation (how money moves off-chain) + +| Identifier | Maps to | Usage | +|------------|---------|--------| +| **IBAN**, **BBAN**, **national account** | **`fiat_rail_ref`** (normalized + hash for display) | RTGS and correspondent legs; ISO 20022 account servicer references. | +| **BIC / BEI** | Same bundle as IBAN | Institution routing. | +| **WEB3-ETH-IBAN** (or institution-specific *Ethereum account alias* schemes) | **Alias** that **resolves** to `vault_root_address` or an allowed EOA/smart account | Not a replacement for LEI: it is a **routing/presentation** layer. Store: `alias_type`, `alias_value`, `resolved_address`, `chain_id` (138), `valid_from` / `valid_to`, `lei` (parent entity). | + +### 13.3 Instruments and custody (what is held) + +| Identifier | Maps to | Usage | +|------------|---------|--------| +| **ISIN** | **Instrument / token reference data** | Link on-chain **token contract** (if security token) or **off-chain security** row in custody/depository models; map through sub-ledgers ([DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md)). | +| **CUSIP** | Same layer as ISIN (US) | Often co-stored with ISIN for North American paper. | +| **FIGI, sedol, internal ticker** | Same layer | Supporting keys for operations and reporting. | + +**Important:** ISIN/CUSIP identify **instruments**, not wallets. A single vault can hold many instruments; one instrument can appear in many vaults. The join table is **(address or vault id, instrument id, position id)**. + +### 13.4 Web3 names (human-readable → address) + +| Mechanism | Maps to | Usage | +|-----------|---------|--------| +| **ENS** (`name.eth`) | **Alias → `0x` address** | Resolver on Ethereum mainnet (or L2 where deployed); for **Chain 138**, treat ENS as **off-chain or cross-chain resolution** unless you run a custom resolver synced to your registry. | +| **Custom ENS-like TLDs** (e.g. institution or `.d-bis` style namespaces) | Same: **alias registry** | Implement **authoritative resolver** in your control: name → address, plus **optional reverse** (address → preferred display name) for explorers and compliance UI. | +| **Unstoppable / other naming** | Alias registry | Same pattern: do not let the name be the sole key; anchor on LEI + `correlation_id`. | + +**Policy:** Any name used for **settlement** must resolve through the same **fiat + chain registry** as section 7, with audit on changes. + +### 13.5 Explorers (Blockscout) — tagging wallets and contracts + +Chain 138 public explorer is the human-facing view of **`0x` addresses**. **Labels are not the system of record**; they are a **projection** of your registry. + +- Blockscout supports **address labeling** (database/API). Example configuration and API pattern in-repo: + +```1:17:smom-dbis-138/k8s/blockscout/address-labeling-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: blockscout-address-labels + namespace: besu-network +data: + ENABLE_ADDRESS_LABELING: "true" + ADDRESS_LABELS_SOURCE: "database" # database, api, or both +--- +# Address labels can be added via Blockscout UI or API +# Example API call: +# POST /api/v1/labels +# { +# "address": "0x...", +# "label": "Oracle Aggregator", +# "type": "contract" +# } +``` + +**Recommended practice** + +1. **Source of truth:** DBIS Core and/or a dedicated **Address & alias registry** table (LEI, ISIN holdings optional, ENS name, WEB3-ETH-IBAN, `vault_root_address`, `omnl_office_id`). Drop-in JSON under `config/dbis-institutional/registry/` (see `registry/README.md`; files gitignored by default). +2. **Sync job:** Run [`scripts/verify/sync-blockscout-address-labels-from-registry.sh`](../../scripts/verify/sync-blockscout-address-labels-from-registry.sh) (plan by default; `--apply` to POST). Align token metadata separately with c* flows per [EXPLORER_TOKEN_LIST_CROSSCHECK.md](../11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md). +3. **Label text:** Include institution short name + role (e.g. `OMNL Head Office — Treasury Vault`) and keep LEI in a **structured field** in your registry even if the explorer only shows a short string. + +Token-level metadata (logos, symbols) remains separate from address labels but should reference the same **instrument id** (ISIN where applicable) in your internal catalog. + +**JSON Schema + example (registry row):** [`config/dbis-institutional/schemas/address-registry-entry.schema.json`](../../config/dbis-institutional/schemas/address-registry-entry.schema.json), [`config/dbis-institutional/examples/address-registry-entry.example.json`](../../config/dbis-institutional/examples/address-registry-entry.example.json). See also [`config/dbis-institutional/README.md`](../../config/dbis-institutional/README.md). + +--- + +## 14. Fiat, FX, ISO-20022 on-chain, and DID identity (full integration map) + +This section ties **fiat and FX** (OMNL, DBIS Core, RTGS), **on-chain ISO-20022** (canonical message + gateway / rail), **blockchain settlement** (Chain 138, Smart Vaults, compliant tokens, CCIP where used), and **all DID-related solutions documented in-repo** into one spine keyed by **`correlation_id`** (section 6). + +### 14.1 Reference architecture + +```mermaid +flowchart TB + subgraph fiat [Fiat and FX] + RTGS[External RTGS / correspondent] + ISO[ISO 20022 MX / SWIFT MT] + OMNL[HYBX OMNL Fineract] + CORE[DBIS Core banking] + end + subgraph bridge [Off-chain integration] + PARSE[Parse validate map to canonical] + ISOGW[ISO Gateway + evidence bundle] + DIDV[Holder DID / VC / OIDC verify] + HUB[Settlement hub correlation_id] + end + subgraph chain [Chain 138] + INTAKE[ISO intake / router / SettlementRouter] + VAULT[Smart Vault treasury] + TOK[Compliant tokens PMM] + end + RTGS --> ISO + ISO --> PARSE + OMNL --> HUB + CORE --> HUB + PARSE --> ISOGW + ISOGW --> DIDV + DIDV --> HUB + HUB --> INTAKE + HUB --> VAULT + INTAKE --> TOK + VAULT --> TOK +``` + +### 14.2 ISO-20022 and the on-chain contract path + +| Layer | Role | Repo / artifact | +|-------|------|------------------| +| **Methodology** | MX/MT off-chain; **canonical struct** (`msgType`, `instructionId`, `uetr`, `payloadHash`, token, amount, …) submitted on-chain | [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](../04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md) | +| **Multi-network intake** | Same logical **gateway** pattern; relayer vs CCIP; CREATE2 address discipline | [ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md](../04-configuration/ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md) | +| **E-money / multi-chain** | Canonical message in GRU / e-money flows | [MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md](../runbooks/MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md) | +| **DBIS Rail** | Off-chain **ISO Gateway** builds canonical bundle, `isoHash`, **MintAuth** EIP-712, signer quorum; **Relayer** calls `SettlementRouter` on Chain 138 | [ISO_GATEWAY_AND_RELAYER_SPEC.md](../dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md), [DBIS_RAIL_TECHNICAL_SPEC_V1.md](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md), [DBIS_RAIL_RULEBOOK_V1.md](../dbis-rail/DBIS_RAIL_RULEBOOK_V1.md) | +| **Core banking** | `Iso20022Service`, adapter, nostro/vostro mapping | `dbis_core/src/integration/iso20022/`, [iso20022-mapping.md](../../dbis_core/docs/nostro-vostro/iso20022-mapping.md), [iso20022-message-flow.md](../../dbis_core/docs/flows/iso20022-message-flow.md) | +| **Mapping tables** | Field-level ISO semantics | [Mapping_Table.md](../../gru-docs/docs/integration/iso20022/Mapping_Table.md) | +| **Explorer inventory** | `ISO20022_ROUTER` address used in explorer config (verify live deployment separately) | `explorer-monorepo/config/address-inventory.json` | +| **Solidity reference** | Compliance string cites router support | `smom-dbis-138/contracts/compliance/LegallyCompliantBase.sol` | +| **Rail `rail_iso_hash`** | Canonical bytes32 derivation for DBIS Rail bundles (must match relayer and settlement events) | [DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md](../dbis-rail/DBIS_RAIL_HASH_CANONICALIZATION_AND_TEST_VECTORS_V1_5.md) | + +**Binding rule:** Every on-chain submission must carry or emit enough data to join **`instructionId` / `msgId` / `uetr`** to **`correlation_id`** and to **`iso_payload_hash`** (or Rail **`rail_iso_hash`**) in the settlement event (section 6 and JSON Schema). When using DBIS Rail, compute **`rail_iso_hash`** only per the canonicalization doc in the row above (same inputs and serialization as MintAuth / relayer tests). + +### 14.3 Fiat, FX, liquidity, and messaging (off-chain and hybrid) + +| Capability | Document / system | +|------------|-------------------| +| RTGS transaction catalog (pain/pacs/camt families) | [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md) | +| FX and liquidity operating model | [DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md) | +| E2E requirements (ISO evidence, sidecars) | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) | +| Indonesia / correspondent blueprint | [DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md) | +| OMNL GL / GRU / FX accounts | [OMNL_GL_ACCOUNTS_FX_GRU.md](../04-configuration/mifos-omnl-central-bank/OMNL_GL_ACCOUNTS_FX_GRU.md), [FINERACT_API_REFERENCE.md](../04-configuration/mifos-omnl-central-bank/FINERACT_API_REFERENCE.md) | +| Institutional evidence / ISO vault manifest (packages) | [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](../04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) | +| Cross-chain messaging (when FX/settlement spans chains) | [07-ccip/](../07-ccip/) runbooks, [MULTI_CHAIN_EXECUTION_CROSS_CHAIN_MESSAGE_HANDLING.md](../runbooks/MULTI_CHAIN_EXECUTION_CROSS_CHAIN_MESSAGE_HANDLING.md) | +| Public quotes / routes (on-chain observation) | Token-aggregation API / explorer report API per [TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md](../04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md) | + +### 14.4 DID and institutional identity solutions (use together, not interchangeably) + +| Solution | Purpose | Canonical runbook / path | +|----------|---------|---------------------------| +| **W3C DID + `did:` methods** | Stable decentralized identifier for parties, keys, and metadata | Settlement event: **`holder_did`**; long-lived registry row: **`primary_holder_did`** on `address-registry-entry`; align with LEI in **`entity_id`** (section 13). | +| **Hyperledger Indy + ACA-Py (Aries)** | Permissioned trust layer; NYM, schema, cred def, **AnonCreds** | [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md) (Option A vs B), [DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md), [DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md](DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md) | +| **Production DID package** | Operator artifacts for public DID / endorser | `config/production/dbis-identity-public-did-package.json` (and `.example`), `reports/identity-completion/` | +| **Member / staff SSO (OIDC)** | Authenticated portals, not on-chain settlement by itself | [DBIS_MEMBERS_PORTAL_RUNBOOK.md](DBIS_MEMBERS_PORTAL_RUNBOOK.md), Keycloak flows in [AGENTS.md](../../AGENTS.md) (portal/admin) | +| **identity.d-bis.org** | Trust anchor **reads** and DID registry documentation | [DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](../02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md) | +| **Complete Credential / eIDAS** | EU connector program (often **sibling** repos); SAML / institutional identity | [COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](../11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md), `config/public-sector-program-manifest.json` | +| **FireFly** | Workflow and multiparty orchestration (when used in slice) | [DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md) FireFly rows | + +**Recommended default (per identity stack decision doc):** **Option A** — first production RTGS slice may **omit** mandatory VC verification on the settlement hot path; **Option B** requires AnonCreds issuer/verifier in the business flow. Either way, populate **`identity_verification_ref`** when any DID/VC/OIDC/eIDAS step gates or attests the payment. + +### 14.5 Compliance and HYBX sidecars + +| Layer | Document | +|-------|-----------| +| HYBX sidecar boundaries vs Fineract | [DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md) | +| Compliance routing sidecar (design) | [hybx_compliance_routing_sidecar_technical_plan.md](../../hybx_compliance_routing_sidecar_technical_plan.md) | +| Compliance engine alignment | [DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md](DBIS_COMPLIANCE_ENGINE_ALIGNMENT.md) | + +### 14.6 Implementation checklist (fiat / FX / ISO / DID / chain) + +Use this as a **gate** when claiming a jurisdiction or anchor is “fully integrated.” + +| Step | Gate | +|------|------| +| 1 | **IDs:** `entity_id` (LEI), `jurisdiction`, `omnl_office_id`, `dbis_participant_id`, and `vault_root_address` rows exist and match between systems (section 3). | +| 2 | **OMNL / IPSAS:** Journals and GL map to the message or settlement event; `correlation_id` stored in narrative or sidecar (sections 4, 6). | +| 3 | **RTGS / ISO off-chain:** pain/pacs/camt flow matches [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md); `rtgs_message_ids` populated on the settlement event. | +| 4 | **ISO → canonical → chain:** Parser and mapping per [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](../04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md); `iso_payload_hash` (and Rail `rail_iso_hash` if using DBIS Rail) on the settlement event; intake/router **or** SettlementRouter path tested on Chain 138 (section 14.2). | +| 5 | **FX / liquidity:** Nostro/vostro and FX postings aligned with [DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md) where cross-currency. | +| 6 | **DID / identity (if in scope):** Option A vs B per [DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md); `holder_did` / `identity_verification_ref` and registry `primary_holder_did` when VC/OIDC attests the payment (sections 13–14, `address-registry-entry` schema). | +| 7 | **Explorer / audit:** Blockscout labels synced from registry where required; chain tx hash on settlement event; evidence package where regulators expect ISO archive + hashes (E2E matrix, Indonesia evidence standard). | + +--- + +**Document status:** Active specification for integration build-out; implementation gaps tracked in the RTGS catalog and E2E matrix. diff --git a/docs/03-deployment/OPERATIONAL_RUNBOOKS.md b/docs/03-deployment/OPERATIONAL_RUNBOOKS.md index 3ab9da3..38b60d5 100644 --- a/docs/03-deployment/OPERATIONAL_RUNBOOKS.md +++ b/docs/03-deployment/OPERATIONAL_RUNBOOKS.md @@ -2,7 +2,7 @@ **Navigation:** [Home](../01-getting-started/README.md) > [Deployment](README.md) > Operational Runbooks -**Last Updated:** 2026-03-26 +**Last Updated:** 2026-03-30 **Document Version:** 1.3 **Status:** Active Documentation @@ -14,6 +14,8 @@ This document provides a master index of all operational runbooks and procedures **Proxmox VE hosts, peering, FQDN/NPMplus summary, deployment gates (human + JSON):** [PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md). +**DBIS institutional (HYBX OMNL, DBIS Core, Chain 138 Smart Vaults, external RTGS, identifiers, Blockscout labels):** [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md), [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) (Chain 138 as SWIFT-replacement identifiers), [`config/dbis-institutional/README.md`](../../config/dbis-institutional/README.md), [DBIS_RTGS_FX_TRANSACTION_CATALOG.md](DBIS_RTGS_FX_TRANSACTION_CATALOG.md), `scripts/verify/sync-blockscout-address-labels-from-registry.sh`. + --- ## Quick Reference diff --git a/docs/03-deployment/PRE_DEPLOYMENT_CHECKLIST.md b/docs/03-deployment/PRE_DEPLOYMENT_CHECKLIST.md index e3926af..07e56f1 100644 --- a/docs/03-deployment/PRE_DEPLOYMENT_CHECKLIST.md +++ b/docs/03-deployment/PRE_DEPLOYMENT_CHECKLIST.md @@ -160,7 +160,7 @@ After any new deployment: ./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL] ``` -Target: all expected addresses (e.g. 59/59 per check-contracts-on-chain-138.sh when TransactionMirror, DODO pools, vault/reserve, and CompliantFiatTokens are present). Update [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md](REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md) and [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) with new pool and provider addresses. +Target: all expected addresses (e.g. **64/64** per check-contracts-on-chain-138.sh when TransactionMirror, DODO pools, vault/reserve, CompliantFiatTokens, and ISO20022Router are present). Update [REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md](REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md) and [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) with new pool and provider addresses. --- diff --git a/docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md b/docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md index a0751ad..10ade71 100644 --- a/docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md +++ b/docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md @@ -92,7 +92,7 @@ Use the full table in **ALL_VMIDS_ENDPOINTS** (“NPMplus Endpoint Configuration | 10080 | order-eresidency | 192.168.11.43 | eResidency | | 10090 | order-portal-public | 192.168.11.36 | Public portal | | 10091 | order-portal-internal | 192.168.11.35 | Internal portal | -| 10092 | order-mcp-legal | 192.168.11.37 | MCP legal | +| 10092 | order-mcp-legal | 192.168.11.94 | MCP legal — moved off `.37` 2026-03-29 to avoid MIM4U conflict (`IP_ORDER_MCP_LEGAL`) | | 10200 | order-prometheus | 192.168.11.46 | Metrics | | 10201 | order-grafana | 192.168.11.47 | Dashboards | | 10202 | order-opensearch | 192.168.11.48 | Search | diff --git a/docs/03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md b/docs/03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md index a188ea4..8225e80 100644 --- a/docs/03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md +++ b/docs/03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md @@ -40,7 +40,7 @@ This checklist tracks **proxmox-repo automation** and **sibling repos** (`../com | RPC `192.168.11.221:8545` / `192.168.11.211:8545` | HTTP 201 | | SSH `root@192.168.11.10` / `.11` | OK (BatchMode) | | `./scripts/run-completable-tasks-from-anywhere.sh` | Exit 0 | -| `./scripts/verify/check-contracts-on-chain-138.sh` | 59/59 present | +| `./scripts/verify/check-contracts-on-chain-138.sh` | **64/64** present | | `E2E_ACCEPT_502_INTERNAL=1 ./scripts/verify/verify-end-to-end-routing.sh` | 37 domains, 0 failed; report under `docs/04-configuration/verification-evidence/e2e-verification-20260325_165153/` | | `https://phoenix.sankofa.nexus/`, `https://sankofa.nexus/` | HTTP 200 | | `http://192.168.11.50:4000/health`, `:51:3000`, `:52:8080/health/ready` | No HTTP response from operator host (hosts ping; services may be down, firewalled, or not bound) — **re-check on Proxmox / in-container** | diff --git a/docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md b/docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md index 689947a..9dddfea 100644 --- a/docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md +++ b/docs/03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md @@ -46,11 +46,11 @@ | Area | Status | |------|--------| -| Chain 138 core + PMM | 59/59 contracts (check-contracts-on-chain-138.sh); DODOPMMIntegration + 3 pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) created; DODOPMMProvider deployed. | +| Chain 138 core + PMM | **64/64** contracts (check-contracts-on-chain-138.sh; includes ISO20022Router); DODOPMMIntegration + 3 pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC) created; DODOPMMProvider deployed. | | Chain 138 liquidity | **Re-verify required** — prior run reported cUSDT/cUSDC liquidity add; this checklist previously showed zero liquidity. Treat liquidity state as unknown until reconfirmed on-chain. | | CCIP 138 → 1, 56, 137, 10, 42161, 43114, 8453, 100, 25, **42220 (Celo)** | Configured (B/SBS). Celo CCIP bridges deployed 2026-03-04; Gnosis, Cronos config-ready; Wemix (1111) **Tabled** (no ETH/BNB/POLY→WEMIX route; see [WEMIX_ACQUISITION_TABLED.md](WEMIX_ACQUISITION_TABLED.md)). | | Alltra 138 ↔ 651940 | ALT path live. | -| cW* on public chains | Addresses in .env / design; **deployment-status.json empty** — no cW* pool addresses. | +| cW* on public chains | cW* token addresses and bridge availability are recorded in `deployment-status.json` on active chains; PMM pool arrays are still empty, so broader public-chain routing remains partial. | | LINK for CCIP | Fund bridges per lane so cross-chain messages execute. | --- diff --git a/docs/03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md b/docs/03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md index 59f3497..316db7b 100644 --- a/docs/03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md +++ b/docs/03-deployment/REQUIRED_FIXES_AND_DEPLOYMENTS_STATUS.md @@ -21,7 +21,7 @@ ## On-chain verification (Chain 138) **Last run (2026-03-01):** `./scripts/verify/check-contracts-on-chain-138.sh` (use Core RPC URL or run from LAN). -**Result:** **59 present, 0 missing** (59 addresses per check-contracts-on-chain-138.sh; list expanded 2026-03-06). TransactionMirror: `0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc`. Current canonical DODO cUSDT/cUSDC pool: `0xff8d3b8fDF7B112759F076B69f4271D4209C0849`. **DeployCompliantFiatTokens** was run 2026-02-27 (10 tokens: cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT); see [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md). +**Result:** **64 present, 0 missing** (64 addresses per check-contracts-on-chain-138.sh; includes ISO20022Router; live verify 2026-03-30). TransactionMirror: `0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc`. Current canonical DODO cUSDT/cUSDC pool: `0xff8d3b8fDF7B112759F076B69f4271D4209C0849`. **DeployCompliantFiatTokens** was run 2026-02-27 (10 tokens: cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT); see [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md). Evidence: [LIVE_VERIFICATION_LOG_2026-03-30.md](../00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md). --- @@ -41,4 +41,4 @@ 1. Optional: `./scripts/clear-all-transaction-pools.sh` then wait 60s if nonce stuck. 2. `./scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh` (Core RPC only; checks nonce, RPC, gas; deploys mirror then pool). 3. Set `TRANSACTION_MIRROR_ADDRESS` in `smom-dbis-138/.env` to the logged address. -4. `./scripts/verify/check-contracts-on-chain-138.sh` (pass Core RPC URL or use RPC_URL_138) — target 59 present when both confirmed (run check-contracts-on-chain-138.sh). +4. `./scripts/verify/check-contracts-on-chain-138.sh` (pass Core RPC URL or use RPC_URL_138) — target **61** present per current script list (run check-contracts-on-chain-138.sh). diff --git a/docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md b/docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md new file mode 100644 index 0000000..831a3c4 --- /dev/null +++ b/docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md @@ -0,0 +1,74 @@ +# Sankofa marketplace surfaces (disambiguation) + +**Last updated:** 2026-03-30 +**Purpose:** One place to distinguish the three different “marketplace” experiences in this program, how **native** vs **partner** offerings fit together, and canonical links for operators. + +--- + +## Marketplace methodology: native vs partner offerings + +Sankofa Marketplace is a **single discovery and commercial lens** that can expose **many** offer types. Two classes matter for architecture and documentation: + +| Class | Meaning | Examples | +|--------|---------|----------| +| **Native** | First-party **platform and infrastructure** primitives and standard cloud-style services you operate directly. | VMs, IP addresses, app hosting, core compute/network/storage patterns, managed building blocks that are not a third-party ISV SKU. | +| **Partner** | **Third-party / ISV** products listed under your marketplace brand: separate lifecycle, agreements, entitlements, and often a distinct support model. | **SolaceNet** (IRU product family from **Solace Bank Group PLC** in the Phoenix UI copy), plus other `IruOffering` rows seeded or onboarded as partner solutions (e.g. Vault, AS4 settlement, private banking SKUs in `dbis_core/scripts/seed-*-marketplace-offering.ts`). | + +**In this repo today** + +- **Partner-style** catalog entries for IRU are modeled in **`dbis_core`** (`IruOffering`, `/api/v1/iru/marketplace/*`, `/marketplace/*` React routes). +- **Native** services are primarily **operational reality** in Proxmox / VLAN / VMID / NPM documentation (e.g. `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md`, `config/proxmox-operational-template.json`). They are not automatically the same persistence layer as `IruOffering` unless you explicitly unify catalog UX and provisioning APIs. + +**Analogy:** Similar to hyperscaler marketplaces: **VMs and IPs** are **native**; **SolaceNet** is a **partner** offer in the same storefront metaphor. + +--- + +## 1. IRU service catalog (Phoenix / `dbis_core`) + +| Item | Typical value | +|------|----------------| +| **What** | Institutional IRU **partner** offerings (and related SKUs), inquiries, pricing API (`/api/v1/iru/marketplace/*`) and React routes under `/marketplace/*`. | +| **Public UI (typical)** | `https://phoenix.sankofa.nexus/marketplace` (same origin as Phoenix API deployment). | +| **Code** | `dbis_core/` — public routes: `iru-marketplace-public.routes.ts`; full router (admin): `iru-marketplace.routes.ts`; `marketplace.service.ts`; `frontend/src/pages/marketplace/`. | +| **Docs** | `dbis_core/docs/IRU_QUICK_START.md`, `dbis_core/docs/IRU_IMPLEMENTATION_STATUS.md`. | + +**Security / abuse (2026-03-29+):** + +- Public inquiry status returns **pipeline-only** fields (no org name, qualification, risk, internal notes). +- **Rate limits:** `POST .../inquiries` (default 10 / 15 min per IP), `GET .../inquiries/:id` and `GET .../offerings/:id/pricing` (default 200 / min per IP). Tunable via env — see `dbis_core/.env.example`. +- Behind **Nginx Proxy Manager** or another proxy, set **`TRUST_PROXY=1`** on the API process so limits use the real client IP (`dbis_core` `app.ts`). +- **Cloudflare Turnstile (Captcha):** Not the same credentials as **`CLOUDFLARE_API_KEY`** / DNS. Create a Turnstile widget in the Cloudflare dashboard; set **`CLOUDFLARE_TURNSTILE_SECRET_KEY`** (or `TURNSTILE_SECRET_KEY`) on the **API** process and **`VITE_CLOUDFLARE_TURNSTILE_SITE_KEY`** on the **frontend** build. If you use a merged operator env file (e.g. **xotenv**), export those names into the correct processes. When the secret is set, `POST .../inquiries` requires **`cfTurnstileResponse`**. Use **`IRU_MARKETPLACE_TURNSTILE_DISABLED=1`** only for local dev. + +--- + +## 2. Client portal (SSO) + +| Item | Typical value | +|------|----------------| +| **What** | SSO client workspace: entitled Phoenix services and **subscription / account** style flows. | +| **URL** | `https://portal.sankofa.nexus` (NextAuth + Keycloak; see `EXPECTED_WEB_CONTENT.md`). | +| **Ops** | `scripts/deployment/sync-sankofa-portal-7801.sh`, `enable-sankofa-portal-login-7801.sh`. | +| **Source** | Sibling repo `Sankofa/portal` (see `SANKOFA_PORTAL_SRC` in sync script). | + +**Cloudflare Turnstile (optional):** When **`NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY`** is set in the portal build (`.env.local` / CI), unauthenticated **Sign In** on the home and **Partner** views uses the same widget pattern as `dbis_core` (public site key only on the browser). This gates the OIDC redirect behind a human check; it does **not** replace Keycloak security. Pair with the same Turnstile **site** in Cloudflare as the IRU marketplace widget if you want one widget for both surfaces. + +This is **not** the same binary as the `dbis_core` React marketplace unless you explicitly integrate or embed it. + +--- + +## 3. Sankofa Studio “marketplace” landing (FusionAI) + +| Item | Typical value | +|------|----------------| +| **What** | White-label creative SaaS; **Phoenix Marketplace** marketing/landing path on the Studio stack. | +| **URL** | `https://studio.sankofa.nexus/marketplace/landing.html` (and `/studio/` for the product UI). | +| **Ops** | `docs/03-deployment/SANKOFA_STUDIO_DEPLOYMENT.md` (VMID 7805). | + +Do **not** confuse this with the IRU JSON/API catalog in section 1. + +--- + +## Related architecture + +- Service catalog vs “marketplace” wording (public sector), including procurement-friendly terminology: `docs/02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md` (subsection **Sankofa Marketplace: native vs partner**) +- FQDN intent table: `docs/02-architecture/EXPECTED_WEB_CONTENT.md` diff --git a/docs/03-deployment/UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md b/docs/03-deployment/UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md index 0cab193..6e614cf 100644 --- a/docs/03-deployment/UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md +++ b/docs/03-deployment/UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md @@ -87,7 +87,7 @@ This checklist covers: **testing** anything not yet deployed, **checking deploye - [ ] **4.3** **TransactionMirror (Chain 138):** Deploy with `forge script script/DeployTransactionMirror.s.sol:DeployTransactionMirror --rpc-url $RPC_URL_138 --broadcast --private-key $PRIVATE_KEY --with-gas-price 1000000000`. If you see "Known transaction", the tx may be pending or already mined; check code at the logged address. Then test mirror receive path. - [ ] **4.4** **EnhancedSwapRouter:** Not deployed. When Uniswap/Balancer pools exist on 138, run deploy script with `--dry-run` and test quote path. - [ ] **4.5** **cW* tokens and PMM pools on public chains (1, 56, 137, etc.):** No addresses in deployment-status. No deployment from this repo yet. When you have a deployment path (bridge + factory or DODO), run gas estimate and dry-run per chain. -- [x] **4.6** **On-chain verification (59 addresses; check-contracts-on-chain-138.sh):** After any new deployment, run: +- [x] **4.6** **On-chain verification (64 addresses; check-contracts-on-chain-138.sh):** After any new deployment, run: ```bash ./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL] ``` diff --git a/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md b/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md index 59a0135..82a6c39 100644 --- a/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md +++ b/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md @@ -1,6 +1,6 @@ # Complete VMID and Endpoints Reference -**Last Updated:** 2026-03-29 +**Last Updated:** 2026-03-30 **Document Version:** 1.2 **Status:** Active Documentation — **Master (source of truth)** for VMID, IP, port, and domain mapping. See [MASTER_DOCUMENTATION_INDEX.md](../00-meta/MASTER_DOCUMENTATION_INDEX.md). @@ -28,16 +28,20 @@ ## Infrastructure Services -### Proxmox Infrastructure (r630-02) +### Proxmox Infrastructure (r630-01) + +**Host note (verified 2026-03-30):** CTs **100–105** run on **r630-01** (`192.168.11.11`), not r630-02. Older notes may say r630-02; use `pct list` on each node to confirm if you move guests. | VMID | IP Address | Hostname | Status | Endpoints | Purpose | |------|------------|----------|--------|-----------|---------| -| 100 | 192.168.11.32 | proxmox-mail-gateway | ✅ Running | SMTP: 25, 587, 465 | Email gateway | +| 100 | 192.168.11.32 | proxmox-mail-gateway | ✅ Running | SMTP: 25, 587, 465 | **Proxmox Mail Proxy** / email gateway (LAN SMTP relay); **587/465 enabled** on Postfix (`master.cf` append 2026-03-30) | | 101 | 192.168.11.33 | proxmox-datacenter-manager | ✅ Running | Web: 8006 | Datacenter management | | 103 | 192.168.11.30 | omada | ✅ Running | Web: 8043 | Omada controller | | 104 | 192.168.11.31 | gitea | ✅ Running | Web: 80, 443 | Git repository | | 105 | 192.168.11.26 | nginxproxymanager | ✅ Running | Web: 80, 81, 443 | Nginx Proxy Manager (legacy) | -| 130 | 192.168.11.27 | monitoring-1 | ✅ Running | Web: 80, 443 | Monitoring services | +| 130 | 192.168.11.27 | monitoring-1 | ✅ Running | Web: 80, 443 | Monitoring services — **Proxmox node not re-verified 2026-03-30** (confirm with `pct list` if needed). | + +**Proxmox Mail Proxy (VMID 100):** On Proxmox VE this CT is the **mail proxy / gateway** for the lab (`proxmox-mail-gateway`, `192.168.11.32`). **Postfix listens on 25, 587 (STARTTLS, `smtpd_tls_security_level=may`), and 465 (SMTPS wrapper)** for `192.168.11.0/24` without SMTP AUTH; the server cert is **self-signed** (`CN=proxmox-mail-gateway`, `/etc/pmg/pmg-api.pem`). Apps should set **`SMTP_TLS_REJECT_UNAUTHORIZED=false`** on LAN (see `dbis_core/.env.example`) or install a trust anchor. Plain **25** remains available for trusted networks. Public SaaS (SES, SendGrid) is optional if you prefer not to relay internally. ### NPMplus (r630-01 / r630-02) @@ -234,15 +238,29 @@ The following VMIDs have been permanently removed: | 10100 | 192.168.11.105 | dbis-postgres-primary | ✅ Running | PostgreSQL: 5432 | Primary database | | 10101 | 192.168.11.106 | dbis-postgres-replica-1 | ✅ Running | PostgreSQL: 5432 | Database replica | | 10120 | 192.168.11.125 | dbis-redis | ✅ Running | Redis: 6379 | Cache layer | -| 10130 | 192.168.11.130 | dbis-frontend | ✅ Running | Web: 80, 443 | Frontend admin console | -| 10150 | 192.168.11.155 | dbis-api-primary | ✅ Running | API: 3000 | Primary API server | -| 10151 | 192.168.11.156 | dbis-api-secondary | ✅ Running | API: 3000 | Secondary API server | +| 10130 | 192.168.11.130 | dbis-frontend | ✅ Running | Web: 80, 443 | Admin + secure **web** shell (see canonical hostnames below) | +| 10150 | 192.168.11.155 | dbis-api-primary | ✅ Running | TCP **3000** | **Placeholder:** `python3 -m http.server 3000` (not dbis_core Node API). **Host:** r630-01. **SMTP template:** `/tmp/smtp.env.example` (via `pct push` / operator; copy into `/opt/dbis-core/.env` when the real API is deployed). | +| 10151 | 192.168.11.156 | dbis-api-secondary | ✅ Running | TCP **3000** | Same as 10150 (placeholder static server). | -**Public Domains**: -- `dbis-admin.d-bis.org` → Routes to VMID 10130:80 -- `secure.d-bis.org` → Routes to VMID 10130:80 -- `dbis-api.d-bis.org` → Routes to VMID 10150:3000 -- `dbis-api-2.d-bis.org` → Routes to VMID 10151:3000 +**Canonical public hostnames (operator intent)** + +| Hostname | Role | Typical NPM upstream (today) | +|----------|------|------------------------------| +| **d-bis.org** | Public institutional web | TBD — Gov Portals **DBIS** Next app or static export when cut over | +| **admin.d-bis.org** | Admin console | VMID **10130** `:80` | +| **secure.d-bis.org** | Member secure portal | VMID **10130** `:80` (path-based routing; see below) | +| **core.d-bis.org** | **DBIS Core** banking — **client** portal (`dbis_core`) | **TBD** — wire when UI/API for core banking clients is exposed (often **10150**/10151 or dedicated LXC) | + +**Legacy:** `dbis-admin.d-bis.org` → same upstream as **admin.d-bis.org** if still in DNS. + +**Public Domains (inventory)**: +- `admin.d-bis.org` → VMID 10130:80 (canonical admin) +- `dbis-admin.d-bis.org` → VMID 10130:80 (legacy alias, if configured) +- `secure.d-bis.org` → VMID 10130:80 +- `dbis-api.d-bis.org` → NPM target VMID 10150:3000 (**currently static placeholder**, not production API) +- `dbis-api-2.d-bis.org` → NPM target VMID 10151:3000 (**placeholder**) + +**No other LAN host** in this inventory currently exposes the compiled **dbis_core** integration API; `192.168.11.150` / `.151` from older deployment notes were **unreachable** from the operator LAN (2026-03-30). Deploy Node + systemd on 10150/10151 (or update NPM to a new upstream) when the API is ready. --- @@ -312,7 +330,7 @@ The following VMIDs have been permanently removed: | 10080 | 192.168.11.43 | order-eresidency | ✅ Running | API | eResidency | | 10090 | 192.168.11.36 | order-portal-public | ✅ Running | Web | Public portal | | 10091 | 192.168.11.35 | order-portal-internal | ✅ Running | Web | Internal portal | -| 10092 | 192.168.11.37 | order-mcp-legal | ✅ Running | API | MCP legal | +| 10092 | 192.168.11.94 | order-mcp-legal | ✅ Running | API | MCP legal — moved off `.37` on 2026-03-29 to avoid MIM4U ARP conflict | | 10200 | 192.168.11.46 | order-prometheus | ✅ Running | 9090 | Metrics (`IP_ORDER_PROMETHEUS`; not Order Redis) | | 10201 | 192.168.11.47 | order-grafana | ✅ Running | 3000 | Dashboards | | 10202 | 192.168.11.48 | order-opensearch | ✅ Running | 9200 | Search | @@ -320,6 +338,8 @@ The following VMIDs have been permanently removed: **Gov portals vs Order:** VMID **7804** alone uses **192.168.11.54** (`IP_GOV_PORTALS_DEV`). Order-legal must not use .54. +**MIM4U vs order-mcp-legal:** VMID **7810** alone uses **192.168.11.37** (`IP_MIM_WEB`). VMID **10092** now uses **192.168.11.94** (`IP_ORDER_MCP_LEGAL`) after the 2026-03-29 ARP conflict fix. + --- ### Phoenix Vault Cluster (8640-8642) @@ -528,9 +548,13 @@ This section lists all endpoints that should be configured in NPMplus, extracted | **Explorer** | | `explorer.d-bis.org` | `192.168.11.140` | `http` | `4000` | ❌ No | Blockchain Explorer (VMID 5000 - Direct Route) | | **DBIS Services** | -| `dbis-admin.d-bis.org` | `192.168.11.130` | `http` | `80` | ❌ No | DBIS Admin Frontend (VMID 10130) | -| `dbis-api.d-bis.org` | `192.168.11.155` | `http` | `3000` | ❌ No | DBIS API Primary (VMID 10150) | -| `dbis-api-2.d-bis.org` | `192.168.11.156` | `http` | `3000` | ❌ No | DBIS API Secondary (VMID 10151) | +| `d-bis.org` | `192.168.11.54` | `http` | `3001` | ❌ No | Public apex — Gov Portals DBIS on **7804** (override `IP_DBIS_PUBLIC_APEX` / `DBIS_PUBLIC_APEX_PORT`) | +| `www.d-bis.org` | `192.168.11.54` | `http` | `3001` | ❌ No | Same upstream as apex; NPM **301** → `https://d-bis.org` when `advanced_config` set by fleet script | +| `admin.d-bis.org` | `192.168.11.130` | `http` | `80` | ❌ No | DBIS **admin** console (VMID 10130); canonical | +| `dbis-admin.d-bis.org` | `192.168.11.130` | `http` | `80` | ❌ No | Legacy alias — same upstream as **admin.d-bis.org** | +| `core.d-bis.org` | `192.168.11.155` | `http` | `3000` | ❌ No | **DBIS Core** client portal — default **10150** until `IP_DBIS_CORE_CLIENT` / `DBIS_CORE_CLIENT_PORT` repointed | +| `dbis-api.d-bis.org` | `192.168.11.155` | `http` | `3000` | ❌ No | VMID 10150 — **placeholder** static server until Node API deployed | +| `dbis-api-2.d-bis.org` | `192.168.11.156` | `http` | `3000` | ❌ No | VMID 10151 — **placeholder** | | `secure.d-bis.org` | `192.168.11.130` | `http` | `80` | ❌ No | DBIS Secure Portal (VMID 10130) - Path-based routing | | **MIM4U Services** | | `mim4u.org` | `192.168.11.37` | `http` | `80` | ❌ No | MIM4U Main Site (VMID 7810 mim-web-1) | @@ -554,8 +578,8 @@ Some domains use path-based routing in NPM configs: **`secure.d-bis.org`**: - `/admin` → `http://192.168.11.130:80` (DBIS Frontend) -- `/api` → `http://192.168.11.155:3000` (DBIS API) -- `/graph` → `http://192.168.11.155:3000` (DBIS GraphQL) +- `/api` → `http://192.168.11.155:3000` (intended DBIS API — **upstream is placeholder** until 10150 runs dbis_core) +- `/graph` → `http://192.168.11.155:3000` (same) - `/` → `http://192.168.11.130:80` (DBIS Frontend) **`sankofa.nexus`** (intent): corporate marketing at **`IP_SANKOFA_PUBLIC_WEB`**; **`portal.sankofa.nexus`** serves the authenticated portal at **`IP_SANKOFA_CLIENT_SSO`**. Legacy path-based splits (if any) should be reconciled with [EXPECTED_WEB_CONTENT.md](../02-architecture/EXPECTED_WEB_CONTENT.md). diff --git a/docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md b/docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md index f0ff1e1..0971f68 100644 --- a/docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md +++ b/docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md @@ -11,16 +11,25 @@ Run the verification script (from repo root, with Chain 138 RPC reachable): ```bash -./scripts/verify/check-chain138-token-permit-support.sh [RPC_URL] +./scripts/verify/check-chain138-token-permit-support.sh [RPC_URL] [--token SYMBOL=ADDRESS]... # Optional: --dry-run to print RPC and token addresses only ``` -**Last run:** Script confirms the following for deployed contracts on Chain 138. +For the full operational + token readiness picture, use: + +```bash +./scripts/verify/check-chain138-x402-readiness.sh [CORE_RPC] [PUBLIC_RPC] [EXPLORER_STATS] [--token SYMBOL=ADDRESS]... +# Optional: --strict to exit non-zero until Chain 138 is fully x402-ready +``` + +**Last run:** March 31, 2026. Script confirms the following for deployed contracts on Chain 138. | Token | Address | ERC-2612 (permit) | ERC-3009 (transferWithAuthorization) | x402-compatible | |-------|---------|-------------------|--------------------------------------|-----------------| | cUSDT | `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | Not supported | Not supported | No | | cUSDC | `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | Not supported | Not supported | No | +| cUSDT V2 | `0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29` | Supported | Supported | Yes | +| cUSDC V2 | `0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99` | Supported | Supported | Yes | WETH and WETH10 on Chain 138 (see [CHAIN138_TOKEN_ADDRESSES.md](../11-references/CHAIN138_TOKEN_ADDRESSES.md)) are standard approve/transferFrom implementations and do not expose permit or ERC-3009 in the repo; they are not x402-compatible in their current form. @@ -29,10 +38,12 @@ WETH and WETH10 on Chain 138 (see [CHAIN138_TOKEN_ADDRESSES.md](../11-references ## Implications - **thirdweb x402** requires the payment token to support either **ERC-2612 permit** or **ERC-3009** (e.g. sign + `transferWithAuthorization` / `receiveWithAuthorization`). See [Chain and token support](https://portal.thirdweb.com/x402#chain-and-token-support). -- **Current state:** No deployed Chain 138 token in the canonical list (cUSDT, cUSDC, WETH, WETH10, LINK) is x402-compatible until one of them implements permit or ERC-3009. +- **Current state:** Chain 138 is now x402-ready through the staged V2 compliant USD tokens. +- **Standards target:** this x402 capability is the repo-wide target profile for future `c* V2` currencies as captured in [GRU_STANDARDS_PROFILE.md](GRU_STANDARDS_PROFILE.md) and [`config/gru-standards-profile.json`](../../config/gru-standards-profile.json). The broader standards profile applies to all GRU manifest currencies, even where deployment is still staged. +- **Important coexistence note:** V1 `cUSDT` and `cUSDC` still back the live PMM/pool/liquidity routes, while `cUSDT V2` and `cUSDC V2` are the permit/auth-capable contracts for x402 and the next transport cutover. - **Options:** - 1. **Use another chain for x402 testing:** e.g. Arbitrum Sepolia with USDC (default in thirdweb x402). The x402 API sketch can be built and tested there, then switched to Chain 138 once a token supports permit. - 2. **Add ERC-2612 to compliant tokens:** Implement and deploy new CompliantUSDT/CompliantUSDC contracts that extend OpenZeppelin `ERC20Permit` (see plan: Part 1.2 Option B). This implies new contract addresses and updates to [CHAIN138_TOKEN_ADDRESSES.md](../11-references/CHAIN138_TOKEN_ADDRESSES.md) and env/config. + 1. **Use V2 contracts for x402 immediately:** point x402 pricing to `cUSDT V2` or `cUSDC V2`. + 2. **Complete the liquidity/transport cutover:** migrate GRU transport, registry aliases, and cW pool mappings from V1 to V2 before making V2 the primary explorer/liquidity surface. --- @@ -40,5 +51,6 @@ WETH and WETH10 on Chain 138 (see [CHAIN138_TOKEN_ADDRESSES.md](../11-references After a token on Chain 138 supports ERC-2612 or ERC-3009: -1. Re-run `./scripts/verify/check-chain138-token-permit-support.sh` and update this doc. -2. In the x402 API, use `network: chain138` (custom chain definition) and set `price` to the token object, e.g. `price: { amount: "", asset: { address: "", decimals: 6 } }` for cUSDC/cUSDT. +1. Re-run `./scripts/verify/check-chain138-token-permit-support.sh --token SYMBOL=ADDRESS` for the active V2 inventory and update this doc. +2. In the x402 API, use `network: chain138` (custom chain definition) and set `price` to the V2 token object, e.g. `price: { amount: "", asset: { address: "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99", decimals: 6 } }` for `cUSDC V2`. +3. Keep V1/V2 symbol resolution explicit in transport and explorer integrations until the canonical cutover is complete. diff --git a/docs/04-configuration/C_TO_CW_MAPPER_MAPPING.md b/docs/04-configuration/C_TO_CW_MAPPER_MAPPING.md index 5b55494..489a457 100644 --- a/docs/04-configuration/C_TO_CW_MAPPER_MAPPING.md +++ b/docs/04-configuration/C_TO_CW_MAPPER_MAPPING.md @@ -7,6 +7,9 @@ - **Config:** [`config/token-mapping-multichain.json`](../../config/token-mapping-multichain.json) - **`cToCwSymbolMapping`** — Symbol correspondence: each c* symbol maps to its cW* symbol (e.g. `cUSDT` → `cWUSDT`). - **Per-pair tokens** — For each `fromChainId: 138` → `toChainId: ` pair, tokens with key `Compliant_*_cW` define: **addressFrom** = c* contract on 138, **addressTo** = cW* contract on the destination chain (or `0x0` placeholder until deployed). +- **Active overlay:** [`config/gru-transport-active.json`](../../config/gru-transport-active.json) + - Final activation gate for which c* → cW* mappings are live for routing, public exposure, and MCP visibility. + - A mapping can exist in `token-mapping-multichain.json` without being active in GRU Transport. ## Symbol mapping (c* → cW*) @@ -42,6 +45,7 @@ In `token-mapping-multichain.json`, entries with key suffix `_cW` use `addressTo - **Mapper / bridge:** When resolving "cUSDT on 138 → token on chain 56", use: - **Native representation:** key `Compliant_USDT` → `addressTo` = that chain’s native USDT (e.g. BSC USDT). - **Wrapped representation:** key `Compliant_USDT_cW` → `addressTo` = that chain’s cWUSDT. If `addressTo` is zero, treat as "cW* not deployed" and optionally fall back to native or reject. + - **Activation gate:** even when a `_cW` mapping exists and `addressTo` is non-zero, treat it as routable only when the corresponding pair is active in `gru-transport-active.json`. - **Loading:** [`config/token-mapping-loader.cjs`](../../config/token-mapping-loader.cjs) builds `addressMapFromTo` / `addressMapToFrom` from `tokens`. Keys `*_cW` are first-class; filter by key suffix or use `cToCwSymbolMapping` for symbol-level logic. diff --git a/docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md b/docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md new file mode 100644 index 0000000..8038ca0 --- /dev/null +++ b/docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md @@ -0,0 +1,61 @@ +# DBIS institutional subdomains — inventory vs E2E + +**Purpose:** Track planned `d-bis.org` portal hosts against [E2E_ENDPOINTS_LIST.md](./E2E_ENDPOINTS_LIST.md) and [verify-end-to-end-routing.sh](../../scripts/verify/verify-end-to-end-routing.sh). + +## Canonical DBIS web surfaces (operator intent) + +| URL | Role | +|-----|------| +| **https://d-bis.org** | **Public** web presence — sovereign / institutional portal (e.g. Gov Portals `DBIS` Next app behind NPM). | +| **https://admin.d-bis.org** | **Admin** console — DBIS operations staff. | +| **https://secure.d-bis.org** | **Member** secure portal — authenticated institution users. | +| **https://core.d-bis.org** | **DBIS Core** banking application — **client** portal for users of the core banking stack (`dbis_core` repo); NPM upstream when provisioned (often alongside API tier). | + +**Legacy:** `https://dbis-admin.d-bis.org` may remain in DNS as an alias for the same upstream as `admin.d-bis.org` until names are consolidated. + +## Already in E2E inventory + +| Host | Type | Notes | +|------|------|--------| +| explorer.d-bis.org | web | Blockscout | +| docs.d-bis.org | web | Docs | +| gitea.d-bis.org | web | Source | +| dbis-api.d-bis.org | api | Core API | +| dbis-api-2.d-bis.org | api | Secondary | +| secure.d-bis.org | web | Member secure portal | +| admin.d-bis.org | web | Admin console (canonical) | +| dbis-admin.d-bis.org | web | Legacy admin hostname (optional alias) | +| core.d-bis.org | web | DBIS Core client portal (TBD upstream) | +| mifos.d-bis.org | web | Fineract | +| dapp.d-bis.org | web | DApp | +| dev.d-bis.org, codespaces.d-bis.org | web | Dev VM | +| RPC / Cacti / Alltra / HYBX | various | As listed in E2E | + +## Added to verifier (optional-when-fail until DNS + upstream live) + +| Host | Type | Intended upstream | +|------|------|-------------------| +| d-bis.org | web | Public portal (NPM → Next static/server) — same intent as canonical **d-bis.org** row above | +| www.d-bis.org | web | 301/308 → d-bis.org (if used) | +| members.d-bis.org | web | Member BFF + OIDC | +| developers.d-bis.org | web | Developer portal | +| data.d-bis.org | api | Data API service | +| research.d-bis.org | web | Research publications | +| policy.d-bis.org | web | Policy + manifests | +| ops.d-bis.org | web | Staff SSO | +| identity.d-bis.org | web | Trust + DID registry docs/API | +| status.d-bis.org | web | Status page | +| sandbox.d-bis.org | web | Sandbox console | +| interop.d-bis.org | web | Interop lab | + +## NPMplus / Cloudflare operator steps (summary) + +1. **DNS (Cloudflare):** `DNS_ZONE_ONLY=d-bis.org ./scripts/update-all-dns-to-public-ip.sh --zone-only=d-bis.org` (adds `@`, `www`, `admin`, `core`, plus existing RPC/DBIS rows — see `DBIS_RECORDS` in that script). +2. **NPMplus upstreams:** `./scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` (from LAN with `NPM_PASSWORD` in `.env`) — creates/updates `d-bis.org`, `www.d-bis.org`, `admin.d-bis.org`, `core.d-bis.org`, `dbis-admin.d-bis.org`, `secure.d-bis.org`. Defaults: apex → **7804** `:3001`; admin/legacy admin/secure → **10130** `:80`; core → **10150** `:3000` (override via `IP_DBIS_*` in `config/ip-addresses.conf` or `.env`). +3. **TLS:** `./scripts/request-npmplus-certificates.sh` (optional `CERT_DOMAINS_FILTER` to limit Let’s Encrypt requests). +4. Run `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` (optional hosts tolerate failure until configured). +5. Remove hosts from `E2E_OPTIONAL_WHEN_FAIL` only when SLO requires strict checks. + +See [DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](../02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md) for architecture context. + +**Related:** [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) — HYBX OMNL, DBIS Core, Chain 138 vaults, and external RTGS integration map. diff --git a/docs/04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md b/docs/04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md index ce3dc8e..0dc293a 100644 --- a/docs/04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md +++ b/docs/04-configuration/DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md @@ -1,6 +1,6 @@ # Using DEX and Aggregators with ChainID 138 Coins/Tokens — Explainer -**Last Updated:** 2026-03-26 +**Last Updated:** 2026-03-30 **Purpose:** Explain how to use DEXs and aggregators with coins/tokens from ChainID 138 (DeFi Oracle Meta Mainnet), and how routing works for swaps and cross-chain flows. --- @@ -54,13 +54,17 @@ Caller must approve the integration contract for the input token. Use the pool a **Uniswap V2/V3 on 138:** Not deployed by default. If you deploy Uniswap factories and create pools (e.g. cUSDT/WETH, cUSDC/WETH), the token-aggregation service can index them when `CHAIN_138_UNISWAP_V2_FACTORY` / `CHAIN_138_UNISWAP_V3_FACTORY` are set in env. +### 2.2 PMM pool checks: RPC + integration vs DODO official API + +Use **RPC + `DODOPMMIntegration` / pool contracts** and the **token-aggregation API** as the primary way to verify PMM pools and state on **Chain 138**. Use **DODO’s official app API / subgraph** only where you have **standard DODO protocol pools on chains DODO supports** — not as the primary source for 138 (custom chain / Mock DVM stack). Dashboard vs API vs MCP detail: [POOL_ACCESS_DASHBOARD_API_MCP.md](../11-references/POOL_ACCESS_DASHBOARD_API_MCP.md). + --- ## 3. Token-aggregation API (quotes and discovery) The **token-aggregation** service indexes tokens and liquidity pools (UniswapV2, UniswapV3, DODO from `DODOPMMIntegration`) and exposes a REST API. This is the main way to get **quotes** and **pool data** for Chain 138 tokens without calling the chain yourself. -**Base URL:** e.g. `https://explorer.d-bis.org/api/v1` or the URL where the service is proxied (see [REST_API_REFERENCE](../../smom-dbis-138/services/token-aggregation/docs/REST_API_REFERENCE.md)). +**Base URL:** e.g. `https://explorer.d-bis.org/api/v1` **or** `https://explorer.d-bis.org/token-aggregation/api/v1` depending on nginx (see [EXPLORER_API_ACCESS](../../explorer-monorepo/docs/EXPLORER_API_ACCESS.md)). Same paths under either prefix: `tokens`, `quote`, `bridge/routes`, etc. Quick check: `bash scripts/verify/check-token-aggregation-chain138-api.sh`. See [REST_API_REFERENCE](../../smom-dbis-138/services/token-aggregation/docs/REST_API_REFERENCE.md). ### 3.1 Single-hop quote (DEX quote) diff --git a/docs/04-configuration/E2E_ENDPOINTS_LIST.md b/docs/04-configuration/E2E_ENDPOINTS_LIST.md index 9f413b7..14f3f6e 100644 --- a/docs/04-configuration/E2E_ENDPOINTS_LIST.md +++ b/docs/04-configuration/E2E_ENDPOINTS_LIST.md @@ -9,8 +9,8 @@ **What each hostname should present (operator narrative):** [FQDN_EXPECTED_CONTENT.md](FQDN_EXPECTED_CONTENT.md). -**Latest verified public pass:** `2026-03-29` via `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` with report at [verification_report.md](verification-evidence/e2e-verification-20260329_045318/verification_report.md). Result: exit `0`, `DNS passed: 42`, `Failed: 0`, `HTTPS passed: 27`, `Skipped / optional: 2` (NPM fleet + sankofa zone DNS for `portal` / `admin` / `keycloak`, portal sync + NextAuth on 7801). -**Earlier same day:** [verification_report.md](verification-evidence/e2e-verification-20260329_045210/verification_report.md). **Previous:** `2026-03-27` — [verification_report.md](verification-evidence/e2e-verification-20260327_134032/verification_report.md). +**Latest verified public pass:** `2026-03-30` via `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` with report at [verification_report.md](verification-evidence/e2e-verification-20260330_124914/verification_report.md). Result: exit `0`, `DNS passed: 45`, `Failed: 0`, `HTTPS passed: 32`, `Skipped / optional: 13` — includes **d-bis.org**, **www.d-bis.org**, **admin.d-bis.org**, **core.d-bis.org** (NPM + Cloudflare + Let’s Encrypt after fleet script). +**Previous:** `2026-03-29` — [verification_report.md](verification-evidence/e2e-verification-20260329_045318/verification_report.md); older: [20260329_045210](verification-evidence/e2e-verification-20260329_045210/verification_report.md), [20260327](verification-evidence/e2e-verification-20260327_134032/verification_report.md). **Latest verified private/admin pass:** `2026-03-27` via `bash scripts/verify/verify-end-to-end-routing.sh --profile=private` with report at [verification_report.md](verification-evidence/e2e-verification-20260327_134137/verification_report.md). Result: exit `0`, `DNS passed: 4`, `Failed: 0`. **Evidence folders:** Each run creates `verification-evidence/e2e-verification-YYYYMMDD_HHMMSS/`. Commit the runs you want on record; older dirs can be removed locally to reduce noise (`scripts/maintenance/prune-e2e-verification-evidence.sh --dry-run` lists candidates). Routing truth is **not** inferred from old reports—use [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md). @@ -25,8 +25,11 @@ | Endpoint | Type | URL | Description (content provided) | |----------|------|-----|--------------------------------| | explorer.d-bis.org | web | https://explorer.d-bis.org | Blockscout-style blockchain explorer for Chain 138: blocks, transactions, addresses, contracts, tokens, verification. | -| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | DBIS admin dashboard and frontend (VMID 10130). | -| secure.d-bis.org | web | https://secure.d-bis.org | Secure DBIS frontend / authenticated portal. | +| d-bis.org | web | https://d-bis.org | **Public** DBIS web presence — institutional portal (Gov Portals Next app when deployed behind NPM). | +| admin.d-bis.org | web | https://admin.d-bis.org | **Admin** console for DBIS operations staff; typical upstream VMID **10130**. | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | **Legacy** admin hostname; same upstream intent as **admin.d-bis.org** if still in DNS. | +| secure.d-bis.org | web | https://secure.d-bis.org | **Member** secure portal (authenticated institutions); path-based routing on **10130** per [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md). | +| core.d-bis.org | web | https://core.d-bis.org | **DBIS Core** banking application — **client** portal (`dbis_core`); NPM upstream **TBD** (often co-located with API **10150**/10151 when live). | | dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | DBIS core API: token aggregation, Crypto.com OTC, exchange endpoints (VMID 10150). | | dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | DBIS API secondary instance (VMID 10151). | | mim4u.org | web | https://mim4u.org | MIM4U main site. | @@ -73,6 +76,24 @@ | rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | HYBX chain RPC HTTP (2). | | rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | HYBX chain RPC HTTP (3). | +### Planned DBIS institutional subdomains (multi-portal program) + +Registered in `verify-end-to-end-routing.sh` as **optional-when-fail** until DNS and upstreams are live. Detail: [DBIS_INSTITUTIONAL_SUBDOMAINS.md](DBIS_INSTITUTIONAL_SUBDOMAINS.md), blueprint: [DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](../02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md). + +| Endpoint | Type | URL | Description | +|----------|------|-----|---------------| +| www.d-bis.org | web | https://www.d-bis.org | Optional **www** → apex **d-bis.org** redirect. | +| members.d-bis.org | web | https://members.d-bis.org | Member institution portal (OIDC BFF). | +| developers.d-bis.org | web | https://developers.d-bis.org | Developer hub; links to Gitea + OpenAPI. | +| data.d-bis.org | api | https://data.d-bis.org | Public data API ([openapi.yaml](../../config/dbis-data-api/openapi.yaml)). | +| research.d-bis.org | web | https://research.d-bis.org | Research and working papers. | +| policy.d-bis.org | web | https://policy.d-bis.org | Policy publications + manifests. | +| ops.d-bis.org | web | https://ops.d-bis.org | Staff operations (SSO). | +| identity.d-bis.org | web | https://identity.d-bis.org | Trust anchors + DID registry documentation/API. | +| status.d-bis.org | web | https://status.d-bis.org | Public status / SLOs. | +| sandbox.d-bis.org | web | https://sandbox.d-bis.org | Sandbox console (isolated test). | +| interop.d-bis.org | web | https://interop.d-bis.org | Interoperability lab (CBDC / cross-chain). | + ## Endpoints by type ### Web @@ -80,8 +101,11 @@ | Domain | URL | |--------|-----| | explorer.d-bis.org | https://explorer.d-bis.org | +| d-bis.org | https://d-bis.org | +| admin.d-bis.org | https://admin.d-bis.org | | dbis-admin.d-bis.org | https://dbis-admin.d-bis.org | | secure.d-bis.org | https://secure.d-bis.org | +| core.d-bis.org | https://core.d-bis.org | | mim4u.org | https://mim4u.org | | www.mim4u.org | https://www.mim4u.org | | secure.mim4u.org | https://secure.mim4u.org | @@ -172,18 +196,21 @@ When running from outside LAN or when backends are down, the following endpoints **These known items do not block contract or pool completion.** Fix when convenient; E2E still passes when they are in `E2E_OPTIONAL_WHEN_FAIL`. **2026-03-26 note:** after recovering NPMplus CT `10233` and re-running `update-npmplus-proxy-hosts-api.sh`, the latest public profile passed for all currently tested public domains, including Sankofa, Phoenix, Studio, The Order, DBIS, Mifos, and MIM4U. +**2026-03-29 update:** public profile passed again with `Failed: 0` after fixing the explorer `/api/v1` proxy, removing the stale `192.168.11.52` address from CT `10232`, and moving VMID `10092` off `192.168.11.37` so MIM4U owns that IP exclusively. Current evidence: `docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/`. | Endpoint | Typical cause | |----------|----------------| -| dbis-admin.d-bis.org | 502 — backend (VMID 10130) unreachable from public | +| admin.d-bis.org, dbis-admin.d-bis.org | 502 — admin frontend (VMID 10130) unreachable from public | +| core.d-bis.org | DNS/502 until NPM row and **dbis_core** client upstream are provisioned | | dbis-api.d-bis.org, dbis-api-2.d-bis.org | 502 — API backends (10150/10151) unreachable | | secure.d-bis.org | 502 — secure portal backend unreachable | | mifos.d-bis.org | 502 — Mifos (VMID 5800) unreachable from public | -| mim4u.org, www.mim4u.org, secure.mim4u.org, training.mim4u.org | 502 — MIM4U web backends (192.168.11.37:80); non-blocking for contract/pool | +| mim4u.org, www.mim4u.org, secure.mim4u.org, training.mim4u.org | Resolved on 2026-03-29. If these regress to 502, first check for IP ownership conflicts on `192.168.11.37` before debugging nginx. | | studio.sankofa.nexus | Historically 404 when the proxy misses `/studio/` or backend `192.168.11.72:8000`; verifier checks `/studio/`. Passed on 2026-03-26 after the NPMplus host update | | phoenix.sankofa.nexus, www.phoenix.sankofa.nexus | (Resolved in verifier) Phoenix API (7800) is API-first; `verify-end-to-end-routing.sh` checks `https://…/health` (200), not `/`. A separate **marketing** site on the apex hostname (if desired) needs another upstream or app routes—NPM still points `phoenix.sankofa.nexus` at the Fastify API today. | | the-order.sankofa.nexus | 502 if **10210** HAProxy or backend portal is down. NPM defaults upstream to **192.168.11.39:80** (order-haproxy). Fallback: `THE_ORDER_UPSTREAM_IP` / `THE_ORDER_UPSTREAM_PORT` = portal **192.168.11.51:3000** | -| keycloak.sankofa.nexus, admin.sankofa.nexus, portal.sankofa.nexus, dash.sankofa.nexus | DNS/SSL/HTTPS **warn** or **skip** when NPM or backends are unwired; listed in `E2E_OPTIONAL_WHEN_FAIL` so the public profile still exits **0**. | +| keycloak.sankofa.nexus, admin.sankofa.nexus, portal.sankofa.nexus | Resolved on 2026-03-29 after removing the duplicate `192.168.11.52` address from CT `10232`. If these regress, verify ARP ownership of `192.168.11.52` before restarting Keycloak or NPMplus. | +| dash.sankofa.nexus | Still optional / unprovisioned. DNS/SSL/HTTPS may warn or skip until `IP_SANKOFA_DASH` and its app upstream are intentionally wired. | | docs.d-bis.org, blockscout.defi-oracle.io | Same optional-when-fail behavior; **blockscout.defi-oracle.io** also runs optional `/api/v2/stats` like **explorer.d-bis.org**. | **Verifier behavior (2026-03):** `openssl s_client` is wrapped with `timeout` (`E2E_OPENSSL_TIMEOUT` default 15s, `E2E_OPENSSL_X509_TIMEOUT` default 5s) so `--profile=private` / `--profile=all` cannot hang. **`--profile=all`** merges private and public `E2E_OPTIONAL_WHEN_FAIL` lists for temporary regressions. Install **`wscat`** (`npm install -g wscat`) for full WSS JSON-RPC checks; the script uses `wscat -n` to match `curl -k`, and now treats a clean `wscat` exit as a successful full WebSocket check even when the tool prints no JSON output. diff --git a/docs/04-configuration/FQDN_EXPECTED_CONTENT.md b/docs/04-configuration/FQDN_EXPECTED_CONTENT.md index 23491b7..0a96291 100644 --- a/docs/04-configuration/FQDN_EXPECTED_CONTENT.md +++ b/docs/04-configuration/FQDN_EXPECTED_CONTENT.md @@ -71,12 +71,17 @@ ## d-bis.org (DBIS + infrastructure) +**Canonical web map:** **d-bis.org** = public institutional site; **admin.d-bis.org** = admin console; **secure.d-bis.org** = member secure portal; **core.d-bis.org** = **DBIS Core** banking **client** portal (`dbis_core`). Detail: [DBIS_INSTITUTIONAL_SUBDOMAINS.md](DBIS_INSTITUTIONAL_SUBDOMAINS.md). + | FQDN | Kind | What should be displayed or returned | |------|------|--------------------------------------| +| `d-bis.org`, `www.d-bis.org` | Web | **Public** DBIS institutional portal (sovereign / policy / directory). **www** should redirect to apex when used. | | `explorer.d-bis.org` | Web | **SolaceScanScout / Blockscout** UI: blocks, txs, addresses, tokens, contract verification for **Chain 138**. Public, no login for browse. | | `docs.d-bis.org` | Web | Same Blockscout nginx host as explorer where configured; may serve docs paths (see explorer deploy runbooks). | -| `dbis-admin.d-bis.org` | Web | DBIS **admin** frontend (dashboard). | -| `secure.d-bis.org` | Web | DBIS **secure** authenticated portal. | +| `admin.d-bis.org` | Web | DBIS **admin** console (operations staff). | +| `dbis-admin.d-bis.org` | Web | **Legacy** admin hostname; same expected content as **admin.d-bis.org** if DNS retained. | +| `secure.d-bis.org` | Web | DBIS **member** secure portal (authenticated institutions); may path-route `/admin`, `/api`, `/` per NPM (see ALL_VMIDS). | +| `core.d-bis.org` | Web | **DBIS Core** banking app — **client**-facing portal (login, accounts, products as implemented in **dbis_core**); upstream when wired. | | `dbis-api.d-bis.org` | API | DBIS **core API** (aggregation, OTC, exchange JSON). | | `dbis-api-2.d-bis.org` | API | Secondary DBIS API instance. | | `mim4u.org`, `www.mim4u.org`, `secure.mim4u.org`, `training.mim4u.org` | Web | **MIM4U** property sites (nginx on MIM stack). | diff --git a/docs/04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md b/docs/04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md new file mode 100644 index 0000000..5b9e9d9 --- /dev/null +++ b/docs/04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md @@ -0,0 +1,488 @@ +# GRU c* V2 Standards Matrix and Implementation Plan + +**Purpose:** Define the concrete standards set for the next generation of canonical GRU compliant money tokens (`c* V2`), and map the implementation onto the current Chain 138 contracts, GRU M00 facet plan, bridge model, and operational tooling. + +**Audience:** Solidity engineers, protocol architects, bridge operators, GRU governance, explorer / token-aggregation maintainers, and auditors. + +**Related:** [GRU_STANDARDS_PROFILE.md](GRU_STANDARDS_PROFILE.md), [GRU_M00_DIAMOND_INSTITUTIONAL_SPEC.md](GRU_M00_DIAMOND_INSTITUTIONAL_SPEC.md), [GRU_M00_DIAMOND_FACET_MAP.md](GRU_M00_DIAMOND_FACET_MAP.md), [GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md](GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md), [CHAIN138_X402_TOKEN_SUPPORT.md](CHAIN138_X402_TOKEN_SUPPORT.md), [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md), [GRU_TRANSPORT_ACTIVE_JSON.md](GRU_TRANSPORT_ACTIVE_JSON.md), [EXPLORER_TOKENS_GRU_POLICY.md](EXPLORER_TOKENS_GRU_POLICY.md). + +--- + +## 1. Executive Summary + +The correct path is to introduce a **new `c* V2` family** instead of overloading the currently deployed `cUSDT`, `cUSDC`, and generic `CompliantFiatToken` contracts. + +The GRU should be organized into three layers: + +1. **Base money layer** — canonical `c* V2` tokens: compliant, simple, and broadly interoperable. +2. **Capability layer** — x402 adapters, flash-liquidity wrappers, reserve vault wrappers, cW bridge representations, smart-account integrations. +3. **Policy and governance layer** — GRU M00 Diamond facets, reserve gates, compliance gates, accounting gates, ISO-20022 message routing, standards registry, governance levels. + +The key design rule is: + +- **Put payment/signature standards on the base token.** +- **Put flash, vault, and bridge-side complexity around the base token.** +- **Put compliance, messaging, reserve, and accounting policy above the base token.** + +--- + +## 2. Current Repo Mapping + +### 2.1 Current base-token contracts + +| Current contract | Current role | Current limitation | +|------------------|-------------|--------------------| +| [contracts/tokens/CompliantFiatToken.sol](../../smom-dbis-138/contracts/tokens/CompliantFiatToken.sol) | Generic c* token for non-USD assets | No ERC-2612, no ERC-3009, no structured eMoney mint/burn reason, no role model beyond owner + minter role | +| [contracts/tokens/CompliantUSDC.sol](../../smom-dbis-138/contracts/tokens/CompliantUSDC.sol) | Dedicated cUSDC v1 | Duplicates generic logic; owner-based minting; no permit / authorization | +| [contracts/tokens/CompliantUSDT.sol](../../smom-dbis-138/contracts/tokens/CompliantUSDT.sol) | Dedicated cUSDT v1 | Duplicates generic logic; owner-based minting; no permit / authorization | +| [contracts/compliance/LegallyCompliantBase.sol](../../smom-dbis-138/contracts/compliance/LegallyCompliantBase.sol) | Legal / standards declaration base | Valuable as a legal metadata base, but not enough for V2 policy routing by itself; current legal reference hashing also relies on `tx.origin`, which is not acceptable for relayed, smart-account, bridge, or x402 flows | + +### 2.2 Current adjacent contracts + +| Current contract | Current role | Recommended future role | +|------------------|-------------|--------------------------| +| [contracts/emoney/interfaces/IeMoneyToken.sol](../../smom-dbis-138/contracts/emoney/interfaces/IeMoneyToken.sol) | Minimal mint/burn-with-reason interface | Becomes the required mint/burn shape for all `c* V2` tokens | +| [contracts/tokens/WETH10.sol](../../smom-dbis-138/contracts/tokens/WETH10.sol) | Wrapper with ERC-3156 flash loans | Keep as the pattern for wrapper-side flash capability, not canonical `c*` money | +| [contracts/tokens/CompliantWrappedToken.sol](../../smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol) | Public-chain wrapped representation | Use for cW-side evolution; keep separate from canonical `c* V2` | + +### 2.3 Current GRU architecture docs + +| Current doc | Role in the V2 program | +|-------------|------------------------| +| [GRU_M00_DIAMOND_FACET_MAP.md](GRU_M00_DIAMOND_FACET_MAP.md) | Canonical target for the policy/governance layer | +| [GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md](GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md) | Existing gap register for the Diamond spine | +| [CHAIN138_X402_TOKEN_SUPPORT.md](CHAIN138_X402_TOKEN_SUPPORT.md) | Current proof that canonical Chain 138 payment tokens are not yet x402-capable | +| [GRU_TRANSPORT_ACTIVE_JSON.md](GRU_TRANSPORT_ACTIVE_JSON.md) | Active transport policy layer for c* ↔ cW* activation | +| [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md) | Correct home for ISO-20022 semantics; keep this out of the token ABI itself | + +--- + +## 3. Design Rules + +### 3.1 What goes on every canonical `c* V2` token + +- ERC-20 compatibility +- role-based mint / burn / pause / compliance administration +- signature-based payment compatibility +- standardized eMoney mint/burn reasoning +- rich, inspectable domain metadata for wallets and relayers + +### 3.2 What must not go on every canonical `c* V2` token + +- flash lending +- reserve-vault share accounting +- callback-heavy payment receiver patterns by default +- governance vote weight +- complex ISO-20022 ingestion logic + +### 3.3 Where those excluded features should live + +- flash lending: wrapper / sidecar / liquidity token +- reserve accounting: vault / attestation / reserve layer +- ISO-20022: messaging facet, router, canonical message gateway +- governance: M00 Diamond governance and standards registry +- smart-wallet logic: separate smart-account / wallet registry / EIP-1271 layer + +### 3.4 Asset identity and versioning rules + +- A token symbol alone must never be the sole canonical identifier during V1/V2 coexistence. +- Every asset must have a stable `assetId` and a version-aware canonical key, for example: + - `assetId = keccak256("GRU:cUSDC")` + - `assetVersionId = keccak256("GRU:cUSDC:v2")` +- Registry and routing layers must support: + - one active canonical version per asset family + - explicit legacy aliases + - deterministic alias precedence for explorer, token-aggregation, bridge, and pool resolution +- Explorer and API surfaces may continue to present human-friendly names like `cUSDC`, but the backing registry, bridge, and transport layers must resolve through the version-aware identifier, not a bare symbol string. +- `c* V1` and `c* V2` may coexist operationally, but only one version may be marked `forwardCanonical = true` at a time. + +--- + +## 4. GRU c* V2 Standards Matrix + +### 4.1 Base-token standards + +| Standard / pattern | Apply to canonical `c* V2`? | Why | Current repo state | Target implementation point | +|--------------------|-----------------------------|-----|--------------------|-----------------------------| +| ERC-20 | **Yes** | Base interoperability for wallets, DEXs, bridges, accounting, explorers | Already present in `CompliantFiatToken`, `CompliantUSDC`, `CompliantUSDT` | Keep in `CompliantFiatTokenV2` | +| AccessControl | **Yes** | Fine-grained mint, burn, pause, reserve, bridge, compliance administration | `LegallyCompliantBase` already extends `AccessControl`, but tokens still rely partly on `Ownable` | Replace owner-centric flows with roles in `CompliantFiatTokenV2` | +| Pausable | **Yes** | Emergency freeze and policy intervention | Already present | Keep in `CompliantFiatTokenV2` | +| EIP-712 domain | **Yes** | Foundation for permit and authorization flows | Not exposed in current c* contracts | Add via V2 base token | +| ERC-2612 permit | **Yes** | Required for x402-compatible payment flows and better wallet UX | Not supported today | Add in `CompliantFiatTokenV2` | +| ERC-3009 authorization transfers | **Yes** | Signed transfer/payment flows without prior on-chain approval | Not supported today | Add in `CompliantFiatTokenV2` | +| ERC-5267 EIP-712 domain introspection | **Yes** | Lets wallets and infra discover token signing domain cleanly | Not present today | Add in V2 token base | +| EIP-1046 token metadata URI | **Optional yes** | Better metadata for wallets/explorers without changing token economics | Not present | Add as optional metadata extension | +| eMoney reason-hash mint/burn interface | **Yes** | Aligns issuance/redemption with GRU/DBIS audit and reserve flows | Present only as interface | Make native to V2 token base | +| Supply caps / per-period mint caps | **Yes** | Operational and reserve safety | Not standardized in base token | Add storage + role-gated setters in V2 | +| Jurisdiction / policy hooks | **Yes, but light** | Token should expose policy points without embedding full compliance logic | Only legal base events today | Add pre-transfer policy hook surfaces; route decisions stay above token | + +### 4.2 Wrapper / vault / sidecar standards + +| Standard / pattern | Apply to canonical `c* V2`? | Why | Current repo state | Target implementation point | +|--------------------|-----------------------------|-----|--------------------|-----------------------------| +| ERC-3156 flash loans | **No** | Flash capability belongs on wrappers or liquidity instruments, not base money | Present in `WETH10` | Use wrapper-side pattern only | +| ERC-4626 tokenized vault | **No** | Reserve, treasury, yield, custody, or safeguarded balance shares should be separate contracts | Not on current c* tokens | Use `c*ReserveVault4626`-style wrappers | +| Wrapped bridge token (`cW*`) | **No** | Public-chain mirror belongs in transport layer, not canonical base | Present via wrapped token / transport docs | Keep in cW bridge layer | +| EIP-1271 wallet signatures | **No on token; yes around GRU** | Useful for treasury / smart accounts / settlement agents | Not on token side | Add in smart account / wallet registry layer | +| ERC-1363 transfer-and-call | **Usually no** | Adds callback/reentrancy surface that is undesirable on base regulated money | Not present | Only consider in specialized adapters if required | + +### 4.3 GRU system / facet standards + +| Standard / pattern | Applies where | Why | Current repo state | Target implementation point | +|--------------------|---------------|-----|--------------------|-----------------------------| +| ERC-2535 Diamond | GRU M00 control plane | Modular standards/policy/governance system | Documented, not fully implemented | M00 Diamond spine | +| Governance level bitmask | Governance / policy layer | Lets GRU enforce different policy packs by level 0–5 | Documented, incomplete | `GovernanceLevelFacet` + `PolicyRouterFacet` | +| Standards registry | Governance / policy layer | Activates required standards and validators per asset / level | Missing | `StandardsRegistryFacet` | +| ISO-20022 canonical message model | Messaging layer | Gives institutional settlement compatibility without polluting token ABI | Documented, not fully on-chain | `ISO20022Facet` + `MessagingGateFacet` | +| Reserve attestation / backing checks | Reserve layer | Required for issuance safety and reporting | Partial reserve logic exists | `ReserveGateFacet` + reserve attestation registry | +| Accounting journal posting | Accounting layer | Needed for IPSAS / IFRS / internal audit traceability | Missing on-chain | `AccountingGateFacet` | +| Compliance decision routing | Compliance layer | Needed for jurisdiction, sanctions, allowlist logic | Partial off-chain / partial on-chain | `ComplianceGateFacet` | +| Version-aware asset registry and alias precedence | Registry / transport / explorer layer | Prevents ambiguous `cUSDC` / `cUSDT` resolution during V1/V2 coexistence | Symbol grammar exists, but V1/V2 aliasing rules are not yet defined | `AssetRegistryFacet` + `StandardsRegistryFacet` + transport overlay config | +| EIP-6372 clock semantics | Governance layer | Helpful for timepoint-based governance and snapshot semantics | Not present | Governance / voting facet layer only | + +--- + +## 5. Recommended V2 Contract Set + +### 5.1 Canonical money contracts + +| Proposed contract | Purpose | Maps from current repo | +|-------------------|---------|------------------------| +| `CompliantFiatTokenV2.sol` | New shared base for all canonical `c* V2` tokens | Replaces most direct use of `CompliantFiatToken.sol`, `CompliantUSDC.sol`, `CompliantUSDT.sol` | +| `CompliantUSDCTokenV2.sol` | Thin USD Coin specialization if branding / constructor defaults are needed | Replaces `CompliantUSDC.sol` | +| `CompliantUSDTTokenV2.sol` | Thin USD Token specialization if branding / constructor defaults are needed | Replaces `CompliantUSDT.sol` | +| `ICompliantFiatTokenV2.sol` | Canonical interface for mint/burn reason hashes, metadata, permit, authorization | New | + +### 5.2 Wrapper / vault / sidecar contracts + +| Proposed contract | Purpose | Maps from current repo | +|-------------------|---------|------------------------| +| `CompliantWrappedTokenV2.sol` | Public-chain wrapped representation with matching permit/auth surface if desired | Evolves `CompliantWrappedToken.sol` | +| `CStarReserveVault4626.sol` | Reserve / safeguarded-balance / treasury wrapper | New | +| `CStarFlashWrapper3156.sol` | Flash-capable sidecar wrapper around base money where explicitly approved | Pattern borrowed from `WETH10.sol` | + +### 5.3 GRU M00 facets to prioritize + +| Proposed facet | Purpose | Status today | +|----------------|---------|-------------| +| `StandardsRegistryFacet` | Tracks which standard packs are active per asset | Missing | +| `GovernanceLevelFacet` | Controls policy level 0–5 | Missing | +| `PolicyRouterFacet` | Routes token-sensitive actions into reserve, compliance, accounting, messaging gates | Missing | +| `ComplianceGateFacet` | Allowlist / denylist / jurisdiction / sanctions placeholders and adapters | Missing | +| `AccountingGateFacet` | Journal hooks, accountingRef hashes, chart-of-accounts placeholders | Missing | +| `MessagingGateFacet` | ISO-20022 canonical message hash logging and correlation IDs | Missing | +| `ReserveGateFacet` | Reserve proof / attestation checks before mint and wrap operations | Missing | +| `MintBurnFacet` | Centralized issuance / redemption control plane | Missing | + +--- + +## 6. Implementation Plan Mapped to Current Contracts and Facets + +### Phase 0 — Lock scope and naming + +**Goal:** Freeze what `c* V2` means before writing contracts. + +**Actions** + +- Treat `CompliantUSDC` and `CompliantUSDT` as legacy v1 contracts. +- Adopt `CompliantFiatTokenV2` as the single base token contract for all canonical `c* V2`. +- Keep GRU token model **A** and target pattern **A**, as already locked in [GRU_M00_DIAMOND_FACET_MAP.md](GRU_M00_DIAMOND_FACET_MAP.md). +- Define canonical identity fields before deployment: + - `assetId` + - `assetVersionId` + - `forwardCanonical` + - `legacyAliases[]` + - `symbolDisplay` +- Document canonical mapping: + - `c* V1` → legacy + - `c* V2` → canonical forward path + - `cW*` → wrapped transport representations + - `ac*` / `vdc*` / `sdc*` → vault-market layer, not base money layer + +**Current files to treat as source** + +- [GRU_M00_DIAMOND_FACET_MAP.md](GRU_M00_DIAMOND_FACET_MAP.md) +- [GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md](GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md) +- [TOKEN_SCOPE_GRU.md](../../smom-dbis-138/docs/tokenization/TOKEN_SCOPE_GRU.md) + +### Phase 1 — Build the `CompliantFiatTokenV2` base + +**Goal:** Create a single canonical base contract for all `c* V2`. + +**Actions** + +- Create `contracts/tokens/CompliantFiatTokenV2.sol`. +- Base it on: + - current [CompliantFiatToken.sol](../../smom-dbis-138/contracts/tokens/CompliantFiatToken.sol) + - [LegallyCompliantBase.sol](../../smom-dbis-138/contracts/compliance/LegallyCompliantBase.sol) + - [IeMoneyToken.sol](../../smom-dbis-138/contracts/emoney/interfaces/IeMoneyToken.sol) +- Add: + - `permit` + - `transferWithAuthorization` / `receiveWithAuthorization` + - role-based mint/burn/pause + - mint/burn reason-hash events + - supply cap and operational cap controls + - domain / metadata introspection + +**Recommended outcomes** + +- `cUSDC V2` and `cUSDT V2` become thin wrappers over the shared base. +- Future cEUR*, cGBP*, cAUD*, cJPY*, cCHF*, cCAD*, cXAU* all inherit the same standard set. + +### Phase 2 — Build flagship USD tokens first + +**Goal:** Make the most important assets x402-capable first. + +**Actions** + +- Implement `CompliantUSDCTokenV2.sol`. +- Implement `CompliantUSDTTokenV2.sol`. +- Add targeted tests proving: + - `nonces(address)` works + - `permit` works + - `authorizationState` works + - existing compliance events still emit + - mint/burn reason hashes are captured + +**Current scripts to extend** + +- [check-chain138-token-permit-support.sh](../../scripts/verify/check-chain138-token-permit-support.sh) +- [check-chain138-x402-readiness.sh](../../scripts/verify/check-chain138-x402-readiness.sh) + +### Phase 3 — Complete the GRU policy spine + +**Goal:** Ensure V2 tokens plug into the GRU M00 control plane cleanly. + +**Actions** + +- Implement or stub: + - `StandardsRegistryFacet` + - `GovernanceLevelFacet` + - `PolicyRouterFacet` + - `ComplianceGateFacet` + - `AccountingGateFacet` + - `MessagingGateFacet` + - `ReserveGateFacet` + - `MintBurnFacet` +- Add a capability matrix in storage: + - `supportsPermit` + - `supportsERC3009` + - `supportsReserveGate` + - `supportsISO20022Correlation` + - `isBridgeMintable` + +**Mapping** + +- `PolicyRouterFacet` becomes the place where `c* V2` operations route into reserve, compliance, accounting, and messaging checks. +- `StandardsRegistryFacet` becomes the canonical place to state which standards each asset must satisfy. + +### Phase 4 — Reserve, accounting, and ISO-20022 integration + +**Goal:** Add institutional-grade traceability around the V2 tokens without overloading the token ABI. + +**Actions** + +- Extend `LegallyCompliantBase` or create `LegallyCompliantBaseV2` so V2 tokens can emit structured references cleanly. +- Remove all `tx.origin`-based legal attribution from V2 paths. +- Standardize legal and audit attribution inputs as explicit parameters or derived signer metadata, for example: + - `initiator` + - `authorizer` + - `executor` + - `accountingRef` + - `messageCorrelationId` + - `reasonHash` +- Use `MessagingGateFacet` for: + - ISO-20022 message hash logging + - correlation IDs + - canonical routing metadata +- Use `AccountingGateFacet` for: + - journal posting hashes + - accounting reference IDs + - cost center / reserve batch links +- Use `ReserveGateFacet` for: + - reserve report hash validation + - auditor attestation roots + - per-asset backing constraints +- Define and publish a reconciliation invariant per active asset family, for example: + - `canonicalOutstanding = canonicalSupply - permanentlyRetiredSupply` + - `transportLiabilities = sum(active cW* outstanding by chain)` + - `vaultLiabilities = sum(active ERC-4626 share liabilities expressed in underlying units)` + - `policyBackedAmount >= canonicalOutstanding + transportLiabilities + vaultLiabilities` +- Require the reserve verifier and reporting stack to prove that invariant before an asset family can be marked fully live. + +**Keep out of the token** + +- XML parsing +- SWIFT/ISO message body storage beyond hashes/IDs +- heavy accounting records + +### Phase 5 — Wrapper, flash, and vault capability layer + +**Goal:** Add more interoperability without contaminating canonical money. + +**Actions** + +- Create an `ERC-4626` reserve or treasury wrapper for selected `c* V2` assets. +- Create an `ERC-3156` wrapper only where flash-liquidity is explicitly desired. +- Evolve `CompliantWrappedToken` into a `cW* V2` family if public-chain permit/auth compatibility is desired too. + +**Mapping to current repo** + +- [WETH10.sol](../../smom-dbis-138/contracts/tokens/WETH10.sol) is the model for flash wrappers, not for canonical `c*`. +- [CompliantWrappedToken.sol](../../smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol) is the starting point for wrapped-token evolution. + +### Phase 6 — Registry, bridge, and routing cutover + +**Goal:** Teach the GRU transport and explorer stack about the V2 family. + +**Actions** + +- Register all `c* V2` tokens in `UniversalAssetRegistry` and GRU M00 registry views. +- Update: + - `config/token-mapping-multichain.json` + - `config/gru-transport-active.json` + - `cross-chain-pmm-lps/config/deployment-status.json` +- Add explicit V1 → V2 aliasing in token-aggregation and explorer metadata during migration. +- Add explicit alias precedence rules so all resolver paths choose the same active canonical version. +- Require explorer, token-aggregation, and bridge resolution to use version-aware asset keys internally, even where user-facing labels remain unversioned. +- Decide which cW mappings remain V1 and which move to V2. + +### Phase 7 — Pool, bridge, and ecosystem migration + +**Goal:** Move economic activity from V1 to V2 without ambiguity. + +**Actions** + +- Deploy new cUSDC/cUSDT pools for V2 where needed. +- Update bridge mappings and receivers for V2 canonical assets. +- Re-label explorer addresses and registries. +- Update external token lists and reporting feeds. +- Keep V1 in read-only / legacy / redeem-only mode once migration completes. + +--- + +## 7. Recommended Deliverables + +### 7.1 Solidity deliverables + +- `contracts/tokens/CompliantFiatTokenV2.sol` +- `contracts/tokens/CompliantUSDCTokenV2.sol` +- `contracts/tokens/CompliantUSDTTokenV2.sol` +- `contracts/tokens/interfaces/ICompliantFiatTokenV2.sol` +- optional `contracts/tokens/extensions/*` for authorization and metadata helpers +- facet stubs or implementations for the GRU M00 spine + +### 7.2 Script and verification deliverables + +- extend [check-chain138-token-permit-support.sh](../../scripts/verify/check-chain138-token-permit-support.sh) to support V2 token inventory +- extend [check-chain138-x402-readiness.sh](../../scripts/verify/check-chain138-x402-readiness.sh) to inspect active canonical token set, not just v1 defaults +- add a transport-stack verifier, e.g. `check-cstar-v2-transport-stack.sh`, that proves: + - canonical `c* V2` token suite passes + - reserve verifier accepts V2 canonical tokens backed by the vault + - `CWMultiTokenBridgeL1` locks V2 canonical assets successfully + - `CWMultiTokenBridgeL2` mints and burns `cW*` against the same canonical mapping + - return messages release canonical `c* V2` back to the user +- add a new standards verifier, e.g. `check-cstar-v2-standards.sh` +- add a shared policy-path verifier, e.g. `check-cstar-v2-policy-path.sh` +- add a supply / reserve reconciliation verifier, e.g. `check-cstar-v2-reconciliation.sh` + +### 7.3 Registry and explorer deliverables + +- V2 token inventory entries +- V2 bridge mapping entries +- V2 explorer label sync +- V2 token-aggregation compatibility reporting + +--- + +## 8. Migration and Cutover Rules + +### 8.1 Do not do + +- Do not mutate deployed `cUSDT` / `cUSDC` v1 contracts in place. +- Do not add flash loans directly to the canonical base money token. +- Do not put ISO-20022 message parsing into token functions. +- Do not let governance vote weight ride directly on `c*` balances. + +### 8.2 Do instead + +- Deploy V2 tokens at new addresses. +- Register V2 explicitly as the forward canonical family. +- Use aliasing, registry metadata, and transport overlays to manage coexistence. +- Make alias precedence deterministic and testable before any bridge or pool cutover. +- Cut over by flagship asset, not all assets at once. + +--- + +## 9. Acceptance Gates + +The `c* V2` program should not be considered complete until all of the following are true. + +### 9.1 Token gates + +- `permit` works on-chain +- `authorizationState` works on-chain +- mint and burn require explicit roles +- mint and burn emit reason-hash events +- pause / unpause path is role-gated and tested +- V2 legal / audit event generation does not rely on `tx.origin` + +### 9.2 GRU policy gates + +- `StandardsRegistryFacet` marks asset capability correctly +- `GovernanceLevelFacet` changes enforcement behavior +- `PolicyRouterFacet` calls the correct gates for the active level +- `ReserveGateFacet` can block mints when backing policy fails +- `MessagingGateFacet` records ISO-20022 correlation metadata +- `AccountingGateFacet` emits or stores journal references +- `transfer`, `transferFrom`, authorization transfers, mint, burn, wrap, and bridge release all traverse the intended policy path for the active governance level +- explorer, token-aggregation, and bridge resolution all agree on the same active canonical asset for a symbol family during V1/V2 coexistence + +### 9.3 Operational gates + +- explorer shows V2 assets correctly +- token-aggregation resolves V2 assets correctly +- bridge mappings resolve V2 canonical assets correctly +- the full transport stack is proven before deploy: + - `CWMultiTokenBridgeL1` + - `CWReserveVerifier` + - `StablecoinReserveVault` + - `CWMultiTokenBridgeL2` + - `CompliantWrappedToken` + - active transport mapping / destination configuration +- public RPC and explorer health checks pass +- x402 readiness check passes operationally +- x402 token capability check passes for at least one canonical V2 payment token +- reconciliation invariant is proven for each active asset family: + - canonical circulating supply + - wrapped outstanding supply + - vault share liabilities + - reserve attestation / backing state + all agree within the declared policy rules for that asset + +--- + +## 10. Recommended Execution Order + +If only one sequence is followed, use this one: + +1. Freeze `c* V2` standard set and naming. +2. Build `CompliantFiatTokenV2`. +3. Ship `cUSDC V2`. +4. Ship `cUSDT V2`. +5. Extend x402 verification to point at V2. +6. Implement the GRU M00 standards registry + governance level + policy router spine. +7. Add reserve, accounting, and ISO-20022 gate integration. +8. Add wrapper / vault / flash sidecars where desired. +9. Update bridge and cW mappings. +10. Migrate pools, explorer metadata, and external integrations. + +This order gives the GRU the biggest compatibility gain early while keeping the base money layer disciplined and auditable. + +--- + +## 11. Short Recommendation + +The GRU should treat **x402 compatibility as mandatory on `c* V2`**, **flash compatibility as wrapper-only**, **ERC-4626 as vault-only**, and **ISO-20022 / accounting / reserve logic as GRU M00 policy-layer concerns**. + +That is the cleanest path to a stronger, more interoperable, and more governable GRU without turning the canonical money contract into an undifferentiated monolith. diff --git a/docs/04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md b/docs/04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md new file mode 100644 index 0000000..ee71e32 --- /dev/null +++ b/docs/04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md @@ -0,0 +1,182 @@ +# GRU FX Currency Onboarding Checklist + +**Purpose:** End-to-end checklist for adding one new FX-related `c*` currency into the GRU ecosystem so it is not only deployed, but also attached to routing, transport, explorer metadata, reserve policy, and public-chain mirroring where required. + +**Use with:** [GRU_STANDARDS_PROFILE.md](GRU_STANDARDS_PROFILE.md), [GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md](GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md), [GRU_TRANSPORT_ACTIVE_JSON.md](GRU_TRANSPORT_ACTIVE_JSON.md), [gru-standards-profile.json](../../config/gru-standards-profile.json), [gru-iso4217-currency-manifest.json](../../config/gru-iso4217-currency-manifest.json), [token-mapping-multichain.json](../../config/token-mapping-multichain.json), [dbis-138.tokenlist.json](../../token-lists/lists/dbis-138.tokenlist.json) + +--- + +## 1. Currency decision + +- Pick the ISO code and monetary class. +- Confirm the asset fits the standard profile in [gru-standards-profile.json](../../config/gru-standards-profile.json) for canonical `c*`, mirrored `cW*`, and any x402 target behavior. +- Confirm whether the asset is: + - fiat coin form (`C`) + - fiat token form (`T`) + - both + - commodity-backed (`XAU`-style) +- Add or update the row in [gru-iso4217-currency-manifest.json](../../config/gru-iso4217-currency-manifest.json). + +Required decisions: +- `code` +- `name` +- `type` +- `minorUnits` +- `canonical symbol(s)` +- `wrapped symbol(s)` +- target lifecycle state: + - `planned` + - `deployed` + - `transportActive` + - `x402Ready` + +--- + +## 2. Canonical token deployment on Chain 138 + +- Deploy the canonical token contract on Chain 138. +- If the asset is part of the V2 path, deploy the V2 contract family, not a new V1-style special case. +- Confirm: + - decimals + - name + - symbol + - permit/auth support if the asset should be x402-capable + - mint/burn/admin roles + +Minimum outputs: +- deployed address +- deploy transaction hash +- verification status + +--- + +## 3. Registry and GRU attachment + +- Register the new asset in GRU / asset registry. +- Add version-aware identity if a V1/V2 coexistence path applies. +- Record: + - canonical symbol + - asset family + - active version + - forward-canonical version + - legacy aliases if any + +This is the step that makes the token a GRU asset rather than just an ERC-20. + +--- + +## 4. Explorer and wallet metadata + +- Add the token to [dbis-138.tokenlist.json](../../token-lists/lists/dbis-138.tokenlist.json). +- Add: + - `logoURI` + - `tags` + - `extensions.currencyCode` + - `extensions.gruVersion` + - `extensions.forwardCanonical` + - `extensions.x402Ready` +- Add versioned Blockscout label rows in `config/dbis-institutional/registry/` if the asset is staged or coexists with another version. +- Sync labels using: + - `bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry` + +Acceptance: +- token list validates +- explorer resolves address metadata +- wallet surfaces can consume token metadata cleanly + +--- + +## 5. GRU transport and cW attachment + +- Add the canonical-to-wrapped mapping in [token-mapping-multichain.json](../../config/token-mapping-multichain.json). +- Add or update the asset in [gru-transport-active.json](../../config/gru-transport-active.json). +- Set: + - `currencyCode` + - `mirroredSymbol` + - active version + - x402-preferred version if applicable + - cutover metadata + +If public-chain transport is required: +- deploy or confirm `cW*` +- wire peer bridges +- configure `maxOutstanding` +- wire reserve verifier references + +Acceptance: +- `/api/v1/token-mapping/resolve` returns the correct GRU canonical metadata +- bridge preflight reports the pair as eligible and runtime-ready when enabled + +--- + +## 6. Liquidity and FX rails + +- Decide whether the asset needs: + - direct local PMM pools on Chain 138 + - public-chain local edge pools + - both +- Add pairs only after canonical asset identity is stable. +- If the asset is for FX settlement, define: + - quote currency + - treasury route + - settlement path + - reserve source + +Examples: +- `cSGDC/cUSDC` +- `cNZDC/cUSDC` +- `cMXNC/cUSDT` + +Acceptance: +- token-aggregation resolves the asset +- approved routes are discoverable +- pool exposure follows GRU overlay policy + +--- + +## 7. Accounting and ISO-20022 attachment + +- Add the currency into the operational accounting and ISO mapping set. +- Ensure the same asset identity is used in: + - settlement events + - OMNL/Fineract postings + - DBIS Core references + - ISO-20022 message correlation + +Acceptance: +- currency appears in the canonical settlement/event model +- accounting and chain records share the same currency identity + +--- + +## 8. x402 readiness + +Only apply this if the asset is intended for machine-payments or signature-based UX. + +- confirm ERC-2612 or ERC-3009 support +- confirm public RPC and explorer health +- confirm token address is included in the readiness script inputs + +Verification: +- `bash scripts/verify/check-chain138-token-permit-support.sh ...` +- `bash scripts/verify/check-chain138-x402-readiness.sh --token SYMBOL=ADDRESS` + +--- + +## 9. Final acceptance + +An FX-related `c*` is only fully integrated when all of the following are true: + +- token deployed on Chain 138 +- GRU/registry attached +- token-list metadata added +- Blockscout labeling added when needed +- currency manifest updated +- token-mapping updated +- GRU transport overlay updated +- reserve/bridge policy wired if transport is enabled +- token-aggregation resolves it +- explorer surfaces it correctly +- FX/accounting/ISO references use the same currency identity + +If any of these are missing, the asset is only partially integrated. diff --git a/docs/04-configuration/GRU_STANDARDS_PROFILE.md b/docs/04-configuration/GRU_STANDARDS_PROFILE.md new file mode 100644 index 0000000..417a2ea --- /dev/null +++ b/docs/04-configuration/GRU_STANDARDS_PROFILE.md @@ -0,0 +1,50 @@ +# GRU Standards Profile + +**Purpose:** Define the machine-readable standards profile for canonical `c* V2`, mirrored `cW*`, x402 capability, GRU governance/policy enforcement, and the broader ISO-4217-plus asset scope. + +## File + +- **Config:** [`config/gru-standards-profile.json`](../../config/gru-standards-profile.json) + +## What it standardizes + +This profile is the shared standards contract between docs, configs, operators, and future contract work. It records: + +- the canonical methodology: **Chain 138 keeps canonical `c*`; compatible public chains carry mirrored `cW*`** +- the payment profile for **x402** +- the required base-token standards for `c* V2` +- the transport / wrapper standards for `cW*` +- the GRU M00 governance and policy standards +- the broader asset scope: **ISO-4217 fiat currencies, approved commodities, and future monetary units** + +## Compatibility boundary + +The profile does **not** mean every public chain or every currency is live today. + +A destination chain is only considered compatible for GRU Transport when all of the following are true: + +1. A `138 -> chain` mapping exists in [`config/token-mapping-multichain.json`](../../config/token-mapping-multichain.json). +2. The destination `cW*` deployment is non-zero in [`cross-chain-pmm-lps/config/deployment-status.json`](../../cross-chain-pmm-lps/config/deployment-status.json). +3. `bridgeAvailable` is `true` in that deployment status entry. +4. The chain is explicitly enabled in [`config/gru-transport-active.json`](../../config/gru-transport-active.json). + +That keeps the standards profile broad while keeping the active transport overlay conservative and operationally precise. + +## Relationship to other files + +- [`config/gru-iso4217-currency-manifest.json`](../../config/gru-iso4217-currency-manifest.json) + Tracks which currencies exist and their current lifecycle state. +- [`config/gru-transport-active.json`](../../config/gru-transport-active.json) + Activates the currently enabled canonical tokens, compatible destination chains, and public pools. +- [GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md](GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md) + Explains the same standards in narrative form and maps them to contracts/facets. +- [CHAIN138_X402_TOKEN_SUPPORT.md](CHAIN138_X402_TOKEN_SUPPORT.md) + Records the current x402-ready token state on Chain 138. +- [GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md](GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md) + Uses this standards profile as part of the acceptance gate for new currencies. + +## Current intent + +- **Standards scope:** x402, EIP-712, ERC-2612, ERC-3009, ERC-5267, AccessControl, Pausable, ISO-20022-aligned policy routing, and GRU M00 governance/policy facets. +- **Asset scope:** all currencies added to the GRU manifest, not just the currently active USD lanes. +- **Transport scope:** every public chain that is structurally compatible according to mapping, deployment, and bridge metadata. diff --git a/docs/04-configuration/GRU_TRANSPORT_ACTIVE_JSON.md b/docs/04-configuration/GRU_TRANSPORT_ACTIVE_JSON.md new file mode 100644 index 0000000..2d59ebd --- /dev/null +++ b/docs/04-configuration/GRU_TRANSPORT_ACTIVE_JSON.md @@ -0,0 +1,104 @@ +# GRU Transport Active JSON + +**Purpose:** Define the active-policy overlay for the **GRU Monetary Transport Layer**. + +## File + +- **Config:** [`config/gru-transport-active.json`](../../config/gru-transport-active.json) +- **Standards profile:** [`config/gru-standards-profile.json`](../../config/gru-standards-profile.json) + +## What it gates + +This file is the final activation gate for: + +- enabled canonical `c*` assets on Chain 138 +- enabled public destination chains for `cW*` +- approved `CWMultiTokenBridgeL1` / `CWMultiTokenBridgeL2` peers +- reserve-verifier policy references for hard-peg eligible pairs +- required `maxOutstanding` policy per canonical token / destination chain +- public-pool exposure in token-aggregation +- pool routing eligibility in token-aggregation +- MCP visibility eligibility for public pools + +The active overlay does **not** replace the existing universe/config files. It sits on top of them. + +## Runtime readiness + +The overlay now exposes two different readiness views through token-aggregation: + +- **`eligible`**: the pair is structurally valid according to JSON policy, mappings, deployment status, and declared config refs. +- **`runtimeReady`**: the pair also has live bridge addresses, reserve-verifier refs, and required `maxOutstanding` values resolved in the current runtime environment. + +This distinction matters operationally: + +- A pair can be `eligible` but not `runtimeReady` if secrets or deploy-time env vars have not been loaded yet. +- `/api/v1/token-mapping/transport/active` reports both the structural pair data and summary counts such as `runtimeReadyTransportPairs`. +- `/api/v1/bridge/status` and `/api/v1/bridge/metrics` surface the same runtime-readiness view for operators. +- `/api/v1/bridge/preflight` focuses the output down to blocked pairs and the exact `runtimeMissingRequirements` / `eligibilityBlockers` that must be cleared. + +## Relationship to other JSONs + +- [`config/token-mapping-multichain.json`](../../config/token-mapping-multichain.json) + Holds the full mapping universe for canonical `c*`, native public assets, and mirrored `cW*`. +- [`config/routing-registry.json`](../../config/routing-registry.json) + Holds the broader route-topology registry, including legacy WETH routes. +- [`cross-chain-pmm-lps/config/deployment-status.json`](../../cross-chain-pmm-lps/config/deployment-status.json) + Holds deployed `cW*` addresses and public PMM pool status. +- [`cross-chain-pmm-lps/config/pool-matrix.json`](../../cross-chain-pmm-lps/config/pool-matrix.json) + Defines the intended first local edge pools per chain. + +## Activation model + +An active GRU transport pair is only valid when all of the following agree: + +1. The canonical token is enabled in `gru-transport-active.json`. +2. The destination chain is enabled in `gru-transport-active.json`. +3. The pair exists in `token-mapping-multichain.json`. +4. The mirrored `cW*` token is deployed in `deployment-status.json`. +5. The approved bridge peer is present in `gru-transport-active.json`. +6. A `maxOutstanding` policy reference is set for the pair. +7. Required reserve-verifier wiring references are present. + +## Standard methodology + +The repo now treats GRU Transport as the canonical standard for public-chain monetary transport: + +- **Chain 138** keeps the canonical `c*` asset. +- A compatible public chain receives the mirrored **`cW*`** asset. +- The transport method is **lock canonical `c*` on 138, mint mirrored `cW*` on destination**. +- Local trading remains **chain-local edge pools**, not literal cross-chain pools. +- Legacy WETH bridge routes remain separate and are not part of GRU Transport. + +Compatibility is intentionally strict. A destination chain belongs in this overlay only when: + +1. a multichain mapping exists +2. the `cW*` deployment is non-zero +3. `bridgeAvailable` is true +4. the chain is explicitly enabled here + +## Public pools + +Public pools remain **chain-local edge pools**, not literal cross-chain pools. + +Operators should: + +1. Deploy the pool. +2. Record the pool address in `deployment-status.json`. +3. Mark the pool `active` in `gru-transport-active.json`. +4. Only then enable `routingEnabled` and/or `mcpVisible`. + +Until a pool is marked active in the overlay, token-aggregation hides GRU `cW*` pools that touch mirrored assets on public chains. + +## v1 defaults + +The current overlay enables: + +- canonical assets: `cUSDT`, `cUSDC` +- destination chains: `25`, `56`, `137`, `43114`, `42161`, `8453`, `10`, `100`, `1` +- transport form: **Compliant Wrapped ISO-4217 M1** + +## Related + +- [C_TO_CW_MAPPER_MAPPING.md](C_TO_CW_MAPPER_MAPPING.md) +- [CW_BRIDGE_APPROACH.md](../07-ccip/CW_BRIDGE_APPROACH.md) +- [CW_DEPLOY_AND_WIRE_RUNBOOK.md](../07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md) diff --git a/docs/04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md b/docs/04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md new file mode 100644 index 0000000..5318926 --- /dev/null +++ b/docs/04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md @@ -0,0 +1,33 @@ +# info.defi-oracle.io — Chain 138 info site + +**Purpose:** Operator-facing steps to publish the SPA in `info-defi-oracle-138/` at **https://info.defi-oracle.io**. + +**App README:** [`info-defi-oracle-138/README.md`](../../info-defi-oracle-138/README.md) + +## What the site does + +- **Overview:** Chain 138 network metadata from `GET /api/v1/networks` when the API is reachable. +- **c* & cW*:** Live token list from `GET /api/v1/tokens?chainId=138` plus static **cW\*** registry from `cross-chain-pmm-lps/config/deployment-status.json` (rebuild to update). +- **Pools:** Samples pools via `GET /api/v1/tokens/:address/pools` for compliant tokens. +- **Swap:** Quote from `GET /api/v1/quote` and on-chain **swapExactIn** on `DODOPMMIntegration` (wallet). +- **Routing:** `GET /api/v1/bridge/routes` and token-mapping pairs for cross-chain planning. + +## Prerequisites + +- Public **token-aggregation** base URL (e.g. `https://dbis-api.d-bis.org`) with CORS enabled for browsers. +- Static file host or CDN for `dist/` after `pnpm --filter info-defi-oracle-138 build`. + +## Steps + +1. Set build-time env if defaults are wrong: `VITE_TOKEN_AGGREGATION_API_BASE`, `VITE_RPC_URL_138`. +2. `pnpm --filter info-defi-oracle-138 build` +3. Upload `info-defi-oracle-138/dist/` to the web root. +4. Configure the web server for SPA fallback: all routes → `index.html`. +5. Add NPMplus proxy host **info.defi-oracle.io** → that origin; request Let’s Encrypt certificate. +6. Verify: open `/`, `/tokens`, `/pools`, `/swap`, `/routing` over HTTPS. + +## Related docs + +- [DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md](DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md) +- [E2E_ENDPOINTS_LIST.md](E2E_ENDPOINTS_LIST.md) +- [CW_STAR_CMC_COINGECKO_LISTING_STATUS.md](../11-references/CW_STAR_CMC_COINGECKO_LISTING_STATUS.md) diff --git a/docs/04-configuration/MASTER_SECRETS.md b/docs/04-configuration/MASTER_SECRETS.md index 404e4dd..879e454 100644 --- a/docs/04-configuration/MASTER_SECRETS.md +++ b/docs/04-configuration/MASTER_SECRETS.md @@ -3,7 +3,7 @@ **Single authoritative list of all secrets** used across the Proxmox workspace and related projects. **No values are stored here.** Use root `.env`, service-specific `.env` files, or a secrets store (e.g. Vault); see [.env.master.example](../../.env.master.example) for a single template of all keys. -**Last updated:** 2026-02-21 +**Last updated:** 2026-03-29 --- @@ -37,6 +37,9 @@ | `CLOUDFLARE_TUNNEL_TOKEN` | Root `.env` | Yes (tunnels) | cloudflared | | `CLOUDFLARE_TUNNEL_ID`, `CLOUDFLARE_TUNNEL_ID_*` | Root `.env` | If using tunnel DNS | Tunnel UUIDs | | `CLOUDFLARE_ORIGIN_CA_KEY` | Root `.env` | Optional | Origin cert | +| `CLOUDFLARE_TURNSTILE_SECRET_KEY` | `dbis_core` API `.env` (or merged operator env / xotenv → API process) | Optional | **Turnstile widget secret** — *not* DNS API. Enforces `cfTurnstileResponse` on `POST /api/v1/iru/marketplace/inquiries` when set (unless `IRU_MARKETPLACE_TURNSTILE_DISABLED=1`). Aliases: `TURNSTILE_SECRET_KEY`, `CF_TURNSTILE_SECRET_KEY`. | +| `VITE_CLOUDFLARE_TURNSTILE_SITE_KEY` | `dbis_core/frontend` build `.env` | Optional (required if API secret set) | Public Turnstile site key for marketplace inquiry widget. See [SANKOFA_MARKETPLACE_SURFACES.md](../03-deployment/SANKOFA_MARKETPLACE_SURFACES.md). | +| `NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY` | `Sankofa/portal` Next.js build (`.env.local`) | Optional | Same Cloudflare Turnstile **site** key for portal Sign In gate (home + partner unauthenticated). Rebuild portal after changing. | --- diff --git a/docs/04-configuration/MCP_SETUP.md b/docs/04-configuration/MCP_SETUP.md index e817190..3122590 100644 --- a/docs/04-configuration/MCP_SETUP.md +++ b/docs/04-configuration/MCP_SETUP.md @@ -162,6 +162,56 @@ The Proxmox MCP server provides 55+ tools for interacting with Proxmox, includin See the [mcp-proxmox README](../../mcp-proxmox/README.md) for the complete list of available tools. +## Wormhole docs MCP server (read-only) + +**Purpose:** Expose Wormhole’s **AI documentation exports** (see [Wormhole AI Resources](https://wormhole.com/docs/ai-resources/ai-resources/)) as MCP **resources**, plus **`wormhole_doc_search`** over `site-index.json`. Documentation-only: **no keys, no transactions.** + +**Prerequisites:** + +1. Mirror docs (recommended): `bash scripts/doc/sync-wormhole-ai-resources.sh` — writes to `third-party/wormhole-ai-docs/` (blobs gitignored; `manifest.json` may be committed). +2. Playbook: [WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md](WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md). + +**Install dependencies:** + +```bash +cd /home/intlc/projects/proxmox/mcp-wormhole-docs && pnpm install +``` + +**Claude Desktop — add server** (adjust path if your clone differs): + +```json +{ + "mcpServers": { + "wormhole-docs": { + "command": "node", + "args": ["/home/intlc/projects/proxmox/mcp-wormhole-docs/index.js"] + } + } +} +``` + +**Optional environment** (in config `env` block or shell): + +| Variable | Meaning | +|----------|---------| +| `WORMHOLE_DOCS_MIRROR` | Override path to mirror directory (default: `third-party/wormhole-ai-docs` under repo root) | +| `WORMHOLE_DOCS_FETCH` | Set to `1` to fetch from `https://wormhole.com/docs/...` when a file is missing locally (host allowlisted only) | +| `WORMHOLE_MAX_RESOURCE_BYTES` | Max bytes returned when reading `llms-full.jsonl` (default `5242880`); raise for larger inline reads or use the file on disk for RAG | + +**Resources:** URIs like `wormhole://ai/llms.txt`, `wormhole://ai/site-index.json`, `wormhole://ai/categories/ntt.md`, `wormhole://ai/llms-full.jsonl`. + +**Tools:** `wormhole_doc_search` with `{ "query": "NTT", "limit": 10 }`. + +**Manual smoke test** (from repo root, after `pnpm install` in `mcp-wormhole-docs`): + +```bash +cd /home/intlc/projects/proxmox/mcp-wormhole-docs && node index.js +``` + +Use your MCP client’s resource list / tool call UI, or the [mcp-wormhole-docs README](../../mcp-wormhole-docs/README.md). + +**Separation:** Keep this server separate from **mcp-proxmox** and **ai-mcp-pmm-controller** (infra vs PMM vs third-party docs). + ## Troubleshooting ### Server Connection Errors diff --git a/docs/04-configuration/OMNL_FINERACT_CONFIGURATION.md b/docs/04-configuration/OMNL_FINERACT_CONFIGURATION.md index 0fbda4e..c8fe816 100644 --- a/docs/04-configuration/OMNL_FINERACT_CONFIGURATION.md +++ b/docs/04-configuration/OMNL_FINERACT_CONFIGURATION.md @@ -5,14 +5,14 @@ ## Overview -The OMNL tenancy runs Apache Fineract (Mifos) at `https://omnl.hybxfinance.io/`. API access uses Basic auth and a required tenant header. +The OMNL tenancy runs Apache Fineract (Mifos) at `https://omnl.hybxfinance.io/`. API access uses **HTTP Basic** and a required tenant header. This deployment does **not** use separate HTTP request signing (no extra signature headers on each call). | Item | Value | |------|--------| | Base URL | `https://omnl.hybxfinance.io/fineract-provider/api/v1` | | Swagger UI | [swagger-ui/index.html](https://omnl.hybxfinance.io/fineract-provider/swagger-ui/index.html) | | Tenant ID | `omnl` | -| Auth | Basic (username + password) | +| Auth | **Basic** — either `Authorization: Basic ` or the same value from `POST …/authentication` as **`base64EncodedAuthenticationKey`** | ## Credentials @@ -62,6 +62,19 @@ curl -s -u "${OMNL_FINERACT_USER}:${OMNL_FINERACT_PASSWORD}" \ Expected: HTTP 200 and a JSON array of offices. +Optional login step (returns the same Basic credential Fineract expects): + +```bash +curl -s -X POST "${OMNL_FINERACT_BASE_URL}/authentication" \ + -H "Fineract-Platform-TenantId: ${OMNL_FINERACT_TENANT}" \ + -H "Content-Type: application/json" \ + -d "{\"username\":\"${OMNL_FINERACT_USER}\",\"password\":\"${OMNL_FINERACT_PASSWORD}\"}" \ +| jq -r '.base64EncodedAuthenticationKey' +# Then: Authorization: Basic +``` + +Helper: `scripts/omnl/omnl-fineract-authentication-login.sh`. + ## Related - [mifos-omnl-central-bank/MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md](./mifos-omnl-central-bank/MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md) — Migration & ledger allocation (opening balance, internal distribution, client registry). diff --git a/docs/04-configuration/README.md b/docs/04-configuration/README.md index 0e5d3ce..7a0ecd4 100644 --- a/docs/04-configuration/README.md +++ b/docs/04-configuration/README.md @@ -13,6 +13,8 @@ This directory contains setup and configuration guides. ## Documents - **[MCP_SETUP.md](MCP_SETUP.md)** ⭐⭐ - MCP Server configuration for Claude Desktop +- **[WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md](WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md)** — Wormhole AI doc bundles: URLs, tier ladder, Chain 138 vs Wormhole boundary, mirror script, MCP +- **[WORMHOLE_AI_RESOURCES_RAG.md](WORMHOLE_AI_RESOURCES_RAG.md)** — RAG / chunking strategy for `llms-full.jsonl` (category-first) - **[ENV_STANDARDIZATION.md](ENV_STANDARDIZATION.md)** ⭐⭐ - Environment variable standardization - **[CREDENTIALS_CONFIGURED.md](CREDENTIALS_CONFIGURED.md)** ⭐ - Credentials configuration guide - **[SECRETS_KEYS_CONFIGURATION.md](SECRETS_KEYS_CONFIGURATION.md)** ⭐⭐ - Secrets and keys management @@ -81,6 +83,11 @@ This directory contains setup and configuration guides. - **[GRU_M00_DIAMOND_INSTITUTIONAL_SPEC.md](GRU_M00_DIAMOND_INSTITUTIONAL_SPEC.md)** ⭐⭐⭐ - GRU M00 Diamond institutional spec (§1–§8): topology, storage, facets, governance, markets, Pattern A/B, minimum checklist; token model A and Pattern A locked. - **[GRU_M00_DIAMOND_FACET_MAP.md](GRU_M00_DIAMOND_FACET_MAP.md)** ⭐⭐⭐ - GRU M00 Diamond (ERC-2535) Token Factory: facet map, storage namespaces, governance levels 0–5, canonical symbol grammar (c/a/d, W rules). Whitepaper-ready. - **[GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md](GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md)** ⭐⭐⭐ - Detailed review: missing components, functional wire-ins, naming alignment (a/d vs ac/vdc/sdc), checklist and recommendations. +- **[GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md](GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md)** ⭐⭐⭐ - Concrete standards matrix and phased implementation plan for canonical `c* V2` tokens: x402 readiness, ERC-2612/ERC-3009, wrapper/vault boundaries, GRU M00 facet mapping, migration, and acceptance gates. +- **[GRU_STANDARDS_PROFILE.md](GRU_STANDARDS_PROFILE.md)** ⭐⭐⭐ - Machine-readable standards profile for canonical `c* V2`, mirrored `cW*`, x402 capability, governance/policy layers, and the broader ISO-4217-plus asset scope. +- **[GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md](GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md)** ⭐⭐⭐ - End-to-end checklist for creating and fully attaching a new FX `c*` currency into GRU, explorer metadata, transport, reserve policy, and routing. +- **[`../../config/gru-standards-profile.json`](../../config/gru-standards-profile.json)** ⭐⭐⭐ - Machine-readable source of truth for the repo-wide x402, EIP/ERC, transport, and governance standards that apply to GRU monetary assets. +- **[`../../config/gru-iso4217-currency-manifest.json`](../../config/gru-iso4217-currency-manifest.json)** ⭐⭐⭐ - Machine-readable canonical manifest for the supported GRU ISO-4217 and commodity currency set, including deployment, transport, and x402 lifecycle state. - **[GRU_M00_DIAMOND_DOCS_REVIEW_GAPS_AND_INCONSISTENCIES.md](GRU_M00_DIAMOND_DOCS_REVIEW_GAPS_AND_INCONSISTENCIES.md)** ⭐⭐ - Review of all GRU M00 Diamond docs: missing refs, link consistency, terminology, and follow-up list. - **[DBIS Rail Technical Spec v1](../dbis-rail/DBIS_RAIL_TECHNICAL_SPEC_V1.md)** ⭐⭐⭐ - Bank-rail settlement and GRU mint orchestration on Chain 138: RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController, MintAuth lifecycle, EIP-712 signer quorum (3-of-5), replay protection, and audit events. - **[DBIS Rail Rulebook v1](../dbis-rail/DBIS_RAIL_RULEBOOK_V1.md)** ⭐⭐⭐ - Operational and compliance policy: good funds matrix, finality triggers per rail (wire/ACH/cash/internal), accounting sequence and deterministic accountingRef, MintAuth preconditions, reversal and exception handling, signer revocation timing, incident controls, audit and reporting standards. @@ -91,6 +98,7 @@ This directory contains setup and configuration guides. - **[DBIS Rail Control Mapping v1](../dbis-rail/DBIS_RAIL_CONTROL_MAPPING_V1.md)** ⭐⭐ - Control IDs mapped to checklist, Spec, Rulebook, and Threat Model for audit and SOC 2 / ISO 27001 alignment. - **[DBIS Rail and Project Completion Master v1](../dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md)** ⭐⭐ - Project and deployment status; full task list (required and optional) for DBIS Rail and project completion. - **[Implementation coordination (transcript 540ae663)](../dbis-rail/IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md)** ⭐⭐ - Coordinate implementations with PMM/DEX, tokens, GRU, cW*, deployments; maps Completion Master tasks to done/partial/open. +- **[../../config/dbis-institutional/README.md](../../config/dbis-institutional/README.md)** — JSON Schemas and examples: settlement events, address registry (LEI, IBAN, ISIN, ENS, WEB3-ETH-IBAN, Blockscout hints); narrative: [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md). Identifier policy (Chain 138 as SWIFT replacement, UETR hybrid): [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md). - **[DBIS Rail Ledger Attestation Add-On v1.5](../dbis-rail/DBIS_RAIL_LEDGER_ATTESTATION_ADDON_V1_5.md)** ⭐⭐ - LPA state machine, reversal matrix, signer effectiveFromBlock/revokedAtBlock mandatory. - **[DBIS Rail Conversion Router Spec v1.5](../dbis-rail/DBIS_RAIL_CONVERSION_ROUTER_SPEC_V1_5.md)** ⭐⭐ - SwapAuth, best execution/MEV, quote provenance, venue allowlist, sanctions/AML for swaps. - **[DBIS Rail Stablecoin Policy v1.5](../dbis-rail/DBIS_RAIL_STABLECOIN_POLICY_V1_5.md)** ⭐⭐ - Canonical stablecoin definition, registry, routing and monitoring. diff --git a/docs/04-configuration/RPC_ENDPOINTS_MASTER.md b/docs/04-configuration/RPC_ENDPOINTS_MASTER.md index f0c5900..7a9536e 100644 --- a/docs/04-configuration/RPC_ENDPOINTS_MASTER.md +++ b/docs/04-configuration/RPC_ENDPOINTS_MASTER.md @@ -112,6 +112,7 @@ For **Ethereum mainnet and other public chains**, you can use: | `ws.rpc.d-bis.org` | WSS | 2201 | 192.168.11.221 | 8546 | ✅ Yes | Primary WebSocket (same as rpc-ws-pub) | | `ws.rpc2.d-bis.org` | WSS | 2201 | 192.168.11.221 | 8546 | ✅ Yes | Secondary WebSocket (same as rpc-ws-pub) | | `rpc-http-prv.d-bis.org` | HTTPS | 2101 | 192.168.11.211 | 8545 | ✅ Yes | Private HTTP RPC | +| `rpc-core.d-bis.org` | HTTPS | 2101 | 192.168.11.211 | 8545 | ✅ Yes | Core RPC alias (same backend as rpc-http-prv); deploy still prefers IP:8545 | | `rpc-ws-prv.d-bis.org` | WSS | 2101 | 192.168.11.211 | 8546 | ✅ Yes | Private WebSocket RPC | | `rpc-fireblocks.d-bis.org` | HTTPS | 2301 | 192.168.11.232 | 8545 | ✅ Yes | **Fireblocks-dedicated** HTTP RPC | | `ws.rpc-fireblocks.d-bis.org` | WSS | 2301 | 192.168.11.232 | 8546 | ✅ Yes | **Fireblocks-dedicated** WebSocket RPC | @@ -181,6 +182,7 @@ rpc2.d-bis.org → http://192.168.11.221:8545 (WebSocket: Yes) ws.rpc.d-bis.org → http://192.168.11.221:8546 (WebSocket: Yes) ws.rpc2.d-bis.org → http://192.168.11.221:8546 (WebSocket: Yes) rpc-http-prv.d-bis.org → http://192.168.11.211:8545 (WebSocket: Yes) +rpc-core.d-bis.org → http://192.168.11.211:8545 (WebSocket: Yes) rpc-ws-prv.d-bis.org → ws://192.168.11.211:8546 (WebSocket: Yes) rpc-fireblocks.d-bis.org → http://192.168.11.232:8545 (WebSocket: Yes) — Fireblocks-dedicated ws.rpc-fireblocks.d-bis.org → http://192.168.11.232:8546 (WebSocket: Yes) — Fireblocks-dedicated diff --git a/docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md b/docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md index 199f77e..d44bd58 100644 --- a/docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md +++ b/docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md @@ -248,10 +248,12 @@ Emit events that carry enough canonical metadata for off-chain systems to map to |----------|-------------| | [ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md](ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md) | How the intake/gateway contract receives ISO messages on different blockchain networks (relayer vs cross-chain, same address, per-chain config) | | [MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md](../runbooks/MULTI_CHAIN_EXECUTION_ISO20022_EMONEY.md) | ISO-20022 canonical message and E-Money requirements for GRU multi-chain | +| [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) | End-to-end map: OMNL, DBIS Core, Smart Vault, RTGS, settlement events, ISO/DID; Chain 138 `ISO20022Router` in [CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) | | [Mapping_Table.md](../../gru-docs/docs/integration/iso20022/Mapping_Table.md) | ISO 20022 (pain.001, pacs.008, etc.) field-level mapping and validation | | [iso20022-mapping.md](../../dbis_core/docs/nostro-vostro/iso20022-mapping.md) | ISO 20022 to DBIS API mapping and Iso20022Adapter usage | | [iso20022-message-flow.md](../../dbis_core/docs/flows/iso20022-message-flow.md) | ISO 20022 message processing flow | | [LEGAL_COMPLIANCE_REQUIREMENTS.md](../../explorer-monorepo/docs/LEGAL_COMPLIANCE_REQUIREMENTS.md) | Legal and ISO 20022 compliance for smart contracts | +| [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) | Full-stack map: OMNL, Core, RTGS, ISO on-chain, DID, FX, Smart Vaults (section 14) | --- diff --git a/docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md b/docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md index da3f8a3..a443f34 100644 --- a/docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md +++ b/docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md @@ -41,6 +41,7 @@ bash metamask-integration/chain138-snap/scripts/verify-snap-api-and-icons.sh htt curl -s "http://localhost:3000/api/v1/report/token-list?chainId=138" | jq '.tokens | length' curl -s "http://localhost:3000/api/v1/report/coingecko?chainId=138" | jq '.' curl -s "http://localhost:3000/api/v1/networks" | jq '.networks | length' + curl -s "http://localhost:3000/api/v1/bridge/preflight" | jq '.gruTransport.summary' ``` ### 2.2 Minimum env for report API @@ -78,6 +79,21 @@ This inserts `location /api/v1/` proxying to `http://127.0.0.1:3000/api/v1/`. ** ## 4. Re-verify +```bash +bash scripts/verify/check-token-aggregation-chain138-api.sh +# or: BASE_URL=https://explorer.d-bis.org bash scripts/verify/check-token-aggregation-chain138-api.sh +``` + +Expect `200` on tokens, pools, quote, networks, **`/api/v1/bridge/routes`**, **`/api/v1/bridge/status`**, and **`/api/v1/bridge/preflight`**. If `bridge/routes` or `bridge/preflight` is `404` or `{"error":"Not found"}`, the explorer host is still running an older token-aggregation build: redeploy the service from `smom-dbis-138/services/token-aggregation` and reload nginx. + +```bash +# Reachability only +ALLOW_BLOCKED=1 bash scripts/verify/check-gru-transport-preflight.sh https://explorer.d-bis.org + +# Strict operator preflight: fails if any GRU pair is still blocked +bash scripts/verify/check-gru-transport-preflight.sh https://explorer.d-bis.org +``` + ```bash bash metamask-integration/chain138-snap/scripts/verify-snap-api-and-icons.sh https://explorer.d-bis.org ``` @@ -99,8 +115,9 @@ Use these files for CoinGecko/CMC submission per [CMC_COINGECKO_SUBMISSION_RUNBO |-------|-------|-----| | `curl .../api/v1/report/token-list` returns Blockscout-style JSON (`message`, `result`, `status`) | `/api/v1/` proxied to Blockscout, not token-aggregation | Ensure token-aggregation `location` is first; reload nginx | | Connection refused to 127.0.0.1:3000 | Token-aggregation not running | Start service; check `systemctl status token-aggregation` | -| Empty `tokens` array | `CUSDC_ADDRESS_138`, `CUSDT_ADDRESS_138` unset or wrong | Set in `.env`; restart service | +| Empty `tokens` array | Indexer / DB | **Chain 138:** `CHAIN_138_DODO_PMM_INTEGRATION` defaults to canonical DODOPMMIntegration if unset. Set `DATABASE_URL`, run migrations, ensure RPC to 138. Also set `CUSDT_ADDRESS_138` / `CUSDC_ADDRESS_138` (see `smom-dbis-138/services/token-aggregation/.env.example`). | | 502 Bad Gateway | Token-aggregation crashed or wrong port | Check logs; verify `TOKEN_AGG_PORT` matches service | +| `/api/v1/bridge/preflight` shows blocked pairs | Missing runtime env refs for GRU Transport | Run `bash scripts/verify/check-gru-transport-preflight.sh` and clear the reported `runtimeMissingRequirements` / `eligibilityBlockers` | --- @@ -110,6 +127,9 @@ Use these files for CoinGecko/CMC submission per [CMC_COINGECKO_SUBMISSION_RUNBO # 1. Verify (from repo root) bash metamask-integration/chain138-snap/scripts/verify-snap-api-and-icons.sh https://explorer.d-bis.org +# 1b. GRU Transport operator preflight +bash scripts/verify/check-gru-transport-preflight.sh https://explorer.d-bis.org + # 2. Export for submission (after API is reachable) curl -s "https://explorer.d-bis.org/api/v1/report/coingecko?chainId=138" -o report-coingecko-138.json curl -s "https://explorer.d-bis.org/api/v1/report/cmc?chainId=138" -o report-cmc-138.json diff --git a/docs/04-configuration/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md b/docs/04-configuration/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md index 2da07b0..4b3a0fe 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md +++ b/docs/04-configuration/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md @@ -2,7 +2,7 @@ documentId: BANK-KANAYA-OFFICE-RUNBOOK entity: Bank Kanaya jurisdiction: Indonesia -omnlOfficeId: 22 +omnlOfficeId: null externalId: BANK-KANAYA-ID settlementRef: HYBX-BATCH-001 version: "1.0" @@ -15,7 +15,7 @@ version: "1.0" | Field | Value | |--------|--------| | **Office name** | Bank Kanaya (as created in OMNL) | -| **officeId** | **22** (canonical for this programme; confirm with `GET /offices` in your tenant) | +| **officeId** | **Confirm with `GET /offices`** (e.g. omnl.hybxfinance.io: Bank Kanaya is often **21** after other offices; do not assume 22 if PT CAKRA or other offices were added) | | **externalId** | `BANK-KANAYA-ID` | | **Script** | `scripts/omnl/omnl-office-create-bank-kanaya.sh` (idempotent; `DRY_RUN=1` first) | @@ -29,11 +29,11 @@ version: "1.0" Use dynamic office id: ```bash -OFFICE_ID=22 bash scripts/omnl/omnl-audit-packet-office20.sh -OFFICE_ID=22 bash scripts/omnl/omnl-monitor-office20-movement.sh +OFFICE_ID= bash scripts/omnl/omnl-audit-packet-office20.sh +OFFICE_ID= bash scripts/omnl/omnl-monitor-office20-movement.sh ``` -Output directories use `audit-office22-*` when `OFFICE_ID=22`. +Output directories use `audit-office-*` matching the `OFFICE_ID` you pass. ## 4. Snapshot for regulator package diff --git a/docs/04-configuration/mifos-omnl-central-bank/GOVERNANCE_REGULATOR_EXPLAINERS_AND_LEGAL_FRAMEWORK.md b/docs/04-configuration/mifos-omnl-central-bank/GOVERNANCE_REGULATOR_EXPLAINERS_AND_LEGAL_FRAMEWORK.md index 442dc73..0d4df5d 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/GOVERNANCE_REGULATOR_EXPLAINERS_AND_LEGAL_FRAMEWORK.md +++ b/docs/04-configuration/mifos-omnl-central-bank/GOVERNANCE_REGULATOR_EXPLAINERS_AND_LEGAL_FRAMEWORK.md @@ -14,7 +14,7 @@ version: "1.0" | **HYBX** | Exchange / liquidity venue (narrative for this batch) | | **DBIS** | Clearing / netting cycle operator | | **OMNL** | Settlement ledger (Fineract); M1 liabilities — **LEI** `98450070C57395F6B906` ([lei.info](https://lei.info/98450070C57395F6B906)); **D&O roster:** [OMNL_BANKING_DIRECTORS_AND_LEI.md](OMNL_BANKING_DIRECTORS_AND_LEI.md) | -| **Bank Kanaya** | Beneficiary institution (office 22) | +| **Bank Kanaya** | Beneficiary institution (office 21) | ## 2. Legal framing (template) diff --git a/docs/04-configuration/mifos-omnl-central-bank/INDONESIA_SAMPLE_COVER_AND_TOC.md b/docs/04-configuration/mifos-omnl-central-bank/INDONESIA_SAMPLE_COVER_AND_TOC.md index e602c6f..9ce11e0 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/INDONESIA_SAMPLE_COVER_AND_TOC.md +++ b/docs/04-configuration/mifos-omnl-central-bank/INDONESIA_SAMPLE_COVER_AND_TOC.md @@ -44,7 +44,7 @@ We submit the enclosed evidence package for supervisory and legitimacy review. Settlement summary: • Settlement: HYBX/DBIS/OMNL PvP multilateral net settlement - • Beneficiary: Bank Kanaya (Indonesia) — OMNL officeId 22, externalId BANK-KANAYA-ID + • Beneficiary: Bank Kanaya (Indonesia) — OMNL officeId 21, externalId BANK-KANAYA-ID • Amount: USD 1,000,000,000.00 • Batch reference: HYBX-BATCH-001 • Value date: 2026-03-17 diff --git a/docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md b/docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md new file mode 100644 index 0000000..5abf734 --- /dev/null +++ b/docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md @@ -0,0 +1,67 @@ +# OMNL — IPSAS, IFRS, and inter-office M1 postings + +**Purpose:** Demonstrate how **inter-office** journal entries (Phase C pattern, PvP branch legs, and M1 beneficiary reallocations) satisfy **IPSAS** and the **IFRS** family of standards used as the private-sector analogue. Attach this memo to audit files alongside `referenceNumber` and Fineract `transactionId`. + +--- + +## 1. “IFGA” in this programme + +**IFGA** does not appear as a defined handbook in the IPSASB or IFRS Foundation publications used in this repo. Use one of the following: + +- **Organisation-defined IFGA:** Map journal lines to your statutory IFGA policy and cross-walk to Fineract `glCode` / office. +- **Default (where IFGA is unspecified):** Treat **IFGA as aligned with IFRS** for financial instruments and presentation — specifically **IAS 32**, **IFRS 7**, and **IFRS 9** — in parallel with **IPSAS 28** and **IPSAS 29**. + +--- + +## 2. Double-entry and accrual basis + +| Requirement | How OMNL entries comply | +|-------------|-------------------------| +| Accrual basis | Fineract postings use **double-entry** `debits[]` / `credits[]` with equal totals per journal. | +| No single-sided economic events | Each JE balances; inter-office pairs (unwind + book) preserve group-wide substance when read with HO policy. | +| IPSAS 41 (cash basis) | OMNL operational policy is **accrual** (IPSAS 41 not selected for these books). | + +--- + +## 3. IPSAS mapping (inter-office M1 / 1410 / 2100) + +| IPSAS | Application to M1 clearing / realloc | +|-------|--------------------------------------| +| **IPSAS 1** | **Segment reporting:** `officeId` and office name in narrative identify the reporting segment; realloc moves the **same economic amount** between segments. | +| **IPSAS 3** | **Policies:** Documented in [OMNL_JOURNAL_LEDGER_MATRIX.md](OMNL_JOURNAL_LEDGER_MATRIX.md) and [OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md](OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md). | +| **IPSAS 9 / 23** | **Not revenue:** Pure inter-office liability / receivable movements — **no** recognition of exchange or non-exchange **revenue**. | +| **IPSAS 28** | **Presentation:** **2100** = financial liability (M1-style central liability); **1410** = financial asset (due from head office). | +| **IPSAS 29** | **Measurement:** Monetary balances at **amortised cost** (no fair-value remeasurement in these JEs unless policy extends). | + +--- + +## 4. IFRS mapping (IFGA default) + +| Standard | Application | +|----------|-------------| +| **IAS 32** | **1410** presented as financial **asset**; **2100** as financial **liability**; realloc is a **reclassification between components** of inter-office balances, not equity. | +| **IFRS 7** | Disclosures (liquidity, credit risk, concentration) for external reporting are satisfied by **regulator / audit packages** + GL trial balance — not by Fineract `comments` alone. | +| **IFRS 9** | **Recognition:** Balances already recognised; realloc **does not** derecognise group M1 — it **re-attributes** segment presentation. **No P&L** on symmetric inter-office M1/1410 legs absent impairment (out of scope here). | + +--- + +## 5. HYBX-BATCH-001 beneficiary realloc (example) + +Posted via `scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh` (live example, 2026-03-30): + +| referenceNumber | officeId | Effect | IPSAS | IFRS (IFGA default) | +|-----------------|----------|--------|-------|---------------------| +| `HYBX-BATCH-001-BEN-REALLOC-UNWIND-21` | 21 | Dr 1410 / Cr 2100 — unwind prior branch clearing | 28, 29, 1, 3 | IAS 32, IFRS 9 | +| `HYBX-BATCH-001-BEN-REALLOC-BOOK-22` | 22 | Dr 2100 / Cr 1410 — mirror PvP branch leg | 28, 29, 1, 3 | IAS 32, IFRS 9 | + +**HO leg** (Dr 2410 / Cr 2100 at office 1) from original PvP is **unchanged**; group **M1 liability** at HO is not increased or decreased by the branch-only realloc — only **which office** carries the branch sub-ledger for disclosure is updated. + +--- + +## 6. Ongoing discipline + +- Prefer **stable `referenceNumber`** and **governance id** in `comments` (see script `COMPLIANCE_AUTH_REF`). +- For material amounts, use **maker-checker** (`omnl-je-maker.sh` / `omnl-je-checker.sh`). +- **Reconcile** segment totals after realloc: `GET /journalentries?officeId=` for offices affected. + +**See also:** [OMNL_JOURNAL_LEDGER_MATRIX.md](OMNL_JOURNAL_LEDGER_MATRIX.md) · [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md) diff --git a/docs/04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md b/docs/04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md index 4004e47..3442e4a 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md +++ b/docs/04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md @@ -62,6 +62,29 @@ Migration accounts 1000, 1050, 2000, 2100, 3000 map into this structure for open | IPSAS 41 | Financial Reporting Under the Cash Basis | Cash basis option; OMNL uses accrual (double-entry) | | IPSAS 42 | Social Benefits | N/A for central bank monetary operations | +### 3.1 IFRS alignment and “IFGA” + +IPSAS 28/29 on financial instruments are conceptually aligned with **IFRS** presentation and measurement for similar monetary balances. For OMNL postings, use this **parallel mapping** when consolidated or regulator packs require IFRS language: + +| IFRS / IAS | Topic | OMNL application | +|------------|--------|------------------| +| IAS 32 | Financial instruments — presentation | **1410** financial asset (due from HO); **2100** / **2410** financial liabilities; inter-office entries do not hit equity. | +| IFRS 7 | Financial instruments — disclosures | Fair value / liquidity / credit disclosures for **1000–2100** (and extended CoA) belong in **external FS notes** and audit evidence, not only in Fineract narrative. | +| IFRS 9 | Financial instruments — recognition & measurement | Monetary assets and liabilities at **amortised cost**; **no P&L** on symmetric M1/1410 inter-office reallocations absent derecognition or impairment. | + +**IFGA:** Not defined in this repository’s handbooks. If your policy uses **IFGA**, attach your cross-walk. Where IFGA is **unspecified**, treat it as **aligned with IFRS** (IAS 32, IFRS 7, IFRS 9) alongside IPSAS 28/29. See [OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md](OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md). + +### 3.2 M1 beneficiary realloc (branch-only, IPSAS / IFRS) + +Mirror of PvP **branch** leg: unwind at source office, book at target. **No revenue** (IPSAS 9/23; IFRS 15 not applicable). **Financial instruments** only (IPSAS 28/29; IAS 32 / IFRS 9). + +| Step | officeId | Debit glCode | Credit glCode | IPSAS | IFRS (IFGA default) | +|------|----------|--------------|---------------|-------|---------------------| +| Unwind | From (e.g. 21) | 1410 | 2100 | 1, 3, 28, 29 | IAS 32, IFRS 9 | +| Book | To (e.g. 22) | 2100 | 1410 | 1, 3, 28, 29 | IAS 32, IFRS 9 | + +Script: `scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh` (embeds compliance tags in `comments`). + --- ## 4. Journal entry matrix (Head Office + entities) @@ -127,6 +150,7 @@ All entries are posted with **officeId = 1** (Head Office) in the current Finera ## 8. References +- [OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md](OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md) — IPSAS + IFRS (IFGA default) for inter-office M1 / PvP / realloc - [MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md](MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md) — Authoritative migration memo - [LEDGER_ALLOCATION_GL_MAPPING.md](LEDGER_ALLOCATION_GL_MAPPING.md) — GL mapping and implementation - [LEDGER_ALLOCATION_POSTING_RUNBOOK.md](LEDGER_ALLOCATION_POSTING_RUNBOOK.md) — Posting runbook diff --git a/docs/04-configuration/mifos-omnl-central-bank/OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md b/docs/04-configuration/mifos-omnl-central-bank/OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md new file mode 100644 index 0000000..a18c378 --- /dev/null +++ b/docs/04-configuration/mifos-omnl-central-bank/OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md @@ -0,0 +1,192 @@ +# OMNL M1 — Office-to-Office Clearing (Repo-Locked Runbook) + +**Purpose:** Controlled execution of **M1 / 1410 / 2100** movement between Fineract **offices** using `scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh`, with **no Head Office journal entry** in this script. + +**Related:** [OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md](OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md) (Phase C funding mirror), [omnl-pvp-post-clearing-bank-kanaya.sh](../../../scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh) and [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md) (HO + branch PvP legs), [OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md](OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md). + +--- + +## 1. Posting pattern (exact script behavior) + +| Scope | Debit | Credit | +|--------|--------|--------| +| **Source office** (sender) | 1410 — Due From Head Office | 2100 — M1 | +| **Target office** (receiver) | 2100 — M1 | 1410 — Due From Head Office | +| **Head Office** | *No journal entry* | *No journal entry* | + +The script posts **two** office-scoped journal entries only. It does **not** move 2410 at HO. + +--- + +## 2. Amount scale (critical) + +Fineract journal `amount` values for USD in this repo follow **minor units (cents)**, consistent with `omnl-pvp-post-clearing-bank-kanaya.sh` (`AMOUNT_MINOR_UNITS`). + +| USD | `AMOUNT=` (cents) | +|-----|-------------------| +| $25,000,000.00 | `2500000000` | +| $5,000,000.00 | `500000000` | + +**Wrong:** `AMOUNT=25000000` posts **$250,000.00**, not $25M. + +The clearing script uses **`AMOUNT`** only (not `AMOUNT_MINOR_UNITS`). + +--- + +## 3. Office identifiers + +Use **numeric** `officeId` values from Fineract (`GET /offices`). Example mapping used in scripts/docs: + +- **21** — Bank Kanaya (Indonesia) +- **22** — PT. CAKRA INVESTAMA INTERNATIONAL + +Do **not** pass office names to `FROM_OFFICE` / `TO_OFFICE`. + +--- + +## 4. Amount discovery (avoid silent zero) + +With default `FETCH_AMOUNT_FROM_API=1`, the script sums **non-reversed debit** lines on GL **2100** at `FROM_OFFICE`. If the source office has **no** such debits (e.g. only Phase C **Cr 2100** history), the sum can be **0** and the script exits. + +**First controlled test:** set explicit amount and disable fetch: + +```bash +FETCH_AMOUNT_FROM_API=0 AMOUNT=2500000000 +``` + +When `AMOUNT` is non-empty, it takes precedence; `FETCH_AMOUNT_FROM_API=0` is optional but makes intent obvious. + +--- + +## 5. Working directory + +Run from the **repository root** so `scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh` resolves. + +--- + +## 6. Environment (repo-exact) + +The script **sources** `omnl-fineract/.env` or repo-root `.env` **inside itself**. A clean shell may show no `OMNL_*` variables and the script can still run. + +**Variables read by the script:** + +- `OMNL_FINERACT_BASE_URL` (not `OMNL_FINERACT_URL`) +- `OMNL_FINERACT_TENANT` (default `omnl`) +- `OMNL_FINERACT_USER` (default `app.omnl`) +- `OMNL_FINERACT_PASSWORD` + +### 6.1 Startup — file presence (visible) + +```bash +cd /path/to/proxmox + +if test -f omnl-fineract/.env || test -f .env; then + echo "OK: env file present" +else + echo "ERROR: neither omnl-fineract/.env nor .env found" + exit 1 +fi + +date -u +pwd +``` + +### 6.2 Optional inspection (after source; no secrets in output) + +Sourcing exports credentials into **this shell** until the session ends. Do not run `env` or `export -p` in captured logs if passwords might appear. + +```bash +set -a +source omnl-fineract/.env 2>/dev/null || source .env +set +a + +echo "Tenant: ${OMNL_FINERACT_TENANT:-}" +echo "Base URL: ${OMNL_FINERACT_BASE_URL:-}" +echo "User: ${OMNL_FINERACT_USER:-}" +if [ -n "${OMNL_FINERACT_PASSWORD:-}" ]; then + echo "Password: set (not shown)" +else + echo "Password: " +fi +``` + +Avoid `env | grep OMNL_FINERACT_` — it prints the password. + +--- + +## 7. Before / after validation + +Export **trial balance** (or equivalent) for GL **1410** and **2100** at offices **21**, **22**, and **1** (HO), in **minor units**. + +After the run, compute **after − before** per office. + +- Confirm **magnitude** equals the posted `AMOUNT` for **1410** and **2100** on each affected office (do not guess “direction” from narrative alone). +- **HO:** **2410** and **2100** should be **unchanged** by this script. If HO moves, something else posted or the wrong procedure ran. + +**Invariant (recommended wording):** net **M1 (2100)** across the **two participating offices** is conserved for this two-JE pattern; **HO** does not move for this script. For tenant-wide totals, define explicitly what you sum (office-scoped GL vs consolidation). + +--- + +## 8. Dry run (canonical) + +```bash +DRY_RUN=1 FETCH_AMOUNT_FROM_API=0 AMOUNT=2500000000 \ + FROM_OFFICE=21 TO_OFFICE=22 \ + bash scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh +``` + +Default is `DRY_RUN=1`; always dry-run before live post. + +--- + +## 9. Live post + +```bash +DRY_RUN=0 FETCH_AMOUNT_FROM_API=0 AMOUNT=2500000000 \ + FROM_OFFICE=21 TO_OFFICE=22 \ + COMPLIANCE_AUTH_REF=KANAYA-CAKRA-25M-001 \ + COMPLIANCE_APPROVER="Name of approver" \ + bash scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh +``` + +Live post requires `COMPLIANCE_AUTH_REF`. If `AMOUNT` ≥ `MATERIAL_THRESHOLD_COMPLIANCE` (default **10000000** in **the same minor-unit scale**, i.e. USD **100,000.00**), `COMPLIANCE_APPROVER` is **required**. At **2,500,000,000** cents, both are required. + +--- + +## 10. Round-trip (recommended) + +Reverse direction after validating the first leg; **dry-run the reverse leg first**. + +**Example — Cakra → Kanaya, $5M:** + +```bash +DRY_RUN=1 FETCH_AMOUNT_FROM_API=0 AMOUNT=500000000 \ + FROM_OFFICE=22 TO_OFFICE=21 \ + bash scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh +``` + +Then live with fresh `COMPLIANCE_AUTH_REF` / `COMPLIANCE_APPROVER` as required. + +--- + +## 11. Audit trail + +Log: timestamp (`date -u`), full command environment (non-secret), before/after extracts, Fineract journal entry IDs / reference numbers, operator identity, compliance references. + +--- + +## 12. Common failure modes + +| Symptom | Likely cause | +|---------|----------------| +| Balances off by ~100× | `AMOUNT` in dollars instead of cents | +| Wrong entity | `FROM_OFFICE` / `TO_OFFICE` swapped or wrong ID | +| Script errors on amount | No 2100 debits at source and no explicit `AMOUNT` | +| Exits before POST | Missing `COMPLIANCE_AUTH_REF` or `COMPLIANCE_APPROVER` (material) | +| 401 / auth errors | Missing or wrong `OMNL_FINERACT_PASSWORD` in `.env` | + +--- + +## 13. Next engineering step (optional) + +Add `scripts/omnl/validate-interoffice-transfer.sh` (or similar): capture balances → run transfer (or accept posted refs) → compare deltas → exit PASS/FAIL. diff --git a/docs/04-configuration/mifos-omnl-central-bank/OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md b/docs/04-configuration/mifos-omnl-central-bank/OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md index 66c1d65..de3ee0e 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md +++ b/docs/04-configuration/mifos-omnl-central-bank/OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md @@ -11,6 +11,8 @@ **Reference:** [MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md](MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md) · [OMNL_TRANSACTION_SEQUENCE_FULL.md](OMNL_TRANSACTION_SEQUENCE_FULL.md) +**IPSAS / IFRS (IFGA default):** Inter-office **1410 / 2100 / 2410** legs are **financial instruments** (IPSAS 28/29; IAS 32 / IFRS 9); **no revenue** on pure reallocations (IPSAS 9; IFRS 15 N/A). See [OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md](OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md) and [OMNL_JOURNAL_LEDGER_MATRIX.md](OMNL_JOURNAL_LEDGER_MATRIX.md) §3.1–3.2. + --- ## Interoffice GL accounts (required) diff --git a/docs/04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md b/docs/04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md index a7b6032..3ae2b2d 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md +++ b/docs/04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md @@ -13,7 +13,7 @@ version: "1.0" ## 1. Design summary -Settlement uses **HYBX / DBIS / OMNL** multilateral netting. **Bank Kanaya (office 22)** is the **net beneficiary** of USD 1,000,000,000.00 on OMNL M1 liabilities (`2100`) with offsetting **Due To / Due From** structure per Phase C pattern (`2410` / `1410` / `2100` as applicable to your posted JEs). +Settlement uses **HYBX / DBIS / OMNL** multilateral netting. **Bank Kanaya (office 21)** is the **net beneficiary** of USD 1,000,000,000.00 on OMNL M1 liabilities (`2100`) with offsetting **Due To / Due From** structure per Phase C pattern (`2410` / `1410` / `2100` as applicable to your posted JEs). ## 2. Clearing reference diff --git a/docs/04-configuration/mifos-omnl-central-bank/README.md b/docs/04-configuration/mifos-omnl-central-bank/README.md index 26a2919..c3d975c 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/README.md +++ b/docs/04-configuration/mifos-omnl-central-bank/README.md @@ -16,6 +16,8 @@ Configuration documentation for Apache Fineract + Mifos X as the **OMNL** (Organ | [MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md](MIGRATION_AND_LEDGER_ALLOCATION_MEMORANDUM.md) | **Migration & ledger allocation** — Opening balance, Treasury Denomination Conversion (Option A), client registry, T-001–T-001B–T-008; compliance summary (§8.5). | | [LEDGER_ALLOCATION_GL_MAPPING.md](LEDGER_ALLOCATION_GL_MAPPING.md) | GL mapping and implementation — Memo GL codes (1000, 1050, 2000, 2100, 3000) to Fineract; journal entry posting. | | [OMNL_JOURNAL_LEDGER_MATRIX.md](OMNL_JOURNAL_LEDGER_MATRIX.md) | **Journal/ledger matrix** — Head Office + all entities; full GL; IPSAS compliance; API posting to OMNL Hybx. Machine-readable [omnl-journal-matrix.json](omnl-journal-matrix.json). | +| [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) | **Cross-stack integration** — HYBX OMNL (Fineract API), DBIS Core per anchor/division, Chain 138 Smart Vaults, fiat wallet binding, external RTGS, settlement `correlation_id`. | +| [OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md](OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md) | **IPSAS + IFRS** for inter-office M1 / PvP / realloc; **IFGA** default = IFRS (IAS 32, IFRS 7, IFRS 9) unless org-defined. | | [LEDGER_ALLOCATION_POSTING_RUNBOOK.md](LEDGER_ALLOCATION_POSTING_RUNBOOK.md) | **One-page runbook** — Pre-posting checklist, journal entry table, post-posting reconciliation, sign-off and audit. | | [FINERACT_API_REFERENCE.md](FINERACT_API_REFERENCE.md) | Fineract REST API for currency, GL, exchange rates; GRU/SDR/XAU support. | | [CHART_OF_ACCOUNTS.md](CHART_OF_ACCOUNTS.md) | OMNL CoA structure, account codes, M00/M0/M1 mapping. | @@ -35,12 +37,13 @@ Configuration documentation for Apache Fineract + Mifos X as the **OMNL** (Organ | [P2P_SETTLEMENT_CRUNCHYGALAXY_RAIL.md](P2P_SETTLEMENT_CRUNCHYGALAXY_RAIL.md) | P2P banking rail: HYBX → CrunchyGalaxy settlement (request/response/capture, mirror entry, close package). | | [OMNL_OFFICE_ADDRESS_BOOK.md](OMNL_OFFICE_ADDRESS_BOOK.md) | **Address book:** Per-office API Banking Rail instructions and secrets reference (vault path only; no secrets in repo). | | [OMNL_OFFICE_MASTER_RUNBOOK_INDEX.md](OMNL_OFFICE_MASTER_RUNBOOK_INDEX.md) | **Master Runbook index:** Every office has one Master Runbook and optional sub-runbooks (funding, P2P, audit, DR, upload). | -| [BANK_KANAYA_OFFICE_RUNBOOK.md](BANK_KANAYA_OFFICE_RUNBOOK.md) | **Bank Kanaya (OMNL office 22)** — HYBX-BATCH-001 beneficiary; create office: `omnl-office-create-bank-kanaya.sh`; PvP JEs: `omnl-pvp-post-clearing-bank-kanaya.sh`. | +| [BANK_KANAYA_OFFICE_RUNBOOK.md](BANK_KANAYA_OFFICE_RUNBOOK.md) | **Bank Kanaya (OMNL office 21)** — HYBX-BATCH-001 beneficiary; create office: `omnl-office-create-bank-kanaya.sh`; PvP JEs: `omnl-pvp-post-clearing-bank-kanaya.sh`. | | [INDONESIA_MASTER_PROOF_MANIFEST.md](INDONESIA_MASTER_PROOF_MANIFEST.md) | **Indonesia submission** — Master proof manifest for BI/MoF package (HYBX-BATCH-001). | | [INDONESIA_CENTRAL_BANK_SUBMISSION_BINDER.md](INDONESIA_CENTRAL_BANK_SUBMISSION_BINDER.md) | Six-volume binder structure; build via `scripts/omnl/build-transaction-package-zip.sh`. | | [INDONESIA_SAMPLE_COVER_AND_TOC.md](INDONESIA_SAMPLE_COVER_AND_TOC.md) | Transmission-ready cover letter + master TOC (metadata in YAML front matter). | | [OMNL_API_TRANSACTION_PACKAGE.md](OMNL_API_TRANSACTION_PACKAGE.md) | `omnl_transaction_package_snapshot.json` for regulator Section 2. | | [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md) | PvP / multilateral net narrative for Bank Kanaya batch. | +| [OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md](OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md) | **M1 office-to-office clearing** — `omnl-m1-clearing-transfer-between-offices.sh`; cents scale, env checks, dry/live, compliance, TB validation, round-trip. | | [INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) | **4.995 per-category** evidence standard + honesty clause. | | [INDONESIA_SUBMISSION_PACKAGE_GRADE_AND_SCORECARD.md](INDONESIA_SUBMISSION_PACKAGE_GRADE_AND_SCORECARD.md) | Scorecard; targets **4.995** per row (not 5.0). | | [HYBX_BATCH_001_OPERATOR_CHECKLIST.md](HYBX_BATCH_001_OPERATOR_CHECKLIST.md) | **End-to-end operator checklist** — Fineract, zip build, verify, 4.995 strict, transmission. | diff --git a/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_JURISDICTIONS_AND_DIAGRAMS.md b/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_JURISDICTIONS_AND_DIAGRAMS.md index 988207a..4a3ab9e 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_JURISDICTIONS_AND_DIAGRAMS.md +++ b/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_JURISDICTIONS_AND_DIAGRAMS.md @@ -26,7 +26,7 @@ version: "1.0" HYBX participants ──► DBIS netting ──► OMNL GL (2100/2410/1410 pattern) │ ▼ - Bank Kanaya (office 22) beneficiary position + Bank Kanaya (office 21) beneficiary position ``` ## 4. HTML diagram diff --git a/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_VISUAL.html b/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_VISUAL.html index 84325ed..5076d9c 100644 --- a/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_VISUAL.html +++ b/docs/04-configuration/mifos-omnl-central-bank/TRANSACTION_EXPLANATION_VISUAL.html @@ -17,7 +17,7 @@

HYBX-BATCH-001 — Visual flow (reference)

-

Value date 2026-03-17 · Beneficiary Bank Kanaya (OMNL office 22) · USD 1,000,000,000.00

+

Value date 2026-03-17 · Beneficiary Bank Kanaya (OMNL office 21) · USD 1,000,000,000.00

HYBX / participant legs
↓ DBIS multilateral net
OMNL settlement ledger (M1 / interoffice)
diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c6bcd16 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.064172 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/all_e2e_results.json new file mode 100644 index 0000000..6a3a787 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/all_e2e_results.json @@ -0,0 +1,1078 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040009, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.128136, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:11-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.064172 + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:11-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015835 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "*", + "issuer": "*", + "expires": "May 19 19:15:03 3025 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033577, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.142534, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.324921, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.141.209", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "WE1", + "expires": "May 6 03:30:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.128408, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T04:52:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033362, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.126124, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.112246, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.030396, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.032224, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:17-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.064030 + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035078, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:52:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039325, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035683, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:52:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.075799, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:52:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.105826, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.058454, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.103362, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036746, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038169, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:38-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038783, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:38-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037422, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T04:52:39-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041441, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:39-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041234, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:39-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:39-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.110878, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:52:40-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:52:40-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:52:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.128528, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..0ebd822 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2063.83","coin_price_change_percentage":3.63,"gas_price_updated_at":"2026-03-29T11:52:16.472435Z","gas_prices":{"slow":1.7,"average":1.7,"fast":1.7},"gas_prices_update_in":8934,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..04ca693 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:38 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.037422 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6c5869b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:46 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BuEREUHnWVxnGO5v%2FbvfPN%2BBVt3JpR%2FajT9kLrRY6bGNxQWyA0PAOZ%2FF9XTPx6ex%2B9AO5UNkSSkU5uux8nuHL5vF15OBjh6nnArWz2KkzGhbOEQbiPw%2FuUlo4Qee4LUgctRW6h%2Bty%2FH%2B"}]} +server: cloudflare +cf-ray: 9e3eab99bcf42b62-LAX + + +0.128528 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..21a372a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:13 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=w8Pe75Jb5PuZDbWjlP98q%2Biu2IfOw5uU5TXpcn5b9LPU%2BTYREhP6RHt8ww1Sq9nP30TM8o4HetIIjqNwjYPVmzVnxxwD5oX9H8pEf1baVhdXh5NczGm%2B2oAKLwDxKA%2BqSpeYhUUjag%3D%3D"}]} +server: cloudflare +cf-ray: 9e3eaaca6bccb6a4-LAX + + +0.142534 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f4d1d5b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:40 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=P%2FQKRCHpax0T5VGlk1oVBaDxojjk0I33tmCXcNoXbo1v4GYCSpmVWsM%2BoX2xbSpRGxJIVlxnH%2Fz1tl6lQODXRBFk4AiW1ZzgWlm8eFEa12hsBgQYNGF%2B158xY0jc5RGf33RjmRVMig%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e3eab7399af2ab8-LAX +alt-svc: h3=":443"; ma=86400 + + +0.110878 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..63ca103 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:52:16 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=L0U13gkurCHIuRxJ6w5BABCw0SobzP3z4YrKG4aHS%2Bc9BoSG8XEq4H5pOl0QtoYveT6A4opep45H%2FlDpmp5NExDJKGPCkrYOFSi%2Bz8A57u2Z%2BCY9zSlGu4jH3rGFPu%2BFcg%3D%3D"}]} +server: cloudflare +cf-ray: 9e3eaae1ccb40f19-LAX +alt-svc: h3=":443"; ma=86400 + + +0.112246 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..715fb3d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.015835 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..a002503 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:10 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.040009 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..5240126 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:39 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.041441 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f4bb842 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:15 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.033362 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f1283bb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:36 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KE0LnZe5tQ2%2FVKn5rxkD7uvPg0njSUgLRlbrU0EADDGsO386tkzshqH6BiBOh71kQ7kF28NsxjnatF2pHYHi3THZAW%2BZDfvFhgOt8s975kweBCBIRr0orU2xObgW3a2x"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e3eab5b6ac42edf-LAX +alt-svc: h3=":443"; ma=86400 + + +0.105826 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0ba7f8e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:15 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KbQNkCFWmib7ad3AyPsP4MsB5dnEagAj4FdHdL9WA%2Fhlpkwk02IklbUhNTptCHpqz5OUbywFCWZkI8WulkI%2BpjN2qjQnfWyTHbbX1Q1QNNWfZ7Em8nPbWrMeUOK%2FKSE3Lg%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e3eaadb7d2acb8e-LAX +alt-svc: h3=":443"; ma=86400 + + +0.126124 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..18ef4e9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2063.83","coin_price_change_percentage":3.63,"gas_price_updated_at":"2026-03-29T11:52:16.472435Z","gas_prices":{"slow":1.7,"average":1.7,"fast":1.7},"gas_prices_update_in":9602,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..36d828b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:38 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f6c73db --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:37 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dorZYth3%2BEHCpaNWNmvspBrnrVfTXdgUlQ%2FjDxsDSDYj7eTXcFh1MvWjrnFTZhJv60kVeO6dCzn0meFEIktQ876BTwSJMEqorwDCL4vUeKvYEnLNLIY0TX%2BkJA4lv2ZJL40%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e3eab62cf4ac13f-LAX +alt-svc: h3=":443"; ma=86400 + + +0.103362 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..91d67d3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.064030 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8d1bf0f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:11 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=LMNMWiiheqVYB3AlDofntPB4AZJqpcKRWVngv%2Fkg2I6UvLTHp0OaUDWTzMWmIL%2BEYwnXvx2unhsDPGQUWHuuSWAkUI5C8QtmRpQBTGzHYspjILucJCDCu%2F8G2MwUxuPO2%2Fc%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e3eaabeb95df50e-LAX +alt-svc: h3=":443"; ma=86400 + + +0.128136 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/mim4u_org_https_headers.txt new file mode 100644 index 0000000..5387228 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:18 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..035dbe2 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:24 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-jHhuf3gg6cQvLWNxaC0dXw=='; style-src 'self' 'nonce-jHhuf3gg6cQvLWNxaC0dXw=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..aeb3edf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,12 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:12 GMT +content-type: text/html +content-length: 2147 +last-modified: Wed, 07 May 2025 12:00:31 GMT +vary: Accept-Encoding +etag: "681b4b5f-863" +alt-svc: h3=":443"; ma=86400 +accept-ranges: bytes + + +0.033577 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..f4116e5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/sankofa_nexus_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:13 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..03c075c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:39 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.041234 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..2a72963 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:37 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c47b8fa --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:15 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=vipCn%2FQkrqK0prpacmLFnvaYIYKEjjQ9larvB1zr6WYYJNlQymvYfaFH0olwArh63XxmD5hxm0IFnLLAYDPXjrm12HHjwC9PS1LfddXLv7eJwPcB0AhrDXbBmX6P0oQGPd3J6uR2Gw%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +server: cloudflare +cf-ray: 9e3eaad72de4565f-LAX +alt-svc: h3=":443"; ma=86400 + + +0.128408 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..2b3dc54 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:30 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..bbd026e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:38 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/verification_report.md new file mode 100644 index 0000000..55163b1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T04:52:46-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 41 +- **HTTPS tests passed**: 26 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 3 +- **Average response time**: 0.07595524137931035s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | skip | skip | skip | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | skip | skip | skip | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..84d1a30 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:52:24 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..607b79f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:52:37 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.058454 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..36334c8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:52:17 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.030396 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1b2f966 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045210/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:52:17 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.032224 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..d57254a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,12 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:19 GMT +content-type: text/html +content-length: 2147 +last-modified: Wed, 07 May 2025 12:00:31 GMT +vary: Accept-Encoding +etag: "681b4b5f-863" +alt-svc: h3=":443"; ma=86400 +accept-ranges: bytes + + +0.033890 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/all_e2e_results.json new file mode 100644 index 0000000..7ecdba8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/all_e2e_results.json @@ -0,0 +1,1089 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035983, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.136254, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:19-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "*", + "issuer": "*", + "expires": "May 19 19:15:03 3025 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033890, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:19-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.016282 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "*", + "issuer": "*", + "expires": "May 19 19:15:03 3025 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.032009, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.142567, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.052934, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.141.209", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036760, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T04:53:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042055, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.130518, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.117483, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.035772, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.033962, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.038165 + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037997, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:53:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037301, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035732, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:53:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.043401, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:53:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:42-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.113857, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:43-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:43-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.035231, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:43-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.099477, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037070, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.034418, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039350, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.034654, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T04:53:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038230, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035577, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.114251, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T04:53:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T04:53:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T04:53:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.113024, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..17f30e4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2063.83","coin_price_change_percentage":3.63,"gas_price_updated_at":"2026-03-29T11:53:18.580815Z","gas_prices":{"slow":1.7,"average":1.7,"fast":1.7},"gas_prices_update_in":4294,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..3fe4b07 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:45 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.034654 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6e23cb9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:53 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HR4gJ7B8zn28ZfSZhPT6GvGkxsa8rEhWB5%2FFcXXkGwPanemzQelCcUeroaykHHwEm8FTobY73SQRRJRwfRTphbeRnr5UZz6YF0C7jAyUzagYrfuj5TX6sR%2Bxj%2FIFqZQKbCwvWD%2FWgzdA"}]} +server: cloudflare +cf-ray: 9e3ead3a59335bf3-LAX + + +0.113024 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..cc9b872 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:20 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aDAcH5vyUV8onRKpLkJY8Enoe1XQlqZdTHUS7wN972T%2Bsr52oFuNpDp7WJitVJXvxyiRRqRJXnXK%2Bh87CQEJhl5V9x1VjayO%2F0OzcmCEgcay4YWb0TAGQM4f1Qr3RoffESQmsdzfLQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e3eac70d8ce5e27-LAX + + +0.142567 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..5c295cb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:46 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3m07T1l0s9EUihywIKpLyv%2BRGD7cpZ9bRqslZhfE3XnHb%2B58jj6UgmneiXOOpSLRC8Za8%2FmU57Z9IosPpXYQ6clIo5sM0IjBLxwBFjt%2F7%2B%2Bz8POMLQIK%2FP2wxTM%2FvCtr8uqAxabFkw%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e3ead14497d0922-LAX +alt-svc: h3=":443"; ma=86400 + + +0.114251 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0151f8f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:53:24 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=C7e1AuBDqOhU5j3vp0j7OPYftBxXw6qUvX1FbGmABfD9LwKUTNdxY2UxkbW%2FRjjVzJkYILcJzwA7SbbujDaTZ1nMTrf2K%2FGs%2FH5vQv%2FqTTkccElDLA216tWefe1ax3oHhw%3D%3D"}]} +server: cloudflare +cf-ray: 9e3eac850b2d4818-LAX +alt-svc: h3=":443"; ma=86400 + + +0.117483 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..9542a93 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.016282 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b041cbf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:18 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.035983 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..96e01ba --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:45 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.038230 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0cf5556 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:22 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.042055 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..33fc50c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:43 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YUe9jqIJtOZBgb%2BthkhtijX5lWSW%2BIHYPNksuXju35Edft9uPBIqICg4fhxUt8tot0H1jV0V4J%2BtoBXUeSD7kJacCO3V6SecXXHwnXurN5imU642uPSyYKm%2BAyhU5SGz"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e3eacfd2d0df7a3-LAX +alt-svc: h3=":443"; ma=86400 + + +0.113857 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..d96c320 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:22 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gxXnG0VCr1R9pInifwi%2B%2FjBLD7%2BdlLlghx4dPV%2BIFW%2Bb24o9YbPXyRWdXEsCS92%2BEy36YTSgmZpb%2B9lpyH1eA%2BAdqBC5XydIeLv31nt%2BWc9cDnALnHSX3b%2BCSdCgbx5KCw%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e3eac7e58c9f3c5-LAX +alt-svc: h3=":443"; ma=86400 + + +0.130518 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..f3f915e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2063.83","coin_price_change_percentage":3.63,"gas_price_updated_at":"2026-03-29T11:53:18.580815Z","gas_prices":{"slow":1.7,"average":1.7,"fast":1.7},"gas_prices_update_in":4970,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8b28187 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:44 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6ee7d5e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:44 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FGp3RNP%2BuP3L0uidY2DUnwJqVZ0JNlvsd6F87dBIKeOELoozypG5VV1obZhWj%2ByRjrIXKlfwlT8XKdkzU2K1I8iVov69YTo6AaFpeLbByjBaQJ0w14JzGw2VqhMFIZpuq8Y%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e3ead037f8ddec3-LAX +alt-svc: h3=":443"; ma=86400 + + +0.099477 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c0ad1af --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,7 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 11:53:25 GMT +content-type: text/html +content-length: 122 + + +0.038165 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6a46e11 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:19 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RIfBDQ%2BUSypSdY6vuyjRVk7v0hJ7iwPbTgsV53sVyaKmTR1lSPhnbfvKBtJc2%2F%2BKmvlMddVvCr0fLdHL9j5uVW%2B2cp4PkVCiVokijfDQxBh3o1AWINw%2FsLsM0V3jbS5Tu%2BQ%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e3eac66aebccba4-LAX +alt-svc: h3=":443"; ma=86400 + + +0.136254 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/mim4u_org_https_headers.txt new file mode 100644 index 0000000..a609533 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:25 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..da3c3c6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:31 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-htsbbx1uSVNarNH2I5w9Qg=='; style-src 'self' 'nonce-htsbbx1uSVNarNH2I5w9Qg=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..aa21776 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,12 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:20 GMT +content-type: text/html +content-length: 2147 +last-modified: Wed, 07 May 2025 12:00:31 GMT +vary: Accept-Encoding +etag: "681b4b5f-863" +alt-svc: h3=":443"; ma=86400 +accept-ranges: bytes + + +0.032009 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..69599d4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/sankofa_nexus_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:21 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4a1e474 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:46 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.035577 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..af2dd58 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:44 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..be497f1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:22 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.036760 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..39c5670 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:37 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..54ef1aa --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:45 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/verification_report.md new file mode 100644 index 0000000..f16184a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T04:53:53-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 42 +- **HTTPS tests passed**: 27 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 2 +- **Average response time**: 0.05980013793103449s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | skip | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | warn | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: skip +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..7299cfc --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 11:53:31 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..02d9fbb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:53:43 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.035231 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..4f69880 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:53:24 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.035772 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ee41646 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_045318/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 11:53:24 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.033962 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..a30d166 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:25 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.505464 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/all_e2e_results.json new file mode 100644 index 0000000..2e01f65 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/all_e2e_results.json @@ -0,0 +1,1077 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039189, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.128006, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.505464, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:25-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015852 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.140194, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.116801, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.082284, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.047708, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:04:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.049344, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.122829, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.130686, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.040485, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.035701, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.038378 + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:32-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.052576 + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:04:32-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:38-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040106, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:38-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.039782 + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:04:38-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.064108, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:04:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.137264, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.036517, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.119018, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.048165 + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038975, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.038083 + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:53-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036986, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:04:53-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038494, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:53-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036076, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:54-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:04:54-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.122998, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:04:54-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:04:55-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:05:00-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.147170, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..1890f69 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1942.4","coin_price_change_percentage":-2.47,"gas_price_updated_at":"2026-03-29T23:04:25.750913Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":3800,"gas_used_today":"598556878","market_cap":"0.00","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..b92200a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:53 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.036986 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..726f77e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:05:01 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=a8UHo2CWV4TICeX4NqCfki4n9GQ1zrG%2FbG1MdSjJBt6iJeFOc9CCCuhDNGXKMLO8%2FlUVElayGpTlu8uBgN6H%2FXMOv40N1WcWqDThp%2BBMeeBp4dO%2BJUlCiunKGu4iRjMTU9XAofRjvOTw"}]} +server: cloudflare +cf-ray: 9e428456efd546c7-LAX + + +0.147170 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..162cadf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:27 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0%2FbqTES285aKkwaNKhl7y9w4lr03%2FiUXVcYnU%2B4U8t8vTLMh2t7wRb%2BnS9TsFAGyUjzYySHjdjJ6PuNg66uU5CYcVoNaBdzgd2SYREUzFawEtpr7kQpZRlBWEqaJoSyud%2Bh1iRf4Yg%3D%3D"}]} +server: cloudflare +cf-ray: 9e428381fccf50af-LAX + + +0.116801 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ed81105 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:54 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=behtEJbksma%2Fu78axwY2SDqKYIHU1HfCFtxDLCcOqbNxe9MkwUU6RyFb9PH%2Fqgjcv2K93wQYbZVu7wdFUmyLJIFKV%2FzZYc0gQSbxl8DRN3AFy9Z1E%2BUnEn2iCtxRjJI9z0JoRpcWKw%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42842eef3427ec-LAX +alt-svc: h3=":443"; ma=86400 + + +0.122998 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..541b874 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:04:31 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pMzNm2HHlaeGUSFgdHZhkVaKJ8RfcWODzGP%2FyL7WWWp0jbTkFyNH7bX%2FJV04bNWIukFEWomO7D2s6AJ2fVdkVY%2FiXJJQzmV4UQAQvf98w9GvQszHaWv0d%2BhQvZJ8uoBuDQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e428399989b2efe-LAX +alt-svc: h3=":443"; ma=86400 + + +0.130686 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..2b8a3e7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.015852 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..1c90fe2 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:23 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.039189 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c530e8f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:53 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.038494 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ec9ad0e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:29 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.049344 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..abf8b27 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:50 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YXphTAzGQQ3xg2stL%2Fm5F%2FzZDdCouMPD4FiMV88R7DSbDCeOAikS84ih%2BIYIRzwzmgwwdoVniPvrC1mO6jxrcBGMY8%2FnmnkByvo6eU8dmwjbPYOYsilp9ktHkhZojAaS"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e428413de85b1ab-LAX +alt-svc: h3=":443"; ma=86400 + + +0.137264 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..315948d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:29 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=AhrDHqxIEIRkTb0LYIzgyXtqD8RbvIJNNhM6okJk7ZKAylQVPmwpjgU9Ng8EGBLM4pDeQFhueLDgrRUu25o6mkLdsoY9XuoS%2BqWeu%2BWbQRAPuy%2BedY%2Bk5EYJ5fAd156jeg%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e4283919b1ce41a-LAX +alt-svc: h3=":443"; ma=86400 + + +0.122829 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..8cb5184 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1942.4","coin_price_change_percentage":-2.47,"gas_price_updated_at":"2026-03-29T23:04:25.750913Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":4510,"gas_used_today":"598556878","market_cap":"0.00","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..458aeb3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:52 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..3f8a76b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:51 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Vsq5KJmhvVpf2JJMZKfujwlLD3PfZzCMtkjdSn%2FShTEVnBTLu%2B7xZlLyQSwKQ6zprDygtWFY%2FFF%2BOkC2wohagiMSWjTL62pvAYO3Wnh3rHIOMd0yp5iGCBe7I86baTg6tdE%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42841bc9a334db-LAX +alt-svc: h3=":443"; ma=86400 + + +0.119018 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..7fac3be --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,7 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:04:32 GMT +content-type: text/html +content-length: 122 + + +0.038378 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..00c2f96 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:24 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WRIv%2F3KzkuNltairS4AbBNy2A4ErqA5k6XhyX%2FaMHNjut6ykqpKGJRf%2FxGVshf%2BOgsD1MTFiktKryaFLgD1u8H6tY1xZUSAwERc8Or2TXaXjLux8ORqAsxLVFcDT8KicEI0%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e4283707ede6d31-LAX +alt-svc: h3=":443"; ma=86400 + + +0.128006 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/mim4u_org_https_headers.txt new file mode 100644 index 0000000..10ba81a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:04:32 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.052576 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..5659412 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:38 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-swA78GJylFOGoGBgyM2UfA=='; style-src 'self' 'nonce-swA78GJylFOGoGBgyM2UfA=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cdd68bb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:26 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.140194 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..3c7b41c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:27 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.082284 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b69e452 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:54 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.036076 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..45db5ab --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/secure_mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:04:52 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.048165 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..7fd2753 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:28 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.047708 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..97b4192 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:04:44 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..30ab9e4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/training_mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:04:53 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.038083 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/verification_report.md new file mode 100644 index 0000000..59b548d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T16:05:01-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 23 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.0858358275862069s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | warn | - | +| mim4u.org | web | pass | pass | warn | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | warn | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | warn | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | warn | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..27f10d1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:04:38 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.039782 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..2d78cf3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:04:51 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.036517 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..f151055 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:04:31 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.040485 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..77935e9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_160423/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:04:31 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.035701 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..23e6444 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:49 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.125948 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/all_e2e_results.json new file mode 100644 index 0000000..6083ba4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/all_e2e_results.json @@ -0,0 +1,1089 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.064656, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:38:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.158013, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.125948, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:49-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.141270 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:38:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.146164, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.134603, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:53-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.069815, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:38:54-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:38:54-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:38:55-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:55-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.072069, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:38:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.062483, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.134867, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:38:57-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:38:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.138977, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:59-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.049120, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:38:59-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.099208, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:00-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.039779 + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:01-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.081315, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:39:01-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:02-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.070077, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:03-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.058609, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:39:03-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.057636, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:39:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:39:05-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:05-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.115954, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:39:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.047680, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.127516, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.051537, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:08-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.057183, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:08-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.047629, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:08-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.048440, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:39:09-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.083826, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:09-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039603, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:39:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.159716, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:39:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:39:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:39:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.168654, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..7e4d31d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1927.14","coin_price_change_percentage":-3.24,"gas_price_updated_at":"2026-03-29T23:39:05.040722Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":27067,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..923cd3a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:09 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.048440 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b43c6a6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:13 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oBpugGobdgcRB9TFoKRmi02571zvwouII4rLOH%2BNP0scvJAdNcQR%2BeETgYBKIPd2LwGPPh28q7EMpQveWxLLXQ7r5ckrkD%2FlyMJJ5vQWmV5LM3FY1J5vrAt5UKpg4dt4jCr8xXUO6xZL"}]} +server: cloudflare +cf-ray: 9e42b66ef92652cc-LAX + + +0.168654 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0d24f92 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:53 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HFdtD2vX%2B5MdIUfTKPHd6frXB2ULFUKfZSB%2FICqo3zPsvuA36RGcTt0lxleDuGglv%2B7RZUmfESQ6JMIZlJ6IHn20JUe4d8sqYEb%2FuVSAuLSQshCvsulQkBZpT4TPIGaCs%2F4QcrJQIw%3D%3D"}]} +server: cloudflare +cf-ray: 9e42b5f15bcd27ec-LAX + + +0.134603 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b930635 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:11 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BH9k8WyCHOfgTlYr6Ez0dW6kNXP0xzKEbntE2qr0PQCIdsva2P7vy0nOrOTzDBhORDMfCMfYIAvlIF6SbF8jsiOYTygCXVCHABpRFTv9URqRpnOeaedKAAC41FavAKszh0emNP0cTA%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42b663cf6708d3-LAX +alt-svc: h3=":443"; ma=86400 + + +0.159716 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..fd192fe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:38:59 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Oc15ozVWAidN6XZ%2B3t8mSfN60WvLcKqrMJk2QK%2BZw3V6gCIxxOq1zrdSXx6cJn6m%2BL86XSS3VtVlLR%2FFOeJaHGNTqECn4BwitqjmhDN7dYRZrciwKVKu%2FkawXGQ6Yul4gg%3D%3D"}]} +server: cloudflare +cf-ray: 9e42b617ba80c4c6-LAX +alt-svc: h3=":443"; ma=86400 + + +0.138977 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..8c1aa26 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.141270 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..db0c73e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:47 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.064656 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6076aee --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:09 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.083826 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..64f1e5b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:56 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.062483 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..764339f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:06 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TbUdGqgfCKmyKMxwgFwhGcFeAFGOM2oLmWFxTYdkzFB23JOGCFcIQ2%2FBPO4FPSFOJhQ8CzJtY0n5kLTzTMAqY7NNjl9iakKqBymT2rrrobhjWyUj7F6L8%2BsfgOGCGCeG"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42b642d80b2f2f-LAX +alt-svc: h3=":443"; ma=86400 + + +0.115954 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c0ecf94 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:57 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Rm0CRK8%2Fhu%2Bj8gRZj0iB5jJGdV85OfW%2FRrMvCyUUrZJtBKWRoIkEcUKLJvlhLo6aEmGH0tqjMpETLR8ps4JGNZ1Cp3eW9rVxW6E7tb33W9iZmF%2B%2FCBA4s7GMsaOTLNyQUw%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e42b60cfa6ffc10-LAX +alt-svc: h3=":443"; ma=86400 + + +0.134867 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..ccc99a9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1927.14","coin_price_change_percentage":-3.24,"gas_price_updated_at":"2026-03-29T23:39:05.040722Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":27901,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..92de6ed --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:08 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4776bf7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:07 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=u%2FD1UePItGZRUZrKpYzn1f%2BMhBxTW5uKmuZG1H51Gw2jSVO0OyGrPbKkS7rs%2Fg3FuUUiLBvnLfkRWKeZU%2BfU%2FCPcNFRvup7TXEeZgUzj%2FIPhqoqPQdstHkTHLDSvLnExUpI%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42b64bfc12d7a8-LAX +alt-svc: h3=":443"; ma=86400 + + +0.127516 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ae07d62 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,7 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:39:00 GMT +content-type: text/html +content-length: 122 + + +0.039779 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..d9c3cdb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:48 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rD94rF0PYhU31N7Jfli2C0I1w56SVkXz59JSiznuSyMK11FDHrDYr3fe0PxxNasJTBeJeBtiYbo0LLm5YIAGQCBbQ8Bq%2FBTUupT6%2BHnxXEnCQL3Z4L452IV5OV4SHAGY5gE%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e42b5d469887db6-LAX +alt-svc: h3=":443"; ma=86400 + + +0.158013 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/mim4u_org_https_headers.txt new file mode 100644 index 0000000..0c708ce --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:01 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..483fd59 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:02 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-AIGxsnHFgPEyWCRWrygDwA=='; style-src 'self' 'nonce-AIGxsnHFgPEyWCRWrygDwA=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..d72acc6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:52 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.146164 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..3e193d1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:53 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.069815 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..794a634 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:10 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.039603 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..6b5b953 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:07 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..62bc0cc --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:38:56 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.072069 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..27730d9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:04 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..fcd9322 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:08 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/verification_report.md new file mode 100644 index 0000000..aa022dd --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T16:39:13-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 27 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.09146024137931036s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | warn | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..2963cc4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:39:03 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1e9d129 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:39:07 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.047680 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..5fdbcb5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:38:59 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.049120 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ebb2fce --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_163846/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:39:00 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.099208 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..b36ab1c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:06 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.140886 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/all_e2e_results.json new file mode 100644 index 0000000..79db538 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/all_e2e_results.json @@ -0,0 +1,1089 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.057158, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:05-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.150088, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.140886, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:06-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.032309 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.083743, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:08-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.147891, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:09-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.089265, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:09-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.045182, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:53:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.049196, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.138065, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.138024, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.035171, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.045714, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.051970 + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.050362, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:53:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.070099, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.044466, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:53:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.053348, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:53:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.166412, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.042093, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.116524, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.067775, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.060920, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039150, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.054952, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:53:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.046064, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.065151, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.142804, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:53:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:53:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.134358, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..d20ab41 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1926.47","coin_price_change_percentage":-3.27,"gas_price_updated_at":"2026-03-29T23:53:02.994302Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":11357,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..ebe5c43 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:22 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.054952 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..831a95f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:26 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FquHVHIx1amHQlUT0W9hC%2FBVNpHvTHbcKSEVINE%2Fmqpfs8uuaYufqFNGDUNRGluHY1%2BJahGdHgLJlTTaGN7Er8IiaQkLF4ceZ79PrkxDNpmOhh8q99NtjGKXZcG7%2F%2B5bl6i6jEXaR%2Bsw"}]} +server: cloudflare +cf-ray: 9e42cb464edac621-LAX + + +0.134358 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b43e18f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:08 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=v3%2FszzPTFGnEuBU0DmOrTNg9rAkIxoWPkOwzcXUD9Rr7HWTenn3oDXq%2Bv8DQtdGy6BDG68S%2BETPU3V2SFklpMDK0UXBOdIPrOF%2FkGiUlu2FRtctpnCtBudlszBzh8m9NtmOayodrNA%3D%3D"}]} +server: cloudflare +cf-ray: 9e42cad6cf50135e-LAX + + +0.147891 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..a4170e8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:25 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=evoB0Lu0N983lpZuiqbdLqs8KR6OwCwmDVagYprxlB6X6yEqQ9r4OwGjo%2BELvjhuB%2FzdhPj11EA4prmPgNBVcysGax%2BMk%2BToj6YY4SgkVzCykWnw7zLjQUGxxr4VQt%2FcV9orwXf6Bw%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42cb3cbb212f4b-LAX +alt-svc: h3=":443"; ma=86400 + + +0.142804 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..91eacea --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:53:13 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Hs05Hb1Om6yPCRrXCjS8cZaZRU%2BBmyTOlHbaHzv7feA%2BNO9cK5FGw6rhqUPmPRVKZQR%2BGuthSHuEwxoM1EjB0mT%2B14uqrNQ9y%2FEk5F2RlfxxlpG%2FEDJBDbhF81IM25L09A%3D%3D"}]} +server: cloudflare +cf-ray: 9e42caf3b9d17085-LAX +alt-svc: h3=":443"; ma=86400 + + +0.138024 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..53ff49d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.032309 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4791cee --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:04 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.057158 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..187c1df --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:23 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.046064 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..10672e4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:11 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.049196 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..fe79ef6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:19 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=h9JbKuNkZyDNbU%2FGklJQJlez25qahI0hEfb6zAg4N2xhFgYK%2FOQwPMpGjCjoTiYzFtQj9aWQ9r0BG%2FMkycr2gy4%2FIeLaonypBlWShAfCUzWxA%2BxcWTWIYNBx7Q%2BIXOGx"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42cb178b4e3ceb-LAX +alt-svc: h3=":443"; ma=86400 + + +0.166412 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c818094 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:12 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=UsPbPiiQcDrvTkk%2BWu2pdXLsYIM0ffkERUvFdgjAXnHKBElnTOxVS6xqOV2n3mbzNkyxA4GadfkXM5ypLDwT%2BKwTiDm%2B4r4kag5T5c611Kt9yPxmw1Bc%2F9r9mUIehzQ8YQ%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e42caea6d2c5e27-LAX +alt-svc: h3=":443"; ma=86400 + + +0.138065 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..7c934cd --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1926.47","coin_price_change_percentage":-3.27,"gas_price_updated_at":"2026-03-29T23:53:02.994302Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":12330,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6e1fb5f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:21 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8827bf3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:21 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=I7yr8JetpKLz4OGAAMRj8sxOYDWchBQirSVsUPcecc7uibk%2BNR%2BCDtd5E0wDaliZwQleqIkp9yUTPchmDbe84j0yysVR2BnIE3fae3UOk7NLBIo2NptmGnAAUcOvDyY6Gtg%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42cb221ba0e004-LAX +alt-svc: h3=":443"; ma=86400 + + +0.116524 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1ee7125 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,7 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:53:14 GMT +content-type: text/html +content-length: 122 + + +0.051970 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..66dc9ef --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:05 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yWKMFQq7o6TIbk9Ltu6lAmAFFn9J02mAdryuGUnXQ3t0KDqdTMJ%2Ba5l18RYH%2Fz1NqAm6C1%2BPDu0WBtMiu3jvXSeZvwchA%2FwVw%2B807gEOmWABt9mIQVH54yN%2B9yIk82cLf8A%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e42cac3b84d0921-LAX +alt-svc: h3=":443"; ma=86400 + + +0.150088 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/mim4u_org_https_headers.txt new file mode 100644 index 0000000..c73d507 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:15 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..f1bedef --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:16 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-L1E0JJM3v4dqFIrDDF7H0Q=='; style-src 'self' 'nonce-L1E0JJM3v4dqFIrDDF7H0Q=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..6660fa7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:08 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.083743 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..a857407 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:09 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.089265 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8fc0e8f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:23 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.065151 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..3975f21 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:21 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..da12979 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:11 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.045182 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..144d5c3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:17 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..74cafba --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:22 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/verification_report.md new file mode 100644 index 0000000..1c6c81a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T16:53:27-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 27 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.0813496551724138s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | warn | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..fd71063 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:53:16 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..68857c4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:53:20 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.042093 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..f3abed5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:53:13 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.035171 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cd2c889 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165304/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:53:14 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.045714 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/all_e2e_results.json new file mode 100644 index 0000000..cc1f014 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/all_e2e_results.json @@ -0,0 +1,94 @@ +[ + { + "domain": "ws.rpc-fireblocks.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:53:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:48:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "rpc-http-prv.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 25 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-fireblocks.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:53:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:47:15 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-prv.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:53:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:19 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/verification_report.md new file mode 100644 index 0000000..c94237a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165333/verification_report.md @@ -0,0 +1,85 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T16:53:35-07:00 +**Public IP**: 76.53.10.36 +**Profile**: private +**Verifier**: intlc + +## All endpoints (4) + +| Domain | Type | URL | +|--------|------|-----| +| rpc-fireblocks.d-bis.org | rpc-http | https://rpc-fireblocks.d-bis.org | +| rpc-http-prv.d-bis.org | rpc-http | https://rpc-http-prv.d-bis.org | +| rpc-ws-prv.d-bis.org | rpc-ws | https://rpc-ws-prv.d-bis.org | +| ws.rpc-fireblocks.d-bis.org | rpc-ws | https://ws.rpc-fireblocks.d-bis.org | + +## Summary + +- **Total domains tested**: 4 +- **DNS tests passed**: 4 +- **HTTPS tests passed**: 0 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 0 +- **Average response time**: 0s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| ws.rpc-fireblocks.d-bis.org | rpc-ws | pass | pass | - | - | +| rpc-http-prv.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-fireblocks.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-prv.d-bis.org | rpc-ws | pass | pass | - | - | + +## Test Results by Domain (detail) + + +### ws.rpc-fireblocks.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### rpc-http-prv.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-fireblocks.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-prv.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..845f0f7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:48 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.053100 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/all_e2e_results.json new file mode 100644 index 0000000..1bd2276 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/all_e2e_results.json @@ -0,0 +1,1080 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037444, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.134478, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.053100, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:48-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.016139 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.046628, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.134739, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.060881, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.050513, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:57:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.057871, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.139629, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:53-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:53-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:53-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.132213, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:54-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.037740, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:54-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.047037, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:55-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.050671, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:55-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.033562 + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:57:55-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.054750, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.050025 + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:57:57-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:57-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.049359, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:57-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:57:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.137162, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:57:59-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T16:57:59-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.044124, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:00-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.135495, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:00-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.033834 + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:00-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041425, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:01-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "warn", + "http_code": 502, + "response_time_seconds": 0.037043 + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:01-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.045252, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T16:58:02-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.046107, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:02-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042639, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:58:02-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:03-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.125075, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T16:58:03-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T16:58:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T16:58:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.138946, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..a13bee4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1926.47","coin_price_change_percentage":-3.27,"gas_price_updated_at":"2026-03-29T23:57:42.308848Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":11721,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..02f4e38 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:58:01 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.045252 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..61cc05b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:58:05 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rkRHQ7XZCQSNLaDgZou8SBPobnjPrn4pWFILxngoKjIeLVy1D688aT62LFL%2F4emFMUebXTIN9Pl4h4y7dxNGarprlFSX%2BXaBP6x3E0I0Z72%2BT1QyS6xT4FNc%2B9CYoStVmYR1BVi1%2F0bz"}]} +server: cloudflare +cf-ray: 9e42d210fa1f12ad-LAX + + +0.138946 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..54929be --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:50 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BTN1ho8XwPk9z4zubXO9PCV%2BK2cs8452H63MDlDh%2Bz4PK00404ZMwHVy%2BJyoRB7N%2BYgBUMA03BTJqhsFxqB2GAgtFPe90iPzNxqvIcgwOBX%2BV35YtSeTngDeCe1DQadwiQfYxu3hvQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e42d1b5fbac4818-LAX + + +0.134739 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..5da4e1e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:58:03 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bxYeUHwRv6sbPT3owyDDYuh6RXi7qhfzHy%2Bdi563EmUdcc5FcX6a3BqFtvz0nT0rD4OgN%2FfBaK0hU2Z3ERC7Ziw1dKYApzNIqT5QJy%2FJ83bmTbE0eEM65vo0n9ES3LlcaOQzfL6rQg%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42d208b9262add-LAX +alt-svc: h3=":443"; ma=86400 + + +0.125075 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ba0a7e8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:57:54 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cXiKSrfXDwJyZgjQXzuCKEBI%2FrbKZ%2FQbcdDJtYxGKc%2BHp1Vv%2FkEEM45yEG2U9q8%2B%2Fj6ZojfsE3rhMMILobtSyyUjea483OHxkNLjxFoUKC4htjbpWbnAdNp92b0b2b6spQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e42d1ce4d3af7b3-LAX +alt-svc: h3=":443"; ma=86400 + + +0.132213 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ee3b323 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.016139 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7dc3097 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:47 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.037444 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..aafe390 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:58:02 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.046107 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6af6655 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:52 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.057871 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..89fd7b8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:59 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4RCioJIb9fYgEWpqE567AUllVdt3AMnx4DLq0NMErCdzv69ZRtslp3%2ByvUMzMok715JHgM%2FcEZjt6Vl6tyETfScE9ugbJLm5LqSttW3qUWIsA%2BW9tj4HJutTFFd8NBuH"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42d1ec495fdcc7-LAX +alt-svc: h3=":443"; ma=86400 + + +0.137162 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..adb85f0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:53 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=R9jGlPXg%2BIrSukxkpDG8bk4dESNzgDcbYt2uEWmWz5TNO3Uk4d7V0BzLw211O6fis0BkaiTLzgOFzwdqZ5C4SQowteoGCPXVBYBdpjpNd1hhGYkiQYQ3kPdVRgCty2Sxig%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e42d1c6caac2b81-LAX +alt-svc: h3=":443"; ma=86400 + + +0.139629 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..8c5b6a5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1926.47","coin_price_change_percentage":-3.27,"gas_price_updated_at":"2026-03-29T23:57:42.308848Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":12478,"gas_used_today":"598556878","market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"9575","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f0ade17 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:58:01 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..9e609e8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:58:00 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=q65jI8mpnTqUFcixvd5ZzKag%2Fcl9EcQLX6IlDuyK%2FhOWI%2FidKNXzPbiHYVsua0AZh%2BcUVlf80G4NxESAJSxFDI5Pg95mmQml7a6YjieABxdYBZbYXawUX8z5yBbQIRdZzXU%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42d1f48c9d481d-LAX +alt-svc: h3=":443"; ma=86400 + + +0.135495 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..33c07b9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Sun, 29 Mar 2026 23:57:55 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.050671 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7c8c397 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:48 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6M3nIqB%2BgEDmwjnjXCyUqVfyVsw7NKMqtOwKzTg3Ia939WPD6TUxFeUzftMAYQzQaBZoiXpC3lk9vcFEEnUjgJuaHzjwTmEiywu2rM8HkyrJvNHwWrWTUmetyZ7%2BhqqcDOA%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e42d1a95bb03f37-LAX +alt-svc: h3=":443"; ma=86400 + + +0.134478 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/mim4u_org_https_headers.txt new file mode 100644 index 0000000..eb03560 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:57:55 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.033562 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cd90c71 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:56 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-prSwNIdpXMd35oLOoX4KVg=='; style-src 'self' 'nonce-prSwNIdpXMd35oLOoX4KVg=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..35e8261 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:49 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.046628 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..3a9ae22 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:50 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.060881 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..510fb51 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:58:02 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.042639 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..3298507 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/secure_mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:58:00 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.033834 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..8e4fa77 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:52 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.050513 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cd4353e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Sun, 29 Mar 2026 23:57:57 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..3ecd05b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/training_mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:58:01 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.037043 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/verification_report.md new file mode 100644 index 0000000..bffaecf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T16:58:05-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 24 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.06944417241379311s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | warn | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | warn | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | warn | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | warn | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: warn +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..4de97f4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_mim4u_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 502 +date: Sun, 29 Mar 2026 23:57:57 GMT +content-type: text/html +content-length: 122 +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.050025 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..d1b565e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:57:59 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.044124 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..9d7ae0d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:57:54 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.037740 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..7278519 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_165747/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Sun, 29 Mar 2026 23:57:55 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.047037 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..5d41039 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:21 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.042438 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/all_e2e_results.json new file mode 100644 index 0000000..29988e0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/all_e2e_results.json @@ -0,0 +1,1092 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041109, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.138903, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042438, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:21-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.064493 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.130857, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.135903, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.110300, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.052400, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T17:06:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.053969, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.143745, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.131435, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.062433, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.075347, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.055685, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039712, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T17:06:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.052469, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.054346, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T17:06:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.056963, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T17:06:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.137596, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:32-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:32-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.037769, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.125248, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.043180, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035545, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042553, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035369, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T17:06:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.046067, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.048795, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.115451, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T17:06:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T17:06:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T17:06:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.134959, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..3cd1a61 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1926.47","coin_price_change_percentage":-3.27,"gas_price_updated_at":"2026-03-30T00:06:29.962391Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":26390,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..333d2f6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:34 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.035369 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..a5d5170 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:37 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2Foi4vndYLL39wNjOdycvOrRqmb%2BNvtGWnvjb6DV%2Bx%2BRjaT4xG%2FYVgi5gP%2FPq35T0ZAJ1XPXqtkTIvUnlBfPmJBt0AOUr%2FR1q5v3RdPEJZgqWVoZds9DXsNpV3v1Bp0Hm3Kpd5FqRhsq6"}]} +server: cloudflare +cf-ray: 9e42de96fd25192c-LAX + + +0.134959 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0dcdc74 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:23 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FCHNXocMFDaXujpb8p%2Bx6RC0pwkk7QRPPNJ0D615VifA1V0TcToDwDiNkhmW4%2F5QODIJRlSglFRnYAqQDnRO8AoTfs7GkulQkHynU3uUaxb1ijRmIfI0UTEkHSsMva9YQ4J2r9G1MQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e42de3a2f373478-LAX + + +0.135903 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b6dcd68 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:36 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4%2BgBGmsBaTyWQW9vsk%2BXRQFjrPaeUiaxqM8xJer9m9kjz%2F%2Bhn%2FsJtI2X5gFfdeovaeB2ORnN38OuLSKU4p%2FqVxFrd9iBxPmMDvENCs1AhBPDcwmtg152cQhMPMAeL6%2F%2BI2qUXJ6vlg%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42de8e99700a82-LAX +alt-svc: h3=":443"; ma=86400 + + +0.115451 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ac5656c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 00:06:27 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=H%2FcH6s1zf5npSqKRa%2FbD27aemlhYBhzahneqIPQ4OnXR%2B%2B4oQvdisUHFLnCi0ldwZGN98rdt5j61RPdfHVZi6uo1ISXyrQkIpbcsWuSG5vzh7IKWhcl9flVaTdZHTF5x%2FA%3D%3D"}]} +server: cloudflare +cf-ray: 9e42de54291fcb7e-LAX +alt-svc: h3=":443"; ma=86400 + + +0.131435 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..18b76ba --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.064493 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..2f3b838 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:19 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.041109 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..55f19a8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:35 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.046067 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..72a1a92 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:25 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.053969 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..bb992f3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:32 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VMQOLwY0d80ZeAtz%2BERJ%2BKJZmEQnqKNdkzXVMnrrNdFCjNC9%2B5%2BnEeZnb1ZivLSue8oOBwHdZDXfzBbe8K7xaGmHTqvapfBxYeN%2BZFBU6mrc8%2B3a0mBg4np9K%2BjLVk%2BR"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42de7288703f0c-LAX +alt-svc: h3=":443"; ma=86400 + + +0.137596 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0e8723d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:26 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KpS761Nk006AxQIkRRT7BWwhWI74M6NQqigaMxmW6Tz1KYJIpmq%2B5e5M4PhXccBXJXHWpfrDNcKu5ceCh0nlYlfyW9uHxfPQQEU50LyxcN8k8JwuI8rOCGnOFZj%2BDT%2BlIw%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e42de4ca9655121-LAX +alt-svc: h3=":443"; ma=86400 + + +0.143745 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..f8aba77 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1926.47","coin_price_change_percentage":-3.27,"gas_price_updated_at":"2026-03-30T00:06:29.962391Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":27216,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..a10d68e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:34 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0a3dfff --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:33 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Azty%2FV18DYbMrISRpOd4KYZesegsyuNRDy5z8S2zivkw%2Bfdqjv%2FLPtWmwgJs8sQGhgqnaOIQjGcjAOHQVopq8Eon0pNrcovyN9GjkYAPNDcoEd2O1034oDp4PxRC804qAEw%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e42de7abd2ad00b-LAX +alt-svc: h3=":443"; ma=86400 + + +0.125248 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..31ad2a7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 00:06:28 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.055685 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c5bdf38 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:20 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zsJ7rMoDImyvAZ7us5QJOMZ%2Ba1aIiXzoa6crcCK8XtjVCOgV18G%2Bcvy9zXM%2BP%2BDUbLeywVHprvQ9MdniaoK4enprnFh6zOkmPUsFdHTXs591vKzR5ZyC%2FmhuP7bJPXBg%2F1M%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e42de2aa8de2eb1-LAX +alt-svc: h3=":443"; ma=86400 + + +0.138903 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/mim4u_org_https_headers.txt new file mode 100644 index 0000000..2420937 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:28 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..a956759 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:29 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-cds6CMwDDtub2P/tanD2uQ=='; style-src 'self' 'nonce-cds6CMwDDtub2P/tanD2uQ=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..e0ca1eb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:22 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.130857 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cd79e28 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:23 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.110300 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b590603 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:35 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.048795 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..cb39290 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:33 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..eed7e52 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:25 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.052400 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..2cc0a9a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:30 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..f85ad81 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:34 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/verification_report.md new file mode 100644 index 0000000..b4f3416 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T17:06:38-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 28 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.0774151379310345s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..e36391b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 00:06:29 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..a959646 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 00:06:32 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.037769 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..688068b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 00:06:27 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.062433 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..3e075e6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_170619/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 00:06:27 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.075347 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..bccba53 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:11 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.158423 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/all_e2e_results.json new file mode 100644 index 0000000..c768bc5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/all_e2e_results.json @@ -0,0 +1,1092 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037923, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.137551, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.158423, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:11-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015870 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.064428, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.139590, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.062556, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039469, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T18:31:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.063408, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.112925, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.132924, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.049429, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.043200, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.053004, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.053805, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T18:31:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.044587, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.048243, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T18:31:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039127, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T18:31:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.115739, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.039793, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.119266, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.047435, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038357, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040426, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.043839, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T18:31:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.043547, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040032, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.135771, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T18:31:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T18:31:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "note": "wscat exited successfully without printable RPC output" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T18:31:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.132484, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..5edc8c7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2002.12","coin_price_change_percentage":0.53,"gas_price_updated_at":"2026-03-30T01:31:19.808889Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":27255,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..a03ed23 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:23 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.043839 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..24fca1f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:26 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7DDvWs%2Fu3J12to6dlnWRP2y2ixAqJmTV3B73PuJ5A%2FT%2FrIHLE4q6uoCA12129uafXIe5KhbHlFRuGv%2Bg5HR5RpaEGrh4FJH6Cg%2BIZoAY1C3my5La1AHiL9%2F7zQt6G2%2B9x3FQtrUULzBc"}]} +server: cloudflare +cf-ray: 9e435ad1289c9091-LAX + + +0.132484 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7f056ae --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:13 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2B36MDF0pELCkCz%2FEqH1IdhLOeqtWk1jAreDNrpg25%2Fh754FWp1kUF8iH4d7G9Q9rhMyK6ScJ3%2B49txFeXrbM%2FFqSe7z0GILUAnver7BFeo31aDE%2BMSY2lU89Qu2%2BAMlTnANFx7YndQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e435a80ee14f59a-LAX + + +0.139590 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..140a2eb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:25 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Rvj4%2BTRD%2BsCQ5SeIlOIE4HvDnHKZBq1l4KRKTpe6hmoveIa9H9wuZCyG5NzY%2B5Xw03wBWJmjmAym9fFF5t%2FGvDU7JEhUyj6QTsFjrID2dVYtZ8CY2wGB7BCmkZcCcHINyxSoeGUTPA%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e435acafd693787-LAX +alt-svc: h3=":443"; ma=86400 + + +0.135771 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..cac2742 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 01:31:17 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BT3AAXfixk%2FLhpiYzSjcFfyZzNY23Kw20vmIwbARutTXRBAoKV307W7g056yh8U5tI3QvlnCWXynSiVVWGau71sQ2KkdH%2FMmQvGbw30h4KbhvxhIz7%2BOTpXyFdMEr1kTGA%3D%3D"}]} +server: cloudflare +cf-ray: 9e435a97e95a196e-LAX +alt-svc: h3=":443"; ma=86400 + + +0.132924 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cfb12c7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.015870 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8b9e458 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:10 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.037923 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..d2f4bba --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:24 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.043547 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..3d16344 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:15 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.063408 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..3445457 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:21 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TGq8Jw2SP%2F6WvgqBmgoumPOfk41ntaN58PLgU90vNHULhEq9R7biNlrqjkEtqwPoIOb3G4RpYK72CoKlNfxVQ3gPWbd6r%2Byv3RP4%2BjoBo19zSgIctR5%2BnyyvBzxwYpKx"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e435ab40e453f13-LAX +alt-svc: h3=":443"; ma=86400 + + +0.115739 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..fd91d7e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:15 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jf80DKo78qHLTV9ewe4zJQtoEwEFBCUjGf70Dw7E9m7ThjqVZilwNrp59KgGwVjpJufhzy2%2BuDGZNVWzk6EG3SD%2B71iz0vUTSwz2P7JfbcYHA4A516NNlcrhJIMkIU93dg%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e435a8fda23a609-LAX +alt-svc: h3=":443"; ma=86400 + + +0.112925 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..dd90183 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2313.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2002.12","coin_price_change_percentage":0.53,"gas_price_updated_at":"2026-03-30T01:31:19.808889Z","gas_prices":{"slow":1.83,"average":1.83,"fast":1.83},"gas_prices_update_in":27852,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.06124653333333333,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"441","total_blocks":"3402795","total_gas_used":"0","total_transactions":"40188","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e50432d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:23 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..b245161 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:22 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qoEVGWGvsoADss%2B5R8knhTmqoYby61Q%2BZxjEyevCdNn9nUxfSIyx0KCOAWZcfCnQdwNsia%2F6orLy3X4TJSCUhRZQ6XDCpxhqrfzudmF4JugBXWqIM0INe5kf3%2BFJ5NR6Vcg%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e435ababf631da7-LAX +alt-svc: h3=":443"; ma=86400 + + +0.119266 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..5fd0509 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 01:31:18 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.053004 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..30cedcf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:11 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GanY6ufsTsUIVBmd7fWkU2i1%2B14GvljrEfop1fmdKZ9MFBxzOqPYmTIUxf7S3UOs7iLMhuwgkEKtQsJP130vjQlJi9NMivY%2Fnf3Gn9txtpPIPmFJHWxIQcZJRsfhun0lWlY%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e435a7269422f23-LAX +alt-svc: h3=":443"; ma=86400 + + +0.137551 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/mim4u_org_https_headers.txt new file mode 100644 index 0000000..5f93520 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:18 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..54e4de6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:19 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-bW2m5f8jdsaCcLQd/qgNpA=='; style-src 'self' 'nonce-bW2m5f8jdsaCcLQd/qgNpA=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c981a7a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:12 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.064428 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..4f388e6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:13 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.062556 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..bd1bcf0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:24 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.040032 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..5571754 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:22 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..b9c4619 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:15 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.039469 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..96d766c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:20 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..26a013b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:23 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/verification_report.md new file mode 100644 index 0000000..b6bd35f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T18:31:26-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 28 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.07217762068965518s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..6ec1fed --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 01:31:19 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..01ee844 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 01:31:22 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.039793 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..44bc8b1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 01:31:17 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.049429 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..e626019 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_183109/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 01:31:18 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.043200 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1ff5bc1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:22 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.096506 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/all_e2e_results.json new file mode 100644 index 0000000..8ebcfb6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/all_e2e_results.json @@ -0,0 +1,1092 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036648, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.127499, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.096506, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:22-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.032136 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.048760, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.146205, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.060393, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:24-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040179, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T23:43:25-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.047544, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.127301, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.126261, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.033333, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.059884, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.049978, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039093, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:43:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.092013, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.096212, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:43:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:40-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.068799, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:41-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:43:41-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.127316, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.040809, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.120015, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042603, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039424, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042018, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.062321, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T23:43:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.058508, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040283, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.109404, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:43:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:43:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:43:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.133731, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..ad3cb18 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2032.73","coin_price_change_percentage":1.84,"gas_price_updated_at":"2026-03-30T06:43:49.072700Z","gas_prices":{"slow":1.07,"average":1.07,"fast":1.07},"gas_prices_update_in":165264,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.037105,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"442","total_blocks":"3411104","total_gas_used":"0","total_transactions":"40669","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..60cee63 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:49 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.062321 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ac1ac54 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:57 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=q1VDUL1FX%2BfB6QJvjBzuYTz092ZKt5U7I9nnUzR5YTGVzW4iV6dh0ltGBujh4g6kIaePPDs7uR4lMVywDmuei311G6M5%2BPWZozAM7CL25LlrBC2DL1Tb5dEFV1KFMLvhKdYADtCaCBx2"}]} +server: cloudflare +cf-ray: 9e452499afbfcb9a-LAX + + +0.133731 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4dbca33 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:23 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1t9pAMC2rT5%2BwoYMUtKJAUnpF0z1oFEGJYdtEptowBIwGt3OAiSFgHB5UWhZ0fnv7me6w3LrQi4DfTQ%2FXNsFEP8WEOQKV26HFZTR3v2Zpq33%2FCFJn4oR%2FXMdprU7ECtD5rXaMV4pog%3D%3D"}]} +server: cloudflare +cf-ray: 9e4523ca8a69c277-LAX + + +0.146205 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..fcc9680 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:51 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YJ1dmf2Nbo8YLnv88AhsSLIXVlDbcIDr%2FextnkPaXwYEQ2SAoEkLwMiKTQuG974uFdwrWu5IKRoJiz7JfrwRjpNl3EnQlMEfodxaPLmL7YKJ%2BVzq5cp8w3UdD0GixOtvmVnZCBdRfA%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e452473c9772f4d-LAX +alt-svc: h3=":443"; ma=86400 + + +0.109404 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..737688d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:43:27 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DTW3S%2BAYbHrDjc%2BiCWzSE7v14O34OqtQLXXaoD3b9MxTRvOODgggZYc1BziXb0xJkvOvxsDOK%2BiZOm0yme9mQV7rFLk%2FhqrU67W2pjG%2B9LA%2Fl%2BMrV3nZI5uOmB4Jrf2uAA%3D%3D"}]} +server: cloudflare +cf-ray: 9e4523e15c9f4e43-LAX +alt-svc: h3=":443"; ma=86400 + + +0.126261 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..e14f093 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.032136 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..30c49f0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:21 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.036648 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8342e5f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:49 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.058508 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..5cd42c5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:25 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.047544 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..dd7b302 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:47 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1Ek8OK%2BZ3dD5Mx0cIaadKSon1DPbo%2B2eLmMDUS2Nr0fD%2FkrfaMPsLbI5SptrZU5Fk4OlQ4ipyowNaXe%2Fmm%2B8vFmlmd7Q%2FiGqaO%2F3UvzWoMMHlkHZDXAxj80YoR5jKUqN"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e45245beba02f74-LAX +alt-svc: h3=":443"; ma=86400 + + +0.127316 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..3e6ec0b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:26 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RHL3pX8yyBk3l64wQlK6xCPZ0m1lAPh%2BG%2F25dOpqcoqW819nWZzsbykf6Jq5E7EJwiqp%2F7kqD30hRWyD1ktWc2EVQQjEggC9utRR00OKinhNwH5033GMka7tIDtMgqQw5A%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e4523d98d82ae39-LAX +alt-svc: h3=":443"; ma=86400 + + +0.127301 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..4273104 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2032.73","coin_price_change_percentage":1.84,"gas_price_updated_at":"2026-03-30T06:41:03.706281Z","gas_prices":{"slow":1.05,"average":1.05,"fast":1.05},"gas_prices_update_in":30000,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.037105,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"442","total_blocks":"3411104","total_gas_used":"0","total_transactions":"40669","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..9b4cb13 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:48 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e605d93 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:48 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hINUBEU9QY6IZ2F0HAr0fm9xvyTvnLGKE7f2RSLZByRZwXbag6Sn9aMkZgxKNoY4L4%2BbB1hEOcn9ZRm50ytewOSHYiWwujhRGtzKvAsslWwAIxvZpT9aEbd4gWslYjLxA%2Bo%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e452462ccae2eb7-LAX +alt-svc: h3=":443"; ma=86400 + + +0.120015 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ab88df7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 06:43:28 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.049978 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..43b754d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:21 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=kegHtHlYRar9gNuazN5gUfkzsQOZLZhttQsdpw%2Bas5tymtOVy5eAaH5ygfrfukKRwN6UnC66eLFN7E5yqdf6lvBytS2UD7niaWCf6HY0MnCfKKKJDaS0uzd29SapjtE5odk%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e4523be3bd12ec6-LAX +alt-svc: h3=":443"; ma=86400 + + +0.127499 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/mim4u_org_https_headers.txt new file mode 100644 index 0000000..50e787b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:29 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..eeb7103 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:34 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-etDs7ILZjUsdvwtKkUi6Dw=='; style-src 'self' 'nonce-etDs7ILZjUsdvwtKkUi6Dw=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cd8653d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:23 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.048760 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1d94540 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:24 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.060393 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..697dfcd --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:50 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.040283 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..f90303a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:48 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ce8e277 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:25 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.040179 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cfc56d4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:41 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..4013494 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:49 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/verification_report.md new file mode 100644 index 0000000..74e5d40 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T23:43:57-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 28 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.07397158620689656s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..da2f019 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:43:35 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..b3671b9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:43:47 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.040809 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c6a2b93 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:43:28 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.033333 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..6c8d420 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234320/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:43:28 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.059884 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/all_e2e_results.json new file mode 100644 index 0000000..6832bf7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/all_e2e_results.json @@ -0,0 +1,94 @@ +[ + { + "domain": "ws.rpc-fireblocks.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:46:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:48:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "rpc-http-prv.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:46:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 25 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-fireblocks.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:46:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:47:15 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-prv.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:46:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:19 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/verification_report.md new file mode 100644 index 0000000..1b05ed1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_234604/verification_report.md @@ -0,0 +1,85 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T23:46:16-07:00 +**Public IP**: 76.53.10.36 +**Profile**: private +**Verifier**: intlc + +## All endpoints (4) + +| Domain | Type | URL | +|--------|------|-----| +| rpc-fireblocks.d-bis.org | rpc-http | https://rpc-fireblocks.d-bis.org | +| rpc-http-prv.d-bis.org | rpc-http | https://rpc-http-prv.d-bis.org | +| rpc-ws-prv.d-bis.org | rpc-ws | https://rpc-ws-prv.d-bis.org | +| ws.rpc-fireblocks.d-bis.org | rpc-ws | https://ws.rpc-fireblocks.d-bis.org | + +## Summary + +- **Total domains tested**: 4 +- **DNS tests passed**: 4 +- **HTTPS tests passed**: 0 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 0 +- **Average response time**: 0s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| ws.rpc-fireblocks.d-bis.org | rpc-ws | pass | pass | - | - | +| rpc-http-prv.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-fireblocks.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-prv.d-bis.org | rpc-ws | pass | pass | - | - | + +## Test Results by Domain (detail) + + +### ws.rpc-fireblocks.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### rpc-http-prv.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-fireblocks.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-prv.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..7211c94 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:46 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.120205 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/all_e2e_results.json new file mode 100644 index 0000000..a4a42a4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/all_e2e_results.json @@ -0,0 +1,1092 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042519, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:50:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.116098, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.120205, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:46-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.066786 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:50:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.048309, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:47-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.150148, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.066818, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:50:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:50:48-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:50:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042841, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T23:50:49-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042677, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.121501, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:50:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:50:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.116236, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.041366, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.040447, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.044049, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.062143, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:50:52-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.031611, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:50:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.044087, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:50:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.044494, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:51:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:51:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.109981, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:51:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.033875, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.126641, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038106, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036672, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.032828, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036969, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-29T23:51:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036826, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038645, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:51:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.115099, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:51:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:51:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 03:43:58 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-29T23:51:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.127286, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..19e7aa5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2035.45","coin_price_change_percentage":1.97,"gas_price_updated_at":"2026-03-30T06:51:03.712746Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":21636,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.0101376,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"443","total_blocks":"3411449","total_gas_used":"0","total_transactions":"40681","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..55183c6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:13 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.036969 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..820d7fb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:21 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BOlxuXqpPj9wWuYHJMsmbyw7bhCor6Z41KYC7M7vvlD3YispAPvT%2Fs1yvVwLmJf43ti3S5kTEU%2BaihOa5Q8606byz%2BbBZrtl%2Fjw0TVn%2BmZyfvPxxbKk%2BP8HSI34PcQPByc8mSqUhRJIF"}]} +server: cloudflare +cf-ray: 9e452f700f17196e-LAX + + +0.127286 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c73b7fb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:48 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pupppviFdhn3ggI0zJFZQy9YRQsPKTLEDTthP48%2FGCoS7bdfcZrrUu1KJS6IHmhb2POv5kAQgaftv3ykxkabGHtMYJBmFnxZkQHiTXsUs3wZlK1aDM7rwAz32DNXiGSb3LsTbTHgYA%3D%3D"}]} +server: cloudflare +cf-ray: 9e452ea22896e172-LAX + + +0.150148 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e5ef7a7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:14 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IZvcc%2BXVbw9sEKAusiu9sBvSjkdvXmg28lmQrEbTY%2F0Eob5qYUN2Hyvt2pxM5PL2tudQEhmN8vaN9ADlpp03vlK2qvGNmQugMGmI%2FiTg6bN2c7lsbRk%2FoIU%2Bf%2BJfYzQmhIhwNFFG%2FQ%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e452f49ab3d6049-LAX +alt-svc: h3=":443"; ma=86400 + + +0.115099 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..2d23b70 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:50:51 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=l9eTVI%2Fj94lwOkX9CclmqMwWts4hqhPpXKUhYD0ZHGkwTNZoOtKRwmnTMDV%2B6GU5LRmxRQa6sVy%2B2X8SYEGL2WNLXEh%2F0QZnhCLtwZT%2Bk3XpcgxAqt8sWs2%2Fd0Z0dv4iaQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e452eb80c7ef8cf-LAX +alt-svc: h3=":443"; ma=86400 + + +0.116236 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..58dcf05 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.066786 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4f12465 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:44 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.042519 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..77a15ab --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:13 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.036826 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..9fc28f4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:50 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.042677 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..9fff900 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:10 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=snQEH1GCtOKMY0Oebsn6u%2Fajmt9dTatZonoum%2BxxYRwzkQrcMio1xK4qVP8%2FgxaxZiCDvdLj8iTtHuSgivyLU%2FzCeKbAFmjP2c0mCqWazL5w5wEAa%2BsCxLv8b3A2zx%2Bm"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e452f301acacba7-LAX +alt-svc: h3=":443"; ma=86400 + + +0.109981 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c3ef53f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:50 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2Fs9CfnA9wFW3jF5P7jY3K%2B%2FGT6iE%2F1qnEGxI9yagP%2BEK0MGcFpIlneHdLVfZ9sN7M3n1ImaRilKhdu%2BEBwHHSZC6T%2BYlUWXCDbUNj7c1IwaXETwi36m09nGmvqsBneaVrA%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e452eb1b96ad903-LAX +alt-svc: h3=":443"; ma=86400 + + +0.121501 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..a9cc352 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2035.45","coin_price_change_percentage":1.97,"gas_price_updated_at":"2026-03-30T06:51:03.712746Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":22232,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.0101376,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"443","total_blocks":"3411449","total_gas_used":"0","total_transactions":"40681","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..bf8c43b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:12 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c4459d0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:11 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Jn0FtZGFTnxHEdAB0dJZFVvlCo%2F2Ow7eDSAgtA4hyJgu%2BCfXv9I5WLsLt9d1mQCVvjzUS8L%2F5%2FMa9WTToMWoGswoRlwFS%2BZTxDb0BdmdRzNG6lR3NrSx2AvT7thnTMZXQZM%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e452f368ce72b5e-LAX +alt-svc: h3=":443"; ma=86400 + + +0.126641 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..e5eeea4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 06:50:52 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.044049 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4a0db59 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:45 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=y3A2r1XLERttnTmX4to%2BFLbkNI8gzRhGpCqx3E6lVRQViz8x4o%2FdFRo%2F0cu8OeD2MHaEwnbSp%2BWLv70NnCqySO77X4EAK1m1YLmL4ftgNpYFffdWjaqyu5Md6vrRjdi48uA%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e452e94ae84c0be-LAX +alt-svc: h3=":443"; ma=86400 + + +0.116098 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/mim4u_org_https_headers.txt new file mode 100644 index 0000000..7143783 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:52 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..db8e419 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:58 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-nYe4jCj0eGlPh+w0Wu4B/g=='; style-src 'self' 'nonce-nYe4jCj0eGlPh+w0Wu4B/g=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cc23861 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:47 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.048309 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ecff16a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:48 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.066818 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4f510ff --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:14 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.038645 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..2b5e33c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:12 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..22405f6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:49 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.042841 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1d2c679 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:04 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..54db085 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:51:13 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/verification_report.md new file mode 100644 index 0000000..09207ef --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/verification_report.md @@ -0,0 +1,445 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T23:51:21-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (44) + +| Domain | Type | URL | +|--------|------|-----| +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 44 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 28 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 1 +- **Average response time**: 0.06811251724137933s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | pass | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..6dc0e54 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 06:50:58 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..07a3c3a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:51:11 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.033875 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..11033fd --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:50:51 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.041366 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..e822ce9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235044/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 06:50:52 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.040447 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/all_e2e_results.json new file mode 100644 index 0000000..41fd924 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/all_e2e_results.json @@ -0,0 +1,94 @@ +[ + { + "domain": "ws.rpc-fireblocks.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:51:28-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:48:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "rpc-http-prv.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:51:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 25 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-fireblocks.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-29T23:51:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:47:15 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-prv.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-29T23:51:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:19 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/verification_report.md new file mode 100644 index 0000000..d07088c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260329_235128/verification_report.md @@ -0,0 +1,85 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-29T23:51:39-07:00 +**Public IP**: 76.53.10.36 +**Profile**: private +**Verifier**: intlc + +## All endpoints (4) + +| Domain | Type | URL | +|--------|------|-----| +| rpc-fireblocks.d-bis.org | rpc-http | https://rpc-fireblocks.d-bis.org | +| rpc-http-prv.d-bis.org | rpc-http | https://rpc-http-prv.d-bis.org | +| rpc-ws-prv.d-bis.org | rpc-ws | https://rpc-ws-prv.d-bis.org | +| ws.rpc-fireblocks.d-bis.org | rpc-ws | https://ws.rpc-fireblocks.d-bis.org | + +## Summary + +- **Total domains tested**: 4 +- **DNS tests passed**: 4 +- **HTTPS tests passed**: 0 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 0 +- **Average response time**: 0s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| ws.rpc-fireblocks.d-bis.org | rpc-ws | pass | pass | - | - | +| rpc-http-prv.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-fireblocks.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-prv.d-bis.org | rpc-ws | pass | pass | - | - | + +## Test Results by Domain (detail) + + +### ws.rpc-fireblocks.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### rpc-http-prv.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-fireblocks.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-prv.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8947a18 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/admin_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015716 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..e5858ec --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:05 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.158414 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/all_e2e_results.json new file mode 100644 index 0000000..b66e1ba --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/all_e2e_results.json @@ -0,0 +1,1358 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.043319, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "core.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:04-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015779 + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.163496, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "members.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:05-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015639 + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:05-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.158414, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:06-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015533 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "research.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:06-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.031708 + } + } + }, + { + "domain": "policy.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:06-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015503 + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042021, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 1.177694, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "developers.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:09-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015746 + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:09-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.058851, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:09-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:10-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.061860, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:10-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.031782 + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T12:40:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.097939, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "interop.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:11-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.065060 + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:11-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.133225, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "identity.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:12-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015668 + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:12-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.145324, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "ops.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:13-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015621 + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.026271, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.065411, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.056527, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040977, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "data.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T12:40:14-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015632 + } + } + }, + { + "domain": "sandbox.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:15-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015547 + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:40:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039033, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.034322, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:40:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:26-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.048367, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:40:27-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:32-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.170038, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:33-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015716 + } + } + }, + { + "domain": "status.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:33-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.007819 + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.036523, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.108987, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.031156, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.026662, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.034250, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.034530, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T12:40:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.030454, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:36-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015813 + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035636, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.135193, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:40:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E8", + "expires": "Jun 28 16:00:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:40:43-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.133428, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..b2f5388 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2202.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2066.2","coin_price_change_percentage":3.51,"gas_price_updated_at":"2026-03-30T19:40:15.088051Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":10680,"gas_used_today":null,"market_cap":"0.00","network_utilization_percentage":0.0304128,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"444","total_blocks":"3427699","total_gas_used":"0","total_transactions":"41192","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..ad9d7b8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:35 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.034530 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..89bb0be --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:43 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nfcc4vWl3iaLPkIgIphOIwlRoYsTHEM%2BvpDIM%2Fm9CVr6AP5J5EvZh3odkF2s472KuMciG7wkjv%2BkTCqFkq5iJDJlDU7t8HAS%2BLK6p5lh4AYYo8A4HY7OiEdblXSU%2FZAgJBYgl5IRpHMQ"}]} +server: cloudflare +cf-ray: 9e499673997ef7e3-LAX + + +0.133428 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7ca903b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:09 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jXhYbgvxWwwIocBffsPxXrzVbS2PLKxsZ6FnTSLVAkW0UnCxSf760CySRk2oCEknXZ6%2F6%2B04oyBFBT0bpjuawO56%2Fp8zELYyP65%2BYOCMQWfjuZkRqzkFuPvfpmJe8Sn5v3p29yPawg%3D%3D"}]} +server: cloudflare +cf-ray: 9e4995962e4f531e-LAX + + +1.177694 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..07eb027 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:37 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=UI2RLp46T8vAFC6KquRzyOlpGJsZU%2FQkTWkuhgmT3CD8ruUX6e1R8hbJnGdX%2FOTXlvva2PICLN%2B7HjzRXL398HTTB7RuS%2B5JT7KV9OW9J9m71vcHXIN41JmmZdM1fWrSF4j%2F1SL%2BiA%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49964d8b5488bd-LAX +alt-svc: h3=":443"; ma=86400 + + +0.135193 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/core_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/core_d-bis_org_https_headers.txt new file mode 100644 index 0000000..329218a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/core_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015779 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/d-bis_org_https_headers.txt new file mode 100644 index 0000000..e3674a4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015813 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..be1edbb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:40:13 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CCmXIjyutiBdk%2FIrsS44vgM3LDsDoCyMF8HtLRm2SDW5ArufaCBv1i0nQJAYZ6E4eQVEySyQO2IVo3vDdcX%2F9ekbJNUt7xtl283xcWArliiwXxbbX0fwPn9DZmruJf9mvQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e4995b72c1f2f04-LAX +alt-svc: h3=":443"; ma=86400 + + +0.145324 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..eb5e9c5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.015533 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/data_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/data_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c234185 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/data_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015632 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..515c1da --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:04 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.043319 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..5a95a49 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:36 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.030454 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e080911 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:11 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.097939 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..9261814 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:33 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=j3JxGpjBwN2xnDZCUhjyTSTroX%2FBMGbnr8WgT%2B1RuRBgXLd2vhiC%2BXzwiTIwym6sDUW3TqIv5ILhHxl6TTHdUau71W6%2BoExNcfnDUas15DzbLkohbKVvq6DxVdY%2B2aej"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e4996323a08196e-LAX +alt-svc: h3=":443"; ma=86400 + + +0.170038 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/developers_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/developers_d-bis_org_https_headers.txt new file mode 100644 index 0000000..29a7e71 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/developers_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015746 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ae6a650 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:12 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=8osx63uUlGWgWHAQ6y3%2FpjX%2BW%2BboJvVdIMQnwFnAB8h%2BlA7i3x6ZPniigchFVcL1nMBCpCMVeBZcE0yS0GNISixNHoOiLUeIBoM5GYEvR54RRnYd7kjvgX0sSQxyrCV3wQ%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e4995afc91e24e5-LAX +alt-svc: h3=":443"; ma=86400 + + +0.133225 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..805b907 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2202.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2066.2","coin_price_change_percentage":3.51,"gas_price_updated_at":"2026-03-30T19:40:15.088051Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":11271,"gas_used_today":null,"market_cap":"0.00","network_utilization_percentage":0.0304128,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"444","total_blocks":"3427699","total_gas_used":"0","total_transactions":"41192","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ebe60a8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:35 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..26928e0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:34 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VLkxDzRDB9FKG1baV6KsHzLR%2BkITCtorCBR5HSr5IWy6Zz4LnmFJ53F4XLolQJriUPyU0dyiuLUZ%2BW9ZKsek1Ib4RBgYDlnDrtvryWrbfwu4O06LQsqbdrR1A%2Fgipw8Sis0%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49963d0e612f17-LAX +alt-svc: h3=":443"; ma=86400 + + +0.108987 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/identity_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/identity_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6dbf6d8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/identity_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015668 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/interop_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/interop_d-bis_org_https_headers.txt new file mode 100644 index 0000000..bf96510 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/interop_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.065060 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..e5be2e7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 19:40:14 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.056527 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/members_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/members_d-bis_org_https_headers.txt new file mode 100644 index 0000000..08f4821 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/members_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015639 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6c84cd5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:05 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=h6U7zykTU%2B6%2Fqh3yAkyM4dA4m6RWhbNnKGA4FUMoy0QrobWhXgK5%2BEenFnr4V5PNms6k6QQ%2BrzFfFHsozh51KHZvd4fH%2B1SZTMCxKASN%2F6J2pd37eXaH6g1MY6zbyd%2BgFLw%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e499584a8dd312c-LAX +alt-svc: h3=":443"; ma=86400 + + +0.163496 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/mim4u_org_https_headers.txt new file mode 100644 index 0000000..ac39a78 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:14 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/ops_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/ops_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4d37755 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/ops_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015621 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..361efaf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:21 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-mTWSdDIWX8HXEfJsdcs+bQ=='; style-src 'self' 'nonce-mTWSdDIWX8HXEfJsdcs+bQ=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/policy_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/policy_d-bis_org_https_headers.txt new file mode 100644 index 0000000..2043ff6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/policy_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015503 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ca54fb6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:07 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.042021 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/research_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/research_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f26a8be --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/research_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.031708 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/sandbox_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/sandbox_d-bis_org_https_headers.txt new file mode 100644 index 0000000..96ed6b2 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/sandbox_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015547 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..6e5326d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:09 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.058851 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..96aae1b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:36 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.035636 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..cde99f2 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:35 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/status_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/status_d-bis_org_https_headers.txt new file mode 100644 index 0000000..719c2fb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/status_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.007819 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..6950233 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:10 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.061860 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..b702583 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:27 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..cde99f2 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:35 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/verification_report.md new file mode 100644 index 0000000..fe7432c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/verification_report.md @@ -0,0 +1,571 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-30T12:40:43-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (58) + +| Domain | Type | URL | +|--------|------|-----| +| admin.d-bis.org | web | https://admin.d-bis.org | +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| core.d-bis.org | web | https://core.d-bis.org | +| d-bis.org | web | https://d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| data.d-bis.org | api | https://data.d-bis.org | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| developers.d-bis.org | web | https://developers.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| identity.d-bis.org | web | https://identity.d-bis.org | +| interop.d-bis.org | web | https://interop.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| members.d-bis.org | web | https://members.d-bis.org | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| ops.d-bis.org | web | https://ops.d-bis.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| policy.d-bis.org | web | https://policy.d-bis.org | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| research.d-bis.org | web | https://research.d-bis.org | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sandbox.d-bis.org | web | https://sandbox.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| status.d-bis.org | web | https://status.d-bis.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.d-bis.org | web | https://www.d-bis.org | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 58 +- **DNS tests passed**: 43 +- **HTTPS tests passed**: 28 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 15 +- **Average response time**: 0.0808947441860465s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| core.d-bis.org | web | skip | skip | skip | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| members.d-bis.org | web | skip | skip | skip | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| research.d-bis.org | web | skip | skip | skip | - | +| policy.d-bis.org | web | skip | skip | skip | - | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| developers.d-bis.org | web | skip | skip | skip | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| www.d-bis.org | web | skip | skip | skip | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| interop.d-bis.org | web | skip | skip | skip | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| identity.d-bis.org | web | skip | skip | skip | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| ops.d-bis.org | web | skip | skip | skip | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | pass | - | +| data.d-bis.org | api | skip | skip | skip | - | +| sandbox.d-bis.org | web | skip | skip | skip | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| admin.d-bis.org | web | skip | skip | skip | - | +| status.d-bis.org | web | skip | skip | skip | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| d-bis.org | web | skip | skip | skip | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### core.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### members.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### research.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### policy.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### developers.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### interop.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### identity.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ops.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### data.d-bis.org +- Type: api +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### sandbox.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### status.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_d-bis_org_https_headers.txt new file mode 100644 index 0000000..262a46b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.031782 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..5ec6093 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:40:21 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..5c4cdbe --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:40:34 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.036523 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..022ac56 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:40:14 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.026271 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..b073ecd --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124004/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:40:14 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.065411 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/all_e2e_results.json new file mode 100644 index 0000000..96b19de --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/all_e2e_results.json @@ -0,0 +1,94 @@ +[ + { + "domain": "ws.rpc-fireblocks.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:40:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:48:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "rpc-http-prv.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:57-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 25 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-fireblocks.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:40:57-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:47:15 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-prv.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:40:58-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:19 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/verification_report.md new file mode 100644 index 0000000..9d5bb54 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124051/verification_report.md @@ -0,0 +1,85 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-30T12:41:03-07:00 +**Public IP**: 76.53.10.36 +**Profile**: private +**Verifier**: intlc + +## All endpoints (4) + +| Domain | Type | URL | +|--------|------|-----| +| rpc-fireblocks.d-bis.org | rpc-http | https://rpc-fireblocks.d-bis.org | +| rpc-http-prv.d-bis.org | rpc-http | https://rpc-http-prv.d-bis.org | +| rpc-ws-prv.d-bis.org | rpc-ws | https://rpc-ws-prv.d-bis.org | +| ws.rpc-fireblocks.d-bis.org | rpc-ws | https://ws.rpc-fireblocks.d-bis.org | + +## Summary + +- **Total domains tested**: 4 +- **DNS tests passed**: 4 +- **HTTPS tests passed**: 0 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 0 +- **Average response time**: 0s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| ws.rpc-fireblocks.d-bis.org | rpc-ws | pass | pass | - | - | +| rpc-http-prv.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-fireblocks.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-prv.d-bis.org | rpc-ws | pass | pass | - | - | + +## Test Results by Domain (detail) + + +### ws.rpc-fireblocks.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### rpc-http-prv.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-fireblocks.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-prv.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..6fdd8c7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:19 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.055391 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..194d37b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:21 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=x92tAO%2BOp1oJaYfHhFsftw9zWnjDaYHyOqkY5Zd5DUx2ek7NHT0D9tWjxqudvWoPiEoP5UKYWwpMCVbdDX87qs095z7Kb0GewapEB%2BRyCi7gF%2FqxjMfAxVk3GxslMqJ4qSct1M2MdQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e499761892117c8-LAX + + +0.162453 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/core_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/core_d-bis_org_https_headers.txt new file mode 100644 index 0000000..47b82cc --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/core_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015897 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..3bb598b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:41:25 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gPkEuLZuBV%2BMy4HXwzkOLlAWuTBjQoP14iVWbRi9l9exEmJBWkftNrd4FfmghXRgSUOWrENryoqiDsAfmmbYAAKYADfR3t7WJfUkR%2FD7jlghuv1D3E%2FwxzUUN1oTY1sFIQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e49977a9cf62b92-LAX +alt-svc: h3=":443"; ma=86400 + + +0.169351 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..853843a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.031691 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/data_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/data_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e4d7974 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/data_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.031865 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..1c3c26b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:18 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.080540 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..70a9f90 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:23 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.032191 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/developers_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/developers_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0197f68 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/developers_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.032250 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f7c972f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:24 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=f8rO0sBy%2BIJCKI0oPPUyTZ0TYC14s8Tlcqeh9lvPXkIZEiw1p%2FsUGr6inJSPyiSDB3DgNH3znPUPKUy0bkqZlYlAuwoUMAfG3CCIG10XUC8rwsqM5JtSk4JL6EN%2FTnNosQ%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e499772bb524113-LAX +alt-svc: h3=":443"; ma=86400 + + +0.122433 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/identity_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/identity_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7037bad --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/identity_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015710 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/interop_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/interop_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6df406a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/interop_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015855 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1ed0ff7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 19:41:26 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.072482 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/members_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/members_d-bis_org_https_headers.txt new file mode 100644 index 0000000..508c3db --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/members_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015652 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..a09ae65 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:19 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=vtU8gfTgLGiuJJ%2BW8FRVG2kj9o65gt9blmN%2FDoQUqggk1lxV0fRMhLKqAaC3ZXhsVztaRTVRfbiEF8jGFn160Mhs9fTqqXBj7hrZQ7Xm15F4Qo3g%2BtsfBK3P%2FEGzrKugQ4M%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e4997530c615121-LAX +alt-svc: h3=":443"; ma=86400 + + +0.141256 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/mim4u_org_https_headers.txt new file mode 100644 index 0000000..877ebf5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:26 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/ops_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/ops_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ee2cb6a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/ops_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015649 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ac1239c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:33 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-WkUE/+PSL04y9wUKd6R3FA=='; style-src 'self' 'nonce-WkUE/+PSL04y9wUKd6R3FA=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/policy_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/policy_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0e30345 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/policy_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015718 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c408f4d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:21 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.051261 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/research_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/research_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f004e18 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/research_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015618 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/sandbox_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/sandbox_d-bis_org_https_headers.txt new file mode 100644 index 0000000..239afbf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/sandbox_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015686 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..9d082f6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:22 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.051779 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1892122 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:23 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.039716 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..4f660de --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:39 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_d-bis_org_https_headers.txt new file mode 100644 index 0000000..fea7af6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015657 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..80e2a65 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:41:33 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..873108a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:41:26 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.048670 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..57dc7a1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124112/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:41:26 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.035507 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..33cf2a8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/admin_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:41 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.035663 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..7530ffa --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:16 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.127134 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/all_e2e_results.json new file mode 100644 index 0000000..cc69cb1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/all_e2e_results.json @@ -0,0 +1,1386 @@ +[ + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033367, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "core.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:14-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "core.d-bis.org", + "issuer": "E7", + "expires": "Jun 28 18:50:01 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.034080, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:14-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.344287, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "members.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:15-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.007513 + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:15-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.127134, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:16-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.031806 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:16-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "research.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:17-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015588 + } + } + }, + { + "domain": "policy.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:17-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015520 + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.032716, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:17-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.131067, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "developers.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:18-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.007906 + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.059699, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:19-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.060161, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:19-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.d-bis.org", + "issuer": "E8", + "expires": "Jun 28 18:50:30 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.025592, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T12:49:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.044362, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "interop.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:20-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015587 + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:20-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.142212, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "identity.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:20-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015665 + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:21-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.126282, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "ops.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:22-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015678 + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.034297, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.035939, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:22-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.045896, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.040168, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "data.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T12:49:23-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015645 + } + } + }, + { + "domain": "sandbox.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:23-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015660 + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:49:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.039887, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038930, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:49:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041145, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:49:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:40-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.106141, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:41-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 28 18:49:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035663, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "status.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:41-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015632 + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:41-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:41-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.040685, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:42-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.132499, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:42-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.046895, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:42-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.035452, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:43-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.044152, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:43-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033914, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T12:49:43-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.034418, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "E7", + "expires": "Jun 28 18:50:15 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.762820, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.029987, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:45-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.140652, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T12:49:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T12:49:46-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E8", + "expires": "Jun 28 16:00:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T12:49:51-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.138985, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..6038f8e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2202.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2066.21","coin_price_change_percentage":3.52,"gas_price_updated_at":"2026-03-30T19:49:33.710918Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":21352,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.0304128,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"444","total_blocks":"3427699","total_gas_used":"0","total_transactions":"41192","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..7ed1c81 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:43 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.033914 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..15ff6a1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:52 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VAK8nIEupsnRTnwZC%2B0w8jUSSyL3pDMX0MzGutQZUDZQqrUbitXg0xnucqEgfw50%2F9Qu6PhaY24g%2BMrAPXJ2lB53ay7PN4cALGjshpkppxOhbvWTxgLfE0zEwlPjNFFts9VtfldDnnzo"}]} +server: cloudflare +cf-ray: 9e49a3d8dcfe2ab7-LAX + + +0.138985 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..1888d6a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:18 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=O%2FiGQM5TNgrhzET9rmn0OhRX%2BCfRIw2JWJV1Sn0YljnK0NN5VNNUi4up%2FA3ZME43OBYkHTwfFGBjO4fKC8yFRP%2FV54IgPevDJ2MVhCipYNKG%2BhA8jAL3JTPyrygeEV2vwMmVHMhgKw%3D%3D"}]} +server: cloudflare +cf-ray: 9e49a3040a67f7bb-LAX + + +0.131067 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c1151bd --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:46 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=m093Ou4iI%2FN1vQn7KZuc98QKHxm6PkUToRjDiASe2YbioOXkEmEkgcCYLII%2FO8xjr%2BnsWQbc0cEwxU4XhqjbjAKZBoUlR1jydXfPZkv%2BuA7nxpkNQb4HK0RYVOwpeja5CA5ujVE2RQ%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49a3b2c98c2b5c-LAX +alt-svc: h3=":443"; ma=86400 + + +0.140652 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/core_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/core_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7d7bf58 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/core_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:14 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.034080 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/d-bis_org_https_headers.txt new file mode 100644 index 0000000..eb545f4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:45 GMT +content-type: text/html; charset=utf-8 +content-length: 22505 +vary: Accept-Encoding +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "fqzlq2o9ljhd0" +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.762820 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..079f17f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:49:21 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aUHr3iZ2dX42wRP3%2FilsrvWAcD9z9SlviDxlyDdqNJCrOC09Z57%2B%2B29oWFN7HVOdhbCF2IKnSJaGXJpnArnPZiILSSgnoISxQQL%2F56me1E1RfGPZt1rBW4nZc%2BawSOa8dQ%3D%3D"}]} +server: cloudflare +cf-ray: 9e49a31bf9ddf7b7-LAX +alt-svc: h3=":443"; ma=86400 + + +0.126282 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..7a3850e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.031806 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/data_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/data_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4d0cab0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/data_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015645 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..16e6c35 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:14 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.033367 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..cd4b718 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:44 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.034418 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..935e4ad --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:20 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.044362 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4a02842 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:41 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TVIzlczm1LrtxOGRIAyiNH%2Ff4kewYPGQElETfvd2GBIueb29GUve0avIBwbuTnQJkhWTubuoMtL7Kkob9R7i7OppME8X4xTV2sRqOfO4E6xoXHTC79%2BhyfxT5gySEGjO"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49a3937ffaad7f-LAX +alt-svc: h3=":443"; ma=86400 + + +0.106141 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/developers_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/developers_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8569d98 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/developers_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.007906 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..f3360ab --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:20 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Xsa7eyh9Av2ytz5wOG%2FQGYINKfQJA7lsrDLMxGyCTO8wn2tg2%2FMgkgK25X%2FzUVpWdiaPg5fTGrem03NqHSC7lxTIAwrcX4Yrygi2xWc2WFctMwb%2FosWhlxa0OWbX7kzyOw%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e49a314dadadb59-LAX +alt-svc: h3=":443"; ma=86400 + + +0.142212 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..ff79660 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2202.0,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2066.21","coin_price_change_percentage":3.52,"gas_price_updated_at":"2026-03-30T19:49:33.710918Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":21997,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.0304128,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"444","total_blocks":"3427699","total_gas_used":"0","total_transactions":"41192","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..aca5c87 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:43 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..1de8baf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:42 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2XyPiBQQLdr4yoqAcbL9y8Y6NWv2UFoxIP9YSlea%2BDSE3ZVWPnbjmXppKpZgZ%2BCM%2BwXg8NFREYz3pfdPf5Hqs%2ByANNqJwhgs2PAdkrhvXn2HWL6wZ54zWcBRpuGJrbp1G2g%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49a39cf9581360-LAX +alt-svc: h3=":443"; ma=86400 + + +0.132499 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/identity_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/identity_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7a7552a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/identity_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015665 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/interop_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/interop_d-bis_org_https_headers.txt new file mode 100644 index 0000000..1481936 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/interop_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015587 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..f07813c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 19:49:22 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.045896 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/members_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/members_d-bis_org_https_headers.txt new file mode 100644 index 0000000..134d0f3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/members_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.007513 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..cd9674e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:15 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3fLGSd1%2F%2FT2ycfwzL8TkLpKw2mFBfwTFwt7Yeg8b1nuOzC0vQBMd2u7mW3O9PiigpDCzOUhyZ5X7iHN07yb6vGNSdUwomlv8WI0AYx5xWUJomsrTl1m%2FoYAGKCas5D8py08%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e49a2f2cbd516df-LAX +alt-svc: h3=":443"; ma=86400 + + +0.344287 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/mim4u_org_https_headers.txt new file mode 100644 index 0000000..6410455 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:23 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/ops_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/ops_d-bis_org_https_headers.txt new file mode 100644 index 0000000..75394a1 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/ops_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015678 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..cfb3dfa --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:29 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-8Us32z530ZwBYMs4IqVY/w=='; style-src 'self' 'nonce-8Us32z530ZwBYMs4IqVY/w=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/policy_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/policy_d-bis_org_https_headers.txt new file mode 100644 index 0000000..a76c942 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/policy_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015520 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..c398341 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:17 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.032716 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/research_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/research_d-bis_org_https_headers.txt new file mode 100644 index 0000000..597186f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/research_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015588 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/sandbox_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/sandbox_d-bis_org_https_headers.txt new file mode 100644 index 0000000..16ddc37 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/sandbox_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015660 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..49fc870 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:18 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.059699 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..19acfdb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:45 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.029987 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..9e2c1e8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:42 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/status_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/status_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c234185 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/status_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015632 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..2ba8fc0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:19 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.060161 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..ca2817e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:35 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..96571dc --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:43 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/verification_report.md new file mode 100644 index 0000000..0ca159f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/verification_report.md @@ -0,0 +1,571 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-30T12:49:52-07:00 +**Public IP**: 76.53.10.36 +**Profile**: public +**Verifier**: intlc + +## All endpoints (58) + +| Domain | Type | URL | +|--------|------|-----| +| admin.d-bis.org | web | https://admin.d-bis.org | +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| core.d-bis.org | web | https://core.d-bis.org | +| d-bis.org | web | https://d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| data.d-bis.org | api | https://data.d-bis.org | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| developers.d-bis.org | web | https://developers.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| identity.d-bis.org | web | https://identity.d-bis.org | +| interop.d-bis.org | web | https://interop.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| members.d-bis.org | web | https://members.d-bis.org | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| ops.d-bis.org | web | https://ops.d-bis.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| policy.d-bis.org | web | https://policy.d-bis.org | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| research.d-bis.org | web | https://research.d-bis.org | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sandbox.d-bis.org | web | https://sandbox.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| status.d-bis.org | web | https://status.d-bis.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.d-bis.org | web | https://www.d-bis.org | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 58 +- **DNS tests passed**: 45 +- **HTTPS tests passed**: 32 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 13 +- **Average response time**: 0.0742252093023256s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| core.d-bis.org | web | skip | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| members.d-bis.org | web | skip | skip | skip | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| research.d-bis.org | web | skip | skip | skip | - | +| policy.d-bis.org | web | skip | skip | skip | - | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| developers.d-bis.org | web | skip | skip | skip | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| www.d-bis.org | web | skip | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| interop.d-bis.org | web | skip | skip | skip | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| identity.d-bis.org | web | skip | skip | skip | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| ops.d-bis.org | web | skip | skip | skip | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | pass | - | +| data.d-bis.org | api | skip | skip | skip | - | +| sandbox.d-bis.org | web | skip | skip | skip | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| admin.d-bis.org | web | pass | pass | pass | - | +| status.d-bis.org | web | skip | skip | skip | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| d-bis.org | web | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### core.d-bis.org +- Type: web +- DNS: skip +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### members.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### research.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### policy.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### developers.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.d-bis.org +- Type: web +- DNS: skip +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### interop.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### identity.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ops.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### data.d-bis.org +- Type: api +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### sandbox.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### status.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8bf7fab --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:49:19 GMT +content-type: text/html +content-length: 134 +location: https://d-bis.org/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.025592 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..d90822f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 19:49:29 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..8f2293d --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:49:42 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.040685 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..27a778b --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:49:22 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.034297 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..a4742a8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_124914/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 19:49:22 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.035939 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..688fe6c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/admin_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:02 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.032133 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/admin_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/admin_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..174b339 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/admin_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:31 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.041975 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/all_e2e_results.json b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/all_e2e_results.json new file mode 100644 index 0000000..6ae6b99 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/all_e2e_results.json @@ -0,0 +1,1478 @@ +[ + { + "domain": "ws.rpc-fireblocks.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T13:33:23-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:48:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dbis-admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 15 06:47:43 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041251, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "core.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "core.d-bis.org", + "issuer": "E7", + "expires": "Jun 28 18:50:01 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037190, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "mifos.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:29-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.129616, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "members.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:30-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.016002 + } + } + }, + { + "domain": "admin.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:30-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 27 19:39:40 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041975, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dash.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:31-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015857 + } + } + }, + { + "domain": "rpc-hybx-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:31-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "research.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:31-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.032033 + } + } + }, + { + "domain": "policy.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:32-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.032178 + } + } + }, + { + "domain": "portal.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:32-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "portal.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 27 19:40:08 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.131505, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "cacti-hybx.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:32-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.121491, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "developers.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:33-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015975 + } + } + }, + { + "domain": "sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:37 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.087973, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-alltra.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:33-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-pub.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-pub.d-bis.org", + "issuer": "E8", + "expires": "Jun 16 06:48:10 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.public-0138.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:34-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "studio.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "studio.sankofa.nexus", + "issuer": "E7", + "expires": "May 31 10:23:29 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.068128, + "has_hsts": false, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "www.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.d-bis.org", + "issuer": "E8", + "expires": "Jun 28 18:50:30 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.033800, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "dbis-api.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T13:33:35-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:47:45 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.036627, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "interop.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:35-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.016139 + } + } + }, + { + "domain": "docs.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.137669, + "has_hsts": true, + "has_csp": true, + "has_xfo": false + } + } + }, + { + "domain": "identity.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:36-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015663 + } + } + }, + { + "domain": "rpc-hybx-3.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:36-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.d-bis.org", + "issuer": "E7", + "expires": "Apr 30 13:35:45 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "dapp.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.128952, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "ops.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:37-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015959 + } + } + }, + { + "domain": "www.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:37-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.sankofa.nexus", + "issuer": "E7", + "expires": "Apr 16 20:59:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.030194, + "canonical_redirect": true, + "location_header": "location: https://sankofa.nexus/" + } + } + }, + { + "domain": "www.the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:38-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:52:05 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.034207, + "canonical_redirect": true, + "location_header": "location: https://the-order.sankofa.nexus/" + } + } + }, + { + "domain": "keycloak.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:38-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "keycloak.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 25 04:50:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 302, + "response_time_seconds": 0.043599, + "has_hsts": true, + "has_csp": false, + "has_xfo": false + } + } + }, + { + "domain": "mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:39-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:47:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033179, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "data.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T13:33:39-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.007693 + } + } + }, + { + "domain": "sandbox.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:44-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015767 + } + } + }, + { + "domain": "ws.rpc.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T13:33:44-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:43:05 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "phoenix.sankofa.nexus", + "issuer": "E7", + "expires": "Jun 16 06:47:58 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.043299, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "www.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.mim4u.org", + "issuer": "E8", + "expires": "Jun 15 06:47:54 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.037616, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "wss.defi-oracle.io", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T13:33:50-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "wss.defi-oracle.io", + "issuer": "E8", + "expires": "Apr 30 03:44:57 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "the-order.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:33:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "the-order.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 16 06:48:53 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038368, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:33:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc2.d-bis.org", + "issuer": "E8", + "expires": "Apr 30 03:40:50 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-pub.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T13:33:56-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-pub.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:27 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "dev.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:02-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.128126, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "admin.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:02-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "admin.d-bis.org", + "issuer": "E7", + "expires": "Jun 28 18:49:41 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.032133, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "status.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:02-07:00", + "tests": { + "dns": { + "status": "skip", + "resolved_ip": null, + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "skip" + }, + "https": { + "status": "skip", + "response_time_seconds": 0.015765 + } + } + }, + { + "domain": "rpc-alltra-2.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:34:03-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-http-prv.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:34:03-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-http-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 25 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "www.phoenix.sankofa.nexus", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:03-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "www.phoenix.sankofa.nexus", + "issuer": "E8", + "expires": "Jun 15 06:48:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 301, + "response_time_seconds": 0.040832, + "canonical_redirect": true, + "location_header": "location: https://phoenix.sankofa.nexus/health" + } + } + }, + { + "domain": "gitea.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.098679, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "secure.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.mim4u.org", + "issuer": "E8", + "expires": "Jun 16 06:48:46 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.038515, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-fireblocks.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:34:04-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-fireblocks.d-bis.org", + "issuer": "E8", + "expires": "May 22 21:47:15 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "explorer.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:05-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "explorer.d-bis.org", + "issuer": "E8", + "expires": "May 7 23:15:36 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.033186, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "training.mim4u.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:05-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "training.mim4u.org", + "issuer": "E7", + "expires": "Jun 16 06:49:02 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.042350, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "blockscout.defi-oracle.io", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:05-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "blockscout.defi-oracle.io", + "issuer": "E7", + "expires": "Jun 8 13:56:19 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.043401, + "has_hsts": false, + "has_csp": true, + "has_xfo": false + }, + "blockscout_api": { + "status": "pass", + "http_code": 200 + } + } + }, + { + "domain": "dbis-api-2.d-bis.org", + "domain_type": "api", + "timestamp": "2026-03-30T13:34:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "dbis-api-2.d-bis.org", + "issuer": "E8", + "expires": "Apr 16 20:56:22 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.041760, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "E7", + "expires": "Jun 28 18:50:15 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.060145, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "secure.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "secure.d-bis.org", + "issuer": "E7", + "expires": "Apr 16 20:58:28 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.031588, + "has_hsts": true, + "has_csp": true, + "has_xfo": true + } + } + }, + { + "domain": "rpc-hybx.d-bis.org", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:34:06-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "codespaces.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "104.21.86.131", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.132907, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + }, + { + "domain": "rpc.defi-oracle.io", + "domain_type": "rpc-http", + "timestamp": "2026-03-30T13:34:07-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc.public-0138.defi-oracle.io", + "issuer": "E8", + "expires": "Jun 26 16:00:12 2026 GMT" + }, + "rpc_http": { + "status": "pass", + "chain_id": "0x8a" + } + } + }, + { + "domain": "rpc-ws-prv.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T13:34:08-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "rpc-ws-prv.d-bis.org", + "issuer": "E7", + "expires": "Jun 16 06:48:19 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "ws.rpc2.d-bis.org", + "domain_type": "rpc-ws", + "timestamp": "2026-03-30T13:34:13-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "76.53.10.36", + "expected_ip": "76.53.10.36" + }, + "ssl": { + "status": "pass", + "cn": "ws.rpc2.d-bis.org", + "issuer": "E8", + "expires": "Jun 28 16:00:21 2026 GMT" + }, + "websocket": { + "status": "pass", + "http_code": "400", + "full_test": true, + "full_test_output": "result" + } + } + }, + { + "domain": "cacti-alltra.d-bis.org", + "domain_type": "web", + "timestamp": "2026-03-30T13:34:18-07:00", + "tests": { + "dns": { + "status": "pass", + "resolved_ip": "172.67.220.49", + "expected_ip": "any" + }, + "ssl": { + "status": "pass", + "cn": "d-bis.org", + "issuer": "WE1", + "expires": "May 27 07:40:56 2026 GMT" + }, + "https": { + "status": "pass", + "http_code": 200, + "response_time_seconds": 0.148038, + "has_hsts": true, + "has_csp": false, + "has_xfo": true + } + } + } +] diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/blockscout_defi-oracle_io_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/blockscout_defi-oracle_io_blockscout_api.txt new file mode 100644 index 0000000..25978f8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/blockscout_defi-oracle_io_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2066.11","coin_price_change_percentage":3.51,"gas_price_updated_at":"2026-03-30T20:33:59.736339Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":25202,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.030412,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"444","total_blocks":"3427699","total_gas_used":"0","total_transactions":"41192","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/blockscout_defi-oracle_io_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/blockscout_defi-oracle_io_https_headers.txt new file mode 100644 index 0000000..04ce56e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/blockscout_defi-oracle_io_https_headers.txt @@ -0,0 +1,13 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:05 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes + + +0.043401 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/cacti-alltra_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/cacti-alltra_d-bis_org_https_headers.txt new file mode 100644 index 0000000..588fbae --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/cacti-alltra_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:19 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:11 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1GlTKJR9HQhIT5DhQzeh0TuMZwP3be8cnYgq9TW5CA4GHq2f5x10xTid3sHyt4jBlXQgpu1gwfwUhXbO93laMpf66M8XNOA%2Bj15PPqA1gvE6mEhOzzFgeJCYz3W7yD%2B3oym0gBcjEZIV"}]} +server: cloudflare +cf-ray: 9e49e4f5a8bc8e7d-LAX + + +0.148038 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/cacti-hybx_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/cacti-hybx_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6d6ff6a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/cacti-hybx_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:33 GMT +content-type: text/html +alt-svc: h3=":443"; ma=86400 +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +last-modified: Tue, 10 Mar 2026 14:38:22 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aSFJbVUgkXn6Rlq6ggejc6E0UIe2pXMjb2wejToJbXYoF9xgxef4FK6Mr2NGfQc3T93y76lX6uABXPG0UdA1RL%2FkzcdPOCBMRxNkG6uoWWNWskyw6a%2BKugGp%2BP%2BVoXqV%2BlJuyZCIrA%3D%3D"}]} +server: cloudflare +cf-ray: 9e49e3d5a957a1a2-LAX + + +0.121491 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/codespaces_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/codespaces_d-bis_org_https_headers.txt new file mode 100644 index 0000000..fd91c18 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/codespaces_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:07 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WDAT7905aIjfX3sx5hN3wam5lbsDNaPL0K7O2AcU2TfS860i%2BnFCmGlcYX4VWw5Dgqsck3ucW0UHBrpQq%2B%2FGy9sA8tF8GenVmWgKgBTy0F%2BD1edawHTmGoDZttYpn5of%2F3X87fDLoQ%3D%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49e4adefb44e43-LAX +alt-svc: h3=":443"; ma=86400 + + +0.132907 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/core_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/core_d-bis_org_https_headers.txt new file mode 100644 index 0000000..08787d9 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/core_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:29 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.037190 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/d-bis_org_https_headers.txt new file mode 100644 index 0000000..15837af --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:06 GMT +content-type: text/html; charset=utf-8 +content-length: 22505 +vary: Accept-Encoding +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "fqzlq2o9ljhd0" +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.060145 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dapp_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dapp_d-bis_org_https_headers.txt new file mode 100644 index 0000000..897ad67 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dapp_d-bis_org_https_headers.txt @@ -0,0 +1,15 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 20:33:37 GMT +content-type: text/html +location: https://dapp.d-bis.org/ +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=M6i8gofEP%2F3Jx1AakWNWQAGpMX6zsa%2BwuxJdHVW1lPWX%2FXsvK%2FV1f0HYEiEwa9ETVTRmuDaT4nK2l1n%2B8C%2BOCMosVEEJ82si06k3TXWs%2BuefuijOsWfQSp%2BRa2CupDIrHA%3D%3D"}]} +server: cloudflare +cf-ray: 9e49e3f24c8ef7e3-LAX +alt-svc: h3=":443"; ma=86400 + + +0.128952 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dash_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dash_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..bab9dd3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dash_sankofa_nexus_https_headers.txt @@ -0,0 +1,2 @@ + +0.015857 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/data_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/data_d-bis_org_https_headers.txt new file mode 100644 index 0000000..38ddf23 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/data_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.007693 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-admin_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-admin_d-bis_org_https_headers.txt new file mode 100644 index 0000000..2640cf4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-admin_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:29 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.041251 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-api-2_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-api-2_d-bis_org_https_headers.txt new file mode 100644 index 0000000..d037042 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-api-2_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:06 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.041760 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-api_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-api_d-bis_org_https_headers.txt new file mode 100644 index 0000000..2eb5538 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dbis-api_d-bis_org_https_headers.txt @@ -0,0 +1,19 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:35 GMT +content-type: text/html; charset=utf-8 +content-length: 344 +vary: Accept-Encoding +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.036627 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dev_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dev_d-bis_org_https_headers.txt new file mode 100644 index 0000000..8e138a0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/dev_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:02 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=anuxwedpKu9Y3JDhjbWs3n1RkX4vIlvKhlduiFMt2VqU9h0dhauJAvsF2quEE9h0VQ%2FOOI5iJvNeHn%2FvXllO5BNwKja7A%2FhoEkoOOXQMqE4r4Mggnqflaa2%2BFU6WvdZj"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49e48e28c4f7b5-LAX +alt-svc: h3=":443"; ma=86400 + + +0.128126 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/developers_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/developers_d-bis_org_https_headers.txt new file mode 100644 index 0000000..04f697a --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/developers_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015975 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/docs_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/docs_d-bis_org_https_headers.txt new file mode 100644 index 0000000..6cd460f --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/docs_d-bis_org_https_headers.txt @@ -0,0 +1,18 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:36 GMT +content-type: text/html +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Yyl8kcXMVOUnkpLt2mani3yY0KnFiACGP7NBl0y%2BDYYy5f8ZXkZHI5WSf0MO%2FclsSAEJfNAjLOPYbYSsK4hYDVGgGG7DlOg9mgsOQM8l1z%2FP99hlpldmUCFuoIhH5Ukc%2BQ%3D%3D"}]} +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +server: cloudflare +cf-ray: 9e49e3ea8a5faf67-LAX +alt-svc: h3=":443"; ma=86400 + + +0.137669 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/explorer_d-bis_org_blockscout_api.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/explorer_d-bis_org_blockscout_api.txt new file mode 100644 index 0000000..f5b1d62 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/explorer_d-bis_org_blockscout_api.txt @@ -0,0 +1 @@ +{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"2066.11","coin_price_change_percentage":3.51,"gas_price_updated_at":"2026-03-30T20:33:59.736339Z","gas_prices":{"slow":1.0,"average":1.0,"fast":1.0},"gas_prices_update_in":25855,"gas_used_today":null,"market_cap":"0.000","network_utilization_percentage":0.030412,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"444","total_blocks":"3427699","total_gas_used":"0","total_transactions":"41192","transactions_today":"0","tvl":null} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/explorer_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/explorer_d-bis_org_https_headers.txt new file mode 100644 index 0000000..0b6f9e0 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/explorer_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:05 GMT +content-type: text/html +content-length: 80925 +vary: Accept-Encoding +last-modified: Sat, 28 Mar 2026 22:15:43 GMT +etag: "69c8530f-13c1d" +cache-control: no-store, no-cache, must-revalidate +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546; +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/gitea_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/gitea_d-bis_org_https_headers.txt new file mode 100644 index 0000000..dab45cf --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/gitea_d-bis_org_https_headers.txt @@ -0,0 +1,17 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:04 GMT +referrer-policy: strict-origin-when-cross-origin +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=PFZaaHiJjjY%2FacvnKHvLFeizZtXuJCrDuAD04XjzOMKltF0rObmBXBc5CA4FKk4a7eRdXCpGtePYMNpVrA4YhIdFuUrm%2BJ5cAy6Bf9z%2Fkp%2Bw%2FFGFu7eKCIa%2FgowOo2G27Gs%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +server: cloudflare +cf-ray: 9e49e499b9ac78ef-LAX +alt-svc: h3=":443"; ma=86400 + + +0.098679 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/identity_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/identity_d-bis_org_https_headers.txt new file mode 100644 index 0000000..4d3f08c --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/identity_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015663 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/interop_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/interop_d-bis_org_https_headers.txt new file mode 100644 index 0000000..ee3b323 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/interop_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.016139 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/keycloak_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/keycloak_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..56b4c76 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/keycloak_sankofa_nexus_https_headers.txt @@ -0,0 +1,10 @@ +HTTP/2 302 +date: Mon, 30 Mar 2026 20:33:38 GMT +location: https://keycloak.sankofa.nexus/admin/ +referrer-policy: no-referrer +strict-transport-security: max-age=31536000; includeSubDomains +x-content-type-options: nosniff +x-xss-protection: 1; mode=block + + +0.043599 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/members_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/members_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e8366ce --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/members_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.016002 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/mifos_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/mifos_d-bis_org_https_headers.txt new file mode 100644 index 0000000..bdfd720 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/mifos_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:30 GMT +content-type: text/html +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mwYANmwICBPwytScoDzg9JUCVgAAMPkiE%2BeER3jeRWuB4FPPIe2CtXpnhfxugJm9cfD75oFbmA8YwNHqQyVSbebQXYKarMwnfdFiuJdefyZnQ4rwtWEWrcKfDlupaNS8SOY%3D"}]} +last-modified: Mon, 31 Mar 2025 07:37:06 GMT +referrer-policy: strict-origin-when-cross-origin +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: off +x-frame-options: SAMEORIGIN +x-permitted-cross-domain-policies: none +cf-cache-status: DYNAMIC +strict-transport-security: max-age=31536000; includeSubDomains +server: cloudflare +cf-ray: 9e49e3c42cd0db72-LAX +alt-svc: h3=":443"; ma=86400 + + +0.129616 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/mim4u_org_https_headers.txt new file mode 100644 index 0000000..7b9b9ab --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:39 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/ops_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/ops_d-bis_org_https_headers.txt new file mode 100644 index 0000000..201d529 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/ops_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015959 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..2e4be27 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:50 GMT +content-type: application/json; charset=utf-8 +content-length: 54 +vary: Accept-Encoding +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 0 +strict-transport-security: max-age=63072000; includeSubDomains; preload +content-security-policy: default-src 'self'; script-src 'self' 'nonce-crobglJJ6DbfeKxhyKyWIQ=='; style-src 'self' 'nonce-crobglJJ6DbfeKxhyKyWIQ=='; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests +referrer-policy: strict-origin-when-cross-origin +permissions-policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=() +x-permitted-cross-domain-policies: none +cross-origin-embedder-policy: require-corp +cross-origin-opener-policy: same-origin +cross-origin-resource-policy: same-origin +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/policy_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/policy_d-bis_org_https_headers.txt new file mode 100644 index 0000000..a59b668 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/policy_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.032178 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/portal_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/portal_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..4f38914 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/portal_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:32 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 + + +0.131505 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/research_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/research_d-bis_org_https_headers.txt new file mode 100644 index 0000000..e2a9da4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/research_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.032033 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-alltra_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-fireblocks_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-fireblocks_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-fireblocks_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-http-prv_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-http-prv_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-http-prv_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-http-pub_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-http-pub_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-http-pub_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx-2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx-2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx-2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx-3_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx-3_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx-3_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc-hybx_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc2_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc2_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc2_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_d-bis_org_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_d-bis_org_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_d-bis_org_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..1283cc7 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","id":1,"result":"0x8a"} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_public-0138_defi-oracle_io_rpc_response.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_public-0138_defi-oracle_io_rpc_response.txt new file mode 100644 index 0000000..a55ebe8 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/rpc_public-0138_defi-oracle_io_rpc_response.txt @@ -0,0 +1 @@ +{"jsonrpc":"2.0","result":"0x8a","id":1} \ No newline at end of file diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/sandbox_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/sandbox_d-bis_org_https_headers.txt new file mode 100644 index 0000000..3c84ec5 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/sandbox_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015767 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..a5fed79 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:33 GMT +content-type: text/html; charset=utf-8 +vary: Accept-Encoding +x-content-type-options: nosniff +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: ws: wss: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +link: ; rel=preload; as="font"; crossorigin=""; type="font/woff2" +cache-control: private, no-cache, no-store, max-age=0, must-revalidate +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.087973 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/secure_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/secure_d-bis_org_https_headers.txt new file mode 100644 index 0000000..c963b40 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/secure_d-bis_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:06 GMT +content-type: text/html +content-length: 31 +vary: Accept-Encoding +last-modified: Tue, 10 Mar 2026 14:34:29 GMT +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + + +0.031588 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/secure_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/secure_mim4u_org_https_headers.txt new file mode 100644 index 0000000..41730de --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/secure_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:04 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/status_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/status_d-bis_org_https_headers.txt new file mode 100644 index 0000000..662c557 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/status_d-bis_org_https_headers.txt @@ -0,0 +1,2 @@ + +0.015765 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/studio_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/studio_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..1fccec3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/studio_sankofa_nexus_https_headers.txt @@ -0,0 +1,11 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:35 GMT +content-type: text/html; charset=utf-8 +content-length: 4067 +vary: Accept-Encoding +accept-ranges: bytes +last-modified: Sat, 28 Feb 2026 16:54:14 GMT +etag: "c7772edca86cad691e9159bf4b3d84cc" + + +0.068128 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..32a7a7e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:56 GMT +content-type: text/html; charset=utf-8 +content-length: 5165 +vary: Accept-Encoding +x-dns-prefetch-control: on +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-frame-options: SAMEORIGIN +x-content-type-options: nosniff +x-xss-protection: 0 +referrer-policy: strict-origin-when-cross-origin +permissions-policy: camera=(), microphone=(), geolocation=() +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https: +vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding +cache-control: s-maxage=31536000, stale-while-revalidate +etag: "jzlo1xjk1r3zb" +alt-svc: h3=":443"; ma=86400 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/training_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/training_mim4u_org_https_headers.txt new file mode 100644 index 0000000..7b1a8b6 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/training_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:34:05 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/verification_report.md b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/verification_report.md new file mode 100644 index 0000000..9b1ece4 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/verification_report.md @@ -0,0 +1,605 @@ +# End-to-End Routing Verification Report + +**Date**: 2026-03-30T13:34:19-07:00 +**Public IP**: 76.53.10.36 +**Profile**: all +**Verifier**: intlc + +## All endpoints (62) + +| Domain | Type | URL | +|--------|------|-----| +| admin.d-bis.org | web | https://admin.d-bis.org | +| admin.sankofa.nexus | web | https://admin.sankofa.nexus | +| blockscout.defi-oracle.io | web | https://blockscout.defi-oracle.io | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | +| core.d-bis.org | web | https://core.d-bis.org | +| d-bis.org | web | https://d-bis.org | +| dapp.d-bis.org | web | https://dapp.d-bis.org | +| dash.sankofa.nexus | web | https://dash.sankofa.nexus | +| data.d-bis.org | api | https://data.d-bis.org | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | +| dev.d-bis.org | web | https://dev.d-bis.org | +| developers.d-bis.org | web | https://developers.d-bis.org | +| docs.d-bis.org | web | https://docs.d-bis.org | +| explorer.d-bis.org | web | https://explorer.d-bis.org | +| gitea.d-bis.org | web | https://gitea.d-bis.org | +| identity.d-bis.org | web | https://identity.d-bis.org | +| interop.d-bis.org | web | https://interop.d-bis.org | +| keycloak.sankofa.nexus | web | https://keycloak.sankofa.nexus | +| members.d-bis.org | web | https://members.d-bis.org | +| mifos.d-bis.org | web | https://mifos.d-bis.org | +| mim4u.org | web | https://mim4u.org | +| ops.d-bis.org | web | https://ops.d-bis.org | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | +| policy.d-bis.org | web | https://policy.d-bis.org | +| portal.sankofa.nexus | web | https://portal.sankofa.nexus | +| research.d-bis.org | web | https://research.d-bis.org | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | +| rpc-fireblocks.d-bis.org | rpc-http | https://rpc-fireblocks.d-bis.org | +| rpc-http-prv.d-bis.org | rpc-http | https://rpc-http-prv.d-bis.org | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | +| rpc-ws-prv.d-bis.org | rpc-ws | https://rpc-ws-prv.d-bis.org | +| rpc-ws-pub.d-bis.org | rpc-ws | https://rpc-ws-pub.d-bis.org | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | +| sandbox.d-bis.org | web | https://sandbox.d-bis.org | +| sankofa.nexus | web | https://sankofa.nexus | +| secure.d-bis.org | web | https://secure.d-bis.org | +| secure.mim4u.org | web | https://secure.mim4u.org | +| status.d-bis.org | web | https://status.d-bis.org | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | +| training.mim4u.org | web | https://training.mim4u.org | +| ws.rpc-fireblocks.d-bis.org | rpc-ws | https://ws.rpc-fireblocks.d-bis.org | +| ws.rpc.d-bis.org | rpc-ws | https://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | rpc-ws | https://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | rpc-ws | https://wss.defi-oracle.io | +| www.d-bis.org | web | https://www.d-bis.org | +| www.mim4u.org | web | https://www.mim4u.org | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | +| www.sankofa.nexus | web | https://www.sankofa.nexus | +| www.the-order.sankofa.nexus | web | https://www.the-order.sankofa.nexus | + +## Summary + +- **Total domains tested**: 62 +- **DNS tests passed**: 51 +- **HTTPS tests passed**: 32 +- **Failed tests**: 0 +- **Skipped / optional (not configured or unreachable)**: 11 +- **Average response time**: 0.0541239534883721s + +## Results overview + +| Domain | Type | DNS | SSL | HTTPS | RPC | +|--------|------|-----|-----|-------|-----| +| ws.rpc-fireblocks.d-bis.org | rpc-ws | pass | pass | - | - | +| dbis-admin.d-bis.org | web | pass | pass | pass | - | +| core.d-bis.org | web | pass | pass | pass | - | +| rpc-alltra-3.d-bis.org | rpc-http | pass | pass | - | pass | +| mifos.d-bis.org | web | pass | pass | pass | - | +| members.d-bis.org | web | skip | skip | skip | - | +| admin.sankofa.nexus | web | pass | pass | pass | - | +| dash.sankofa.nexus | web | skip | skip | skip | - | +| rpc-hybx-2.d-bis.org | rpc-http | pass | pass | - | pass | +| research.d-bis.org | web | skip | skip | skip | - | +| policy.d-bis.org | web | skip | skip | skip | - | +| portal.sankofa.nexus | web | pass | pass | pass | - | +| cacti-hybx.d-bis.org | web | pass | pass | pass | - | +| developers.d-bis.org | web | skip | skip | skip | - | +| sankofa.nexus | web | pass | pass | pass | - | +| rpc-alltra.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-pub.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.public-0138.defi-oracle.io | rpc-http | pass | pass | - | pass | +| studio.sankofa.nexus | web | pass | pass | pass | - | +| www.d-bis.org | web | pass | pass | pass | - | +| dbis-api.d-bis.org | api | pass | pass | pass | - | +| interop.d-bis.org | web | skip | skip | skip | - | +| docs.d-bis.org | web | pass | pass | pass | - | +| identity.d-bis.org | web | skip | skip | skip | - | +| rpc-hybx-3.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc.d-bis.org | rpc-http | pass | pass | - | pass | +| dapp.d-bis.org | web | pass | pass | pass | - | +| ops.d-bis.org | web | skip | skip | skip | - | +| www.sankofa.nexus | web | pass | pass | pass | - | +| www.the-order.sankofa.nexus | web | pass | pass | pass | - | +| keycloak.sankofa.nexus | web | pass | pass | pass | - | +| mim4u.org | web | pass | pass | pass | - | +| data.d-bis.org | api | skip | skip | skip | - | +| sandbox.d-bis.org | web | skip | skip | skip | - | +| ws.rpc.d-bis.org | rpc-ws | pass | pass | - | - | +| phoenix.sankofa.nexus | web | pass | pass | pass | - | +| www.mim4u.org | web | pass | pass | pass | - | +| wss.defi-oracle.io | rpc-ws | pass | pass | - | - | +| the-order.sankofa.nexus | web | pass | pass | pass | - | +| rpc2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-ws-pub.d-bis.org | rpc-ws | pass | pass | - | - | +| dev.d-bis.org | web | pass | pass | pass | - | +| admin.d-bis.org | web | pass | pass | pass | - | +| status.d-bis.org | web | skip | skip | skip | - | +| rpc-alltra-2.d-bis.org | rpc-http | pass | pass | - | pass | +| rpc-http-prv.d-bis.org | rpc-http | pass | pass | - | pass | +| www.phoenix.sankofa.nexus | web | pass | pass | pass | - | +| gitea.d-bis.org | web | pass | pass | pass | - | +| secure.mim4u.org | web | pass | pass | pass | - | +| rpc-fireblocks.d-bis.org | rpc-http | pass | pass | - | pass | +| explorer.d-bis.org | web | pass | pass | pass | - | +| training.mim4u.org | web | pass | pass | pass | - | +| blockscout.defi-oracle.io | web | pass | pass | pass | - | +| dbis-api-2.d-bis.org | api | pass | pass | pass | - | +| d-bis.org | web | pass | pass | pass | - | +| secure.d-bis.org | web | pass | pass | pass | - | +| rpc-hybx.d-bis.org | rpc-http | pass | pass | - | pass | +| codespaces.d-bis.org | web | pass | pass | pass | - | +| rpc.defi-oracle.io | rpc-http | pass | pass | - | pass | +| rpc-ws-prv.d-bis.org | rpc-ws | pass | pass | - | - | +| ws.rpc2.d-bis.org | rpc-ws | pass | pass | - | - | +| cacti-alltra.d-bis.org | web | pass | pass | pass | - | + +## Test Results by Domain (detail) + + +### ws.rpc-fireblocks.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dbis-admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### core.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### mifos.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### members.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### admin.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dash.sankofa.nexus +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### research.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### policy.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### portal.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### cacti-hybx.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### developers.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-alltra.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-pub.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.public-0138.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### studio.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### dbis-api.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### interop.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### docs.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### identity.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-hybx-3.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### dapp.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### ops.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### www.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### keycloak.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### data.d-bis.org +- Type: api +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### sandbox.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### ws.rpc.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### www.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### wss.defi-oracle.io +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### the-order.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-pub.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### dev.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### admin.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### status.d-bis.org +- Type: web +- DNS: skip +- SSL: skip +- HTTPS: skip +- Details: See `all_e2e_results.json` + +### rpc-alltra-2.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-http-prv.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### www.phoenix.sankofa.nexus +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### gitea.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-fireblocks.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### explorer.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### training.mim4u.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### blockscout.defi-oracle.io +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Blockscout API: pass +- Details: See `all_e2e_results.json` + +### dbis-api-2.d-bis.org +- Type: api +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### secure.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc-hybx.d-bis.org +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### codespaces.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +### rpc.defi-oracle.io +- Type: rpc-http +- DNS: pass +- SSL: pass +- RPC: pass +- Details: See `all_e2e_results.json` + +### rpc-ws-prv.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### ws.rpc2.d-bis.org +- Type: rpc-ws +- DNS: pass +- SSL: pass +- Details: See `all_e2e_results.json` + +### cacti-alltra.d-bis.org +- Type: web +- DNS: pass +- SSL: pass +- HTTPS: pass +- Details: See `all_e2e_results.json` + +## Files Generated + +- `all_e2e_results.json` - Complete E2E test results +- `*_https_headers.txt` - HTTP response headers per domain +- `*_rpc_response.txt` - RPC response per domain +- `verification_report.md` - This report + +## Notes + +- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode. +- WebSocket tests require `wscat` tool: `npm install -g wscat` +- OpenSSL fetch uses `timeout` (`E2E_OPENSSL_TIMEOUT` / `E2E_OPENSSL_X509_TIMEOUT`, defaults 15s / 5s) so `openssl s_client` cannot hang indefinitely +- Internal connectivity tests require access to NPMplus container +- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md + +## Next Steps + +1. Review test results for each domain +2. Investigate any failed tests +3. Test WebSocket connections for RPC WS domains (if wscat available) +4. Test internal connectivity from NPMplus container +5. Update source-of-truth JSON after verification diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_d-bis_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_d-bis_org_https_headers.txt new file mode 100644 index 0000000..7a9546e --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_d-bis_org_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 20:33:35 GMT +content-type: text/html +content-length: 134 +location: https://d-bis.org/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.033800 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_mim4u_org_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_mim4u_org_https_headers.txt new file mode 100644 index 0000000..838b044 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_mim4u_org_https_headers.txt @@ -0,0 +1,20 @@ +HTTP/2 200 +date: Mon, 30 Mar 2026 20:33:50 GMT +content-type: text/html +content-length: 2710 +vary: Accept-Encoding +last-modified: Fri, 27 Feb 2026 06:24:33 GMT +etag: "69a138a1-a96" +accept-ranges: bytes +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +referrer-policy: strict-origin-when-cross-origin +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests + diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_phoenix_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_phoenix_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..b1d7cba --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_phoenix_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 20:34:04 GMT +content-type: text/html +content-length: 134 +location: https://phoenix.sankofa.nexus/health +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.040832 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..f81fefb --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_sankofa_nexus_https_headers.txt @@ -0,0 +1,14 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 20:33:38 GMT +content-type: text/html +content-length: 134 +location: https://sankofa.nexus/ +alt-svc: h3=":443"; ma=86400 +x-xss-protection: 0 +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +content-security-policy: upgrade-insecure-requests +strict-transport-security: max-age=63072000; includeSubDomains; preload + + +0.030194 diff --git a/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_the-order_sankofa_nexus_https_headers.txt b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_the-order_sankofa_nexus_https_headers.txt new file mode 100644 index 0000000..34070e3 --- /dev/null +++ b/docs/04-configuration/verification-evidence/e2e-verification-20260330_133323/www_the-order_sankofa_nexus_https_headers.txt @@ -0,0 +1,8 @@ +HTTP/2 301 +date: Mon, 30 Mar 2026 20:33:38 GMT +content-type: text/html +content-length: 134 +location: https://the-order.sankofa.nexus/ + + +0.034207 diff --git a/docs/07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md b/docs/07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md index e934d8b..d463e44 100644 --- a/docs/07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md +++ b/docs/07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md @@ -1,6 +1,6 @@ # CCIP Bridge ↔ Ethereum Mainnet Connection -**Last Updated:** 2026-02-12 +**Last Updated:** 2026-03-29 **Status:** Active --- @@ -93,6 +93,200 @@ Config defaults in `services/relay/src/config.js` point to the router and bridge ``` (1e15 wei = 0.001 WETH.) +## Live Execution Evidence + +### 2026-03-29 — Chain 138 to Ethereum mainnet test send + +**Source-chain send** + +- Chain 138 bridge: `0xcacfd227A040002e49e2e01626363071324f820a` +- Source router: `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` +- Source tx hash: `0x5c4aab3d425c8d85b5f64eba595f6a107e1034009ae74a8e5647ad6639032566` +- Chain 138 block: `3403748` +- Message ID: `0x19656fe758fc0e36ce5ce16ad9101e76c9eae19e5ed6bea08335dfb664215edc` +- Recipient: `0x4A666F96fC8764181194447A7dFdb7d471b301C8` +- Amount: `10000000000000000` wei (`0.01 WETH`) +- Status: source-chain tx `success` + +**Verified source evidence** + +- `MessageSent` was emitted by the Chain 138 router in source tx `0x5c4aab3d425c8d85b5f64eba595f6a107e1034009ae74a8e5647ad6639032566`. +- The router event encoded the expected destination bridge `0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939`, recipient `0x4A666F96fC8764181194447A7dFdb7d471b301C8`, and amount `0.01 WETH`. + +**Initial destination-chain verification** + +- Destination bridge checked: `0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939` +- Ethereum receiver bridge has live code and reports `weth9() = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2`. +- `processedTransfers(0x19656fe758fc0e36ce5ce16ad9101e76c9eae19e5ed6bea08335dfb664215edc)` remained `false` across repeated checks at: + - `2026-03-30T02:44:48Z` + - `2026-03-30T02:45:48Z` + - `2026-03-30T02:46:50Z` + - `2026-03-30T02:47:52Z` + - `2026-03-30T02:48:53Z` +- No `CrossChainTransferCompleted` logs were found on the destination bridge over Ethereum block range `24765000..latest` during the initial verification window. + +**Relay repair and replay execution** + +- Host repaired: `r630-01` +- Local repo relay implementation was newer than the deployed host version: + - replaced deployed `services/relay/src/config.js` + - replaced deployed `services/relay/src/RelayService.js` +- Disabled stale relay override file on the host: + - prior `services/relay/.env.local` was pointing at an old Chain 138 router and bridge + - relay now uses the current source router `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` + - relay now uses the current source bridge `0xcacfd227A040002e49e2e01626363071324f820a` +- Replay window used for repair: + - temporarily set `START_BLOCK=3403747` + - restarted `ccip-relay.service` +- Verified relay recovery from journal: + - relay re-detected the historical `MessageSent` + - relay queued message ID `0x19656fe758fc0e36ce5ce16ad9101e76c9eae19e5ed6bea08335dfb664215edc` + - relay submitted destination tx `0x87e3d401c498781fabb1289be283af2244add3ab768dfca00027e9d4e270318d` + +**Destination replay transaction result** + +- Destination relay tx: `0x87e3d401c498781fabb1289be283af2244add3ab768dfca00027e9d4e270318d` +- Ethereum block: `24767607` +- Status: `0 (failed)` +- Gas used: `65823` +- Router-level revert surfaced by receipt: + - `CCIPRelayRouter: relay failed` +- After the failed replay: + - `processedTransfers(0x19656fe758fc0e36ce5ce16ad9101e76c9eae19e5ed6bea08335dfb664215edc)` still `false` + - relay bridge WETH balance remained `2634280582011289` wei (`0.002634280582011289 WETH`) + - no `CrossChainTransferCompleted` event was emitted + +**SwapRouter / EnhancedSwapRouter / pool findings** + +- `SwapRouter` (`0xC2FA05F12a75Ac84ea778AF9D6935cA807275E55`) + - WETH balance: `0` + - ETH balance: `0` +- `EnhancedSwapRouter` (`0x53Bb0218483A189eBd6AE8Ec87139aeb93423E00`) + - WETH balance: `0` + - ETH balance: `0` +- `LiquidityPoolETH` (`0x603e078eb5Cca4F5c817A2F76D073f924D7272d3`) showed accounting drift on Ethereum mainnet: + - actual native ETH balance: `0` + - actual WETH balance: `500125031257814` wei (`0.000500125031257814 WETH`) + - contract accounting still reported: + - ETH available liquidity: `15000000000000000` wei (`0.015 ETH`) + - WETH available liquidity: `1000000000000000` wei (`0.001 WETH`) +- The relayer address `0x4A666F96fC8764181194447A7dFdb7d471b301C8` is recorded as the LP for those pool balances, but direct withdrawals proved the accounting drift is real: + - ETH-side withdrawal reverted with `LiquidityPoolETH: ETH transfer failed` + - WETH-side withdrawal reverted with `FailedInnerCall` +- Operational consequence: + - neither `SwapRouter` nor `EnhancedSwapRouter` is a funding source for this payout + - the trustless pool path cannot currently self-fund the missing relay-bridge WETH because the live balances do not match the pool’s own accounting + +**Verified blockers** + +1. **Insufficient relay-bridge liquidity on Ethereum mainnet** + - Mainnet relay bridge WETH balance at verification time: + - `2634280582011289` wei (`0.002634280582011289 WETH`) + - Required payout for this message: + - `10000000000000000` wei (`0.01 WETH`) + - Shortfall: + - `7365719417988711` wei (`0.007365719417988711 WETH`) + - Deployer liquidity on mainnet at verification time: + - WETH balance: `0` + - ETH balance: `3345428710812742` wei (`0.003345428710812742 ETH`) + - Result: the message cannot be paid out on Ethereum mainnet until the relay bridge is funded by another mainnet wallet. + +2. **Relay service source polling instability** + - Host: `r630-01` + - Service: `ccip-relay.service` + - Status during verification: `active (running)` + - Journal showed repeated source filter errors: + - `eth_getFilterChanges ... Filter not found` + - This was repaired on `2026-03-29`: the deployed relay code was updated, the stale host `.env.local` override was disabled, and the message was successfully replayed into a destination tx. + - The source-side relay issue is no longer the active blocker for this message. + +3. **Destination-side execution is still blocked after relay repair** + - The repaired relay successfully replayed the historical message and submitted destination tx `0x87e3d401c498781fabb1289be283af2244add3ab768dfca00027e9d4e270318d`. + - That tx mined and reverted in block `24767607` with router-level revert `CCIPRelayRouter: relay failed`. + - Because the relay bridge balance stayed unchanged and `processedTransfers(messageId)` remained `false`, the live failure is still downstream of source detection and upstream of payout completion. + +**Operational conclusion** + +- The Chain 138 send is verified. +- The original Ethereum receive was blocked by **destination execution + liquidity/accounting**, not by the source send. + +### 2026-03-29 — Recovery path and successful completion + +**Bootstrap funding path that was actually used** + +1. `138 -> Gnosis` was tested first but is not a live lane because Chain 138 emits through the custom router `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` while the native Gnosis bridge expects the public Chainlink router. +2. `138 -> Avalanche` and `138 -> BSC` native-bridge onward paths were evaluated next; Avalanche and BSC native CCIP continuation were not usable for direct onward mainnet forwarding because fee quoting on the official bridge path reverted. +3. The working recovery path was: + - send WETH from Chain 138 to the **BSC relay-backed receiver** + - unwrap received WETH into native BNB + - bridge BNB to Ethereum mainnet using LiFi / Across + - wrap enough ETH into WETH on mainnet + - fund the mainnet relay bridge + - manually replay the original historical message into `CCIPRelayRouter` + +**Chain 138 to BSC recovery send** + +- Chain 138 WETH approve: `0xba583659911a3cc1a59bea74b5b80bdfb7298532a755cd8e9ac358abd220f11d` +- Chain 138 LINK approve: `0x5d285fa6e00dbdcb85ae31acfd99fd46f521a6b4939d5bfc65d4ee0f922dd7f5` +- Chain 138 send tx: `0xe129f55a6c39988938fcb33e670bfe35d9ee8d8c46d9c5ffea4264db04587b23` +- Chain 138 block: `3407959` +- Recovery message ID on the BSC lane: `0x55a733ad50c86cb835726bcd77b9e8a8d8bae373bb9acf86f3aa0f2b9776b1fe` +- Send amount: `8000000000000000` wei (`0.008 WETH`) +- BSC destination completion tx on the relay bridge: `0xed9aee1eb6b2d7b8cd469cc462ce596b567430506fdee210106766c3c0313b6c` +- BSC destination block: `89548802` +- Post-delivery verification: + - `processedTransfers(0x55a733ad50c86cb835726bcd77b9e8a8d8bae373bb9acf86f3aa0f2b9776b1fe) = true` + - BSC deployer wrapped balance became `8000000000000000` + +**BSC unwrap and external bridge to Ethereum mainnet** + +- BSC unwrap tx: `0x55f2ae4804a958c0c66277c5f68f54ea7cc67d97f17eacd375dec2c63b853257` +- BSC unwrap block: `89549047` +- Unwrapped amount: `8000000000000000` wei into native BNB +- External bridge route used: LiFi `AcrossV4` +- LiFi route id: `7ea2e28a-e54e-4575-8682-5f6ffb99ed73:0` +- BSC external bridge tx: `0x5b55384778e40b4a603c9fe827d4fd49931ce5347835f5869c62d64a7f49c9f4` +- BSC external bridge block: `89549501` +- Bridged value: `15000000000000000` wei native BNB +- Quoted mainnet receive: `4485724498682976` wei ETH + +**Mainnet relay-bridge funding** + +- Mainnet WETH wrap tx: `0x7d78e415ab876263100039d77475ccdfae71c06cbcaece3fbfae63f53248637d` +- Mainnet relay-bridge funding tx: `0x604a999ccf95ab915caa7b3d2175d5b61391f915441b388a6fe33a67c77ba841` +- Mainnet funding blocks: `24768164` and `24768165` +- Exact shortfall funded: `7365719417988711` wei (`0.007365719417988711 WETH`) +- Relay bridge balance after funding: `10000000000000000` wei (`0.01 WETH`) + +**Manual replay that completed the original stuck message** + +- Manual replay tx: `0x7d1302d1e63c6e5957e3476e370a071797c4d5870cfbc81f2a55f4cf83dcb07d` +- Ethereum block: `24768179` +- Status: `1 (success)` +- Gas used: `93643` +- Transfer path observed in logs: + - WETH transferred from `0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939` + - WETH received by `0x4A666F96fC8764181194447A7dFdb7d471b301C8` + - `CrossChainTransferCompleted` emitted by the relay bridge + - `MessageRelayed` emitted by the relay router + +**Final completion checks** + +- `processedTransfers(0x19656fe758fc0e36ce5ce16ad9101e76c9eae19e5ed6bea08335dfb664215edc) = true` +- Recipient mainnet WETH balance: `10000000000000000` wei (`0.01 WETH`) +- Relay bridge WETH balance after payout: `0` +- Mainnet recipient ETH balance remained positive for gas after completion. + +**Operational conclusion** + +- The original Chain 138 `0.01 WETH` send to Ethereum mainnet is now **fully completed**. +- The failure mode was recoverable by sourcing missing liquidity from a relay-supported public-chain lane and manually replaying the original message after funding. +- For future incidents of this specific class, the fastest working runbook is: + 1. verify the original message ID is still unprocessed on mainnet + 2. source missing WETH through a relay-supported public-chain route + 3. fund the mainnet relay bridge with the exact shortfall + 4. replay the historical message directly into `CCIPRelayRouter.relayMessage(...)` + --- ## References diff --git a/docs/07-ccip/CHAIN138_PUBLIC_CHAIN_UNLOAD_ROUTES.md b/docs/07-ccip/CHAIN138_PUBLIC_CHAIN_UNLOAD_ROUTES.md new file mode 100644 index 0000000..5b73fab --- /dev/null +++ b/docs/07-ccip/CHAIN138_PUBLIC_CHAIN_UNLOAD_ROUTES.md @@ -0,0 +1,75 @@ +# Chain 138 Public-Chain Unload Routes + +Status date: March 29, 2026 + +This is the reviewed practical route set for unloading WETH from Chain 138 onto public chains using the live WETH9 topology. + +## What changed in the review + +- `WETH9` is still the only funding rail to use. `WETH10` remains drifted and is not the basis for route creation. +- `SwapRouter` and `EnhancedSwapRouter` are not liquidity sources. They do not change the unload plan. +- The Chain 138 router is a custom event emitter, not a native public-CCIP delivery path. A destination mapping on Chain 138 does not by itself make a lane live. +- The earlier `138 -> Gnosis` native-bridge attempt failed for this exact reason, so the practical route graph must be built around the relay-backed lanes and the mainnet hub. +- The mainnet stuck transfer proved a working recovery pattern: + - unload from Chain 138 onto a reachable public chain + - convert or forward that value as needed + - top up the destination bridge or relay inventory + - replay the blocked message if required + +## Current route matrix + +| Chain | Practical route today | Current prerequisite | Best route today | +| --- | --- | --- | --- | +| Mainnet | Relay-backed direct | Mainnet relay bridge must hold enough WETH | Direct `138 -> Mainnet` only when relay inventory is seeded | +| BSC | Relay-backed direct | BSC relay bridge only covers tiny sends right now | Small direct `138 -> BSC`, or bootstrap mainnet then fan out | +| Avalanche | Relay-backed direct | Avalanche relay bridge only covers tiny sends right now | Tiny direct sends only, or top up Avalanche relay inventory | +| Gnosis | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Gnosis` | +| Cronos | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Cronos` | +| Celo | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Celo` | +| Polygon | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Polygon` | +| Arbitrum | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Arbitrum` | +| Optimism | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Optimism` | +| Base | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Base` | +| WEMIX | Not deployed | No | Deploy and wire the bridge first | + +## Operational meaning + +- The only practical first-hop lanes out of Chain 138 today are the relay-backed ones: `Mainnet`, `BSC`, and `Avalanche`. +- The native bridge mappings on `Gnosis`, `Cronos`, `Celo`, `Polygon`, `Arbitrum`, `Optimism`, and `Base` are still useful as destination addresses for the mainnet hub, but they are not themselves proof of a live `138 -> chain` delivery path. +- `Mainnet` is the real fan-out hub once it has been bootstrapped from Chain 138. +- `WEMIX` is still outside the unload set because bridge deployment and seeding are missing. + +## Exact route helper + +Use the live route printer here: + +```bash +cd /home/intlc/projects/proxmox/smom-dbis-138 +./scripts/deployment/print-chain138-public-chain-unload-routes.sh +``` + +Useful options: + +```bash +TARGET_CHAIN=gnosis ./scripts/deployment/print-chain138-public-chain-unload-routes.sh +UNLOAD_AMOUNT_WEI=30000000000000000 ./scripts/deployment/print-chain138-public-chain-unload-routes.sh +RECIPIENT=0x1234... TARGET_CHAIN=polygon ./scripts/deployment/print-chain138-public-chain-unload-routes.sh +``` + +The helper prints: + +- the configured Chain 138 mapping and the practical route for each chain +- the live prerequisite for using that route now +- exact `cast send` commands for relay-backed `138 -> chain` lanes +- exact `cast send` commands for `Mainnet -> chain` fan-out once mainnet is bootstrapped +- relay worker commands for `Mainnet`, `BSC`, and `Avalanche` + +## Relay profiles + +Tracked relay profiles now available in `smom-dbis-138/services/relay/`: + +- `.env` for mainnet relay +- `.env.bsc` for BSC relay +- `.env.avax` for Avalanche relay + +That means `./start-relay.sh avax` is now aligned with the README and no longer depends on a local-only `.env.local` override. diff --git a/docs/07-ccip/CROSS_NETWORK_FUNDING_BOOTSTRAP_STRATEGY.md b/docs/07-ccip/CROSS_NETWORK_FUNDING_BOOTSTRAP_STRATEGY.md new file mode 100644 index 0000000..b2afc86 --- /dev/null +++ b/docs/07-ccip/CROSS_NETWORK_FUNDING_BOOTSTRAP_STRATEGY.md @@ -0,0 +1,134 @@ +# Cross-Network Funding Bootstrap Strategy + +Status date: March 29, 2026 + +This runbook captures the practical funding graph from Chain 138 after the live relay and recovery work. + +## Core constraint + +Chain 138 uses a custom router that emits `MessageSent` events but does not natively deliver into public-chain CCIP bridges. + +That means: + +- a native destination mapping like `138 -> Gnosis` is configuration signal, not proof of a live route +- the practical first-hop routes out of Chain 138 are the relay-backed lanes +- the other public chains are best treated as destinations of the mainnet hub after mainnet is funded + +This is confirmed by live execution: + +- the relay-backed `138 -> BSC` route worked and was used to bootstrap mainnet +- the original stuck `138 -> Mainnet` transfer was completed after relay funding and replay +- the earlier `138 -> Gnosis` native-bridge attempt did not produce a live delivery path + +## Practical route matrix + +| Chain | Practical route today | Current prerequisite | Best use | +| --- | --- | --- | --- | +| Mainnet | Relay-backed direct | Mainnet relay bridge must hold enough WETH | Direct `138 -> Mainnet` when relay inventory is funded | +| BSC | Relay-backed direct | BSC relay bridge only covers tiny sends right now | Small direct `138 -> BSC`, or bootstrap mainnet through BSC | +| Avalanche | Relay-backed direct | Avalanche relay bridge only covers tiny sends right now | Tiny direct sends only, or top up inventory first | +| Gnosis | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Gnosis` | +| Cronos | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Cronos` | +| Celo | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Celo` | +| Polygon | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Polygon` | +| Arbitrum | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Arbitrum` | +| Optimism | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Optimism` | +| Base | Via mainnet hub | Bootstrap mainnet first | `138 -> Mainnet`, then `Mainnet -> Base` | +| WEMIX | Deploy-first | Bridge not deployed and no gas seed | Deploy and seed first | + +## Best strategy now + +### 1. Keep mainnet as the hub + +This is the best practical topology. + +Why: + +- `138 -> Mainnet` is a real relay-backed route when the relay bridge has WETH +- mainnet already has enabled fan-out mappings for Gnosis, Cronos, Celo, Polygon, Arbitrum, Optimism, and Base +- the successful recovery proved that topping up mainnet relay inventory and replaying is operationally viable + +### 2. Use BSC as the bootstrap and recovery helper + +BSC is the best non-mainnet first hop today because: + +- the relay-backed lane is live +- deployer already has native BNB gas +- external bridging from BSC into mainnet is easy + +Current limitation: + +- BSC relay inventory is only large enough for tiny sends right now + +Operational use: + +- use it for small bootstrap steps +- use it to refill mainnet when mainnet relay inventory is empty + +### 3. Treat Avalanche as a tiny-send lane until it is topped up + +Avalanche is structurally similar to BSC but currently weaker because: + +- the relay-backed lane exists +- deployer has native gas +- relay inventory is present but still below the `0.01` WETH working threshold + +### 4. Treat the native-mapped chains as mainnet destinations + +Gnosis, Cronos, Celo, Polygon, Arbitrum, Optimism, and Base are still valuable, but their practical role is: + +- `Mainnet -> target` destinations after mainnet bootstrap +- not proven direct Chain 138 first hops + +## What to keep funded + +The highest-payoff balances to maintain are: + +1. Mainnet relay bridge WETH +2. Mainnet bridge LINK +3. BSC relay bridge WETH +4. Avalanche relay bridge WETH if Avalanche is needed + +Cleaning up legacy return paths back to Chain 138 is still worthwhile, but it is lower priority than keeping the relay-backed lanes liquid. + +## Exact helpers + +Live route printer: + +```bash +cd /home/intlc/projects/proxmox/smom-dbis-138 +./scripts/deployment/print-chain138-public-chain-unload-routes.sh +``` + +Focused examples: + +```bash +TARGET_CHAIN=mainnet ./scripts/deployment/print-chain138-public-chain-unload-routes.sh +TARGET_CHAIN=bsc ./scripts/deployment/print-chain138-public-chain-unload-routes.sh +TARGET_CHAIN=polygon ./scripts/deployment/print-chain138-public-chain-unload-routes.sh +UNLOAD_AMOUNT_WEI=30000000000000000 ./scripts/deployment/print-chain138-public-chain-unload-routes.sh +``` + +Live audit: + +```bash +cd /home/intlc/projects/proxmox/smom-dbis-138 +./scripts/deployment/audit-funding-bootstrap-routes.sh +``` + +## Recommended execution order + +1. Audit the current route and inventory state. +2. If mainnet relay inventory is sufficient, use direct `138 -> Mainnet`. +3. If mainnet relay inventory is insufficient, use `138 -> BSC` plus the proven external BSC -> Mainnet bridge pattern to refill mainnet. +4. Once mainnet is funded, fan out `Mainnet -> target` for Gnosis, Cronos, Celo, Polygon, Arbitrum, Optimism, and Base. +5. Seed Avalanche relay inventory only if Avalanche needs to become an active first hop too. + +## Bottom line + +The practical route graph is now: + +- first hop from Chain 138 through the relay-backed lanes +- keep mainnet funded and use it as the hub +- use BSC as the proven bootstrap and recovery helper +- treat the native-mapped public-chain bridges as mainnet destinations unless a dedicated relay is added for them diff --git a/docs/07-ccip/CW_BRIDGE_APPROACH.md b/docs/07-ccip/CW_BRIDGE_APPROACH.md index 8267e28..b2e3926 100644 --- a/docs/07-ccip/CW_BRIDGE_APPROACH.md +++ b/docs/07-ccip/CW_BRIDGE_APPROACH.md @@ -2,7 +2,7 @@ **Created:** 2026-02-27 **Status:** Decided — Option 2 (dedicated cW* receiver) -**Related:** [CW_BRIDGE_TASK_LIST.md](../00-meta/CW_BRIDGE_TASK_LIST.md) +**Related:** [CW_BRIDGE_TASK_LIST.md](../00-meta/CW_BRIDGE_TASK_LIST.md), [CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md](CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md) --- @@ -10,11 +10,23 @@ **Chosen: Option 2 — Deploy dedicated cW* receiver per chain.** +In operator terminology, this dedicated cW stack is the **GRU Monetary Transport Layer** (short name: **GRU Transport**). Chain 138 remains the canonical monetary layer for `c*`, while public chains carry `cW*` as **Compliant Wrapped ISO-4217 M1** instruments. + - **Option 1 (extend existing bridge):** Would require changing CCIPWETH9Bridge / CCIPRelayBridge to accept more than WETH9 and mint cW* in `ccipReceive`. That mixes WETH and cW* in one contract and complicates upgrades. - **Option 2 (dedicated receiver):** Use a contract that only handles cW* mint-on-receive and burn-on-send (e.g. **TwoWayTokenBridgeL2** or a minimal **CCIPReceiverCW**). Keeps WETH bridges unchanged; cW* flow is separate and easier to reason about. **Concrete choice:** Use **TwoWayTokenBridgeL2** (or equivalent) per (chain, token) — one deployment per chain for cWUSDT and one for cWUSDC, or a generic receiver that supports multiple cW* via message data. **CompliantWrappedToken** is extended with **burnFrom** so TwoWayTokenBridgeL2’s outbound `burnFrom` works (Phase C1). +For the hard-peg rollout described in [CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md](CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md), the stricter production path is now the dedicated multi-token pair: + +- [`CWMultiTokenBridgeL1.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol) on Chain 138 with canonical-token allowlists, locked-balance accounting, and per-destination outstanding ceilings +- [`CWReserveVerifier.sol`](../../smom-dbis-138/contracts/bridge/integration/CWReserveVerifier.sol) on Chain 138 to gate new outbound wraps using vault-backing and reserve-system checks +- [`CWMultiTokenBridgeL2.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol) on the destination chain with frozen token-pair / peer config plus minted/burned supply telemetry + +Activation and public exposure for that stack are now gated by [`config/gru-transport-active.json`](../../config/gru-transport-active.json), which sits on top of the broader mapping and deployment JSONs. + +Standardization rule: the GRU transport overlay should enable every public chain that is already structurally compatible for the active canonical set, meaning the repo has a `138 -> chain` mapping, non-zero `cW*` deployment addresses, and `bridgeAvailable: true`. This keeps the methodology consistent across public chains without overstating chains that are still design-only. + --- ## 2. Flow 138 → chain (lock c* on 138, mint cW* on destination) @@ -55,6 +67,8 @@ | **Send from 138 (lock c*, send CCIP)** | UniversalCCIPBridge (with c* and cW* receiver config) or dedicated lock-and-send contract. Receiver address = TwoWayTokenBridgeL2 on destination. | | **Receive on 138 (release c*)** | L1 bridge or release contract (existing or new) that credits recipient when message received from destination chain. | +For hard-peg bridge pairs, replace the generic sender/receiver row above with `CWMultiTokenBridgeL1` + `CWReserveVerifier` + `CWMultiTokenBridgeL2` and complete the extra strict-mode wiring in [CW_DEPLOY_AND_WIRE_RUNBOOK.md](CW_DEPLOY_AND_WIRE_RUNBOOK.md). + --- ## 5. References @@ -62,4 +76,5 @@ - [TwoWayTokenBridgeL2.sol](../../smom-dbis-138/contracts/bridge/TwoWayTokenBridgeL2.sol) — Mint on receive, burnAndSend for outbound. - [CompliantWrappedToken.sol](../../smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol) — mint, burn, burnFrom (Phase C1). - [CW_BRIDGE_TASK_LIST.md](../00-meta/CW_BRIDGE_TASK_LIST.md) — Full task list and phases. +- [CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md](CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md) — Concrete hard 1:1 redemption-peg architecture for `cWUSDC` and `cWUSDT`. - [CW_DEPLOY_AND_WIRE_RUNBOOK.md](CW_DEPLOY_AND_WIRE_RUNBOOK.md) — Operator steps to deploy cW*, wire config, verify. diff --git a/docs/07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md b/docs/07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md index 17947c2..823647c 100644 --- a/docs/07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md +++ b/docs/07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md @@ -11,12 +11,34 @@ - For **cross-chain mint** to work, the bridge at that address must either be extended to mint cW* in `ccipReceive` or you must deploy a dedicated cW* receiver (e.g. TwoWayTokenBridgeL2) and point `CW_BRIDGE_` to it; see [CW_BRIDGE_APPROACH.md](CW_BRIDGE_APPROACH.md). - RPC URL and `PRIVATE_KEY` for the target chain(s). +### Optional hard-peg deployment knobs + +`DeployCWTokens.s.sol` now supports: + +- `CW_STRICT_MODE=1` — revoke deployer `MINTER_ROLE` / `BURNER_ROLE` after granting the bridge +- `CW_GOVERNANCE_ADMIN=0x...` — grant `DEFAULT_ADMIN_ROLE` to governance; in strict mode the deployer admin role is revoked when this is set +- `CW_FREEZE_OPERATIONAL_ROLES=1` — freeze future `MINTER_ROLE` / `BURNER_ROLE` changes on the token after setup + +For production hard-peg rollouts, use at least `CW_STRICT_MODE=1`. + +### Strict bridge hard-peg requirements + +If you are using [`CWMultiTokenBridgeL1.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol) and [`CWMultiTokenBridgeL2.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol) for `cWUSDC` / `cWUSDT`, strict mode now also means: + +- L1 must explicitly allowlist the canonical token with `configureSupportedCanonicalToken(token, true)` +- L1 should set a per-destination ceiling with `setMaxOutstanding(token, chainSelector, amount)` unless you intentionally want unlimited capacity +- L1 should attach [`CWReserveVerifier.sol`](../../smom-dbis-138/contracts/bridge/integration/CWReserveVerifier.sol) so new outbound wraps are blocked when canonical backing is unsafe +- L2 token pairs and destination peers should be frozen after wiring with `freezeTokenPair(canonicalToken)` and `freezeDestination(chainSelector)` +- Admin withdrawal of supported canonical escrow is blocked while funds are locked, so “rescue” flows must use the bridge or pause process instead of `withdrawToken` + +Operational note: the verifier gates new `lockAndSend` mints. Return `ccipReceive` releases on Chain 138 are intentionally left live so users are not trapped in wrapped positions during a reserve incident. + --- ## Phase D: Deploy cW* and wire config **One-command helper (from repo root):** -`./scripts/deployment/run-cw-remaining-steps.sh` runs a dry-run and `--update-mapping` by default. Use `--deploy` to broadcast, then set CWUSDT_*/CWUSDC_* in .env from output and run again with `--update-mapping` (or run `--update-mapping` after editing .env). Use `--verify` to check MINTER/BURNER roles per chain. +`./scripts/deployment/run-cw-remaining-steps.sh` runs a dry-run and `--update-mapping` by default. Use `--deploy` to broadcast, then set CWUSDT_*/CWUSDC_* in .env from output and run again with `--update-mapping` (or run `--update-mapping` after editing .env). Use `--verify` to check MINTER/BURNER roles per chain and `--verify-hard-peg` to inspect the Avalanche hard-peg bridge state (`supportedCanonicalToken`, `maxOutstanding`, verifier attachment/config, and L2 freeze flags). ### D1. Run cW* deploy @@ -43,6 +65,17 @@ CW_BRIDGE_ADDRESS="$CW_BRIDGE_BSC" forge script script/deploy/DeployCWTokens.s.s --rpc-url "$BSC_RPC_URL" --chain-id 56 --broadcast --private-key "$PRIVATE_KEY" --legacy ``` +**Strict production example:** + +```bash +cd smom-dbis-138 +source .env +CW_STRICT_MODE=1 \ +CW_GOVERNANCE_ADMIN=0xYourMultisig \ +CW_BRIDGE_ADDRESS="$CW_BRIDGE_BSC" forge script script/deploy/DeployCWTokens.s.sol:DeployCWTokens \ + --rpc-url "$BSC_RPC_URL" --chain-id 56 --broadcast --private-key "$PRIVATE_KEY" --legacy +``` + Or with the wrapper (target one chain only if the script supports `--chain 56`): ```bash @@ -79,6 +112,16 @@ This updates `config/token-mapping-multichain.json` for all chains that have `CW **Manual:** For each chain where cW* was deployed, set `addressTo` for the `_cW` entries (replace the `0x0` placeholder) in `config/token-mapping-multichain.json`: Compliant_USDT_cW → CWUSDT_, Compliant_USDC_cW → CWUSDC_, Compliant_EURC_cW if cWEURC deployed. +### D3b. Update the active GRU Transport overlay + +After the mapping is correct, confirm or update [`config/gru-transport-active.json`](../../config/gru-transport-active.json): + +- ensure the destination chain is enabled +- ensure the `transportPairs` entry points at the correct `peerKey` +- ensure `maxOutstanding` policy is set for the pair +- ensure the reserve-verifier reference is correct for hard-peg pairs +- leave public pools inactive until they are actually deployed and recorded in `deployment-status.json` + ### D4. Verify on-chain Confirm the bridge/receiver has MINTER_ROLE and BURNER_ROLE on the cW* token: @@ -95,6 +138,102 @@ cast call "hasRole(bytes32,address)(bool)" $(cast keccak "BURNER_RO Both should return `true`. +### D5. Configure strict escrow bridge state + +For hard-peg deployments using `CWMultiTokenBridgeL1` / `CWMultiTokenBridgeL2`, wire the bridge state after roles are verified. + +Example on Chain 138 for `cUSDC -> cWUSDC` on Avalanche: + +```bash +cd smom-dbis-138 && source .env + +# Allowlist the canonical token on the 138-side escrow bridge +cast send "$CHAIN138_L1_BRIDGE" "configureSupportedCanonicalToken(address,bool)" "$CUSDC_138" true \ + --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --legacy + +# Optional but recommended: cap how much this destination can keep outstanding +cast send "$CHAIN138_L1_BRIDGE" "setMaxOutstanding(address,uint64,uint256)" "$CUSDC_138" 6433500567565415381 1000000000000 \ + --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --legacy +``` + +Example on the destination chain: + +```bash +cd smom-dbis-138 && source .env + +# Freeze the token pair once canonical -> wrapped mapping is correct +cast send "$AVAX_CW_BRIDGE" "freezeTokenPair(address)" "$CUSDC_138" \ + --rpc-url "$AVALANCHE_RPC_URL" --private-key "$PRIVATE_KEY" --legacy + +# Freeze the Chain 138 peer once the bridge address is confirmed +cast send "$AVAX_CW_BRIDGE" "freezeDestination(uint64)" 138 \ + --rpc-url "$AVALANCHE_RPC_URL" --private-key "$PRIVATE_KEY" --legacy +``` + +Recommended verification calls: + +```bash +cast call "$CHAIN138_L1_BRIDGE" "supportedCanonicalToken(address)(bool)" "$CUSDC_138" --rpc-url "$RPC_URL_138" +cast call "$CHAIN138_L1_BRIDGE" "maxOutstanding(address,uint64)(uint256)" "$CUSDC_138" 6433500567565415381 --rpc-url "$RPC_URL_138" +cast call "$AVAX_CW_BRIDGE" "tokenPairFrozen(address)(bool)" "$CUSDC_138" --rpc-url "$AVALANCHE_RPC_URL" +cast call "$AVAX_CW_BRIDGE" "destinationFrozen(uint64)(bool)" 138 --rpc-url "$AVALANCHE_RPC_URL" +``` + +For the production Avalanche route, `smom-dbis-138/scripts/deployment/complete-nonprefunded-avax-cutover.sh` now applies these controls directly from env: + +- `CW_MAX_OUTSTANDING_USDT_AVALANCHE` +- `CW_MAX_OUTSTANDING_USDC_AVALANCHE` +- `CW_FREEZE_AVAX_L2_CONFIG` + +### D6. Deploy and attach the canonical reserve verifier + +Use the helper script in `smom-dbis-138/script/DeployCWReserveVerifier.s.sol` to deploy the verifier and optionally attach it to `CWMultiTokenBridgeL1`. + +Example: + +```bash +cd smom-dbis-138 && source .env + +CW_L1_BRIDGE="$CHAIN138_L1_BRIDGE" \ +CW_STABLECOIN_RESERVE_VAULT="$STABLECOIN_RESERVE_VAULT" \ +CW_RESERVE_SYSTEM="$RESERVE_SYSTEM" \ +CW_CANONICAL_USDT="$CUSDT_138" \ +CW_CANONICAL_USDC="$CUSDC_138" \ +CW_USDT_RESERVE_ASSET=0xOfficialUSDTReserveAsset \ +CW_USDC_RESERVE_ASSET=0xOfficialUSDCReserveAsset \ +forge script script/DeployCWReserveVerifier.s.sol:DeployCWReserveVerifier \ + --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" --legacy +``` + +The script defaults to: + +- attaching the verifier to the L1 bridge +- requiring vault backing when `CW_STABLECOIN_RESERVE_VAULT` is set +- requiring reserve-system balance checks when `CW_RESERVE_SYSTEM` is set +- requiring canonical token ownership to match the reserve vault when a vault is set + +Recommended post-deploy verification: + +```bash +cast call "$CHAIN138_L1_BRIDGE" "reserveVerifier()(address)" --rpc-url "$RPC_URL_138" +cast call "verifyLock(address,uint64,uint256)(bool)" "$CUSDC_138" 6433500567565415381 1 --rpc-url "$RPC_URL_138" +cast call "getVerificationStatus(address,uint64)((bool,bool,bool,bool,bool,bool,bool,bool,uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256))" "$CUSDC_138" 6433500567565415381 --rpc-url "$RPC_URL_138" +``` + +For the production Avalanche route, `smom-dbis-138/scripts/deployment/complete-nonprefunded-avax-cutover.sh` now also reads and converges: + +- `CW_RESERVE_VERIFIER_CHAIN138` +- `CW_STABLECOIN_RESERVE_VAULT` +- `CW_RESERVE_SYSTEM` +- `CW_ATTACH_VERIFIER_TO_L1` +- `CW_REQUIRE_VAULT_BACKING` +- `CW_REQUIRE_RESERVE_SYSTEM_BALANCE` +- `CW_REQUIRE_TOKEN_OWNER_MATCH_VAULT` +- `CW_CANONICAL_USDT` +- `CW_CANONICAL_USDC` +- `CW_USDT_RESERVE_ASSET` +- `CW_USDC_RESERVE_ASSET` + --- ## Phase E: Relay and send path (138 → other chains) @@ -129,8 +268,11 @@ If Chain 138 uses UniversalCCIPBridge or a dedicated sender to send c* to a dest | 2 | Run DeployCWTokens for that chain (D1). | | 3 | Set `CWUSDT_`, `CWUSDC_` in .env (D2). | | 4 | Update `config/token-mapping-multichain.json` `addressTo` for _cW entries (D3). | +| 4a | Confirm `config/gru-transport-active.json` activation and policy refs for the new chain (D3b). | | 5 | Verify MINTER_ROLE and BURNER_ROLE on cW* for the bridge (D4). | -| 6 | If cross-chain mint is required, ensure the bridge/receiver code mints cW* in ccipReceive (Phase B or C); then wire relay/direct CCIP (E1, E2) and run E2E test (E3). | +| 6 | In hard-peg mode, allowlist canonical tokens and set `maxOutstanding` on `CWMultiTokenBridgeL1`, then freeze token pair and destination on `CWMultiTokenBridgeL2` (D5). | +| 7 | Deploy and attach `CWReserveVerifier`, then configure canonical `cUSDT` / `cUSDC` backing requirements (D6). | +| 8 | If cross-chain mint is required, ensure the bridge/receiver code mints cW* in ccipReceive (Phase B or C); then wire relay/direct CCIP (E1, E2) and run E2E test (E3). | --- diff --git a/docs/07-ccip/CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md b/docs/07-ccip/CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md new file mode 100644 index 0000000..2254da3 --- /dev/null +++ b/docs/07-ccip/CW_HARD_PEG_DESIGN_CWUSDC_CWUSDT.md @@ -0,0 +1,448 @@ +# Hard 1:1 Peg Design for cWUSDC and cWUSDT + +**Created:** 2026-03-30 +**Status:** Phase 1 implementation in progress +**Related:** [CW_BRIDGE_APPROACH.md](CW_BRIDGE_APPROACH.md), [CW_BRIDGE_TASK_LIST.md](../00-meta/CW_BRIDGE_TASK_LIST.md), [cross-chain-pmm-lps/docs/15-gas-budgeted-micro-trade-support.md](../../cross-chain-pmm-lps/docs/15-gas-budgeted-micro-trade-support.md) + +--- + +## Implementation note + +The first hard-peg enforcement steps are now implemented in-repo: + +- [`CompliantWrappedToken.sol`](../../smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol) supports operational-role freeze for bridge-only mint/burn mode +- [`DeployCWTokens.s.sol`](../../smom-dbis-138/script/deploy/DeployCWTokens.s.sol) supports `CW_STRICT_MODE`, governance-admin handoff, and optional role freeze +- [`CWMultiTokenBridgeL1.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol) now tracks supported canonical tokens, locked escrow, outstanding per destination, and escrow withdrawal protection +- [`CWReserveVerifier.sol`](../../smom-dbis-138/contracts/bridge/integration/CWReserveVerifier.sol) now gates new outbound wrapping on bridge escrow, vault-backing, reserve-system balance, and canonical-owner checks +- [`CWMultiTokenBridgeL2.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol) now tracks minted/burned totals, token pause state, and frozen pair / destination config + +Current policy choice: reserve verification blocks new outbound `c* -> cW*` wrapping, but return releases on Chain 138 remain available so redemptions are not trapped during an incident. + +The remaining major step from this design is live deployment wiring: put `cUSDC` / `cUSDT` under the reserve-vault ownership model on the target environment, register the verifier against the real reserve assets, and run end-to-end chain tests against deployed infrastructure. + +--- + +## 1. Exact promise + +The only version of a **hard 1:1 peg** we can honestly enforce on-chain is: + +- **1 cWUSDC is always redeemable for 1 cUSDC on Chain 138** +- **1 cWUSDT is always redeemable for 1 cUSDT on Chain 138** + +If the canonical `cUSDC` / `cUSDT` layer itself remains 1:1 redeemable into official USDC / USDT through [`StablecoinReserveVault.sol`](../../smom-dbis-138/contracts/reserve/StablecoinReserveVault.sol), then `cWUSDC` / `cWUSDT` inherit that claim as a second layer. + +This means: + +- The **hard peg** is a **redemption guarantee** +- The PMM / DEX price is a **market price** +- PMM bots and micro-trades help keep spot close to par, but they are **not** the source of the peg + +If we say “hard 1:1 peg” in public or operator docs, it must mean **redeemable at par**, not “the pool always trades exactly at 1.000000”. + +--- + +## 2. Current repo building blocks + +The repo already has most of the right primitives: + +| Layer | Existing component | Current role | +|------|--------------------|--------------| +| Canonical reserve backing | [`StablecoinReserveVault.sol`](../../smom-dbis-138/contracts/reserve/StablecoinReserveVault.sol) | Mints `cUSDT` / `cUSDC` 1:1 against official USDT / USDC reserves | +| Canonical reserve accounting | [`ReserveSystem.sol`](../../smom-dbis-138/contracts/reserve/ReserveSystem.sol) | Tracks reserve balances and redemptions | +| cW mint/burn token | [`CompliantWrappedToken.sol`](../../smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol) | `mint`, `burn`, `burnFrom` under role control | +| 138-side escrow bridge | [`CWMultiTokenBridgeL1.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol) | Locks canonical token on send, releases on return | +| Public-chain mint/burn bridge | [`CWMultiTokenBridgeL2.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol) | Mints on receive, burns on return | +| 100% reserve verifier pattern | [`WTokenReserveVerifier.sol`](../../smom-dbis-138/contracts/bridge/integration/WTokenReserveVerifier.sol) | Shows the correct “reserve must be 100%” posture | +| Peg monitoring | [`StablecoinPegManager.sol`](../../smom-dbis-138/contracts/bridge/trustless/integration/StablecoinPegManager.sol) | Monitors deviation, but does not enforce par redemption | +| Reserve coordination | [`BridgeReserveCoordinator.sol`](../../smom-dbis-138/contracts/bridge/trustless/integration/BridgeReserveCoordinator.sol) | Enforces reserve sufficiency and rebalancing triggers | + +The design below reuses these components and narrows their responsibilities. + +--- + +## 3. What must change conceptually + +Today the cW system is still a **bridgeable wrapped asset + PMM stabilization design**. + +That is not enough for a hard peg because: + +1. [`DeployCWTokens.s.sol`](../../smom-dbis-138/script/deploy/DeployCWTokens.s.sol) leaves deployer/admin mint authority in place. +2. [`CompliantWrappedToken.sol`](../../smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol) allows any address with `MINTER_ROLE` / `BURNER_ROLE` to change supply outside the escrow accounting path. +3. [`CWMultiTokenBridgeL1.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol) and [`CWMultiTokenBridgeL2.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol) prove the round trip, but they do not yet act as a **strict hard-peg accounting system** with frozen permissions and explicit global supply invariants. +4. [`StablecoinPegManager.sol`](../../smom-dbis-138/contracts/bridge/trustless/integration/StablecoinPegManager.sol) only checks price deviation against thresholds. It is a **monitor**, not a redemption guarantor. +5. PMM support and micro-trades can keep quotes alive, but they do not create reserve backing. + +So the system needs to move from: + +- “wrapped token with bridge mint/burn and liquidity support” + +to: + +- “bridge-redeemable claim on escrowed canonical supply, with PMM as a secondary support rail” + +--- + +## 4. Hard-peg architecture + +### 4.1 Guarantee layer + +For each wrapped stable: + +- `cWUSDC` is backed by **escrowed `cUSDC` on Chain 138** +- `cWUSDT` is backed by **escrowed `cUSDT` on Chain 138** + +The guarantee is: + +```text +global_supply(cWUSDC across all public chains) <= escrowed_cUSDC_reserved_for_cWUSDC +global_supply(cWUSDT across all public chains) <= escrowed_cUSDT_reserved_for_cWUSDT +``` + +In the strict production mode, these should be equal except for in-flight messages. + +### 4.2 Market-support layer + +PMM pools such as: + +- `cWUSDC/USDC` +- `cWUSDT/USDT` +- `cWUSDC/USDT` +- `cWUSDT/USDC` + +exist only to: + +- improve route discovery +- absorb flow +- keep spot near redemption value + +They are **not** the source of parity. + +--- + +## 5. Invariants + +These are the invariants that define the hard peg. + +### 5.1 Supply invariant + +For each canonical/wrapped pair: + +```text +sum(totalSupply(cWUSDC on chain i)) + outbound_in_flight_to_138 <= locked_cUSDC_in_138_escrow +sum(totalSupply(cWUSDT on chain i)) + outbound_in_flight_to_138 <= locked_cUSDT_in_138_escrow +``` + +### 5.2 Redemption invariant + +Whenever a user burns `N` `cWUSDC` on a public chain through the approved bridge path, the protocol must release exactly `N` `cUSDC` on Chain 138 to the designated recipient once the authenticated message arrives. + +Same for `cWUSDT -> cUSDT`. + +### 5.3 Permission invariant + +No EOA, deployer, or generic admin may mint or burn `cWUSDC` / `cWUSDT` directly in production. + +Only the approved bridge/controller contracts may: + +- mint on authenticated inbound message +- burn on authenticated outbound redemption + +### 5.4 Pause invariant + +If any invariant check fails, minting and release must pause before new wrapped supply can be created. + +--- + +## 6. Concrete contract responsibilities + +### 6.1 Chain 138: canonical escrow + +Use [`CWMultiTokenBridgeL1.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol) as the starting point, but run it in **strict escrow mode**: + +- accepted canonical tokens: `cUSDC`, `cUSDT` only for this design +- maintains per-token escrow balance +- releases only after authenticated burn message from approved L2 peer +- exposes per-token locked balance and per-token in-flight accounting + +Required additions: + +- `supportedCanonicalToken[token]` +- `paused[token]` +- `lockedBalance[token]` +- `outstandingMinted[token][chainSelector]` +- `maxOutstanding[token][chainSelector]` +- explicit invariant view: `availableToMint(token, chainSelector)` + +### 6.2 Public chains: wrapped mint/burn bridge + +Use [`CWMultiTokenBridgeL2.sol`](../../smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol) as the mint/burn entry point, but make it stricter: + +- token pairs configured once, then frozen +- peer bridge configured once per chain selector, then frozen +- mint only from authenticated message from configured L1 peer +- burn only through `burnAndSend` +- maintain per-token minted/burned totals for operational verification + +Required additions: + +- `frozenTokenPair[token]` +- `frozenDestination[selector]` +- `mintedTotal[mirroredToken]` +- `burnedTotal[mirroredToken]` +- `paused[mirroredToken]` + +### 6.3 Wrapped token + +[`CompliantWrappedToken.sol`](../../smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol) is close, but production hard-peg mode needs a stricter deployment pattern: + +- bridge gets `MINTER_ROLE` and `BURNER_ROLE` +- deployer/admin **must not keep** live supply-changing roles +- default admin should move to governance / multisig / timelock +- ideally, mint/burn roles are granted only to the bridge and never to a human operator + +Implementation options: + +1. Keep the contract and enforce role revocation in deployment and runbook +2. Add a strict-mode constructor or initializer that grants roles only to bridge/controller + +For hard peg, option 2 is preferable. + +### 6.4 Reserve verification and coordination + +Reuse the design posture from [`WTokenReserveVerifier.sol`](../../smom-dbis-138/contracts/bridge/integration/WTokenReserveVerifier.sol): + +- reserve threshold must be exactly `10000` bps +- if reserve check fails, bridge operation reverts + +Concrete recommendation: + +- create `CWReserveVerifier.sol` for `cWUSDC` / `cWUSDT`, or +- extend [`BridgeReserveCoordinator.sol`](../../smom-dbis-138/contracts/bridge/trustless/integration/BridgeReserveCoordinator.sol) with strict cW token pair checks + +The verifier must check: + +- canonical escrow balance on 138 +- total wrapped supply outstanding +- in-flight message delta +- optional canonical reserve status from [`ReserveSystem.sol`](../../smom-dbis-138/contracts/reserve/ReserveSystem.sol) + +--- + +## 7. Flows + +### 7.1 Mint flow: Chain 138 -> public chain + +For `cUSDC -> cWUSDC`: + +1. User deposits `cUSDC` into strict escrow on Chain 138. +2. Escrow balance for `cUSDC` increases by `amount`. +3. L1 bridge sends authenticated message to destination chain. +4. L2 bridge receives message and mints exactly `amount` `cWUSDC`. +5. `outstandingMinted[cUSDC][destChain] += amount`. + +Same flow for `cUSDT -> cWUSDT`. + +**Rule:** L2 mint is allowed only if the escrow balance on 138 already exists for that amount. + +### 7.2 Redemption flow: public chain -> Chain 138 + +For `cWUSDC -> cUSDC`: + +1. User calls `burnAndSend(cWUSDC, 138, recipient, amount)` on L2 bridge. +2. L2 bridge burns exactly `amount` `cWUSDC`. +3. L2 bridge sends authenticated message to 138. +4. L1 bridge receives message and releases exactly `amount` `cUSDC` from escrow to recipient. +5. `outstandingMinted[cUSDC][sourceChain] -= amount`. + +Same flow for `cWUSDT -> cUSDT`. + +### 7.3 Optional official-token exit + +If the canonical layer is connected to [`StablecoinReserveVault.sol`](../../smom-dbis-138/contracts/reserve/StablecoinReserveVault.sol): + +- user redeems `cUSDC -> official USDC` +- user redeems `cUSDT -> official USDT` + +This makes the wrapped token an indirect claim on official reserves. + +--- + +## 8. Required repository changes + +These are the concrete changes needed to implement the design. + +### 8.1 `smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol` + +Target change: + +- add a production deployment mode where admin does **not** receive `MINTER_ROLE` / `BURNER_ROLE` +- optionally expose a one-time `freezeRoles()` or use post-deploy role revocation only + +### 8.2 `smom-dbis-138/script/deploy/DeployCWTokens.s.sol` + +Target change: + +- add `CW_STRICT_MODE=1` +- after granting bridge roles, revoke deployer `MINTER_ROLE` / `BURNER_ROLE` +- optionally transfer `DEFAULT_ADMIN_ROLE` to `CW_GOVERNANCE_ADMIN` +- print post-deploy role state so operators can verify strict mode actually happened + +### 8.3 `smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol` + +Target change: + +- add strict escrow accounting and per-token pause +- expose invariant views +- optionally limit to approved canonical tokens only + +### 8.4 `smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol` + +Target change: + +- freeze pair and peer config after initialization +- track minted/burned totals +- add per-token pause + +### 8.5 New contract: `CWReserveVerifier.sol` + +Recommended new contract: + +- verifies `escrow >= wrapped_supply + in_flight_delta` +- callable by bridge before mint / release +- hard-coded 100% threshold +- emits reserve/invariant audit events + +### 8.6 `StablecoinPegManager.sol` + +Keep it, but change its role in the docs and ops: + +- it is a **monitor** +- it is not the peg guarantee +- its deviation thresholds should trigger PMM support or pause paths, not define the peg itself + +--- + +## 9. Operational policy + +### 9.1 Production role model + +- `MINTER_ROLE` on `cWUSDC` / `cWUSDT`: L2 bridge only +- `BURNER_ROLE` on `cWUSDC` / `cWUSDT`: L2 bridge only +- `DEFAULT_ADMIN_ROLE`: multisig / timelock only +- deployer EOA: no live mint/burn powers after deployment + +### 9.2 PMM policy under hard peg + +After the hard-peg path exists: + +- PMM pools remain **optional support infrastructure** +- micro-trade support is still useful for route freshness +- no PMM should be described as the mechanism that “creates” the peg + +### 9.3 Pause policy + +Pause minting and redemption if any of these happen: + +- `wrapped_supply > escrow` +- peer bridge mismatch +- replay protection failure +- canonical reserve breach +- stale reserve / oracle status beyond allowed window + +--- + +## 10. What “hard 1:1 to native USDC/USDT” would require + +There is one more distinction that matters. + +This design gives a hard 1:1 peg to: + +- `cUSDC` / `cUSDT` on Chain 138 + +It gives a hard 1:1 peg to official USDC / USDT only if: + +- the canonical `cUSDC` / `cUSDT` themselves are always redeemable 1:1 against official reserves through [`StablecoinReserveVault.sol`](../../smom-dbis-138/contracts/reserve/StablecoinReserveVault.sol) or an equivalent live path + +If we want **direct** hard redemption to **native** USDC / USDT on the public chain, we need an extra layer: + +- local fast-exit reserve buffers on each public chain, or +- a same-chain redemption adapter with prefunded official stable liquidity + +That should be treated as **Phase 2**, not as part of the minimum honest hard-peg design. + +--- + +## 11. Acceptance tests + +The implementation should not be called “hard peg” until these tests pass. + +### 11.1 Supply control + +- cannot mint `cWUSDC` / `cWUSDT` from deployer/admin EOA +- cannot burn from arbitrary operator +- bridge is the only supply-changing actor + +### 11.2 Escrow parity + +- mint on L2 fails if 138 escrow was not locked first +- release on 138 fails if L2 burn did not happen first +- total wrapped supply never exceeds escrow + +### 11.3 Round-trip redemption + +- lock `cUSDC` on 138 -> mint `cWUSDC` on L2 -> burn `cWUSDC` -> release exact `cUSDC` +- same for `cUSDT` + +### 11.4 Emergency handling + +- pause blocks new minting +- pause blocks release if invariant is broken +- already-processed messages cannot replay + +### 11.5 Optional official reserve leg + +- redeem `cUSDC -> official USDC` 1:1 through reserve vault path +- redeem `cUSDT -> official USDT` 1:1 through reserve vault path + +--- + +## 12. Recommended rollout + +### Phase 1: Honest hard peg to canonical c* + +Deliver first: + +- strict bridge-only mint/burn roles +- escrow parity enforcement +- redemption at par to `cUSDC` / `cUSDT` on 138 +- PMM reclassified as support-only + +### Phase 2: Extend to official stable redemption + +Then deliver: + +- live canonical redemption path through `StablecoinReserveVault` +- end-to-end proof that `cWUSDC -> cUSDC -> official USDC` is always available +- same for USDT + +### Phase 3: Optional local native fast exits + +Only after that: + +- public-chain native USDC / USDT redemption buffers +- instant same-chain exits + +--- + +## 13. Bottom line + +The concrete hard-peg design is: + +- **Escrow on 138** +- **Mint only against locked canonical supply** +- **Burn before release** +- **No human mint authority in production** +- **100% reserve verification as a hard invariant** +- **PMM as support, not peg source** + +That turns `cWUSDC` and `cWUSDT` from “wrapped assets with liquidity support” into **redeemable bridge claims with deterministic par accounting**. diff --git a/docs/07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md b/docs/07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md index 0db8429..3271a47 100644 --- a/docs/07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md +++ b/docs/07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md @@ -3,6 +3,65 @@ **Date:** 2026-03-04 **Scope:** Replace inventory-backed AVAX settlement behavior with a non-prefunded bridge path for future transfers. +## 0. Status Update (2026-03-30) + +The non-prefunded AVAX cW route is now live and proven end to end. + +Live contracts: +- AVAX send router: `0x1773125b280d296354f4f4b958a7cfc4e5975b60` +- AVAX cW relay router: `0xc9158759a7e3621f6bb191bf5d77605d6e25b410` +- AVAX cW bridge: `0x635002c5fb227160cd2eac926d1baa61847f3c75` +- Chain 138 relay router: `0xe75d26bc558a28442f30750c6d97bffb46f39abc` +- Chain 138 cW L1 bridge: `0x152ed3e9912161b76bdfd368d0c84b7c31c10de7` + +Verified forward proof: +- Source send tx on Chain 138: `0xb6b821d3a04739c0f548fe1e30f4f162392c12a06930757bacdb940dc87f05b5` +- Forward message ID: `0x8aa12010aece5f29396fbe84ed4f18554661f8a77238895c433367276110dc8f` +- AVAX relay tx: `0x79aa31eefe427270bd03e04e4e52bf7c8eeab9dd1af6519ebdef132a334189c5` +- Result: `1.0 cWUSDT` minted to `0x4A666F96fC8764181194447A7dFdb7d471b301C8` with no AVAX-side WETH prefunding + +Verified reverse proof: +- Burn/send tx on AVAX: `0x303d2ceb2d0489dcb504b8d36aeb6a87e0b3d613896957d339dfe60e81f0df4e` +- Reverse message ID: `0x70f24209fa4c66462fd53aa7c0621b956a126ab6762587d251db8f756b6bc0ab` +- Chain 138 relay tx: `0xa8c13b255afe0d79bfa74372c0c253f0e6463f5cb19f7f0df9c746d77f557395` +- Result: `0.1 cWUSDT` burned on AVAX and `0.1 cUSDT` released on Chain 138 + +Operational note: +- The legacy AVAX WETH route still uses the older AVAX relay router and WETH bridge. +- The non-prefunded AVAX cW route uses the dedicated `avax-cw` relay profile and router above. +- Reverse `avax-to-138` delivery requires legacy gas-priced tx submission on Chain 138 (`RELAY_DEST_LEGACY_TX=1`). + +### Native AVAX WETH status check (2026-03-30) + +The canonical AVAX-side `WETH9` bridge is **not** a live non-prefunded first hop from the current Chain 138 router. + +Live proof: +- Chain 138 destination was temporarily updated to native AVAX bridge `0x24293CA562aE1100E60a4640FF49bd656cFf93B4`: + - tx `0xec9dfd938f61d6a1afbfc829b9c5c390175dff30f86ecadad1495dce2101b1f9` +- WETH approval: + - tx `0x081c6e8290837ef4cc52a1557ba24a22c3cf51c950e395789fde4b0957b82deb` +- LINK approval: + - tx `0x61291b94b174698057f3aa89b01e542853614cdc5d342e753b4637abeea5f45c` +- Test send `0.001 WETH`: + - tx `0x473595564d011a4c852975cf9727cc05828bb458bcaa3e024dd279d3b75a26ee` + - message `0x42f8a362dd622cbedd3ef1f098b9a88b0e935ca2d9c0f9a84346842ff32cf0e4` +- Chain 138 destination was then restored to relay bridge `0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F`: + - tx `0x6843767ab6412a3450efe5f1e3121ebe7e143a45960e1fa09ffc48cf44f36845` + +Observed result: +- `processedTransfers(messageId)` on the native AVAX bridge stayed `false` +- Native AVAX bridge WETH balance stayed `0` +- Recipient WETH balance on AVAX stayed `0` + +Root cause: +- Chain 138 source bridge uses router `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` +- Native AVAX bridge only trusts router `0xF694E193200268f9a4868e4Aa017A0118C9a8177` +- `CCIPWETH9Bridge.ccipReceive` is protected by `onlyRouter`, so the native AVAX bridge never accepted the message + +Operational conclusion: +- Keep AVAX `WETH` on the legacy relay-backed path when canonical destination WETH is required +- Treat the **cW route** as the actual non-prefunded AVAX solution + ## 1. Problem Statement Current `138 -> AVAX` flow is inventory-backed: @@ -74,6 +133,12 @@ Migration is complete only when all are true: 3. End-to-end tests pass at small and medium sizes. 4. Runbooks/scripts no longer route AVAX through legacy inventory-backed path by default. +Current status against acceptance criteria: +- `1` complete for the `cUSDT -> cWUSDT` path +- `2` complete for the `cUSDT -> cWUSDT` path +- `3` complete at small size (`1.0` forward, `0.1` reverse) +- `4` complete for the non-prefunded cW path; legacy WETH route remains separate by design and the native AVAX WETH first hop is not live from the current Chain 138 router + ## 5. Immediate Operator Commands (Verification) Check legacy destination dependency: @@ -93,4 +158,9 @@ cast call 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 "balanceOf(address)(uint256 - `docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md` - `smom-dbis-138/contracts/bridge/TwoWayTokenBridgeL1.sol` - `smom-dbis-138/contracts/bridge/TwoWayTokenBridgeL2.sol` +- `smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL1.sol` +- `smom-dbis-138/contracts/bridge/CWMultiTokenBridgeL2.sol` - `smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol` +- `smom-dbis-138/services/relay/.env.avax` +- `smom-dbis-138/services/relay/.env.avax-cw` +- `smom-dbis-138/services/relay/.env.avax-to-138` diff --git a/docs/07-ccip/TRUTH_NETWORK_BRIDGE_SPEC.md b/docs/07-ccip/TRUTH_NETWORK_BRIDGE_SPEC.md new file mode 100644 index 0000000..18482d9 --- /dev/null +++ b/docs/07-ccip/TRUTH_NETWORK_BRIDGE_SPEC.md @@ -0,0 +1,86 @@ +# Truth Network — bridge integration and execution plan + +**Last updated:** 2026-03-30 +**Purpose:** Replace the previously missing spec referenced from `scripts/truth-network/README.md`. Describes what exists on Chain 138, what is **not** implemented yet, and ordered work for WETH liquidity on Truth, optional cW* extension, and peg/stability. + +--- + +## 1. Scope and facts + +- **Truth Network** (Substrate) ↔ **Ethereum** is the primary public bridge summarized in [GALATIC_SUMMARY.md](../GALATIC_SUMMARY.md) (section 5.1: TRUU lift/burn; Ethereum Truth Bridge). +- **Chain 138** today exposes only a **registry adapter**, not a CCIP lane to Truth: + +| Component | Role | Status | +|-----------|------|--------| +| `TruthNetworkAdapter` | Holds Ethereum Truth Bridge address for `ChainRegistry` | Deployed (see [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) / [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md)) | +| `ChainRegistry` | EVM + non-EVM chain metadata | Deployed | +| Scripts | Deploy adapter, register Truth | `scripts/truth-network/*.sh` | + +The adapter contract is intentionally minimal (immutable Ethereum bridge pointer only): + +`smom-dbis-138/contracts/registry/TruthNetworkAdapter.sol` + +--- + +## 2. What this spec does **not** claim + +- There is **no** documented or scripted **Chain 138 WETH9 → Truth** CCIP path in this repo (CCIP docs cover EVM destinations; see [CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN](../11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md)). +- **`cross-chain-pmm-lps`** has **no** Truth chain entries today; Phase C pool-matrix work is EVM-scoped. + +--- + +## 3. Execution plan (ordered) + +### Phase A — Registry and Ethereum bridge truth (done / maintain) + +1. Keep `TruthNetworkAdapter` constructor arg aligned with the **live** Ethereum Truth Bridge address. +2. Re-run registration only if registry or bridge address changes: + `./scripts/truth-network/deploy-and-register-truth-on-chain138.sh --register-only` + +### Phase B — WETH representation and route to Truth (design + ops) + +Pick and document **one** primary path (engineering decision): + +| Option | Idea | Repo touchpoints | +|--------|------|------------------| +| B1 | User/assets: **Ethereum WETH** ↔ Truth via native Truth↔Ethereum bridge; Chain 138 is metadata/registry only | Adapter + off-chain docs | +| B2 | **138 WETH9** → Ethereum (existing CCIP / relay / hub patterns) → Truth via Ethereum bridge | [CCIP_BRIDGE_MAINNET_CONNECTION.md](CCIP_BRIDGE_MAINNET_CONNECTION.md), [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](../11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) | +| B3 | Future **direct** 138↔Truth mechanism (custom bridge, wrapped asset on Truth, etc.) | Not designed in repo; requires new contracts + security review | + +**Deliverables:** sequence diagram, responsible bridge contracts per hop, fee asset (LINK, ETH, TRUU), and Blockscout / Truth explorer links for each leg. + +### Phase C — “Stable WETH9 price” on Truth (after route exists) + +Treat as **operational**, not automatic: + +1. **Reference price:** ETH/USD (or WETH/USD) from agreed oracles on Truth + Ethereum. +2. **Liquidity:** AMM or PMM pools that trade wrapped WETH vs a USD stable on Truth (if EVM-compatible substrate or via gateway). +3. **Monitoring:** deviation alerts vs reference; optional bot (same idea as [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](../03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md) section C.3 peg bands). + +### Phase D — cW* on Truth + PMM / edge pools (extension) + +If Truth exposes **EVM-compatible** assets (or a clear wrapped-token standard): + +1. Mirror the **Phase C** pattern: [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](../03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md), `cross-chain-pmm-lps/config/pool-matrix.json`, `deployment-status.json`. +2. Add a **Truth chain id** (or sibling “network” row) to config; record cW* addresses and pool addresses when deployed. +3. Extend indexer / MCP allowlist generation per [SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md](../03-deployment/SINGLE_SIDED_LPS_PUBLIC_NETWORKS_RUNBOOK.md) once pools exist. + +If Truth remains **non-EVM** only, Phase D becomes “bridge cW* to Ethereum (or 138) only” — same as public EVM Phase C, not on-chain on Substrate. + +--- + +## 4. E2E verification checklist (when implemented) + +- [ ] Single documented path from **source** (138 WETH9 and/or Ethereum WETH) to **Truth** asset, with tx examples on both explorers. +- [ ] Price / peg: documented oracle(s) and pool addresses; alert thresholds. +- [ ] Optional: cW* addresses on target network + funded pools in `deployment-status.json`. +- [ ] Market data: update [CW_STAR_CMC_COINGECKO_LISTING_STATUS](../11-references/CW_STAR_CMC_COINGECKO_LISTING_STATUS.md) if tokens or pools become listable. + +--- + +## 5. References + +- `scripts/truth-network/README.md` +- [GALATIC_SUMMARY.md](../GALATIC_SUMMARY.md) section 5.1 bridges table +- [CW_BRIDGE_APPROACH.md](CW_BRIDGE_APPROACH.md) +- [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) (Phases A–D) diff --git a/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md b/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md index eb9afd8..fdf379b 100644 --- a/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md +++ b/docs/11-references/ADDRESS_MATRIX_AND_STATUS.md @@ -60,14 +60,17 @@ | Oracle Proxy | `0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6` | ✅ | MetaMask price feed | | OraclePriceFeed (keeper) | `0x8918eE0819fD687f4eb3e8b9B7D0ef7557493cfa` | ✅ | `ORACLE_PRICE_FEED`; ReserveSystem + PriceFeedKeeper | | WETH MockPriceFeed (keeper) | `0x3e8725b8De386feF3eFE5678c92eA6aDB41992B2` | ✅ | `CHAIN138_WETH_MOCK_PRICE_FEED`; sync: `smom-dbis-138/scripts/reserve/sync-weth-mock-price.sh` | +| ISO20022Router | `0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074` | ✅ | ISO-20022-style intake/router; same key as `ISO20022_ROUTER` in `explorer-monorepo/config/address-inventory.json`; verify bytecode after redeploy | ### 1.3 CCIP / bridge (Chain 138) | Contract | Address | Status | Notes | |----------|---------|--------|-------| -| CCIP Router | `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` | ✅ | | +| CCIP Router | `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` | ✅ | Canonical relay-backed router (`CCIP_ROUTER` in `smom-dbis-138/.env`) | +| CCIP Router (direct legacy) | `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` | ✅ | `CCIP_ROUTER_DIRECT_LEGACY`; still deployed — bytecode-checked | | CCIP Sender | `0x105F8A15b819948a89153505762444Ee9f324684` | ✅ | | -| CCIPWETH9Bridge | `0xcacfd227A040002e49e2e01626363071324f820a` | ✅ | Use for sendCrossChain | +| CCIPWETH9Bridge | `0xcacfd227A040002e49e2e01626363071324f820a` | ✅ | Use for sendCrossChain (`CCIPWETH9_BRIDGE_CHAIN138`) | +| CCIPWETH9Bridge (direct legacy) | `0x971cD9D156f193df8051E48043C476e53ECd4693` | ✅ | `CCIPWETH9_BRIDGE_DIRECT_LEGACY` | | CCIPWETH10Bridge | `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` | ✅ | | | CCIPWETH9Bridge (old) | `0x89dd12025bfCD38A168455A44B400e913ED33BE2` | ⛔ | Deprecated | @@ -91,7 +94,7 @@ |----------|---------|--------|-------| | PaymentChannelManager | `0x302aF72966aFd21C599051277a48DAa7f01a5f54` | ✅ | | | GenericStateChannelManager | `0xe5e3bB424c8a0259FDE23F0A58F7e36f73B90aBd` | ✅ | | -| AddressMapper | `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` | ✅ | | +| AddressMapper | `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` | ✅ | Canonical; legacy duplicate `0xe48E3f248698610e18Db865457fcd935Bb3da856` (same bytecode and mapping views verified Core RPC 2026-03-30). Set `ADDRESS_MAPPER` in `.env` to canonical. | | MirrorManager | `0x6eD905A30c552a6e003061A38FD52A5A427beE56` | ✅ | | | Lockbox138 | `0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c` | ✅ | Trustless | | MerchantSettlementRegistry | `0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800` | ✅ | | diff --git a/docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md b/docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md index 645b218..cbcb0cc 100644 --- a/docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md +++ b/docs/11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md @@ -1,72 +1,90 @@ # CCIP 138 → Destination: Receiver Behavior by Chain and Token -**Last Updated:** 2026-03-04 -**Purpose:** Confirms for each destination chain and token whether the receiver **mints**, **receives-from-CCIP-and-forwards**, or **releases** (pre-fund required). Source: contract code and docs. +**Last Updated:** 2026-03-31 +**Purpose:** Confirms for each destination chain and token what the destination contract would do if it were reached correctly, and what the **current live Chain 138 route** actually does. Native bridge deployments are not proof of a live first-hop route from Chain 138. -**Source contracts:** `smom-dbis-138/contracts/ccip/CCIPWETH9Bridge.sol`, `CCIPWETH10Bridge.sol`, `contracts/relay/CCIPRelayBridge.sol`; [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md), [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md). +**Source contracts:** `smom-dbis-138/contracts/ccip/CCIPWETH9Bridge.sol`, `CCIPWETH10Bridge.sol`, `contracts/relay/CCIPRelayBridge.sol`; [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md), [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md), [07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md). + +**Important live correction (2026-03-30):** +- Chain 138 uses the custom router `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817`, which emits `MessageSent` but does not natively deliver into public-chain `CCIPWETH9Bridge` / `CCIPWETH10Bridge` contracts. +- The Avalanche native bridge `0x24293CA562aE1100E60a4640FF49bd656cFf93B4` only trusts router `0xF694E193200268f9a4868e4Aa017A0118C9a8177`, so a live native-bridge test from Chain 138 failed and remained unprocessed. +- The proven live first-hop routes from Chain 138 today are relay-backed for **Mainnet, BSC, and Avalanche**. Other public-chain native bridge deployments should be treated as destination contracts or future paths, not proof of a live direct first hop from Chain 138. +- Separately, the dedicated non-prefunded Avalanche `cUSDT -> cWUSDT` corridor is **live and proven end to end**. Do not generalize that proof to every cW destination chain. --- -## 1. Summary: mechanism by chain and token +## 1. Summary: current live route vs native bridge behavior -| Chain ID | Chain name | Token(s) | Receiver contract | Mechanism | Pre-fund required? | -|----------|--------------|------------|----------------------------|-----------|---------------------| -| **1** | Ethereum | WETH9, WETH10 | CCIPRelayBridge (Mainnet only) | **Release** from own balance (relay does not deliver tokens) | **Yes** | -| **25** | Cronos | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** (native CCIP delivers token amounts to receiver) | No | -| **56** | BSC | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **100** | Gnosis | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **137** | Polygon | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **10** | Optimism | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **42161**| Arbitrum One | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **8453** | Base | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **43114**| Avalanche | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **42220**| Celo | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | -| **1111** | Wemix | WETH9, WETH10 | CCIPWETH9Bridge, CCIPWETH10Bridge | **Receive from CCIP + forward** | No | +| Chain ID | Chain name | Token(s) | Current live receiver from Chain 138 | Current live mechanism | Pre-fund required today? | +|----------|--------------|------------|--------------------------------------|------------------------|--------------------------| +| **1** | Ethereum | WETH9, WETH10 | CCIPRelayBridge | **Release** from own balance via relay | **Yes** | +| **25** | Cronos | WETH9, WETH10 | No proven direct first hop from 138 | Native bridge is deployed, but use **Mainnet hub** or cW path instead of assuming direct delivery | Not a direct no-prefund first hop | +| **56** | BSC | WETH9, WETH10 | BSC relay bridge `0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C` | **Release** from own balance via relay | **Yes** | +| **100** | Gnosis | WETH9, WETH10 | No proven direct first hop from 138 | Native bridge is deployed, but use **Mainnet hub** or cW path instead of assuming direct delivery | Not a direct no-prefund first hop | +| **137** | Polygon | WETH9, WETH10 | No proven direct first hop from 138 | Native bridge is deployed, but use **Mainnet hub** or cW path instead of assuming direct delivery | Not a direct no-prefund first hop | +| **10** | Optimism | WETH9, WETH10 | No proven direct first hop from 138 | Native bridge is deployed, but use **Mainnet hub** or cW path instead of assuming direct delivery | Not a direct no-prefund first hop | +| **42161**| Arbitrum One | WETH9, WETH10 | No proven direct first hop from 138 | Native bridge is deployed, but use **Mainnet hub** or cW path instead of assuming direct delivery | Not a direct no-prefund first hop | +| **8453** | Base | WETH9, WETH10 | No proven direct first hop from 138 | Native bridge is deployed, but use **Mainnet hub** or cW path instead of assuming direct delivery | Not a direct no-prefund first hop | +| **43114**| Avalanche | WETH9, WETH10 | AVAX relay bridge `0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F` | **Release** from own balance via relay; native bridge test failed on 2026-03-30 | **Yes** | +| **42220**| Celo | WETH9, WETH10 | No proven direct first hop from 138 | Native bridge is deployed, but use **Mainnet hub** or cW path instead of assuming direct delivery | Not a direct no-prefund first hop | +| **1111** | Wemix | WETH9, WETH10 | Not live yet | Bridge deployment and gas seeding still pending | Pending | -**cW* (any supported chain, when deployed):** Token cWUSDT, cWUSDC (etc.). Receiver: **TwoWayTokenBridgeL2** (or CCIPReceiverCW). Mechanism: **Mint** (`ccipReceive` → `cW*.mint(recipient, amount)`). Pre-fund: No. -*(Design only; deployment-status empty.)* +**cW specific status:** The cW mint-on-receive model is the correct non-prefunded pattern. Avalanche `cUSDT -> cWUSDT` is live and proven using AVAX cW bridge `0x635002c5fb227160cd2eac926d1baa61847f3c75`; other cW corridors should still be treated as design / partial unless separately proven. --- -## 2. Why Mainnet (1) is different +## 2. Why the native Avalanche path failed -- **138 → other chains (25, 56, 100, 137, 10, 42161, 8453, 43114, 42220, 1111):** Use **native Chainlink CCIP** end-to-end. The source bridge sends a message with `tokenAmounts` (WETH9/WETH10). The CCIP protocol locks tokens on 138 and **delivers** the token amounts to the **receiver contract** on the destination when the message is executed. The receiver is **CCIPWETH9Bridge** / **CCIPWETH10Bridge** (same code as on 138). In `ccipReceive` it does `IERC20(weth9).transfer(recipient, amount)` — i.e. it **forwards** the tokens it **received from the CCIP router** to the final recipient. So the receiver does **not** mint; it **receives from CCIP and forwards**. No pre-fund. +- `CCIPWETH9Bridge.sol` and `CCIPWETH10Bridge.sol` do have a **receive+forward** code path, but it is gated by `onlyRouter`. The destination bridge only accepts `ccipReceive` from the exact router stored in `ccipRouter`. +- Chain 138 currently uses custom router `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817`, and that contract only emits `MessageSent`; it does not perform native public-chain delivery. +- The Avalanche native bridge `0x24293CA562aE1100E60a4640FF49bd656cFf93B4` trusts router `0xF694E193200268f9a4868e4Aa017A0118C9a8177`. A live test on 2026-03-30 temporarily pointed Chain 138 at that bridge, sent `0.001 WETH`, and the message `0x42f8a362dd622cbedd3ef1f098b9a88b0e935ca2d9c0f9a84346842ff32cf0e4` remained unprocessed because the trusted-router condition was never satisfied. +- The same architectural warning applies to other public-chain native `CCIPWETH9Bridge` / `CCIPWETH10Bridge` deployments unless a real native delivery path or matching relay receiver is added. -- **138 → Mainnet (1):** Uses a **custom relay** (not native CCIP token delivery). The relay service watches 138 for `MessageSent`, then calls **CCIPRelayRouter.relayMessage(CCIPRelayBridge, message)** on Mainnet. The **tokens are not** delivered by the CCIP protocol; only the message is relayed. So **CCIPRelayBridge**’s `ccipReceive` is called with the message, but the bridge **never receives** WETH from any router. It does `IERC20(weth9).transfer(recipient, amount)` from **its own balance**, so it must be **pre-funded with Mainnet WETH**. +## 3. Why Mainnet, BSC, and Avalanche are different in the live deployment + +- **138 → Mainnet (1):** Uses a relay. `CCIPRelayBridge` releases WETH from its own balance, so it must be pre-funded with Mainnet WETH. +- **138 → BSC (56):** Uses the BSC relay bridge `0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C`, which releases WETH from inventory. +- **138 → Avalanche (43114):** Uses the AVAX relay bridge `0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F`, which releases WETH from inventory. The native AVAX bridge exists but is not reachable from the current Chain 138 router. +- **138 → Avalanche (43114) `cUSDT -> cWUSDT`:** Uses the AVAX cW bridge `0x635002c5fb227160cd2eac926d1baa61847f3c75` and dedicated relay routers. This is a true lock/mint route and does not require AVAX-side WETH inventory. +- **138 → Gnosis/Cronos/Celo/Polygon/Arbitrum/Optimism/Base:** Native bridge deployments exist, but they should be treated as destination contracts or future direct paths. The current practical route from Chain 138 is via the Mainnet hub or via the non-prefunded cW bridge family, not by assuming direct first-hop native delivery. **Code reference:** -- `CCIPWETH9Bridge.sol` / `CCIPWETH10Bridge.sol`: `ccipReceive` → `IERC20(weth9).transfer(recipient, amount)` (receive from router + forward on native CCIP; release from balance on relay path). -- `CCIPRelayBridge.sol`: same `transfer(recipient, amount)` but only called by relay; no token delivery → release only. +- `CCIPWETH9Bridge.sol` / `CCIPWETH10Bridge.sol`: `ccipReceive` is `onlyRouter`, then `IERC20(weth9).transfer(recipient, amount)`. +- `CCIPRouter.sol`: `ccipSend` emits `MessageSent` and tracks the message, but does not perform native destination delivery. +- `CCIPRelayBridge.sol`: `transfer(recipient, amount)` from bridge inventory when the relay invokes it. --- -## 3. Tokens for which the receiver **mints** (no pre-fund) +## 4. Tokens for which the receiver **mints** (no pre-fund) -| Token(s) | Chain(s) | Receiver | Mechanism | -|---------------|----------|------------------------|-----------| -| **cWUSDT, cWUSDC** (cW*) | 56, 100, 137, 10, 42161, 8453, 43114, 25, 1, etc. (when deployed) | TwoWayTokenBridgeL2 (or CCIPReceiverCW) | `ccipReceive` → `cW*.mint(recipient, amount)`; receiver has MINTER_ROLE | +| Token(s) | Chain(s) | Receiver | Mechanism | Current status | +|---------------|----------|------------------------|-----------|----------------| +| **cUSDT → cWUSDT** | **43114 (Avalanche)** | AVAX cW bridge `0x635002c5fb227160cd2eac926d1baa61847f3c75` | Dedicated non-prefunded relay path; destination mints `cWUSDT` to recipient | ✅ Live and proven E2E | +| **cWUSDT, cWUSDC** (cW*) | 56, 100, 137, 10, 42161, 8453, 43114, 25, 1, etc. | TwoWayTokenBridgeL2 (or CCIPReceiverCW) | `ccipReceive` → `cW*.mint(recipient, amount)`; receiver has MINTER_ROLE | ⏳ Generic pattern; treat as design / partial unless separately proven | -**Source:** [CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md). Deployment status: design only; deployment-status.json empty. +**Sources:** [CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) for the generic mint-on-receive model; [NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md) for the live AVAX proof and contract addresses. --- -## 4. Tokens for which the receiver **receives from CCIP and forwards** (no pre-fund) +## 5. Native bridge contract behavior: **receives from CCIP and forwards** if reached by the trusted router | Token(s) | Chain(s) | Receiver | Mechanism | |------------|--------------------------------------------------------------|----------------------------------|-----------| -| **WETH9, WETH10** | 25, 56, 100, 137, 10, 42161, 8453, 43114, 42220, 1111 | CCIPWETH9Bridge, CCIPWETH10Bridge | Native CCIP delivers token amounts to receiver; receiver `transfer(recipient, amount)` to forward. No mint. | +| **WETH9, WETH10** | 25, 56, 100, 137, 10, 42161, 8453, 43114, 42220, 1111 | CCIPWETH9Bridge, CCIPWETH10Bridge | If the destination bridge is called by its configured `ccipRouter`, it forwards received WETH to the recipient. This is contract behavior, not proof of a live direct first hop from Chain 138. | --- -## 5. Tokens for which the receiver **releases** (pre-fund required) +## 6. Tokens for which the receiver **releases** (pre-fund required in the live route) | Token(s) | Chain | Receiver | Mechanism | |------------|-------|-------------------|-----------| | **WETH9, WETH10** | **1 (Ethereum Mainnet)** | CCIPRelayBridge | Relay calls `ccipReceive`; no token delivery. Bridge `transfer(recipient, amount)` from **own balance** → must be funded with Mainnet WETH. | +| **WETH9, WETH10** | **56 (BSC)** | BSC relay bridge `0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C` | Relay-backed release from bridge inventory. | +| **WETH9, WETH10** | **43114 (Avalanche)** | AVAX relay bridge `0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F` | Relay-backed release from bridge inventory. Native Avalanche bridge is deployed but not reachable from the current Chain 138 router. | --- -## 6. References +## 7. References | Document | Use | |----------|-----| @@ -74,4 +92,5 @@ | [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) | Full routes; 138→Mainnet WETH pre-fund prerequisite | | [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md) | Mainnet relay and CCIPRelayBridge | | [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) | cW* mint-on-receive | +| [07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md) | Native AVAX WETH failure proof and non-prefunded cW path | | [07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | Deploy CCIPWETH9/WETH10 per chain (Gnosis, Cronos, Celo, Wemix) | diff --git a/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md b/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md index bacc465..451c143 100644 --- a/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md +++ b/docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md @@ -1,20 +1,18 @@ # Contract Addresses Reference - ChainID 138 -**Last Updated:** 2026-03-26 -**Document Version:** 1.5 +**Last Updated:** 2026-03-30 +**Document Version:** 1.6 **Status:** Active documentation. Use the corrected canonical Chain 138 PMM stack: `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d`, `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`. --- -## Master JSON (single source of truth) +## Machine-readable addresses (master JSON + bytecode list) -**All contract addresses are maintained in:** [`config/smart-contracts-master.json`](../../config/smart-contracts-master.json) +- **Preferred when present:** [`config/smart-contracts-master.json`](../../config/smart-contracts-master.json) — publishable map of chain id → `contracts` (+ optional `envVarMap`). Consumed by Bash (`load-contract-addresses.sh` / `load-project-env.sh`) and Node (`config/contracts-loader.cjs`). **Override:** `.env` wins over JSON. +- **If the file is missing** (old clones only): env loaders skip JSON; **bytecode verification** still uses the **embedded fallback** in [`scripts/verify/check-contracts-on-chain-138.sh`](../../scripts/verify/check-contracts-on-chain-138.sh). When the file **is** present, `chains["138"].contracts` must list the **full** set to check (the script uses jq values from JSON instead of the fallback). +- **Human / narrative SSOT for this doc:** tables below plus [ADDRESS_MATRIX_AND_STATUS.md](ADDRESS_MATRIX_AND_STATUS.md). -- **Publishable** — no secrets; safe to commit and share. -- **Consumed by:** Bash via `source scripts/lib/load-project-env.sh` (or `load-contract-addresses.sh`); Node/JS via `require('.../config/contracts-loader.cjs')`. -- **Override:** Values in `.env` (e.g. `smom-dbis-138/.env`) take precedence over the master JSON. - -See [config/README-CONTRACTS-MASTER.md](../../config/README-CONTRACTS-MASTER.md) for usage from code and scripts. +See [config/README-CONTRACTS-MASTER.md](../../config/README-CONTRACTS-MASTER.md) for layout and usage. --- @@ -45,9 +43,11 @@ Contracts deployed after chain initialization: |----------|---------|--------|---------| | **Oracle Aggregator** | `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506` | ✅ Deployed | Price feed aggregator (same address as Multicall — operator to confirm which contract is at this slot on explorer) | | **Oracle Proxy** | `0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6` | ✅ Deployed | **MetaMask price feed** | -| **CCIP Router** | `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` | ✅ Deployed | Cross-chain router | +| **CCIP Router** | `0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817` | ✅ Deployed | Canonical relay-backed router (`CCIP_ROUTER` in `smom-dbis-138/.env`) | +| **CCIP Router (direct legacy)** | `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` | ✅ Deployed | `CCIP_ROUTER_DIRECT_LEGACY` — still bytecode-checked | | **CCIP Sender** | `0x105F8A15b819948a89153505762444Ee9f324684` | ✅ Deployed | Cross-chain sender | [📄 Details](../07-ccip/CCIP_SENDER_CONTRACT_REFERENCE.md) | -| **CCIPWETH9Bridge** | `0xcacfd227A040002e49e2e01626363071324f820a` | ✅ Deployed | WETH9 cross-chain (working router) | **Use for sendCrossChain** | +| **CCIPWETH9Bridge** | `0xcacfd227A040002e49e2e01626363071324f820a` | ✅ Deployed | WETH9 cross-chain (working router) | **Use for sendCrossChain** (`CCIPWETH9_BRIDGE_CHAIN138`) | +| **CCIPWETH9Bridge (direct legacy)** | `0x971cD9D156f193df8051E48043C476e53ECd4693` | ✅ Deployed | `CCIPWETH9_BRIDGE_DIRECT_LEGACY` | | **CCIPWETH10Bridge** | `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` | ✅ Deployed | WETH10 cross-chain | | | **MerchantSettlementRegistry** | `0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800` | ✅ Deployed | alltra-lifi-settlement | | | **WithdrawalEscrow** | `0xe77cb26eA300e2f5304b461b0EC94c8AD6A7E46D` | ✅ Deployed | alltra-lifi-settlement | | @@ -68,7 +68,8 @@ Contracts deployed after chain initialization: |----------|---------|--------| | **PaymentChannelManager** | `0x302aF72966aFd21C599051277a48DAa7f01a5f54` | Channels | | **GenericStateChannelManager** | `0xe5e3bB424c8a0259FDE23F0A58F7e36f73B90aBd` | Channels | -| **AddressMapper** | `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` | DeployAddressMapper.s.sol (2026-02-12) | +| **AddressMapper** | `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` | DeployAddressMapper.s.sol (2026-02-12); canonical for `ADDRESS_MAPPER` / `smart-contracts-master.json` | +| **AddressMapper** (legacy duplicate) | `0xe48E3f248698610e18Db865457fcd935Bb3da856` | Same bytecode and WETH genesis→deployed mapping as canonical (Core RPC 2026-03-30); prefer canonical for new work | | **MirrorManager** | `0x6eD905A30c552a6e003061A38FD52A5A427beE56` | DeployMirrorManager.s.sol (2026-02-12) | | **Lockbox138** (trustless) | `0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c` | DeployTrustlessBridge.s.sol | | **ReserveSystem** | `0x607e97cD626f209facfE48c1464815DDE15B5093` | Reserve | @@ -79,6 +80,12 @@ Contracts deployed after chain initialization: | **Liquidation** (vault) | `0x3aCdbCB749d6037a02F0ef6ea2E5Fb89D31fAB72` | Vault system | | **XAU Oracle** (vault) | `0xf23E1eDa304082ab7a81531dFE6020E6105e77A8` | Vault system | +### ISO-20022 router (Chain 138) + +| Contract | Address | Notes | +|----------|---------|--------| +| **ISO20022Router** | `0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074` | Explorer inventory key `ISO20022_ROUTER` (`explorer-monorepo/config/address-inventory.json`). Methodology: [SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](../04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md). Integration map: [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) §14. | + ### CREATE2 / Deterministic (DeployDeterministicCore.s.sol, 2026-02-11) | Contract | Address | Notes | diff --git a/docs/11-references/CONTRACT_NEXT_STEPS_LIST.md b/docs/11-references/CONTRACT_NEXT_STEPS_LIST.md index e5c6fbc..6a84721 100644 --- a/docs/11-references/CONTRACT_NEXT_STEPS_LIST.md +++ b/docs/11-references/CONTRACT_NEXT_STEPS_LIST.md @@ -9,7 +9,7 @@ | # | Task | Type | Status | |---|------|------|--------| | 1 | **Chain 138 next steps (all in one)** | Operator | `./scripts/deployment/run-all-next-steps-chain138.sh` — preflight → mirror+pool → register c* as GRU → verify; use `--skip-mirror` if mirror exists. | -| 2 | On-chain check (59 addresses; run check-contracts-on-chain-138.sh) | Operator | Run `./scripts/verify/check-contracts-on-chain-138.sh` from host with RPC | +| 2 | On-chain check (**64** addresses; run check-contracts-on-chain-138.sh) | Operator | Run `./scripts/verify/check-contracts-on-chain-138.sh` from host with RPC | | 3 | Blockscout source verification | Operator | Run from host that can reach Blockscout | | 4 | Reconcile .env | Repo | Done 2026-02-11 | | 5 | Multicall vs Oracle at 0x99b3... | Operator | Confirm on explorer; document in CONTRACT_ADDRESSES_REFERENCE | diff --git a/docs/11-references/CW_STAR_CMC_COINGECKO_LISTING_STATUS.md b/docs/11-references/CW_STAR_CMC_COINGECKO_LISTING_STATUS.md new file mode 100644 index 0000000..204df4d --- /dev/null +++ b/docs/11-references/CW_STAR_CMC_COINGECKO_LISTING_STATUS.md @@ -0,0 +1,68 @@ +# cW* tokens and pools — CoinMarketCap and CoinGecko listing status + +**Last checked:** 2026-03-30 +**Purpose:** Record whether **project** compliant-wrapped stablecoins (`cWUSDT`, `cWUSDC`, `cWEURC`, etc. on public EVM chains) and their **PMM / liquidity pools** appear on major aggregators. Use this when planning listings or explaining why price pages are absent. + +--- + +## 1. Naming collision warning + +- **Compound** uses ticker-style names **`cUSDT`** / **`cUSDC`** for interest-bearing Compound tokens. Those **are** listed on CoinMarketCap and CoinGecko as Compound assets. +- This repo’s **bridged compliant wrappers** use the **`cW*`** prefix (e.g. `cWUSDT`, `cWUSDC`) in `cross-chain-pmm-lps/config/deployment-status.json`. **Do not** assume a CMC/CG page titled “cUSDT” refers to project cW tokens. + +--- + +## 2. Methodology (repeatable) + +1. **CoinGecko — contract lookup (canonical API):** + `GET https://api.coingecko.com/api/v3/coins/{platform}/contract/{address}` + Platforms used for spot check: `ethereum`, `polygon-pos`, `binance-smart-chain`. +2. **CoinGecko — search:** `https://www.coingecko.com/en/search_v2?query=cWUSDT` (and similar). +3. **Chain 138:** CoinGecko `asset_platforms` JSON had **no** entry with `chain_identifier` **138** at time of check; native Chain 138 **cUSDT** / **cUSDC** are not expected on CG/CMC unless explicitly listed under a custom platform. + +--- + +## 3. Results (2026-03-30) + +### 3.1 CoinGecko — by contract address + +Sample addresses from [deployment-status.json](../../cross-chain-pmm-lps/config/deployment-status.json): + +| Network (CG id) | Token | Contract | HTTP result | +|-----------------|-------|----------|---------------| +| ethereum | cWUSDT | `0xaF5017d0163ecb99D9B5D94e3b4D7b09Af44D8AE` | **404** `{"error":"coin not found"}` | +| ethereum | cWUSDC | `0x2de5F116bFcE3d0f922d9C8351e0c5Fc24b9284a` | **404** | +| polygon-pos | cWUSDT | `0x72948a7a813B60b37Cd0c920C4657DbFF54312b8` | **404** | +| binance-smart-chain | cWUSDT | `0x04B2AE3c3bb3d70Df506FAd8717b0FBFC78ED7E6` | **404** | + +**Conclusion:** These **cW\*** contracts were **not** indexed as CoinGecko “coins” at check time. + +### 3.2 CoinGecko — search + +- Query `cWUSDT`: **no coins** in `search_v2` response. +- Query `compliant usdt`: **no coins** in response. + +### 3.3 CoinMarketCap + +- No reliable **programmatic** free API check was run (CMC Pro API key not assumed). +- **Web search** for `cWUSDT` / “Defi Oracle Meta” on CMC did **not** surface project **cW\*** tokens; hits for **cUSDT** / **cUSDC** refer to **Compound**, not deployment-status **cW\*** addresses. + +### 3.4 “Pools” on CMC / CoinGecko + +- Aggregators typically list **DEX pairs** or **pool** pages for **Uniswap-/Curve-style** contracts they index, not arbitrary **DODO PMM** pool addresses unless ingested. +- `deployment-status.json` currently has **`pmmPools`: []** for listed public chains; **Chain 138** PMM pools live in [ADDRESS_MATRIX_AND_STATUS.md](ADDRESS_MATRIX_AND_STATUS.md) / [LIQUIDITY_POOLS_MASTER_MAP.md](LIQUIDITY_POOLS_MASTER_MAP.md) — **no** evidence they appear as named CMC/CG “pools” for **cW\*** branding without a separate listing request. + +--- + +## 4. Operational takeaway + +- **Project cW\*** tokens and PMM pools are **primarily tracked in-repo** (`deployment-status.json`, address matrix, Blockscout on Chain 138) — **not** on CoinGecko/CoinMarketCap as of 2026-03-30. +- To **get listed**, follow each site’s **token listing** / **asset submission** process and supply contract addresses per chain; re-run section 2 (methodology) and update this doc with dates and links. + +--- + +## 5. Related docs + +- [EXPLORER_TOKEN_LIST_CROSSCHECK.md](EXPLORER_TOKEN_LIST_CROSSCHECK.md) — Chain 138 canonical **cUSDT** / **cUSDC** vs Blockscout +- [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](../03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md) — public-chain cW* deployment and pools +- [TRUTH_NETWORK_BRIDGE_SPEC.md](../07-ccip/TRUTH_NETWORK_BRIDGE_SPEC.md) — Truth path and optional cW* extension plan diff --git a/docs/11-references/CW_TOKENS_AND_NETWORKS.md b/docs/11-references/CW_TOKENS_AND_NETWORKS.md index efcde85..5c538e1 100644 --- a/docs/11-references/CW_TOKENS_AND_NETWORKS.md +++ b/docs/11-references/CW_TOKENS_AND_NETWORKS.md @@ -49,14 +49,15 @@ Chains **42220** (Celo) and **1111** (Wemix) are in the token-mapping file for c | Chain(s) | Bridge / receiver | Bridge code mints cW*? | Notes | |----------|-------------------|------------------------|-------| -| All (1, 25, 56, 137, 100, 43114, 8453, 42161, 10) | CCIPRelayBridge (Mainnet), CCIPWETH9_BRIDGE_* (others) | **No** | Current suite is WETH-only; `ccipReceive` only transfers the received token. Granting MINTER/BURNER to these addresses allows DeployCWTokens to run but does not enable cross-chain mint until the receiver is extended or a dedicated cW* receiver (e.g. TwoWayTokenBridgeL2) is deployed. See [CW_BRIDGE_APPROACH.md](../07-ccip/CW_BRIDGE_APPROACH.md) and [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md). | +| **43114 (Avalanche)** | Dedicated AVAX cW bridge `0x635002c5fb227160cd2eac926d1baa61847f3c75` | **Yes** | Proven live for the dedicated non-prefunded `cUSDT -> cWUSDT` corridor. Treat this as a chain-specific exception, not blanket proof for every cW destination chain. | +| Generic public-chain WETH receiver set (1, 25, 56, 137, 100, 43114, 8453, 42161, 10) | CCIPRelayBridge (Mainnet), CCIPWETH9_BRIDGE_* (others) | **No** | Current suite is WETH-only; `ccipReceive` only transfers the received token. Granting MINTER/BURNER to these addresses allows DeployCWTokens to run but does not enable cross-chain mint until the receiver is extended or a dedicated cW* receiver (e.g. TwoWayTokenBridgeL2) is deployed. See [CW_BRIDGE_APPROACH.md](../07-ccip/CW_BRIDGE_APPROACH.md) and [CW_BRIDGE_TASK_LIST.md](CW_BRIDGE_TASK_LIST.md). | | After Phase B or C | Extended bridge or TwoWayTokenBridgeL2 / CCIPReceiverCW | **Yes** (when implemented) | Per [CW_BRIDGE_APPROACH.md](../07-ccip/CW_BRIDGE_APPROACH.md), Option 2 (dedicated receiver) is chosen; deploy TwoWayTokenBridgeL2 or equivalent per chain and point `CW_BRIDGE_` to it for cW* mint/burn. | --- ## 3. How to deploy cWUSDT / cWUSDC -1. **Bridge addresses:** `CW_BRIDGE_ADDRESS` is left as default (zero). Per-chain `CW_BRIDGE_` are set in `smom-dbis-138/.env` from the deployed bridge suite (Mainnet: CCIPRelayBridge; other chains: CCIPWETH9_BRIDGE_*). That contract receives MINTER_ROLE and BURNER_ROLE when deploying cW*; extend it for cW* support if needed. +1. **Bridge addresses:** `CW_BRIDGE_ADDRESS` is left as default (zero). Per-chain `CW_BRIDGE_` are set in `smom-dbis-138/.env` from the deployed bridge suite (Mainnet: CCIPRelayBridge; other chains: CCIPWETH9_BRIDGE_*, or a dedicated cW receiver such as the proven AVAX cW bridge). That contract receives MINTER_ROLE and BURNER_ROLE when deploying cW*; only a dedicated cW-capable receiver enables mint-on-receive. 2. Run with `--deploy-cw`: ```bash cd smom-dbis-138 && ./scripts/deployment/deploy-tokens-and-weth-all-chains-skip-canonical.sh --deploy-cw diff --git a/docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md b/docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md index 43dd84d..0b17b79 100644 --- a/docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md +++ b/docs/11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md @@ -1,6 +1,6 @@ # Deployed Tokens, Bridges, DODO/Uniswap LPs — Status & Complete Routing Map -**Last Updated:** 2026-03-26 +**Last Updated:** 2026-03-31 **Purpose:** Single reference for (1) deployed tokens/coins and bridges per destination network, (2) DODO and Uniswap LPs with addresses, and (3) a complete mapping of all possible routes for routing **to** and **from** each chain. --- @@ -12,7 +12,7 @@ | **Chain 138 tokens** | ✅ Live | cUSDT, cUSDC, WETH, WETH10, LINK; 10 more compliant tokens deployable (cEURC, cEURT, cGBP*, cAUD*, cJPY*, cCHF*, cCAD*, cAUSDT). | | **Chain 138 DODO PMM** | ✅ Live | DODOPMMIntegration + 6 public pools are live on Chain 138: stable pairs plus the three public XAU pools. Official mirror `USDT/USDC` pools were corrected and funded locally. DODOPMMProvider remains deployed; routing cUSDT↔cUSDC and the live local direct/ XAU paths are active. | | **Chain 138 → destination bridges** | ✅ CCIP + Alltra | CCIP WETH9/WETH10 to Ethereum, BSC, Polygon, Arbitrum, Optimism, Avalanche, Cronos, **Celo + Gnosis (2026-03-04)**. Gnosis: 0x4ab39b5BaB7b463435209A9039bd40Cf241F5a82 (WETH9), 0xC15ACdBAC59B3C7Cb4Ea4B3D58334A4b143B4b44 (WETH10). AlltraAdapter 138↔651940. Wemix pending (need 0.4 WEMIX). | -| **Destination tokens (cW\*)** | ⚠️ Design / partial | cWUSDT, cWUSDC deployed on 9 chains (1, 25, 56, 137, 100, 43114, 8453, 42161, 10); cWEURC and others partial. Addresses in .env; **deployment-status.json** empty (design-only). | +| **Destination tokens (cW\*)** | ⚠️ Partial / corridor-specific | cWUSDT, cWUSDC deployed on 9 chains (1, 25, 56, 137, 100, 43114, 8453, 42161, 10); cWEURC and others partial. `deployment-status.json` records token addresses and bridge availability, but the repo only proves a live non-prefunded cW corridor for Avalanche `cUSDT -> cWUSDT`; broader cW routing remains partial. | | **Destination DODO/Uniswap LPs** | ⚠️ Partial graph / pools not live | cross-chain-pmm-lps **pool-matrix** defines cW*/USDC, cW*/USDT per chain; **deployment-status.json** now records deployed cW* token addresses and bridge availability, but PMM pool addresses are still empty. Public-chain edge pools and bot not live. | | **Uniswap on 138** | ❌ | No Uniswap V2/V3 factory on Chain 138. | | **Uniswap on ALL Mainnet (651940)** | ⚠️ Env placeholders | HYDX DEX present; Uniswap V2/V3 and DODO env vars in dex-factories; no pool addresses in repo. | @@ -46,7 +46,7 @@ | **10** | Optimism | cW* deployable. | | **42161** | Arbitrum One | cW* deployable. | | **8453** | Base | cW* deployable. | -| **43114** | Avalanche C-Chain | cW* deployable. | +| **43114** | Avalanche C-Chain | cW* deployed; non-prefunded `cUSDT -> cWUSDT` corridor proven live. | | **42220** | Celo | In pool-matrix; cW* not in deploy script chain list. | | **1111** | Wemix | In pool-matrix; cW* not in deploy script chain list. | | **651940** | ALL Mainnet (Alltra) | AUSDT, USDC, WETH, WALL; AlltraAdapter 138↔651940. | @@ -66,7 +66,7 @@ | Polygon (137) | CCIP | Same | ✅ | | | Arbitrum (42161) | CCIP | Same | ✅ | | | Optimism (10) | CCIP | Same | ✅ | | -| Avalanche (43114) | CCIP | Same | ✅ | | +| Avalanche (43114) | CCIP | Same | ✅ | WETH relay path live; dedicated non-prefunded `avax-cw` corridor for `cUSDT -> cWUSDT` also proven. | | Cronos (25) | CCIP | Same | ✅ | | | ALL Mainnet (651940) | AlltraAdapter | AlltraAdapter `0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc` | ✅ | 138 ↔ 651940. | | Celo (42220) | CCIP | CCIPWETH9Bridge `0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04`, CCIPWETH10Bridge `0xa4B9DD039565AeD9641D45b57061f99d9cA6Df08` (Celo); 138↔Celo destinations configured 2026-03-04 | ✅ | complete-config-ready-chains.sh Celo→138 OK. | @@ -120,7 +120,7 @@ **Designed (pool-matrix.json):** Per chain, first-tier pools: cWUSDT/USDC or cWUSDT/USDT, cWUSDC/USDC or cWUSDC/USDT, plus cWAUSDT, cWEURC, cWEURT, cWUSDW vs hub stable. Optional: cW*/USDT, cW*/DAI, cW*/BUSD, cW*/mUSD. -**Deployment status:** [cross-chain-pmm-lps/config/deployment-status.json](../../cross-chain-pmm-lps/config/deployment-status.json) — **empty** (no cW* addresses, no PMM pool addresses). Design and simulation only; edge pools and bot **not deployed**. +**Deployment status:** [cross-chain-pmm-lps/config/deployment-status.json](../../cross-chain-pmm-lps/config/deployment-status.json) — records cW* token addresses and bridge availability per chain, but PMM pool arrays are still empty. Public-chain edge pools and the stabilization bot are **not deployed**. **Source:** [cross-chain-pmm-lps/config/pool-matrix.json](../../cross-chain-pmm-lps/config/pool-matrix.json), [cross-chain-pmm-lps/config/token-map.json](../../cross-chain-pmm-lps/config/token-map.json). @@ -146,7 +146,8 @@ |------------|------------|--------|--------------------|---------------------------| | WETH9 | 1, 56, 137, 10, 42161, 43114, 25 | CCIP WETH9 | WETH | Native DEX / cW* pool when deployed | | WETH10 | Same | CCIP WETH10 | WETH | Same | -| cUSDT / cUSDC | Any | — | — | No direct bridge for compliant stables; swap to WETH then CCIP, or use Alltra for 651940 | +| cUSDT | 43114 | Dedicated `avax-cw` relay + AVAX cW bridge `0x635002c5fb227160cd2eac926d1baa61847f3c75` | cWUSDT | Direct recipient mint; same-chain cW*/USDT pools are not deployed | +| cUSDT / cUSDC | 1, 25, 56, 100, 137, 10, 42161, 8453, 42220, 1111 | — | — | No blanket live direct route for compliant stables; use WETH hop or a specifically proven cW corridor | | Any (138) | 651940 | AlltraAdapter | AUSDT, WETH, WALL, etc. | ALL Mainnet DEX (env placeholders) | ### 5.3 Cross-chain routing (destination → 138) @@ -156,13 +157,14 @@ | WETH (1, 56, 137, …) | 138 | CCIP receiver bridge on 138 | WETH9 / WETH10 | | 651940 | 138 | AlltraAdapter | Per adapter config | -### 5.4 Public-chain cW* routing (when deployed) +### 5.4 Public-chain cW* routing -| From | To | Route | -|------|-----|--------| -| cW* (e.g. cWUSDT) | USDC / USDT (same chain) | Single-sided cW*/hub pool (pool-matrix); **not deployed**. | -| USDC / USDT | cW* | Same pool (reverse). | -| cW* chain A | cW* chain B | Bridge cW* or bridge underlying + mint cW* on dest; depends on bridge and cW* deployment. | +| From | To | Route | Status | +|------|-----|--------|--------| +| 138 cUSDT | 43114 cWUSDT | Dedicated non-prefunded `avax-cw` bridge; destination mints to recipient | ✅ Live corridor | +| cW* (e.g. cWUSDT) | USDC / USDT (same chain) | Single-sided cW*/hub pool (pool-matrix) | ❌ Not deployed | +| USDC / USDT | cW* | Same pool (reverse) | ❌ Not deployed | +| cW* chain A | cW* chain B | Bridge cW* or bridge underlying + mint cW* on dest; depends on bridge and cW* deployment | ⏳ Depends on explicit bridge wiring | ### 5.5 Swap–bridge–swap (orchestration) @@ -180,10 +182,11 @@ | Chain ID | Name | Tokens deployed | Bridge from 138 | Bridge to 138 | DODO/Uniswap LPs | |----------|------|------------------|------------------|---------------|-------------------| | 138 | DeFi Oracle | cUSDT, cUSDC, cEURT, cXAUC, cXAUT, WETH, WETH10, LINK, official mirrors | — | — | DODO: 6 public pools live + 3 private XAU pools live | -| 1 | Ethereum | WETH, USDT, USDC, DAI | ✅ CCIP WETH9/10 | ✅ CCIP relay | Native DEX; cW* design | +| 1 | Ethereum | WETH, USDT, USDC, DAI | ✅ CCIP WETH9/10 | ✅ CCIP relay | Native DEX; cW* deployed, routing partial | | 651940 | ALL Mainnet | AUSDT, USDC, WETH, WALL | ✅ AlltraAdapter | ✅ AlltraAdapter | Env placeholders; HYDX | -| 25 | Cronos | USDW, EURW, …; cW* | ✅ CCIP | ✅ CCIP | cW* design only | -| 56, 100, 137, 10, 42161, 8453, 43114 | BSC, Gnosis, Polygon, Optimism, Arbitrum, Base, Avalanche | cW* (partial) | ✅ CCIP | ✅ CCIP | cW* pool-matrix; not deployed | +| 25 | Cronos | USDW, EURW, …; cW* deployed | ✅ CCIP | ✅ CCIP | cW* edge pools not deployed | +| 56, 100, 137, 10, 42161, 8453 | BSC, Gnosis, Polygon, Optimism, Arbitrum, Base | cW* deployed / partial | ✅ CCIP | ✅ CCIP | cW* pool-matrix; not deployed | +| 43114 | Avalanche | cW* deployed; `cUSDT -> cWUSDT` corridor proven | ✅ CCIP WETH relay + ✅ `avax-cw` | ✅ CCIP | cW* edge pools not deployed | | 42220, 1111 | Celo, Wemix | — | Config | Config | pool-matrix only | ### 6.2 Route matrix (to and from) @@ -193,9 +196,10 @@ | **138 same-chain** | cUSDT ↔ cUSDC via DODO PMM | ✅ | | **138 → 1** | WETH via CCIP WETH9/10 → mainnet | ✅ | | **138 → 56, 137, 10, 42161, 43114, 25** | WETH via CCIP | ✅ | +| **138 → 43114** | `cUSDT -> cWUSDT` via dedicated `avax-cw` corridor | ✅ | | **138 ↔ 651940** | AlltraAdapter | ✅ | | **1, 56, … → 138** | WETH via CCIP receiver on 138 | ✅ | -| **138 → dest** | cUSDT/cUSDC (swap to WETH then bridge) | ✅ (swap leg); bridge per above | +| **138 → most dest chains** | cUSDT/cUSDC (swap to WETH then bridge) | ⚠️ Needed where no specific cW corridor is proven | | **Dest cW* → USDC/USDT** | cW* edge pool (single-sided) | ❌ Pools not deployed | | **Dest USDC/USDT → cW*** | Same pool | ❌ | diff --git a/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md b/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md index 69a164e..6a401db 100644 --- a/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md +++ b/docs/11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md @@ -2,12 +2,12 @@ > Historical note (2026-03-26): this route map originally captured a pre-correction PMM phase. The current canonical Chain 138 PMM stack is `DODOPMMIntegration=0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d` and `DODOPMMProvider=0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381`. -**Last Updated:** 2026-03-04 +**Last Updated:** 2026-03-31 **Purpose:** Single reference for **all possible routes** from the deployer wallet as **source** (minted/held tokens on all blockchains) **to** public-network stablecoins (USDT, USDC, DAI, AUSDT, etc.) on each chain. Uses Master Documentation and verifiable sources only. **Deployer address (source):** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` -**Sources:** [MASTER_INDEX](MASTER_INDEX.md), [EXPLORER_TOKEN_LIST_CROSSCHECK](EXPLORER_TOKEN_LIST_CROSSCHECK.md) §5/§8, [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md), [ADDRESS_MATRIX_AND_STATUS](ADDRESS_MATRIX_AND_STATUS.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md), [DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS](DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md), [LIQUIDITY_POOLS_MASTER_MAP](LIQUIDITY_POOLS_MASTER_MAP.md). +**Sources:** [MASTER_INDEX](MASTER_INDEX.md), [EXPLORER_TOKEN_LIST_CROSSCHECK](EXPLORER_TOKEN_LIST_CROSSCHECK.md) §5/§8, [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md), [ADDRESS_MATRIX_AND_STATUS](ADDRESS_MATRIX_AND_STATUS.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER](TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md), [DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS](DEPLOYER_WALLET_FUNDING_PLAN_PMM_POOLS.md), [LIQUIDITY_POOLS_MASTER_MAP](LIQUIDITY_POOLS_MASTER_MAP.md), [07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md). --- @@ -21,13 +21,13 @@ Tokens the deployer **can hold** as source (mintable to deployer on 138/Cronos, | **1** | Ethereum Mainnet | WETH (via CCIP from 138), USDT, USDC, DAI (acquire) | | **651940** | ALL Mainnet (Alltra) | AUSDT, USDC (AUSDC), WETH, WALL (via AlltraAdapter from 138 or acquire) | | **25** | Cronos | USDW, EURW, GBPW, AUDW, JPYW, CHFW, CADW (D-WIN W; mintable if MINTER_ROLE), WETH9, WETH10, LINK | -| **56** | BSC | cWUSDT, cWUSDC (design; deployment-status empty), USDT, USDC (acquire) | -| **100** | Gnosis | cW* (design), xDAI, USDC (acquire) | -| **137** | Polygon | cW* (design), USDT, USDC (acquire) | -| **10** | Optimism | cW* (design), USDT, USDC (acquire) | -| **42161**| Arbitrum One | cW* (design), USDT, USDC (acquire) | -| **8453** | Base | cW* (design), USDT, USDC (acquire) | -| **43114**| Avalanche C-Chain | cW* (design), USDT, USDC (acquire) | +| **56** | BSC | cWUSDT, cWUSDC (deployed; broader routing partial), USDT, USDC (acquire) | +| **100** | Gnosis | cW* (deployed; broader routing partial), xDAI, USDC (acquire) | +| **137** | Polygon | cW* (deployed; broader routing partial), USDT, USDC (acquire) | +| **10** | Optimism | cW* (deployed; broader routing partial), USDT, USDC (acquire) | +| **42161**| Arbitrum One | cW* (deployed; broader routing partial), USDT, USDC (acquire) | +| **8453** | Base | cW* (deployed; broader routing partial), USDT, USDC (acquire) | +| **43114**| Avalanche C-Chain | cW* (deployed; non-prefunded `cUSDT -> cWUSDT` corridor proven), USDT, USDC (acquire) | | **42220**| Celo | (CCIP config 2026-03-04); USDC, cEUR (acquire) | | **1111** | Wemix | (pending 0.4 WEMIX); WEMIX, USDT/USDC (acquire) | @@ -95,10 +95,16 @@ Tokens the deployer **can hold** as source (mintable to deployer on 138/Cronos, | From (138) | To (destination chain public stable) | Bridge | Status | |------------|--------------------------------------|--------|--------| -| WETH9 / WETH10 | WETH on dest → USDT/USDC via DEX | CCIP WETH9/WETH10 to BSC, Polygon, Arbitrum, Optimism, Avalanche, Cronos, **Celo**, **Gnosis** | ✅ Live (Celo + Gnosis 2026-03-04) | -| WETH9 / WETH10 | Wemix USDT/USDC | CCIP when Wemix bridges deployed (deployer needs 0.4 WEMIX) | ⏳ Pending | +| WETH9 / WETH10 | **BSC** WETH → USDT/USDC via DEX | Relay-backed first hop to BSC relay bridge `0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C` | ✅ Live; **requires BSC relay WETH inventory** | +| WETH9 / WETH10 | **Avalanche** WETH → USDT/USDC via DEX | Relay-backed first hop to AVAX relay bridge `0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F` | ✅ Tiny-send live; **requires AVAX relay WETH inventory**. Native Avalanche bridge path failed on 2026-03-30. | +| WETH9 / WETH10 | **Gnosis, Polygon, Arbitrum, Optimism, Base, Cronos, Celo** WETH → USDT/USDC via DEX | Bootstrap Mainnet first, then send Mainnet → destination | ⚠️ Use **Mainnet hub**, not a direct first hop from Chain 138 | +| WETH9 / WETH10 | Wemix USDT/USDC | Deploy bridge and seed gas first (deployer needs 0.4 WEMIX) | ⏳ Pending | | cUSDT / cUSDC | Any dest public stable | No direct bridge for compliant stables; must swap to WETH on 138 then CCIP (see 3.2). | ⚠️ Same as 3.2 | +**Live routing note (2026-03-30):** The current Chain 138 router emits `MessageSent` but does not natively deliver into public-chain `CCIPWETH9Bridge` / `CCIPWETH10Bridge` contracts. That is why direct first-hop guidance is limited to the relay-backed lanes and the Mainnet hub. + +**Avalanche cW correction:** Separately from the public-stable routes above, the repo now proves a non-prefunded `cUSDT -> cWUSDT` corridor on Avalanche. That is a live lock/mint route to project `cWUSDT`, not a direct route to native Avalanche `USDT` / `USDC`, so it is tracked in [ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED](ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md) instead of being listed here as a public-stable destination. + --- ### 3.5 Destination chain → public stable (when deployer holds asset on that chain) @@ -108,7 +114,8 @@ Tokens the deployer **can hold** as source (mintable to deployer on 138/Cronos, | **1** | WETH (after CCIP), USDT, USDC, DAI | USDT, USDC, DAI | Native DEX (Uniswap, etc.) | ✅ Standard | | **651940** | AUSDT, USDC, WETH, WALL | AUSDT, USDC | HYDX / Uniswap (env placeholders) | ✅ DEX present | | **25** | USDW, EURW, … (D-WIN W) | USDW, EURW, etc. | Same-chain swap / DEX | ✅ If DEX exists | -| **56, 100, 137, 10, 42161, 8453, 43114** | cW* (design only; deployment-status empty) | USDT, USDC | cW*/USDC, cW*/USDT edge pools (pool-matrix) | ❌ Pools not deployed | +| **56, 100, 137, 10, 42161, 8453** | cW* (deployed) | USDT, USDC | cW*/USDC, cW*/USDT edge pools (pool-matrix) | ❌ Pools not deployed | +| **43114** | cW* (deployed; `cUSDT -> cWUSDT` corridor proven) | USDT, USDC | cW*/USDC, cW*/USDT edge pools (pool-matrix) | ❌ Pools not deployed | | **42220, 1111** | — | USDC, cEUR / USDT, USDC | Acquire then DEX | ✅ Standard (acquire + DEX) | --- @@ -121,7 +128,9 @@ Tokens the deployer **can hold** as source (mintable to deployer on 138/Cronos, | 138 | cUSDC | 138 | cUSDT | Same pool | ✅ | | 138 | WETH9 | 1 | USDT, USDC, DAI | CCIP WETH9 → Mainnet → DEX; **requires Mainnet WETH funding of CCIPRelayBridge first** | ✅ | | 138 | WETH10 | 1 | USDT, USDC, DAI | Same; **CCIPRelayBridge must be funded with Mainnet WETH** | ✅ | -| 138 | WETH9/10 | 56, 137, 10, 42161, 43114, 25, 100, 42220 | WETH → USDT/USDC via DEX | CCIP → dest → DEX | ✅ | +| 138 | WETH9/10 | 56 | WETH → USDT/USDC via DEX | Relay-backed 138 → BSC → DEX; **requires BSC relay inventory** | ✅ | +| 138 | WETH9/10 | 43114 | WETH → USDT/USDC via DEX | Relay-backed 138 → AVAX → DEX; **requires AVAX relay inventory** | ✅ Tiny-send only unless re-funded | +| 138 | WETH9/10 | 100, 137, 10, 42161, 8453, 25, 42220 | WETH → USDT/USDC via DEX | Bootstrap Mainnet first, then Mainnet → dest → DEX | ⚠️ | | 138 | Any | 651940 | AUSDT, USDC | AlltraAdapter → 651940 DEX | ✅ | | 138 | cUSDT, cUSDC | Any | USDT, USDC (any chain) | Swap to WETH on 138 (no c*→WETH pool in docs) + CCIP WETH → dest DEX | ⚠️ Bridge leg ✅; 138 swap leg not documented | | Dest (1, 651940, 25, …) | Deployer-held token on that chain | Same | Public stable | Native DEX | ✅ | @@ -142,7 +151,7 @@ Tokens the deployer **can hold** as source (mintable to deployer on 138/Cronos, ## 6. Related: routes without pre-funded bridge -For routes where **pre-funding a destination bridge is not required** (same-chain, AlltraAdapter lock-mint, CCIP to chains other than Mainnet with mint-on-receive), see [ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED](ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md). +For routes where **pre-funding a destination bridge is not required** (same-chain, AlltraAdapter lock-mint, the proven AVAX `cUSDT -> cWUSDT` corridor, and broader cW mint paths), see [ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED](ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md). --- diff --git a/docs/11-references/GLOSSARY.md b/docs/11-references/GLOSSARY.md index ca6a84f..3415af7 100644 --- a/docs/11-references/GLOSSARY.md +++ b/docs/11-references/GLOSSARY.md @@ -14,6 +14,12 @@ This glossary provides definitions for terms, acronyms, and technical concepts u ## A +### Active Public Pool +A public-chain local edge pool that has been explicitly enabled in `config/gru-transport-active.json` for exposure in token-aggregation. + +### Active Transport Pair +A canonical `c*` to mirrored `cW*` pair that is explicitly enabled by the GRU transport overlay and has the required mapping, deployment, and bridge-peer wiring. + ### API (Application Programming Interface) A set of protocols and tools for building software applications. In this context, refers to RPC APIs (ETH, NET, WEB3) exposed by Besu nodes. @@ -43,9 +49,15 @@ Emergency access method that bypasses normal security controls. In this architec ### CCIP (Chainlink Cross-Chain Interoperability Protocol) A protocol for secure cross-chain communication and token transfers. The deployment includes Commit, Execute, and RMN node types. +### Canonical Asset +The source-of-truth `c*` asset on Chain 138. In GRU Transport, the canonical asset is locked/released on Chain 138 while public chains hold mirrored `cW*` form. + ### ChainID A unique identifier for a blockchain network. ChainID 138 is the identifier for the Sankofa/Phoenix/PanTel network. +### Compliant Wrapped ISO-4217 M1 +The GRU monetary classification for public-network `cW*` assets. These are mirrored transport representations of canonical Chain 138 `c*` assets, not generic wrapped tokens. + ### cloudflared The Cloudflare Tunnel client software that creates secure, encrypted connections between internal services and Cloudflare's edge network. @@ -107,6 +119,12 @@ A network device that connects different networks and routes traffic between the ### Genesis Block The first block in a blockchain. The genesis block contains the initial configuration, including validators and network parameters. +### GRU Monetary Transport Layer +The cross-chain issuance, transport, routing, reserve-verification, and redemption system that moves canonical `c*` from Chain 138 into public-network `cW*` form under JSON-gated policy controls. + +### GRU Transport +The short operator-facing name for the GRU Monetary Transport Layer. + --- ## H @@ -114,6 +132,9 @@ The first block in a blockchain. The genesis block contains the initial configur ### HA (High Availability) System design that ensures services remain available even if individual components fail. ER605 routers provide active/standby redundancy. +### Hard-Peg Eligible Pair +A GRU transport pair whose outbound wrapping is controlled by reserve-verifier checks and per-destination outstanding limits. The hard-peg truth is redemption into canonical `c*`, not secondary-market pool price. + ### Hostname A human-readable name assigned to a network device. In this architecture, hostnames follow patterns like `r630-01`, `ml110`, `besu-rpc-1`. @@ -157,6 +178,9 @@ A text-based diagramming language used to create flowcharts, sequence diagrams, ### ML110 HP ML110 Gen9 server, used as the management and bootstrap node in this architecture. IP: 192.168.11.10 +### Mirrored cW Asset +The public-chain `cW*` representation of a canonical Chain 138 `c*` asset inside the GRU monetary ecosystem. + --- ## N diff --git a/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md b/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md index 6ce01b0..6732e62 100644 --- a/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md +++ b/docs/11-references/LIQUIDITY_POOLS_MASTER_MAP.md @@ -167,7 +167,7 @@ Not liquidity pools per se; they support XAU triangulation for private mesh pari ## Public-chain cW* stabilization (edge pools + bot) -M1 tokens on Chain 138 (cUSDT, cUSDC, cAUSDT, cEURC, cEURT, cUSDW) are bridged to public chains as **cW\*** wrappers (cWUSDT, cWUSDC, etc.). **Single-sided PMM edge pools** (cW* / USDC, cW* / USDT, etc.) on each public chain and a **bot-driven stabilization mesh** maintain the peg. Specs, pool matrix, peg bands, and deployment recipe: +M1 tokens on Chain 138 (cUSDT, cUSDC, cAUSDT, cEURC, cEURT, cUSDW) are bridged to public chains as **cW\*** wrappers (cWUSDT, cWUSDC, etc.). The intended public-chain stabilization model uses **single-sided PMM edge pools** (cW* / USDC, cW* / USDT, etc.) plus a **bot-driven stabilization mesh** when those components are deployed. Specs, pool matrix, peg bands, and deployment recipe: - **[cross-chain-pmm-lps/README.md](../../cross-chain-pmm-lps/README.md)** — Submodule overview and quick start - **[cross-chain-pmm-lps/docs/06-deployment-recipe.md](../../cross-chain-pmm-lps/docs/06-deployment-recipe.md)** — Step-by-step deployment diff --git a/docs/11-references/MINT_C_AND_CW_ON_ALL_NETWORKS.md b/docs/11-references/MINT_C_AND_CW_ON_ALL_NETWORKS.md index d239dce..f149cfc 100644 --- a/docs/11-references/MINT_C_AND_CW_ON_ALL_NETWORKS.md +++ b/docs/11-references/MINT_C_AND_CW_ON_ALL_NETWORKS.md @@ -11,7 +11,7 @@ | Token type | Chain 138 | Other networks (1, 25, 56, 137, 100, 10, 42161, 8453, 43114) | |------------|-----------|---------------------------------------------------------------| | **c*** (cUSDT, cUSDC, cEURC, …) | Deployer is **owner** → can mint | Deploy first with `DeployCompliantFiatTokensForChain.s.sol` (owner = deployer), then mint same as 138 | -| **cW*** (cWUSDT, cWUSDC, …) | Not deployed on 138 (cW* are on destination chains only) | Deployer is **admin** and has **MINTER_ROLE** → can mint on any chain where cW* are deployed | +| **cW*** (cWUSDT, cWUSDC, …) | Not deployed on 138 (cW* are on destination chains only) | Default deploy path gives deployer **admin** + **MINTER_ROLE**; **strict mode** can revoke deployer MINTER/BURNER so only bridge roles remain | --- @@ -80,7 +80,20 @@ Use the same cast pattern with that chain's RPC and token addresses from .env (e ## 3. cW* on other networks -cW* are **CompliantWrappedToken**; the deploy script grants **MINTER_ROLE** to both the **bridge** and the **admin (deployer)**. So the deployer can mint cW* on any chain where cW* were deployed by this repo. +cW* are **CompliantWrappedToken**. + +- **Default deploy path:** the deploy script grants **MINTER_ROLE** to both the **bridge** and the **admin (deployer)**, so the deployer can mint. +- **Strict hard-peg deploy path:** set `CW_STRICT_MODE=1` when running `DeployCWTokens.s.sol`; the script revokes deployer `MINTER_ROLE` / `BURNER_ROLE` after bridge grant. Optional: set `CW_GOVERNANCE_ADMIN=0x...` to move `DEFAULT_ADMIN_ROLE`, and `CW_FREEZE_OPERATIONAL_ROLES=1` to permanently freeze future minter/burner role churn. + +In strict hard-peg mode, token-role lockdown is only part of the job. The bridge path should also be finalized with: + +- `CWMultiTokenBridgeL1.configureSupportedCanonicalToken(token, true)` +- `CWMultiTokenBridgeL1.setMaxOutstanding(token, chainSelector, amount)` for each destination +- deploy and attach `CWReserveVerifier` on Chain 138 so new wrapping is blocked if canonical backing is unsafe +- `CWMultiTokenBridgeL2.freezeTokenPair(canonicalToken)` +- `CWMultiTokenBridgeL2.freezeDestination(chainSelector)` + +Only use the cast mint commands below if the chain was **not** deployed in strict mode. **Per token, per chain (cast):** ```bash diff --git a/docs/11-references/OPERATOR_OPTIONAL_CHECKLIST.md b/docs/11-references/OPERATOR_OPTIONAL_CHECKLIST.md index d5ff54d..e83b00d 100644 --- a/docs/11-references/OPERATOR_OPTIONAL_CHECKLIST.md +++ b/docs/11-references/OPERATOR_OPTIONAL_CHECKLIST.md @@ -108,7 +108,7 @@ Open https://explorer.d-bis.org/address/
#verify-contract and use "Verif **When:** Channel or mirror features are needed on Mainnet or Chain 138. -**Chain 138 (2026-02-12):** AddressMapper `0xe48E3f248698610e18Db865457fcd935Bb3da856`, MirrorManager `0x6eD905A30c552a6e003061A38FD52A5A427beE56` — deployed. TransactionMirror: if `forge script script/DeployTransactionMirror.s.sol` hits constructor-args decode error, deploy via `forge create contracts/mirror/TransactionMirror.sol:TransactionMirror --constructor-args --rpc-url $RPC_URL_138 --private-key $PRIVATE_KEY --gas-price 1000000000`. +**Chain 138 (2026-02-12):** AddressMapper canonical `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A` (legacy duplicate `0xe48E3f248698610e18Db865457fcd935Bb3da856` — identical bytecode/views; align `ADDRESS_MAPPER` in `.env` to canonical), MirrorManager `0x6eD905A30c552a6e003061A38FD52A5A427beE56` — deployed. TransactionMirror: if `forge script script/DeployTransactionMirror.s.sol` hits constructor-args decode error, deploy via `forge create contracts/mirror/TransactionMirror.sol:TransactionMirror --constructor-args --rpc-url $RPC_URL_138 --private-key $PRIVATE_KEY --gas-price 1000000000`. **Steps:** - **Chain 138:** Always use `--with-gas-price 1000000000` for any `forge script` or `forge create`. diff --git a/docs/11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md b/docs/11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md index 907f09d..d88c68a 100644 --- a/docs/11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md +++ b/docs/11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md @@ -2,14 +2,14 @@ > Historical note (2026-03-26): verify live PMM pool addresses against [LIQUIDITY_POOLS_MASTER_MAP.md](LIQUIDITY_POOLS_MASTER_MAP.md). Earlier route examples may reference a superseded PMM stack. -**Last Updated:** 2026-03-04 -**Purpose:** Routes from the deployer wallet (or any user) to public-network stablecoins (or between tokens) where **pre-funding a destination bridge is not required**. These use **lock-mint** (source locks, destination mints), **same-chain** (no bridge), or **DEX-only** flows. For routes that *do* require bridge pre-funding (e.g. 138 → Mainnet WETH), see [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md). +**Last Updated:** 2026-03-31 +**Purpose:** Routes from the deployer wallet (or any user) to public-network stablecoins (or between tokens) where **pre-funding a destination bridge is not required**. These use **lock-mint** (source locks, destination mints), **same-chain** (no bridge), or **DEX-only** flows. For routes that *do* require bridge pre-funding, or routes that are not a proven direct first hop from the current Chain 138 router, see [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md). **Deployer address:** `0x4A666F96fC8764181194447A7dFdb7d471b301C8` -**Why this doc:** The 138 → Ethereum Mainnet WETH path uses a **relay + release** model: CCIPRelayBridge on Mainnet **releases** WETH from a pool and must be **funded with Mainnet WETH** before transfers can complete. Other paths (same-chain DODO, AlltraAdapter, CCIP to non-Mainnet chains with mint-on-receive) do not require pre-funding the destination bridge. +**Why this doc:** The 138 → Ethereum Mainnet, BSC, and Avalanche WETH paths currently use **relay + release** models: the destination bridge **releases** WETH from inventory and must already hold enough WETH. Other public-chain native bridge deployments should not be treated as live no-prefund first hops from Chain 138 unless a matching native delivery path is proven. -**Sources:** [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md), [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md). +**Sources:** [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md), [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md), [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md), [07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md), [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md). --- @@ -18,6 +18,9 @@ | Route | Reason | |-------|--------| | **138 WETH → Ethereum Mainnet (1)** | CCIPRelayBridge on chain 1 **releases** WETH (does not mint). Mainnet WETH must be sent to the bridge before 138→Mainnet transfers can complete. See [DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES](DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) §3.2 and [CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md). | +| **138 WETH → BSC (56)** | Current live BSC delivery is relay-backed and releases WETH from BSC bridge inventory. Do not treat the deployed native BSC bridge as proof of a direct no-prefund first hop from Chain 138. | +| **138 WETH → Avalanche (43114)** | Current live AVAX delivery is relay-backed and releases WETH from AVAX bridge inventory. A native Avalanche bridge test on 2026-03-30 failed because the Chain 138 router and Avalanche bridge router do not match. See [NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md). | +| **138 WETH → Gnosis / Cronos / Celo / Polygon / Arbitrum / Optimism / Base** | Native bridge deployments exist, but they are not proven direct first hops from the current Chain 138 router. Use the Mainnet hub or a cW mint path instead of treating them as no-prefund direct routes. | All routes below **do not** require pre-funding the destination bridge. @@ -50,25 +53,28 @@ Design: **lock on 138 → relayer mints on 651940** (and reverse). No destinatio **Source:** [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md), [CROSS_CHAIN_ARBITRAGE_DESIGN](../07-ccip/CROSS_CHAIN_ARBITRAGE_DESIGN.md) (lock on 138, relayer mints on 651940). -### 3.2 Chain 138 → CCIP destinations other than Mainnet (1) +### 3.2 Chain 138 → public chains: current live correction -For **138 → BSC (56), Polygon (137), Arbitrum (42161), Optimism (10), Avalanche (43114), Cronos (25), Celo (42220), Gnosis (100), Wemix (1111)**, the destination receiver is **CCIPWETH9Bridge** / **CCIPWETH10Bridge** (same contract type as on 138). With **native CCIP**, the protocol **delivers** the token amounts to the receiver when the message is executed; the receiver then **forwards** to the recipient (`transfer(recipient, amount)`). So the receiver **does not mint** — it **receives from CCIP and forwards**. No pre-fund is required (tokens arrive with the message). +There is **no blanket no-prefund WETH rule** for public-chain first hops from the current Chain 138 router. -| From (138) | To (chain) | Route | Status | -|------------|------------|--------|--------| -| WETH9 / WETH10 | 56, 100, 137, 10, 42161, 8453, 43114, 25, 42220, 1111 | CCIP WETH9/WETH10 → destination (receiver **receives from CCIP + forwards**); then DEX to USDT/USDC on that chain | ✅ (Celo, Gnosis 2026-03-04); Wemix ⏳ | +| From (138) | To (chain) | Current reality | Include in this no-prefund doc? | +|------------|------------|-----------------|----------------------------------| +| WETH9 / WETH10 | Mainnet, BSC, Avalanche | Relay-backed release path from destination inventory | No | +| WETH9 / WETH10 | Gnosis, Cronos, Celo, Polygon, Arbitrum, Optimism, Base | Native bridge deployments exist, but not as proven direct first hops from current Chain 138 routing | No | +| WETH9 / WETH10 | Wemix | Pending deployment / gas seeding | No | -**Per-chain, per-token confirmation:** See [CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN](CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md) for which tokens use **mint** vs **receive+forward** vs **release** (pre-fund) on each chain. +**Per-chain, per-token confirmation:** See [CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN](CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md) for the distinction between native bridge contract behavior and the current live Chain 138 route. -### 3.3 cW* (c* → cW* on public chains) — when deployed +### 3.3 cW* (c* → cW* on public chains) — live AVAX corridor plus broader design -Design: **lock cUSDT/cUSDC on 138, mint cWUSDT/cWUSDC on destination** in `ccipReceive`. No pre-funded pool; receiver has MINTER_ROLE and mints. +Design rule: **lock cUSDT/cUSDC on 138, mint cWUSDT/cWUSDC on destination** in `ccipReceive`. No pre-funded pool; receiver has MINTER_ROLE and mints. The repo now proves that model end to end for the dedicated Avalanche `cUSDT -> cWUSDT` corridor, but it does **not** assert blanket live status for every cW destination chain. | From (138) | To (destination chain) | Route | Status | |------------|------------------------|--------|--------| -| cUSDT / cUSDC | cWUSDT / cWUSDC on chain (e.g. 56, 137, 1) | UniversalCCIPBridge or dedicated lock-and-send → destination TwoWayTokenBridgeL2 (or CCIPReceiverCW) → `ccipReceive` → `cW*.mint(recipient, amount)` | ⏳ Design / partial; deployment-status empty | +| cUSDT | 43114 cWUSDT | Dedicated `avax-cw` path: Chain 138 relay router `0xe75d26bc558a28442f30750c6d97bffb46f39abc` → AVAX cW bridge `0x635002c5fb227160cd2eac926d1baa61847f3c75` → recipient mint | ✅ Live and proven E2E | +| cUSDT / cUSDC | cWUSDT / cWUSDC on chain (e.g. 56, 137, 1) | UniversalCCIPBridge or dedicated lock-and-send → destination TwoWayTokenBridgeL2 (or CCIPReceiverCW) → `ccipReceive` → `cW*.mint(recipient, amount)` | ⏳ Design / partial outside the proven AVAX corridor | -**Source:** [CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) — “lock c* on 138, mint cW* on destination”; receiver implements `ccipReceive` → `cW*.mint(recipient, amount)`. +**Sources:** [CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) — “lock c* on 138, mint cW* on destination”; receiver implements `ccipReceive` → `cW*.mint(recipient, amount)`. [NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md) records the live AVAX contract set and tx proofs. --- @@ -89,9 +95,9 @@ Design: **lock cUSDT/cUSDC on 138, mint cWUSDT/cWUSDC on destination** in `ccipR | Same-chain 138 (cUSDT↔cUSDC) | DODO PMM pool | No | | Same-chain any (DEX swap) | User holds token on chain, swap on DEX | No | | 138 ↔ 651940 | AlltraAdapter (lock / mint) | No | -| 138 → chains other than Mainnet (1) | CCIP WETH9/WETH10 (destination **receives from CCIP + forwards**; no mint) | No | +| 138 → 43114 `cUSDT -> cWUSDT` | Dedicated AVAX cW lock / mint route | No | +| 138 → public chains via generic cW path (other chains / assets) | Lock c* on 138, mint cW* on destination | No by design; live status still partial | | 138 → Mainnet (1) WETH | CCIP relay → CCIPRelayBridge **releases** | **Yes** — excluded from this doc | -| cW* 138 → dest (when deployed) | Lock c* on 138, mint cW* on dest | No | | Inbound to 138 | AlltraAdapter, CCIP receiver on 138 | No | --- @@ -105,4 +111,5 @@ Design: **lock cUSDT/cUSDC on 138, mint cWUSDT/cWUSDC on destination** in `ccipR | [DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS](DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) | Bridges and routing by chain | | [07-ccip/CW_BRIDGE_APPROACH](../07-ccip/CW_BRIDGE_APPROACH.md) | cW* lock-mint flow (no pre-fund) | | [07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md) | Why Mainnet WETH requires bridge pre-fund (relay + release) | +| [07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK](../07-ccip/NON_PREFUNDED_AVAX_MIGRATION_RUNBOOK.md) | Why AVAX non-prefunded is cW-based, not native WETH from current 138 router | | [CONTRACT_ADDRESSES_REFERENCE](CONTRACT_ADDRESSES_REFERENCE.md) | AlltraAdapter, CCIP bridges, CCIPRelayBridge | diff --git a/docs/11-references/TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md b/docs/11-references/TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md index 3d7e6c9..3bac52f 100644 --- a/docs/11-references/TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md +++ b/docs/11-references/TOKENS_DEPLOYER_DEPLOYED_ON_OTHER_CHAINS.md @@ -133,6 +133,7 @@ The following items have been **brought within scope** and are implemented. - **Env:** `CW_BRIDGE_ADDRESS` (required for deploy) or per-chain `CW_BRIDGE_`; after deploy set `CWUSDT_`, `CWUSDC_`. - **All-chains script:** `deploy-tokens-and-weth-all-chains-skip-canonical.sh --deploy-cw` For each chain, if `CWUSDT_` is unset and bridge address is set, runs `DeployCWTokens` and prompts to set addresses in .env. +- **Current live bridge note:** cW* token deployment is implemented on multiple chains, but generic public-chain mint-on-receive still requires a dedicated cW-capable receiver. The proven live exception is Avalanche `cUSDT -> cWUSDT` via AVAX cW bridge `0x635002c5fb227160cd2eac926d1baa61847f3c75`. ### 6.3 AUSDT and ALL Mainnet (651940) — **Implemented (env validation only)** diff --git a/docs/11-references/TOKEN_CATEGORIES_CANONICAL.md b/docs/11-references/TOKEN_CATEGORIES_CANONICAL.md index 58ce26d..c4efd7a 100644 --- a/docs/11-references/TOKEN_CATEGORIES_CANONICAL.md +++ b/docs/11-references/TOKEN_CATEGORIES_CANONICAL.md @@ -81,7 +81,7 @@ Bridged representations of Canonical 138 Compliant tokens on **public chains** ( | **cWCHFW** | Wrapped CHFW | | **cWCADW** | Wrapped CADW | -**Context:** M1 tokens on Chain 138 (cUSDT, cUSDC, cEURT, cEURC, etc.) are bridged to public chains as **cW*** wrappers; single-sided PMM edge pools (cW* / USDC, cW* / USDT) and bot-driven mesh maintain the peg. See [cross-chain-pmm-lps](../../cross-chain-pmm-lps/README.md), [LIQUIDITY_POOLS_MASTER_MAP](LIQUIDITY_POOLS_MASTER_MAP.md) § Public-chain cW* stabilization. +**Context:** M1 tokens on Chain 138 (cUSDT, cUSDC, cEURT, cEURC, etc.) are bridged to public chains as **cW*** wrappers. The intended public-chain stabilization model uses single-sided PMM edge pools (cW* / USDC, cW* / USDT) plus a bot-driven mesh **when deployed**; broader edge-pool rollout is still partial. See [cross-chain-pmm-lps](../../cross-chain-pmm-lps/README.md), [LIQUIDITY_POOLS_MASTER_MAP](LIQUIDITY_POOLS_MASTER_MAP.md) § Public-chain cW* stabilization. --- diff --git a/docs/MASTER_INDEX.md b/docs/MASTER_INDEX.md index 642477a..01f4f6f 100644 --- a/docs/MASTER_INDEX.md +++ b/docs/MASTER_INDEX.md @@ -1,11 +1,11 @@ # Documentation — Master Index -**Last Updated:** 2026-03-28 +**Last Updated:** 2026-03-31 **Purpose:** Single entry point for all project documentation. Use this index to find canonical sources and avoid deprecated or duplicate content. -**Status:** Preflight and Chain 138 next steps completed (59/59 on-chain per [check-contracts-on-chain-138.sh](../../scripts/verify/check-contracts-on-chain-138.sh), 12 c* GRU-registered). **2026-03-06:** Contract check list expanded to 59 addresses (PMM, vault/reserve, CompliantFiatTokens); doc refs updated. **2026-03-04:** Celo CCIP bridges deployed; Phase A–D tracked in [03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md). Phase C: [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md); Phase D: [PHASE_D_OPTIONAL_CHECKLIST.md](03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md). **On-chain verification:** DODOPMMIntegration canonical cUSDT/cUSDC — [EXPLORER_TOKEN_LIST_CROSSCHECK](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. **Remaining:** Wemix 0.4 WEMIX, LINK fund, cW* + edge pools — see [00-meta/TODOS_CONSOLIDATED.md](00-meta/TODOS_CONSOLIDATED.md). +**Status:** Preflight and Chain 138 next steps completed (**64/64** on-chain per [check-contracts-on-chain-138.sh](../../scripts/verify/check-contracts-on-chain-138.sh) when LAN RPC reachable; includes **ISO20022Router**, canonical + legacy CCIP router/WETH9 bridge, `config/smart-contracts-master.json`). **2026-03-30:** Live verification — [LIVE_VERIFICATION_LOG_2026-03-30.md](00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md) (public + private E2E **Failed: 0**, config validation, `run-all-validation.sh --skip-genesis`). **2026-03-06:** Prior doc pass referred to 59 addresses; script list grew through **61** → **62** → **64** (PMM, vault/reserve, CompliantFiatTokens, ISO router, CCIP legacy pair). **2026-03-04:** Celo CCIP bridges deployed; Phase A–D tracked in [03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md). Phase C: [PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md); Phase D: [PHASE_D_OPTIONAL_CHECKLIST.md](03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md). **On-chain verification:** DODOPMMIntegration canonical cUSDT/cUSDC — [EXPLORER_TOKEN_LIST_CROSSCHECK](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) §8. **Remaining:** Wemix 0.4 WEMIX, LINK fund, cW* + edge pools — see [00-meta/TODOS_CONSOLIDATED.md](00-meta/TODOS_CONSOLIDATED.md). -**Continue and complete (operator/LAN):** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` not set; add `--deploy` or `--create-vms` as needed). Operator scripts load dotenv from repo `.env` and `smom-dbis-138/.env` automatically. +**Continue and complete (operator/LAN):** (1) `./scripts/run-completable-tasks-from-anywhere.sh` then (2) `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` not set; add `--deploy` or `--create-vms` as needed). Operator scripts load dotenv from repo `.env` and `smom-dbis-138/.env` automatically. **P1 local slice:** `bash scripts/verify/run-p1-local-verification.sh` (`--with-iru-tests` optional); full P1 IDs in [TODOS_CONSOLIDATED.md](00-meta/TODOS_CONSOLIDATED.md#p1--merged-backlog-2026-03-30). --- @@ -14,8 +14,10 @@ | Purpose | Document | |--------|----------| | **Agent / IDE instructions** | [AGENTS.md](../AGENTS.md) (repo root) | +| **Local green-path tests** | Root `pnpm test` → [`scripts/verify/run-repo-green-test-path.sh`](../scripts/verify/run-repo-green-test-path.sh) | | **Git submodule hygiene + explorer remotes** | [00-meta/SUBMODULE_HYGIENE.md](00-meta/SUBMODULE_HYGIENE.md) — detached HEAD, push order, Gitea/GitHub, `submodules-clean.sh` | | **What to do next** | [00-meta/NEXT_STEPS_INDEX.md](00-meta/NEXT_STEPS_INDEX.md) — ordered actions, by audience, execution plan | +| **Live verification evidence (dated)** | [00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md](00-meta/LIVE_VERIFICATION_LOG_2026-03-30.md) | | **Your personal checklist** | [00-meta/NEXT_STEPS_FOR_YOU.md](00-meta/NEXT_STEPS_FOR_YOU.md) | | **Operator runbook (LAN/creds)** | [00-meta/NEXT_STEPS_OPERATOR.md](00-meta/NEXT_STEPS_OPERATOR.md) | | **Operator copy-paste commands** | [00-meta/OPERATOR_READY_CHECKLIST.md](00-meta/OPERATOR_READY_CHECKLIST.md) — exact commands for Blockscout, NPMplus, CCIP, 502 fix, backup, deploy | @@ -27,7 +29,8 @@ | **Next steps (concise)** | [00-meta/NEXT_STEPS_LIST.md](00-meta/NEXT_STEPS_LIST.md) — bridge/swap/Phase C status, quick commands | | **Still not done (operator/external)** | [00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md](00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md) | | **Remaining tasks (one page)** | [00-meta/REMAINING_TASKS.md](00-meta/REMAINING_TASKS.md) | -| **Contract next steps (Chain 138)** | [11-references/CONTRACT_NEXT_STEPS_LIST.md](11-references/CONTRACT_NEXT_STEPS_LIST.md) — on-chain check (59 addr), Blockscout, env | +| **Contract next steps (Chain 138)** | [11-references/CONTRACT_NEXT_STEPS_LIST.md](11-references/CONTRACT_NEXT_STEPS_LIST.md) — on-chain check (64 addr), Blockscout, env | +| **Integration gaps (OMNL / Core / RTGS / ISO)** | [00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md](00-meta/INTEGRATION_GAPS_AND_NEXT_STEPS_2026-03-30.md) | | **Task check report (verify before completing)** | [00-meta/TASK_CHECK_REPORT.md](00-meta/TASK_CHECK_REPORT.md) | | **Gaps status (all gap sources + fixes)** | [00-meta/GAPS_STATUS.md](00-meta/GAPS_STATUS.md) | @@ -44,12 +47,24 @@ | Deployment order | [03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md](03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md), [03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) (Phases A–D) | — | | Phase C (cW* + edge pools) | [03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md](03-deployment/PHASE_C_CW_AND_EDGE_POOLS_RUNBOOK.md) | — | | Phase D (optional XAU/vaults/trustless) | [03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md](03-deployment/PHASE_D_OPTIONAL_CHECKLIST.md) | — | +| **OMNL + DBIS Core + Chain 138 + Smart Vault + external RTGS** | [03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) | — | +| **Chain 138 as SWIFT-replacement rail (UETR vs on-chain ids, audit scope)** | [03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) | — | +| **JVMTM / regulatory closure JSON (3-way recon, prefunding, ACK, exceptions, KYT/BCP/DR templates)** | [`config/jvmtm-regulatory-closure/README.md`](../config/jvmtm-regulatory-closure/README.md), [`INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md`](../config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md) (Tables B/C/D vs archive), `scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh`, `scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh` (`JVMTM_CLOSURE_DIR`) | — | +| **Reserve provenance / funding attestation (3FR staged package)** | [`config/reserve-provenance-package/README.md`](../config/reserve-provenance-package/README.md), `scripts/validation/validate-reserve-provenance-package.sh` | — | +| **DBIS institutional JSON (settlement, registry, trust/governance/policy)** | [`config/dbis-institutional/README.md`](../config/dbis-institutional/README.md), `scripts/validation/validate-dbis-institutional-schemas.sh`, `scripts/verify/sync-blockscout-address-labels-from-registry.sh` | — | +| **ISO-20022 → on-chain (methodology + multi-network intake)** | [04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md](04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md), [04-configuration/ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md](04-configuration/ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md); Rail: [dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md](dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md) | — | +| **GRU c* V2 standards and implementation plan** | [04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md](04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md) | — | +| **GRU standards profile** | [04-configuration/GRU_STANDARDS_PROFILE.md](04-configuration/GRU_STANDARDS_PROFILE.md), [`../config/gru-standards-profile.json`](../config/gru-standards-profile.json) | — | +| **GRU FX onboarding checklist** | [04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md](04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md) | — | +| **GRU ISO-4217 currency manifest** | [`../config/gru-iso4217-currency-manifest.json`](../config/gru-iso4217-currency-manifest.json) | — | | Operational runbooks | [03-deployment/OPERATIONAL_RUNBOOKS.md](03-deployment/OPERATIONAL_RUNBOOKS.md) | RUNBOOKS_MASTER_INDEX.md — use OPERATIONAL_RUNBOOKS as single source | -| Contract / address status | [11-references/ADDRESS_MATRIX_AND_STATUS.md](11-references/ADDRESS_MATRIX_AND_STATUS.md), [11-references/CONTRACT_ADDRESSES_REFERENCE.md](11-references/CONTRACT_ADDRESSES_REFERENCE.md), [11-references/CONTRACT_NEXT_STEPS_LIST.md](11-references/CONTRACT_NEXT_STEPS_LIST.md) (59-addr check) | CONTRACT_INVENTORY_AND_VERIFICATION (deleted) | -| **Proxmox VMIDs, LAN IPs, NPM targets** | [04-configuration/ALL_VMIDS_ENDPOINTS.md](04-configuration/ALL_VMIDS_ENDPOINTS.md), [`config/ip-addresses.conf`](../config/ip-addresses.conf), [11-references/NETWORK_CONFIGURATION_MASTER.md](11-references/NETWORK_CONFIGURATION_MASTER.md), [`config/proxmox-operational-template.json`](../config/proxmox-operational-template.json) | Dated inventories under `docs/archive/` (paths on disk only) | +| Contract / address status | [11-references/ADDRESS_MATRIX_AND_STATUS.md](11-references/ADDRESS_MATRIX_AND_STATUS.md), [11-references/CONTRACT_ADDRESSES_REFERENCE.md](11-references/CONTRACT_ADDRESSES_REFERENCE.md), [11-references/CONTRACT_NEXT_STEPS_LIST.md](11-references/CONTRACT_NEXT_STEPS_LIST.md) (64-addr check) | CONTRACT_INVENTORY_AND_VERIFICATION (deleted) | +| **Proxmox VMIDs, LAN IPs, NPM targets** | [04-configuration/ALL_VMIDS_ENDPOINTS.md](04-configuration/ALL_VMIDS_ENDPOINTS.md) (includes **Proxmox Mail Proxy** VMID 100 / `192.168.11.32`), [`config/ip-addresses.conf`](../config/ip-addresses.conf), [11-references/NETWORK_CONFIGURATION_MASTER.md](11-references/NETWORK_CONFIGURATION_MASTER.md), [`config/proxmox-operational-template.json`](../config/proxmox-operational-template.json) | Dated inventories under `docs/archive/` (paths on disk only) | | **FQDN → expected content (web / API / RPC)** | [04-configuration/FQDN_EXPECTED_CONTENT.md](04-configuration/FQDN_EXPECTED_CONTENT.md) | — | | **Sankofa / Phoenix public vs portal vs admin endpoints (fix list)** | [03-deployment/SANKOFA_PHOENIX_PUBLIC_PORTAL_ADMIN_ENDPOINT_CORRECTION_TASKS.md](03-deployment/SANKOFA_PHOENIX_PUBLIC_PORTAL_ADMIN_ENDPOINT_CORRECTION_TASKS.md) | — | +| **Sankofa marketplace surfaces** (native vs partner offerings; IRU catalog vs portal SSO vs Studio landing) | [03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](03-deployment/SANKOFA_MARKETPLACE_SURFACES.md) | — | | **IP conflict resolutions** | [reports/status/IP_CONFLICTS_RESOLUTION_COMPLETE.md](../reports/status/IP_CONFLICTS_RESOLUTION_COMPLETE.md), `scripts/resolve-ip-conflicts.sh` | — | +| **Wormhole AI docs (LLM / MCP / RAG)** | [04-configuration/WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md](04-configuration/WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md), [04-configuration/WORMHOLE_AI_RESOURCES_RAG.md](04-configuration/WORMHOLE_AI_RESOURCES_RAG.md), `scripts/doc/sync-wormhole-ai-resources.sh`, `scripts/verify/verify-wormhole-ai-docs-setup.sh`, [`mcp-wormhole-docs/`](../mcp-wormhole-docs/) | Wormhole protocol reference only — not Chain 138 canonical addresses (use [11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md), CCIP runbooks for 138) | --- @@ -58,13 +73,13 @@ | Area | Index / key doc | |------|-----------------| | **00-meta** (tasks, next steps, phases) | [00-meta/NEXT_STEPS_INDEX.md](00-meta/NEXT_STEPS_INDEX.md), [00-meta/PHASES_AND_TASKS_MASTER.md](00-meta/PHASES_AND_TASKS_MASTER.md) | -| **02-architecture** | [02-architecture/](02-architecture/) — **Public sector + Phoenix catalog baseline:** [02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md); **non-goals (incl. catalog vs marketing §9):** [02-architecture/NON_GOALS.md](02-architecture/NON_GOALS.md); **DBIS Chain 138:** [dbis_chain_138_technical_master_plan.md](../dbis_chain_138_technical_master_plan.md), [02-architecture/DBIS_NODE_ROLE_MATRIX.md](02-architecture/DBIS_NODE_ROLE_MATRIX.md), [02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md) | -| **03-deployment** | [03-deployment/OPERATIONAL_RUNBOOKS.md](03-deployment/OPERATIONAL_RUNBOOKS.md), [03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md](03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md), **Public sector live checklist:** [03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md](03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md), **Proxmox VE ops template:** [03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md) · [`config/proxmox-operational-template.json`](config/proxmox-operational-template.json); **DBIS Phase 1–3:** [03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](03-deployment/PHASE1_DISCOVERY_RUNBOOK.md), [03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md), [03-deployment/CALIPER_CHAIN138_PERF_HOOK.md](03-deployment/CALIPER_CHAIN138_PERF_HOOK.md), [03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md), **RTGS canonical production checklist and institutional-finance layers:** [03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md), [03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md](03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md), [03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md), [03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md), [03-deployment/DBIS_RTGS_CONTROL_PLANE_DEPLOYMENT_CHECKLIST.md](03-deployment/DBIS_RTGS_CONTROL_PLANE_DEPLOYMENT_CHECKLIST.md), [03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md](03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md), [03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md), [03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md](03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md), [03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md](03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md), [03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md), [03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md), [03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md), [03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md](03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md), [03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md) | -| **04-configuration** | [04-configuration/README.md](04-configuration/README.md), [04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md](04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md) (paths, registry, token-mapping, LiFi/Jumper); **Chain 138 wallets:** [04-configuration/CHAIN138_WALLET_CONFIG_VALIDATION.md](04-configuration/CHAIN138_WALLET_CONFIG_VALIDATION.md); **Chain 2138 testnet wallets:** [04-configuration/CHAIN2138_WALLET_CONFIG_VALIDATION.md](04-configuration/CHAIN2138_WALLET_CONFIG_VALIDATION.md); **OMNL Indonesia / HYBX-BATCH-001:** [04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md](04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md), [04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) | +| **02-architecture** | [02-architecture/](02-architecture/) — **Public sector + Phoenix catalog baseline** (Sankofa **native vs partner** marketplace: [03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](03-deployment/SANKOFA_MARKETPLACE_SURFACES.md)): [02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md](02-architecture/PUBLIC_SECTOR_TENANCY_MARKETPLACE_AND_DEPLOYMENT_BASELINE.md); **canonical Sankofa / Phoenix boundaries and taxonomy:** [02-architecture/SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md](02-architecture/SANKOFA_PHOENIX_CANONICAL_BOUNDARIES_AND_TAXONOMY.md); **current remaining-task tracker:** [02-architecture/SANKOFA_PHOENIX_REMAINING_TASKS.md](02-architecture/SANKOFA_PHOENIX_REMAINING_TASKS.md); **Phase 4 migration runbook:** [02-architecture/SANKOFA_PHOENIX_PHASE4_MIGRATION_RUNBOOK.md](02-architecture/SANKOFA_PHOENIX_PHASE4_MIGRATION_RUNBOOK.md); **complete Sankofa / Phoenix phased execution plan:** [02-architecture/SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md](02-architecture/SANKOFA_PHOENIX_COMPLETE_PHASED_EXECUTION_PLAN.md); **non-goals (incl. catalog vs marketing §9):** [02-architecture/NON_GOALS.md](02-architecture/NON_GOALS.md); **DBIS Chain 138:** [dbis_chain_138_technical_master_plan.md](../dbis_chain_138_technical_master_plan.md), [02-architecture/DBIS_NODE_ROLE_MATRIX.md](02-architecture/DBIS_NODE_ROLE_MATRIX.md), [02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md](02-architecture/DBIS_PHASE2_PROXMOX_SOVEREIGNIZATION_ROADMAP.md); **DBIS web / d-bis.org institutional blueprint:** [02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md) | +| **03-deployment** | [03-deployment/OPERATIONAL_RUNBOOKS.md](03-deployment/OPERATIONAL_RUNBOOKS.md), [03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md](03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md), **Public sector live checklist:** [03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md](03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md), **Proxmox VE ops template:** [03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md](03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md) · [`config/proxmox-operational-template.json`](config/proxmox-operational-template.json); **DBIS Phase 1–3:** [03-deployment/PHASE1_DISCOVERY_RUNBOOK.md](03-deployment/PHASE1_DISCOVERY_RUNBOOK.md), [03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md](03-deployment/DBIS_PHASE3_E2E_PRODUCTION_SIMULATION_RUNBOOK.md), [03-deployment/CALIPER_CHAIN138_PERF_HOOK.md](03-deployment/CALIPER_CHAIN138_PERF_HOOK.md), [03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md](03-deployment/DBIS_HYPERLEDGER_RUNTIME_STATUS.md), [03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md](03-deployment/DBIS_PHASES_1_TO_3_PRODUCTION_GATE.md), **RTGS canonical production checklist and institutional-finance layers:** [03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md](03-deployment/DBIS_RTGS_E2E_REQUIREMENTS_MATRIX.md), [03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md](03-deployment/DBIS_RTGS_FX_TRANSACTION_CATALOG.md), [03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md), [03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md](03-deployment/DBIS_RTGS_DEPOSITORY_AND_CUSTODY_OPERATING_MODEL.md), [03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md](03-deployment/DBIS_RTGS_FX_AND_LIQUIDITY_OPERATING_MODEL.md), [03-deployment/DBIS_RTGS_CONTROL_PLANE_DEPLOYMENT_CHECKLIST.md](03-deployment/DBIS_RTGS_CONTROL_PLANE_DEPLOYMENT_CHECKLIST.md), [03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md](03-deployment/DBIS_RTGS_LATER_PHASE_SIDECARS_DEPLOYMENT_CHECKLIST.md), [03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md](03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_INTEGRATION_BLUEPRINT.md), [03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md](03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTABLE_TASK_LIST.md), [03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md](03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md), [03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md](03-deployment/DBIS_RTGS_FIRST_SLICE_ARCHITECTURE.md), [03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md](03-deployment/DBIS_RTGS_FIRST_SLICE_DEPLOYMENT_CHECKLIST.md), [03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md](03-deployment/DBIS_HYBX_SIDECAR_BOUNDARY_MATRIX.md), [03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md](03-deployment/DBIS_MOJALOOP_INTEGRATION_STATUS.md), [03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md](03-deployment/DBIS_HYPERLEDGER_IDENTITY_STACK_DECISION.md), [03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md](03-deployment/DBIS_IDENTITY_COMPLETION_PACKAGE_RUNBOOK.md), [03-deployment/DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md](03-deployment/DBIS_IDENTITY_ENDORSER_HANDSHAKE_RUNBOOK.md) | +| **04-configuration** | [04-configuration/README.md](04-configuration/README.md), [04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md](04-configuration/ADDITIONAL_PATHS_AND_EXTENSIONS.md) (paths, registry, token-mapping, LiFi/Jumper), [04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md](04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md) (canonical `c* V2` standards, facet mapping, migration plan), [04-configuration/GRU_STANDARDS_PROFILE.md](04-configuration/GRU_STANDARDS_PROFILE.md) and [`../config/gru-standards-profile.json`](../config/gru-standards-profile.json) (machine-readable x402, EIP/ERC, transport, governance, and ISO-4217-plus standards profile), [04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md](04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md) (end-to-end FX currency attachment), [`../config/gru-iso4217-currency-manifest.json`](../config/gru-iso4217-currency-manifest.json) (machine-readable supported currency manifest); **info.defi-oracle.io (Chain 138 hub SPA):** [04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md](04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md), app [info-defi-oracle-138/README.md](../info-defi-oracle-138/README.md); **Chain 138 wallets:** [04-configuration/CHAIN138_WALLET_CONFIG_VALIDATION.md](04-configuration/CHAIN138_WALLET_CONFIG_VALIDATION.md); **Chain 2138 testnet wallets:** [04-configuration/CHAIN2138_WALLET_CONFIG_VALIDATION.md](04-configuration/CHAIN2138_WALLET_CONFIG_VALIDATION.md); **OMNL Indonesia / HYBX-BATCH-001:** [04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md](04-configuration/mifos-omnl-central-bank/HYBX_BATCH_001_OPERATOR_CHECKLIST.md), [04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md](04-configuration/mifos-omnl-central-bank/INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md) | | **06-besu** | [06-besu/MASTER_INDEX.md](06-besu/MASTER_INDEX.md) | | **Testnet (2138)** | [testnet/DEFI_ORACLE_META_TESTNET_2138_RUNBOOK.md](testnet/DEFI_ORACLE_META_TESTNET_2138_RUNBOOK.md), [testnet/TESTNET_DEPLOYMENT.md](testnet/TESTNET_DEPLOYMENT.md) | -| **07-ccip** | [07-ccip/](07-ccip/), [00-meta/CW_BRIDGE_TASK_LIST.md](00-meta/CW_BRIDGE_TASK_LIST.md) | -| **11-references** | [11-references/ADDRESS_MATRIX_AND_STATUS.md](11-references/ADDRESS_MATRIX_AND_STATUS.md), [11-references/CONTRACT_ADDRESSES_REFERENCE.md](11-references/CONTRACT_ADDRESSES_REFERENCE.md), [11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md](11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md) (all contracts by deployer wallet, network, verified/not), [11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md](11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) (tokens, bridges, DODO/Uniswap LPs, full route map), [11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md](11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) (deployer→public stablecoin routes), [11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md](11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md) (routes where bridge pre-fund not required), [11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md](11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md) (per-chain per-token: mint vs receive+forward vs release), [11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md](11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md) (dotenv and config files with contract deployments), [11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) (Explorer /tokens vs repo token lists), [11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md) (Complete Credential / eIDAS connector repo authority + manifest), [11-references/HARDWARE_INVENTORY_MASTER.md](11-references/HARDWARE_INVENTORY_MASTER.md), [11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md), [11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) | +| **07-ccip** | [07-ccip/](07-ccip/), Truth plan: [07-ccip/TRUTH_NETWORK_BRIDGE_SPEC.md](07-ccip/TRUTH_NETWORK_BRIDGE_SPEC.md), [00-meta/CW_BRIDGE_TASK_LIST.md](00-meta/CW_BRIDGE_TASK_LIST.md) | +| **11-references** | [11-references/ADDRESS_MATRIX_AND_STATUS.md](11-references/ADDRESS_MATRIX_AND_STATUS.md), [11-references/CONTRACT_ADDRESSES_REFERENCE.md](11-references/CONTRACT_ADDRESSES_REFERENCE.md), [11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md](11-references/DEPLOYER_CONTRACTS_INVENTORY_AND_VERIFICATION_STATUS.md) (all contracts by deployer wallet, network, verified/not), [11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md](11-references/DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS.md) (tokens, bridges, DODO/Uniswap LPs, full route map), [11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md](11-references/DEPLOYER_TO_PUBLIC_STABLECOIN_ROUTES.md) (deployer→public stablecoin routes), [11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md](11-references/ROUTES_NO_PREFUNDED_BRIDGE_REQUIRED.md) (routes where bridge pre-fund not required), [11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md](11-references/CCIP_138_DESTINATION_RECEIVER_BY_CHAIN_AND_TOKEN.md) (per-chain per-token: mint vs receive+forward vs release), [11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md](11-references/DEPLOYMENT_DATA_SOURCES_INDEX.md) (dotenv and config files with contract deployments), [11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md](11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md) (Explorer /tokens vs repo token lists), [11-references/CW_STAR_CMC_COINGECKO_LISTING_STATUS.md](11-references/CW_STAR_CMC_COINGECKO_LISTING_STATUS.md) (cW* on CMC/CoinGecko), [11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md](11-references/COMPLETE_CREDENTIAL_EIDAS_PROGRAM_REPOS.md) (Complete Credential / eIDAS connector repo authority + manifest), [11-references/HARDWARE_INVENTORY_MASTER.md](11-references/HARDWARE_INVENTORY_MASTER.md), [11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md), [11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) | | **Hardware / 13-node** | [11-references/HARDWARE_INVENTORY_MASTER.md](11-references/HARDWARE_INVENTORY_MASTER.md) (R630×13, R750×3, 7920×2, UDM Pro×2, XG×2), [02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md](02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md), [11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md](11-references/13_NODE_NETWORK_AND_CABLING_CHECKLIST.md), [11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md](11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md) | | **Runbooks** | [03-deployment/OPERATIONAL_RUNBOOKS.md](03-deployment/OPERATIONAL_RUNBOOKS.md) | diff --git a/docs/TODO.md b/docs/TODO.md index bc7b3f8..bf6b2ba 100644 --- a/docs/TODO.md +++ b/docs/TODO.md @@ -16,6 +16,7 @@ ## Subproject TODOs - **smom-dbis-138 (DeFi Oracle / ChainID 138):** [smom-dbis-138/docs/operations/tasks/TODO.md](../smom-dbis-138/docs/operations/tasks/TODO.md) — Task tracking for Meta Mainnet (ChainID 138). +- **Sankofa / Phoenix:** [02-architecture/SANKOFA_PHOENIX_REMAINING_TASKS.md](02-architecture/SANKOFA_PHOENIX_REMAINING_TASKS.md) — Current remaining work after boundary correction, portal consolidation, and taxonomy alignment. ## Related diff --git a/docs/dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md b/docs/dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md index 3bc85d7..7b920be 100644 --- a/docs/dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md +++ b/docs/dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md @@ -92,7 +92,7 @@ Every task below is to be completed; optional items are explicitly marked so pri | C1 | Ensure Phase 0 prerequisites: RPC 2101 writable, deployer funded, .env correct, POOL_MANAGER_ROLE, no stuck txs, forge build, test all contracts before deploy. | [DEPLOYMENT_ORDER_OF_OPERATIONS](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) Phase 0. **Partial:** preflight, run-before-deploy-checks, test-all-contracts exist ([coordination](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md)). | | C2 | Complete Phase 2 if not done: TransactionMirror, all three PMM pools, register c* as GRU; set addresses in .env. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 2. **Done** per [coordination](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md). | | C3 | Complete Phase 3: DODOPMMProvider deploy and pool registration; token-aggregation env; optional liquidity and MCP allowlist. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 3. **Done** per [coordination](IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md). | -| C4 | Run on-chain verification: `./scripts/verify/check-contracts-on-chain-138.sh`; target 59/59 when applicable (check-contracts-on-chain-138.sh). | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 6.1. | +| C4 | Run on-chain verification: `./scripts/verify/check-contracts-on-chain-138.sh`; target **64/64** when applicable (current script list; includes ISO20022Router). | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 6.1. | | C5 | Run Blockscout verification: `./scripts/verify/run-contract-verification-with-proxy.sh`; update CONTRACT_ADDRESSES_REFERENCE and LIQUIDITY_POOLS_MASTER_MAP. | DEPLOYMENT_ORDER_OF_OPERATIONS Phase 6.2–6.3; R1–R3. | | C6 | Reconcile Multicall vs Oracle Aggregator at `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506` on explorer and document in CONTRACT_ADDRESSES_REFERENCE. | CONTRACT_ADDRESSES_REFERENCE note. | diff --git a/docs/dbis-rail/IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md b/docs/dbis-rail/IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md index c6ad9b2..2f92bd1 100644 --- a/docs/dbis-rail/IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md +++ b/docs/dbis-rail/IMPLEMENTATION_COORDINATION_WITH_TRANSCRIPT_540AE663.md @@ -106,7 +106,7 @@ When implementing from [DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md](DBIS_RAIL | C1 | Partial | Preflight, env, test-all-contracts, run-before-deploy-checks exist; ensure RPC 2101 writable, POOL_MANAGER_ROLE per runbook. | | C2 | Done | TransactionMirror deployed; all three PMM pools created; c* registered as GRU; set-dotenv script and RegisterGRUCompliantTokens run. | | C3 | Done | DODOPMMProvider deployed and pools registered; token-aggregation env; MCP allowlist-138; add-liquidity runbook. | -| C4 | Partial | check-contracts-on-chain-138.sh used; confirm 59/59 (or current count per check-contracts-on-chain-138.sh) after any new deploy. | +| C4 | Partial | check-contracts-on-chain-138.sh used; confirm **64/64** (or current count per script) after any new deploy. | | C5 | Partial | Blockscout verification run in transcript; update CONTRACT_ADDRESSES_REFERENCE and LIQUIDITY_POOLS_MASTER_MAP as needed. | | C6 | Open | Reconcile Multicall vs Oracle Aggregator at documented address. | diff --git a/docs/gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md b/docs/gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md index 84675ee..30cb700 100644 --- a/docs/gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md +++ b/docs/gru-m1/GRU_M1_MASTER_IMPLEMENTATION_PLAN.md @@ -1,7 +1,7 @@ # GRU M1 Master Implementation, Testing & Dry-Run Plan -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 +**Last Updated:** 2026-03-31 +**Document Version:** 1.1 **Status:** Active Documentation --- @@ -20,6 +20,7 @@ The plan is designed to: This document assumes: * **All `cISO(C/T)` instruments are GRU M1** +* **Canonical Chain 138 `c*` assets and public-network `cW*` mirrors are both GRU M1, with `cW*` acting as the transport form of canonical M1** * **All are externally classified as stablecoins / fiat-pegged assets** * **CMC/CG methodology is authoritative for public market representation** diff --git a/docs/gru-m1/README.md b/docs/gru-m1/README.md index 27c0851..c197c7b 100644 --- a/docs/gru-m1/README.md +++ b/docs/gru-m1/README.md @@ -33,6 +33,11 @@ This folder contains the **GRU M1 Master Implementation Plan** and supporting do * [CoinGecko Submission Guide](../04-configuration/coingecko/COINGECKO_SUBMISSION_GUIDE.md) — cUSDC, cUSDT submission templates * [CMC & CoinGecko Reporting](../../smom-dbis-138/services/token-aggregation/docs/CMC_COINGECKO_REPORTING.md) — Token aggregation report API +* [GRU c* V2 Standards Matrix and Implementation Plan](../04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md) — Canonical `c* V2` standards, x402 readiness, wrapper/vault boundaries, GRU facet mapping, and phased migration plan +* [GRU Standards Profile](../04-configuration/GRU_STANDARDS_PROFILE.md) — Machine-readable standards profile for x402, base-token EIPs/ERCs, mirrored `cW*` transport, and the broader ISO-4217-plus asset scope +* [GRU FX Currency Onboarding Checklist](../04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md) — Required end-to-end steps to create, attach, and activate a new FX `c*` instrument inside the GRU ecosystem +* [`config/gru-standards-profile.json`](../../config/gru-standards-profile.json) — Machine-readable standards source for GRU monetary assets, payment profiles, and transport methodology +* [`config/gru-iso4217-currency-manifest.json`](../../config/gru-iso4217-currency-manifest.json) — Machine-readable supported-currency manifest for `c*` / `cW*`, deployment state, transport activation, and x402 readiness ### References @@ -59,3 +64,4 @@ This folder contains the **GRU M1 Master Implementation Plan** and supporting do | **cUSDT** | Compliant USD Token | | **cEURC** | Compliant EUR Coin | | **GRU M1** | GRU base money layer; externally represented as stablecoin / fiat-pegged | +| **cW*** | Public-network mirrored transport form of canonical Chain 138 GRU M1 | diff --git a/hybx_compliance_routing_sidecar_technical_plan.md b/hybx_compliance_routing_sidecar_technical_plan.md index 069f38f..ecf5b2c 100644 --- a/hybx_compliance_routing_sidecar_technical_plan.md +++ b/hybx_compliance_routing_sidecar_technical_plan.md @@ -6,6 +6,10 @@ Design a dedicated **Compliance and Routing Sidecar** that integrates with the T The sidecar acts as a **decision intelligence layer**, ensuring that all designed transactions are compliant, optimally routed, and operationally executable. +## Implementation tracking (2026-03-30) + +Ship work is tracked as **P1-E02** in `docs/00-meta/TODOS_CONSOLIDATED.md` (with the jurisdictional cheat sheets plan). This document is **design/spec** only. + --- # Core Concept diff --git a/hybx_jurisdictional_cheat_sheets_technical_plan.md b/hybx_jurisdictional_cheat_sheets_technical_plan.md index 61775fa..4ce3093 100644 --- a/hybx_jurisdictional_cheat_sheets_technical_plan.md +++ b/hybx_jurisdictional_cheat_sheets_technical_plan.md @@ -6,6 +6,10 @@ Design a comprehensive **Jurisdictional Intelligence System (JIS)** that functio This system provides **deterministic jurisdiction knowledge** used by the Compliance & Routing Sidecar to ensure that every transaction is legally executable within applicable jurisdictions. +## Implementation tracking (2026-03-30) + +Ship work is tracked as **P1-E02** in `docs/00-meta/TODOS_CONSOLIDATED.md` (with the compliance/routing sidecar plan). This document is **design/spec** only. + --- # Core Objective diff --git a/omnl_transaction_package_snapshot.json b/omnl_transaction_package_snapshot.json index 76b04da..16b49b3 100644 --- a/omnl_transaction_package_snapshot.json +++ b/omnl_transaction_package_snapshot.json @@ -5,7 +5,7 @@ "omnlLei": "98450070C57395F6B906", "omnlLeiReferenceUrl": "https://lei.info/98450070C57395F6B906", "omnlDirectorsAndOfficersDoc": "Appendix/OMNL_BANKING_DIRECTORS_AND_LEI.md", - "generatedAtUtc": "2026-03-25T00:56:05Z", + "generatedAtUtc": "2026-03-29T10:51:39Z", "settlementRef": "HYBX-BATCH-001", "valueDate": "2026-03-17", "beneficiary": "Bank Kanaya (Indonesia)", diff --git a/package.json b/package.json index 36b67ce..560ca00 100644 --- a/package.json +++ b/package.json @@ -21,10 +21,23 @@ "frontend:build": "pnpm --filter proxmox-helper-scripts-website build", "frontend:start": "pnpm --filter proxmox-helper-scripts-website start", "outdated": "pnpm outdated -r", - "test": "pnpm --filter mcp-proxmox-server test || echo \"No tests specified\"", + "test": "pnpm run test:ci", + "test:ci": "bash scripts/verify/run-repo-green-test-path.sh", + "test:chain138": "pnpm --dir smom-dbis-138 run test:ci", + "test:chain138:contracts": "pnpm --dir smom-dbis-138 run test:contracts:ci", + "test:chain138:services": "pnpm --dir smom-dbis-138 run test:services:ci", + "test:mcp": "pnpm --filter mcp-proxmox-server test || echo \"No tests specified\"", "test:basic": "cd mcp-proxmox && node test-basic-tools.js", "test:workflows": "cd mcp-proxmox && node test-workflows.js", - "verify:ws-chain138": "node scripts/verify-ws-rpc-chain138.mjs" + "verify:ws-chain138": "node scripts/verify-ws-rpc-chain138.mjs", + "composer:dev": "pnpm --filter transaction-composer dev", + "composer:build": "pnpm --filter transaction-composer build", + "composer:test": "pnpm --filter transaction-composer test", + "composer:test:e2e": "pnpm --filter transaction-composer test:e2e", + "verify:token-aggregation-api": "bash scripts/verify/check-token-aggregation-chain138-api.sh", + "verify:gru-transport-preflight": "bash scripts/verify/check-gru-transport-preflight.sh", + "verify:cstar-v2-transport-stack": "bash scripts/verify/check-cstar-v2-transport-stack.sh", + "verify:chain138:live": "bash scripts/validation/validate-config-files.sh && bash scripts/verify/check-gru-transport-preflight.sh && bash scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545" }, "keywords": [ "proxmox", @@ -50,6 +63,10 @@ "ws": "^8.19.0" }, "pnpm": { + "overrides": { + "@types/react": "18.3.18", + "@types/react-dom": "18.3.5" + }, "peerDependencyRules": { "allowedVersions": { "zod": "4" diff --git a/scripts/bridge/run-send-cross-chain.sh b/scripts/bridge/run-send-cross-chain.sh index f7fd5de..5eb6c87 100755 --- a/scripts/bridge/run-send-cross-chain.sh +++ b/scripts/bridge/run-send-cross-chain.sh @@ -2,12 +2,18 @@ # Send WETH cross-chain via CCIP (Chain 138 → destination chain). # Usage: ./scripts/bridge/run-send-cross-chain.sh [recipient] [--dry-run] # Env: CCIP_DEST_CHAIN_SELECTOR, GAS_PRICE, GAS_LIMIT, CONFIRM_ABOVE_ETH (prompt above this amount) -# Version: 2026-01-31 +# Version: 2026-03-30 set -euo pipefail [[ "${DEBUG:-0}" = "1" ]] && set -x SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +had_nounset=0 +if [[ $- == *u* ]]; then + had_nounset=1 + set +u +fi source "${SCRIPT_DIR}/../lib/load-project-env.sh" +(( had_nounset )) && set -u [[ -z "${PRIVATE_KEY:-}" ]] && { echo "PRIVATE_KEY required"; exit 1; } [[ -z "${CCIPWETH9_BRIDGE_CHAIN138:-}" ]] && { echo "CCIPWETH9_BRIDGE_CHAIN138 required"; exit 1; } @@ -29,6 +35,39 @@ RPC="${RPC_URL_138:-$CHAIN138_RPC}" [[ -z "$RPC" ]] && { echo "ERROR: RPC_URL_138 or CHAIN138_RPC required"; exit 1; } BRIDGE="${CCIPWETH9_BRIDGE_CHAIN138}" +extract_first_address() { + echo "$1" | grep -oE '0x[a-fA-F0-9]{40}' | sed -n '1p' +} + +lower() { + echo "$1" | tr '[:upper:]' '[:lower:]' +} + +DEST_RAW="$(cast call "$BRIDGE" 'destinations(uint64)((uint64,address,bool))' "$DEST_SELECTOR" --rpc-url "$RPC" 2>/dev/null || echo "")" +DEST_ADDR="$(extract_first_address "$DEST_RAW")" +AVALANCHE_SELECTOR_VALUE="${AVALANCHE_SELECTOR:-6433500567565415381}" + +if [[ "$DEST_SELECTOR" == "$AVALANCHE_SELECTOR_VALUE" ]]; then + AVALANCHE_NATIVE_BRIDGE="${CCIPWETH9_BRIDGE_AVALANCHE:-}" + if [[ -n "$AVALANCHE_NATIVE_BRIDGE" ]] && [[ "$(lower "$DEST_ADDR")" == "$(lower "$AVALANCHE_NATIVE_BRIDGE")" ]] && [[ "${ALLOW_UNSUPPORTED_AVAX_NATIVE:-0}" != "1" ]]; then + cat <=b+0)}' 2>/dev/null; then diff --git a/scripts/complete-all-tasks-parallel-comprehensive.sh b/scripts/complete-all-tasks-parallel-comprehensive.sh index 98dd9c9..29cdddb 100755 --- a/scripts/complete-all-tasks-parallel-comprehensive.sh +++ b/scripts/complete-all-tasks-parallel-comprehensive.sh @@ -252,7 +252,7 @@ update_container_configs() { pct exec $vmid -- bash -c ' # Update .env files find /opt /home /root -name \".env\" -type f 2>/dev/null | while read f; do - [ -r \"\$f\" ] && sed -i \"s|10.200.0.10|${ORDER_POSTGRES_PRIMARY:-${ORDER_POSTGRES_PRIMARY:-192.168.11.44}}|g; s|10.200.0.11|${ORDER_POSTGRES_REPLICA:-${ORDER_POSTGRES_REPLICA:-192.168.11.45}}|g; s|10.200.0.20|${ORDER_REDIS_IP:-192.168.11.38}|g; s|10.200.0.30|${IP_SERVICE_40:-${IP_SERVICE_40:-${IP_SERVICE_40:-192.168.11.40}}}|g; s|10.200.0.40|${IP_SERVICE_41:-${IP_SERVICE_41:-${IP_SERVICE_41:-192.168.11.41}}}|g; s|10.200.0.50|${IP_SERVICE_49:-${IP_SERVICE_49:-${IP_SERVICE_49:-192.168.11.49}}}|g; s|10.200.0.60|${IP_SERVICE_42:-${IP_SERVICE_42:-${IP_SERVICE_42:-192.168.11.42}}}|g; s|10.200.0.70|${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-192.168.11.50}}}}}}|g; s|10.200.0.80|${IP_SERVICE_43:-${IP_SERVICE_43:-${IP_SERVICE_43:-192.168.11.43}}}|g; s|10.200.0.90|${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-192.168.11.36}}}}}}|g; s|10.200.0.91|${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-192.168.11.35}}}}}}|g; s|10.200.0.92|${IP_MIM_WEB:-192.168.11.37}|g; s|10.200.0.200|${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-192.168.11.46}}}|g; s|10.200.0.201|${IP_SERVICE_47:-${IP_SERVICE_47:-${IP_SERVICE_47:-192.168.11.47}}}|g; s|10.200.0.202|${IP_ORDER_OPENSEARCH:-${IP_ORDER_OPENSEARCH:-${IP_ORDER_OPENSEARCH:-192.168.11.48}}}|g; s|10.200.0.210|${IP_ORDER_HAPROXY:-${IP_ORDER_HAPROXY:-192.168.11.39}}|g; s|10.200.0.230|${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-192.168.11.51}}}}}}|g\" \"\$f\" 2>/dev/null || true + [ -r \"\$f\" ] && sed -i \"s|10.200.0.10|${ORDER_POSTGRES_PRIMARY:-${ORDER_POSTGRES_PRIMARY:-192.168.11.44}}|g; s|10.200.0.11|${ORDER_POSTGRES_REPLICA:-${ORDER_POSTGRES_REPLICA:-192.168.11.45}}|g; s|10.200.0.20|${ORDER_REDIS_IP:-192.168.11.38}|g; s|10.200.0.30|${IP_SERVICE_40:-${IP_SERVICE_40:-${IP_SERVICE_40:-192.168.11.40}}}|g; s|10.200.0.40|${IP_SERVICE_41:-${IP_SERVICE_41:-${IP_SERVICE_41:-192.168.11.41}}}|g; s|10.200.0.50|${IP_SERVICE_49:-${IP_SERVICE_49:-${IP_SERVICE_49:-192.168.11.49}}}|g; s|10.200.0.60|${IP_SERVICE_42:-${IP_SERVICE_42:-${IP_SERVICE_42:-192.168.11.42}}}|g; s|10.200.0.70|${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-${IP_SERVICE_50:-192.168.11.50}}}}}}|g; s|10.200.0.80|${IP_SERVICE_43:-${IP_SERVICE_43:-${IP_SERVICE_43:-192.168.11.43}}}|g; s|10.200.0.90|${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-192.168.11.36}}}}}}|g; s|10.200.0.91|${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-192.168.11.35}}}}}}|g; s|10.200.0.92|${IP_ORDER_MCP_LEGAL:-192.168.11.94}|g; s|10.200.0.200|${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-192.168.11.46}}}|g; s|10.200.0.201|${IP_SERVICE_47:-${IP_SERVICE_47:-${IP_SERVICE_47:-192.168.11.47}}}|g; s|10.200.0.202|${IP_ORDER_OPENSEARCH:-${IP_ORDER_OPENSEARCH:-${IP_ORDER_OPENSEARCH:-192.168.11.48}}}|g; s|10.200.0.210|${IP_ORDER_HAPROXY:-${IP_ORDER_HAPROXY:-192.168.11.39}}|g; s|10.200.0.230|${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-${IP_SERVICE_51:-192.168.11.51}}}}}}|g\" \"\$f\" 2>/dev/null || true done echo \"Configs updated for CT $vmid\" ' diff --git a/scripts/complete-all-tasks-parallel.sh b/scripts/complete-all-tasks-parallel.sh index b72e9df..fb26271 100755 --- a/scripts/complete-all-tasks-parallel.sh +++ b/scripts/complete-all-tasks-parallel.sh @@ -329,7 +329,7 @@ declare -A ip_mappings=( ["10.200.0.80"]="${IP_SERVICE_43:-${IP_SERVICE_43:-${IP_SERVICE_43:-192.168.11.43}}}" # order-eresidency ["10.200.0.90"]="${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-192.168.11.36}}}}}}" # order-portal-public ["10.200.0.91"]="${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-192.168.11.35}}}}}}" # order-portal-internal - ["10.200.0.92"]="${IP_MIM_WEB:-192.168.11.37}" # order-mcp-legal + ["10.200.0.92"]="${IP_ORDER_MCP_LEGAL:-192.168.11.94}" # order-mcp-legal ["10.200.0.200"]="${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-192.168.11.46}}}" # order-prometheus ["10.200.0.201"]="${IP_SERVICE_47:-${IP_SERVICE_47:-${IP_SERVICE_47:-192.168.11.47}}}" # order-grafana ["10.200.0.202"]="${IP_ORDER_OPENSEARCH:-${IP_ORDER_OPENSEARCH:-${IP_ORDER_OPENSEARCH:-192.168.11.48}}}" # order-opensearch diff --git a/scripts/deploy-token-aggregation-for-publication.sh b/scripts/deploy-token-aggregation-for-publication.sh index d9b542d..9eef83f 100755 --- a/scripts/deploy-token-aggregation-for-publication.sh +++ b/scripts/deploy-token-aggregation-for-publication.sh @@ -1,16 +1,16 @@ #!/usr/bin/env bash -# Deploy token-aggregation service for publication (token lists, CoinGecko/CMC reports). +# Deploy token-aggregation service for publication (token lists, CoinGecko/CMC reports, bridge/routes). # Run on explorer VM (VMID 5000) or host that serves explorer.d-bis.org. # -# Prerequisites: Node 20+, PostgreSQL (for full indexing; report API may work with minimal config) +# Prerequisites: Node 20+, PostgreSQL (for full indexing; API responds with defaults if DB empty) # Usage: ./scripts/deploy-token-aggregation-for-publication.sh [INSTALL_DIR] # -# After deploy: Run apply-nginx-token-aggregation-proxy.sh to proxy /api/v1/ to this service. +# After deploy: nginx must proxy /api/v1/ to this service BEFORE Blockscout (see TOKEN_AGGREGATION_REPORT_API_RUNBOOK). +# Explorer layouts vary: port 3000 or 3001 — match TOKEN_AGG_PORT in apply-nginx scripts. set -euo pipefail REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -# Default: user-writable dir in repo (no sudo). Use /opt/token-aggregation with sudo for system install. INSTALL_DIR="${1:-$REPO_ROOT/token-aggregation-build}" SVC_DIR="$REPO_ROOT/smom-dbis-138/services/token-aggregation" @@ -27,22 +27,29 @@ cd "$INSTALL_DIR" if [ ! -f .env ]; then if [ -f .env.example ]; then cp .env.example .env - echo "Created .env from .env.example — edit with CUSDC_ADDRESS_138, CUSDT_ADDRESS_138, DATABASE_URL" + echo "Created .env from .env.example — set DATABASE_URL for persistent index; CUSDT/CUSDC already defaulted." else - echo "Create .env with at least: CUSDC_ADDRESS_138, CUSDT_ADDRESS_138, CHAIN_138_RPC_URL" + echo "Create .env with at least DATABASE_URL (and optional CHAIN_138_RPC_URL)." >&2 fi fi +if command -v pnpm >/dev/null 2>&1 && [ -f "$REPO_ROOT/pnpm-lock.yaml" ]; then + (cd "$REPO_ROOT" && pnpm install --filter token-aggregation-service --no-frozen-lockfile 2>/dev/null) || true +fi + npm install --omit=dev 2>/dev/null || npm install -npm run build 2>/dev/null || true +npm run build echo "" echo "Token-aggregation built. Start with:" echo " cd $INSTALL_DIR && node dist/index.js" -echo "Or add systemd unit. Default port: 3000" +echo "Or add systemd unit. Default port from code: 3000 (match nginx TOKEN_AGG_PORT / fix-explorer-http-api-v1-proxy.sh uses 3001)." echo "" -echo "Then apply nginx proxy (on same host):" -echo " TOKEN_AGG_PORT=3000 CONFIG_FILE=/etc/nginx/sites-available/blockscout \\" -echo " bash $REPO_ROOT/explorer-monorepo/scripts/apply-nginx-token-aggregation-proxy.sh" +echo "Then apply nginx proxy (on same host), e.g.:" +echo " TOKEN_AGG_PORT=3001 CONFIG_FILE=/etc/nginx/sites-available/blockscout \\" +echo " bash $REPO_ROOT/scripts/fix-explorer-http-api-v1-proxy.sh" +echo " # or: explorer-monorepo/scripts/apply-nginx-token-aggregation-proxy.sh" echo "" -echo "Verify: curl -s https://explorer.d-bis.org/api/v1/report/token-list?chainId=138 | jq '.tokens | length'" +echo "Verify:" +echo " pnpm run verify:token-aggregation-api" +echo " SKIP_BRIDGE_ROUTES=0 bash scripts/verify/check-public-report-api.sh https://explorer.d-bis.org" diff --git a/scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh b/scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh index bbde559..c895a56 100644 --- a/scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh +++ b/scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh @@ -19,7 +19,7 @@ fi LXCS=( "${RTGS_ORCH_VMID:-5805} ${RTGS_ORCH_HOSTNAME:-rtgs-orchestrator-1} ${RTGS_ORCH_IP:-192.168.11.93} 4096 2 24" - "${RTGS_FX_VMID:-5806} ${RTGS_FX_HOSTNAME:-rtgs-fx-1} ${RTGS_FX_IP:-192.168.11.94} 4096 2 24" + "${RTGS_FX_VMID:-5806} ${RTGS_FX_HOSTNAME:-rtgs-fx-1} ${RTGS_FX_IP:-192.168.11.99} 4096 2 24" "${RTGS_LIQ_VMID:-5807} ${RTGS_LIQ_HOSTNAME:-rtgs-liquidity-1} ${RTGS_LIQ_IP:-192.168.11.95} 4096 2 24" ) diff --git a/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh b/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh index a41b489..ed6a4e3 100755 --- a/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh +++ b/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh @@ -20,6 +20,7 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +REPO_ROOT="$PROJECT_ROOT" SMOM="${PROJECT_ROOT}/smom-dbis-138" DRY_RUN="" @@ -37,9 +38,21 @@ if [[ ! -f "$SMOM/.env" ]]; then echo "Missing $SMOM/.env. Abort." >&2 exit 1 fi -set -a -source "$SMOM/.env" -set +a +if [[ -f "$SMOM/scripts/lib/deployment/dotenv.sh" ]]; then + # shellcheck disable=SC1090 + source "$SMOM/scripts/lib/deployment/dotenv.sh" + load_deployment_env --repo-root "$SMOM" +else + had_nounset=0 + if [[ $- == *u* ]]; then + had_nounset=1 + set +u + fi + set -a + source "$SMOM/.env" + set +a + (( had_nounset )) && set -u +fi # 2) RPC: Core (2101) only — no Public fallback for deployments RPC="${RPC_URL_138:-http://192.168.11.211:8545}" @@ -169,4 +182,4 @@ done echo "" echo "Running on-chain verification..." -"$PROJECT_ROOT/scripts/verify/check-contracts-on-chain-138.sh" "$RPC" +"$REPO_ROOT/scripts/verify/check-contracts-on-chain-138.sh" "$RPC" diff --git a/scripts/deployment/enable-sankofa-portal-login-7801.sh b/scripts/deployment/enable-sankofa-portal-login-7801.sh index 18453ac..dc71de5 100755 --- a/scripts/deployment/enable-sankofa-portal-login-7801.sh +++ b/scripts/deployment/enable-sankofa-portal-login-7801.sh @@ -4,12 +4,19 @@ # - Remove .env.local on CT 7801; install .env with PORTAL_LOCAL_LOGIN_* + NEXTAUTH_SECRET. # - Run sync-sankofa-portal-7801.sh (rebuild portal with updated auth.ts). # +# Keycloak SSO: If repo .env defines KEYCLOAK_CLIENT_SECRET (and optional KEYCLOAK_URL / REALM / +# CLIENT_ID), those values are written into the pushed .env. After sync, sankofa-portal-merge-keycloak-env-from-repo.sh +# runs to mirror OIDC settings into .env.local as well. Without KEYCLOAK_CLIENT_SECRET in .env, +# use keycloak-sankofa-ensure-client-redirects*.sh then the merge script. +# # Usage: ./scripts/deployment/enable-sankofa-portal-login-7801.sh [--dry-run] set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" # shellcheck source=/dev/null +source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh" 2>/dev/null || true +# shellcheck source=/dev/null source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" @@ -20,6 +27,9 @@ LOCAL_EMAIL="${PORTAL_LOCAL_LOGIN_EMAIL:-portal@sankofa.nexus}" if [[ "${1:-}" == "--dry-run" ]]; then echo "[DRY-RUN] Would patch Keycloak ${VMID_KC}, write .env on ${VMID_PORTAL}, sync portal" + if [[ -n "${KEYCLOAK_CLIENT_SECRET:-}" ]]; then + echo "[DRY-RUN] Would run sankofa-portal-merge-keycloak-env-from-repo.sh after sync (KEYCLOAK_CLIENT_SECRET is set)" + fi exit 0 fi @@ -34,10 +44,10 @@ NEXT_PUBLIC_GRAPHQL_WS_ENDPOINT=ws://192.168.11.50:4000/graphql-ws NEXTAUTH_URL=https://portal.sankofa.nexus NEXTAUTH_SECRET=${NEXTAUTH_SEC} -KEYCLOAK_URL=https://keycloak.sankofa.nexus -KEYCLOAK_REALM=master -KEYCLOAK_CLIENT_ID=sankofa-portal -KEYCLOAK_CLIENT_SECRET= +KEYCLOAK_URL=${KEYCLOAK_URL:-https://keycloak.sankofa.nexus} +KEYCLOAK_REALM=${KEYCLOAK_REALM:-master} +KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID:-sankofa-portal} +KEYCLOAK_CLIENT_SECRET=${KEYCLOAK_CLIENT_SECRET:-} PORTAL_LOCAL_LOGIN_EMAIL=${LOCAL_EMAIL} PORTAL_LOCAL_LOGIN_PASSWORD=${GEN_PASS} @@ -83,12 +93,24 @@ echo "" echo "📤 Syncing portal source + rebuild…" bash "${SCRIPT_DIR}/sync-sankofa-portal-7801.sh" +if [[ -n "${KEYCLOAK_CLIENT_SECRET:-}" ]]; then + echo "" + echo "🔐 Mirroring Keycloak OIDC into portal .env + .env.local (merge script)…" + bash "${SCRIPT_DIR}/sankofa-portal-merge-keycloak-env-from-repo.sh" +fi + echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "✅ Sign in at https://portal.sankofa.nexus (NEXTAUTH_URL)" echo " Email: ${LOCAL_EMAIL}" echo " Password: ${GEN_PASS}" echo "" -echo "SSO: Add NPM host keycloak.sankofa.nexus → ${IP_KEYCLOAK:-192.168.11.52}:8080, then create Keycloak" -echo " confidential client sankofa-portal; set KEYCLOAK_CLIENT_SECRET in .env and re-sync." +if [[ -n "${KEYCLOAK_CLIENT_SECRET:-}" ]]; then + echo "SSO: Keycloak client secret was taken from repo .env; portal CT updated via merge script." +else + echo "SSO: No KEYCLOAK_CLIENT_SECRET in repo .env — local login only until you:" + echo " 1) NPM: keycloak.sankofa.nexus → ${IP_KEYCLOAK:-192.168.11.52}:8080" + echo " 2) ./scripts/deployment/keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh" + echo " 3) ./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh" +fi echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" diff --git a/scripts/deployment/keycloak-bootstrap-or-reset-master-admin-db.sh b/scripts/deployment/keycloak-bootstrap-or-reset-master-admin-db.sh new file mode 100755 index 0000000..aab5946 --- /dev/null +++ b/scripts/deployment/keycloak-bootstrap-or-reset-master-admin-db.sh @@ -0,0 +1,177 @@ +#!/usr/bin/env bash +# Create or reset the Keycloak master-realm "admin" user directly in PostgreSQL (Keycloak 24 Quarkus +# has no bootstrap-admin CLI). Use when user_entity is empty or you must rotate the admin password. +# +# Requirements: SSH to Proxmox, pct to PostgreSQL CT (default 7803), sudo postgres psql on DB "keycloak". +# Does not print the password to stdout; writes it to a file you pass, or merges into repo .env. +# +# Usage: +# KEYCLOAK_ADMIN_PASSWORD='your-secure-value' ./scripts/deployment/keycloak-bootstrap-or-reset-master-admin-db.sh +# ./scripts/deployment/keycloak-bootstrap-or-reset-master-admin-db.sh # generates password → .env +# +# Env: +# PROXMOX_HOST (default 192.168.11.11), POSTGRES_CT_VMID (7803), KEYCLOAK_CT_VMID (7802) +# KEYCLOAK_ADMIN_USERNAME (default admin), KEYCLOAK_DB_NAME (keycloak) +# KEYCLOAK_ADMIN_PASSWORD — if unset, a random alphanumeric password is generated +# WRITE_ENV_FILE — path to .env to upsert KEYCLOAK_ADMIN + KEYCLOAK_ADMIN_PASSWORD (default: repo .env) +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +# shellcheck source=/dev/null +source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true + +PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" +POSTGRES_CT_VMID="${POSTGRES_CT_VMID:-7803}" +KEYCLOAK_CT_VMID="${KEYCLOAK_CT_VMID:-${SANKOFA_KEYCLOAK_VMID:-7802}}" +ADMIN_USER="${KEYCLOAK_ADMIN:-admin}" +DB_NAME="${KEYCLOAK_DB_NAME:-keycloak}" +WRITE_ENV_FILE="${WRITE_ENV_FILE:-${PROJECT_ROOT}/.env}" +SSH_OPTS=(-o BatchMode=yes -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15) + +gen_pass() { + openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32 +} + +NEW_PASS="${KEYCLOAK_ADMIN_PASSWORD:-}" +if [[ -z "$NEW_PASS" ]]; then + NEW_PASS="$(gen_pass)" +fi + +SQL_GEN="$(mktemp)" +trap 'rm -f "$SQL_GEN"' EXIT + +python3 - "$NEW_PASS" "$ADMIN_USER" >"$SQL_GEN" <<'PY' +import json, base64, hashlib, os, sys, time, uuid + +password, admin_user = sys.argv[1], sys.argv[2] + +salt = os.urandom(16) +iters = 27500 +dk = hashlib.pbkdf2_hmac("sha256", password.encode("utf-8"), salt, iters) +secret_data = json.dumps( + { + "value": base64.b64encode(dk).decode(), + "salt": base64.b64encode(salt).decode(), + "additionalParameters": {}, + }, + separators=(",", ":"), +) +credential_data = json.dumps( + {"hashIterations": iters, "algorithm": "pbkdf2-sha256", "additionalParameters": {}}, + separators=(",", ":"), +) + +ts = int(time.time() * 1000) +user_id = str(uuid.uuid4()) +cred_id = str(uuid.uuid4()) + + +def q(s: str) -> str: + return s.replace("'", "''") + + +sd, cd = q(secret_data), q(credential_data) +user_esc = q(admin_user) + +print("BEGIN;") +print( + f""" +DO $do$ +DECLARE + rid TEXT; + r_admin TEXT; + r_default TEXT; + uid TEXT; + n INT; + v_secret TEXT := '{sd}'; + v_cred TEXT := '{cd}'; +BEGIN + SELECT id INTO rid FROM realm WHERE name = 'master' LIMIT 1; + IF rid IS NULL THEN + RAISE EXCEPTION 'realm master not found'; + END IF; + SELECT id INTO r_admin FROM keycloak_role + WHERE realm_id = rid AND name = 'admin' AND client IS NULL LIMIT 1; + SELECT id INTO r_default FROM keycloak_role + WHERE realm_id = rid AND name = 'default-roles-master' AND client IS NULL LIMIT 1; + IF r_admin IS NULL OR r_default IS NULL THEN + RAISE EXCEPTION 'missing admin or default-roles-master role'; + END IF; + + SELECT COUNT(*) INTO n FROM user_entity WHERE realm_id = rid AND username = '{user_esc}'; + IF n = 0 THEN + INSERT INTO user_entity ( + id, email, email_constraint, email_verified, enabled, realm_id, username, created_timestamp, not_before + ) VALUES ( + '{user_id}', + '{user_esc}@sankofa.nexus', + '{user_esc}@sankofa.nexus', + true, + true, + rid, + '{user_esc}', + {ts}, + 0 + ); + uid := '{user_id}'; + INSERT INTO user_role_mapping (role_id, user_id) VALUES (r_admin, uid); + INSERT INTO user_role_mapping (role_id, user_id) VALUES (r_default, uid); + ELSE + SELECT id INTO uid FROM user_entity WHERE realm_id = rid AND username = '{user_esc}' LIMIT 1; + END IF; + + DELETE FROM credential WHERE user_id = uid AND type = 'password'; + INSERT INTO credential (id, salt, type, user_id, created_date, user_label, secret_data, credential_data, priority) + VALUES ( + '{cred_id}', + NULL, + 'password', + uid, + {ts}, + NULL, + v_secret, + v_cred, + 10 + ); +END +$do$; +""" +) +print("COMMIT;") +PY + +ssh "${SSH_OPTS[@]}" "root@${PROXMOX_HOST}" \ + "pct exec ${POSTGRES_CT_VMID} -- sudo -u postgres psql -d ${DB_NAME} -v ON_ERROR_STOP=1 -f -" <"$SQL_GEN" + +ssh "${SSH_OPTS[@]}" "root@${PROXMOX_HOST}" \ + "pct exec ${KEYCLOAK_CT_VMID} -- systemctl restart keycloak" + +echo "[ok] Keycloak master admin user '${ADMIN_USER}' password set in DB; Keycloak restarted on CT ${KEYCLOAK_CT_VMID}." + +if [[ -n "${WRITE_ENV_FILE}" ]]; then + python3 - "${WRITE_ENV_FILE}" "${NEW_PASS}" "${ADMIN_USER}" <<'PY' +import re +import sys +from pathlib import Path + +path, password, admin_user = Path(sys.argv[1]), sys.argv[2], sys.argv[3] +text = path.read_text() if path.exists() else "" + + +def upsert_line(body: str, key: str, value: str) -> str: + line = f"{key}={value}" + if re.search(rf"^{re.escape(key)}=", body, flags=re.M): + return re.sub(rf"^{re.escape(key)}=.*$", line, body, flags=re.M, count=1) + if body and not body.endswith("\n"): + body += "\n" + return body + line + "\n" + + +text = upsert_line(text, "KEYCLOAK_ADMIN", admin_user) +text = upsert_line(text, "KEYCLOAK_ADMIN_PASSWORD", password) +path.parent.mkdir(parents=True, exist_ok=True) +path.write_text(text) +PY + echo "[ok] Updated ${WRITE_ENV_FILE} (KEYCLOAK_ADMIN, KEYCLOAK_ADMIN_PASSWORD)." +fi diff --git a/scripts/deployment/keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh b/scripts/deployment/keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh new file mode 100755 index 0000000..398f4bd --- /dev/null +++ b/scripts/deployment/keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh @@ -0,0 +1,194 @@ +#!/usr/bin/env bash +# Create or update Keycloak OIDC client (default sankofa-portal) with portal/admin redirect URIs. +# Runs Admin API against http://127.0.0.1:8080 inside the Keycloak CT (no LAN to NPM required). +# After a new client is created, repo .env gets KEYCLOAK_CLIENT_SECRET — push it to CT 7801 with +# ./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh +# +# If the client is created, prints a JSON footer line for the operator .env: +# __SANKOFA_KEYCLOAK_FOOTER__{"created":true,"clientSecret":"..."} +# +# Loads repo .env. Env: PROXMOX_HOST, KEYCLOAK_CT_VMID (7802), KEYCLOAK_* . +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +# shellcheck source=/dev/null +source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true +if [ -f "$PROJECT_ROOT/.env" ]; then + set +u + set -a + # shellcheck source=/dev/null + source "$PROJECT_ROOT/.env" 2>/dev/null || true + set +a + set -u +fi + +PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" +KEYCLOAK_CT_VMID="${KEYCLOAK_CT_VMID:-${SANKOFA_KEYCLOAK_VMID:-7802}}" +REALM="${KEYCLOAK_REALM:-master}" +CLIENT_ID="${KEYCLOAK_CLIENT_ID:-sankofa-portal}" +ADMIN_USER="${KEYCLOAK_ADMIN:-admin}" +ADMIN_PASS="${KEYCLOAK_ADMIN_PASSWORD:-}" +SSH_OPTS=(-o BatchMode=yes -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15) + +if [ -z "$ADMIN_PASS" ]; then + echo "KEYCLOAK_ADMIN_PASSWORD is not set in .env" >&2 + exit 1 +fi + +OUT="$( + ssh "${SSH_OPTS[@]}" "root@${PROXMOX_HOST}" \ + "pct exec ${KEYCLOAK_CT_VMID} -- env KC_PASS=\"${ADMIN_PASS}\" ADMUSER=\"${ADMIN_USER}\" REALM=\"${REALM}\" CLIENT_ID=\"${CLIENT_ID}\" python3 -u -" <<'PY' +import json +import os +import secrets +import urllib.error +import urllib.parse +import urllib.request + +base = "http://127.0.0.1:8080" +realm = os.environ["REALM"] +client_id = os.environ["CLIENT_ID"] +admin_user = os.environ["ADMUSER"] +password = os.environ["KC_PASS"] + +desired_redirects = [ + "https://portal.sankofa.nexus/*", + "https://portal.sankofa.nexus", + "https://admin.sankofa.nexus/*", + "https://admin.sankofa.nexus", +] +desired_origins = [ + "https://portal.sankofa.nexus", + "https://admin.sankofa.nexus", +] +created_new = False +portal_secret = None + + +def post_form(url: str, data: dict) -> dict: + body = urllib.parse.urlencode(data).encode() + req = urllib.request.Request(url, data=body, method="POST") + with urllib.request.urlopen(req, timeout=60) as resp: + return json.loads(resp.read().decode()) + + +tok = post_form( + f"{base}/realms/master/protocol/openid-connect/token", + { + "grant_type": "password", + "client_id": "admin-cli", + "username": admin_user, + "password": password, + }, +) +access = tok.get("access_token") +if not access: + raise SystemExit(f"token failed: {tok}") + +list_url = f"{base}/admin/realms/{realm}/clients?clientId={urllib.parse.quote(client_id)}" +r = urllib.request.Request(list_url, headers={"Authorization": f"Bearer {access}"}) +with urllib.request.urlopen(r, timeout=60) as resp: + clients = json.loads(resp.read().decode()) + +if not clients: + portal_secret = secrets.token_urlsafe(48) + new_client = { + "clientId": client_id, + "name": "Sankofa Portal", + "enabled": True, + "protocol": "openid-connect", + "publicClient": False, + "standardFlowEnabled": True, + "implicitFlowEnabled": False, + "directAccessGrantsEnabled": False, + "serviceAccountsEnabled": False, + "redirectUris": desired_redirects, + "webOrigins": desired_origins, + "secret": portal_secret, + } + cr = urllib.request.Request( + f"{base}/admin/realms/{realm}/clients", + data=json.dumps(new_client).encode(), + headers={"Authorization": f"Bearer {access}", "Content-Type": "application/json"}, + method="POST", + ) + try: + with urllib.request.urlopen(cr, timeout=120) as resp: + if resp.getcode() not in (200, 201): + raise SystemExit(f"create client unexpected HTTP {resp.getcode()}") + except urllib.error.HTTPError as e: + err = e.read().decode() if e.fp else str(e) + raise SystemExit(f"POST client failed HTTP {e.code}: {err}") from e + created_new = True + r = urllib.request.Request(list_url, headers={"Authorization": f"Bearer {access}"}) + with urllib.request.urlopen(r, timeout=60) as resp: + clients = json.loads(resp.read().decode()) + if not clients: + raise SystemExit("client create did not persist") + +internal_id = clients[0]["id"] +get_url = f"{base}/admin/realms/{realm}/clients/{internal_id}" +r2 = urllib.request.Request(get_url, headers={"Authorization": f"Bearer {access}"}) +with urllib.request.urlopen(r2, timeout=60) as resp: + full = json.loads(resp.read().decode()) + +redirs = list(dict.fromkeys((full.get("redirectUris") or []) + desired_redirects)) +origins = list(dict.fromkeys((full.get("webOrigins") or []) + desired_origins)) +full["redirectUris"] = redirs +full["webOrigins"] = origins +if portal_secret and not full.get("secret"): + full["secret"] = portal_secret + +put = urllib.request.Request( + get_url, + data=json.dumps(full).encode(), + headers={"Authorization": f"Bearer {access}", "Content-Type": "application/json"}, + method="PUT", +) +try: + with urllib.request.urlopen(put, timeout=120) as resp: + code = resp.getcode() +except urllib.error.HTTPError as e: + err = e.read().decode() if e.fp else str(e) + raise SystemExit(f"PUT failed HTTP {e.code}: {err}") from e + +if code not in (200, 204): + raise SystemExit(f"PUT unexpected HTTP {code}") +action = "Created" if created_new else "Updated" +print(f"{action} Keycloak client {client_id!r} (redirect URIs + web origins).", flush=True) +footer = {"created": bool(created_new)} +if portal_secret: + footer["clientSecret"] = portal_secret +print("__SANKOFA_KEYCLOAK_FOOTER__" + json.dumps(footer), flush=True) +PY +)" + +echo "$OUT" | sed '/__SANKOFA_KEYCLOAK_FOOTER__/d' +FOOTER=$(echo "$OUT" | grep '^__SANKOFA_KEYCLOAK_FOOTER__' | sed 's/^__SANKOFA_KEYCLOAK_FOOTER__//' || true) +if [[ -n "$FOOTER" ]]; then + CREATED="$(echo "$FOOTER" | jq -r '.created // false')" + SEC="$(echo "$FOOTER" | jq -r '.clientSecret // empty')" + if [[ "$CREATED" == "true" ]] && [[ -n "$SEC" ]] && [[ "$SEC" != "null" ]]; then + python3 - "${PROJECT_ROOT}/.env" "${SEC}" <<'PY' +import re +import sys +from pathlib import Path + +path, sec = Path(sys.argv[1]), sys.argv[2] +text = path.read_text() if path.exists() else "" + +def upsert(body: str, key: str, value: str) -> str: + line = f"{key}={value}" + if re.search(rf"^{re.escape(key)}=", body, flags=re.M): + return re.sub(rf"^{re.escape(key)}=.*$", line, body, flags=re.M, count=1) + if body and not body.endswith("\n"): + body += "\n" + return body + line + "\n" + +text = upsert(text, "KEYCLOAK_CLIENT_SECRET", sec) +path.write_text(text) +PY + echo "[ok] Wrote KEYCLOAK_CLIENT_SECRET to .env (portal Keycloak OIDC path enabled)." >&2 + fi +fi diff --git a/scripts/deployment/preflight-chain138-deploy.sh b/scripts/deployment/preflight-chain138-deploy.sh index a3fdd06..e85ce82 100755 --- a/scripts/deployment/preflight-chain138-deploy.sh +++ b/scripts/deployment/preflight-chain138-deploy.sh @@ -36,9 +36,22 @@ fi # 3) Load env for RPC and nonce checks (no secrets printed) [[ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ]] && source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true -set -a -source "$SMOM/.env" -set +a +if [[ -f "$SMOM/scripts/lib/deployment/dotenv.sh" ]]; then + # shellcheck disable=SC1090 + source "$SMOM/scripts/lib/deployment/dotenv.sh" + load_deployment_env --repo-root "$SMOM" +else + local_had_nounset=0 + if [[ $- == *u* ]]; then + local_had_nounset=1 + set +u + fi + set -a + # shellcheck disable=SC1090 + source "$SMOM/.env" + set +a + (( local_had_nounset )) && set -u +fi RPC="${RPC_URL_138:-http://192.168.11.211:8545}" if [[ -z "${PRIVATE_KEY:-}" ]]; then diff --git a/scripts/deployment/rotate-oracle-publisher-transmitter.sh b/scripts/deployment/rotate-oracle-publisher-transmitter.sh new file mode 100755 index 0000000..1fa5a25 --- /dev/null +++ b/scripts/deployment/rotate-oracle-publisher-transmitter.sh @@ -0,0 +1,136 @@ +#!/usr/bin/env bash +# Rotate the Chain 138 oracle publisher off the shared deployer key by provisioning +# a dedicated transmitter key, adding it to the oracle aggregator, updating CT 3500, +# and removing the legacy deployer transmitter after the new key confirms an update. +# +# Usage: +# bash scripts/deployment/rotate-oracle-publisher-transmitter.sh [--dry-run] +# +# Env overrides: +# PROXMOX_NODE_IP default 192.168.11.12 +# ORACLE_VMID default 3500 +# ORACLE_SECRET_FILE default ~/.secure-secrets/chain138-oracle-publisher.env +# ORACLE_AGGREGATOR_ADDRESS default 0x99b3511a2d315a497c8112c1fdd8d508d4b1e506 +# ORACLE_FUND_WEI default 100000000000000000 (0.1 native token) +# NEW_ORACLE_PRIVATE_KEY optional pre-generated 0x-prefixed key +# +set -euo pipefail + +DRY_RUN=0 +if [[ "${1:-}" == "--dry-run" ]]; then + DRY_RUN=1 +fi + +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +cd "$ROOT" +had_nounset=0 +if [[ $- == *u* ]]; then + had_nounset=1 + set +u +fi +set -a +source scripts/lib/load-project-env.sh >/dev/null 2>&1 +set +a +if [[ "$had_nounset" -eq 1 ]]; then + set -u +fi + +RPC="${DEPLOY_RPC_URL_138:-${RPC_URL_138:-http://192.168.11.211:8545}}" +NODE_IP="${PROXMOX_NODE_IP:-192.168.11.12}" +ORACLE_VMID="${ORACLE_VMID:-3500}" +AGG="${ORACLE_AGGREGATOR_ADDRESS:-0x99b3511a2d315a497c8112c1fdd8d508d4b1e506}" +SECRET_FILE="${ORACLE_SECRET_FILE:-$HOME/.secure-secrets/chain138-oracle-publisher.env}" +DEPLOYER_ADDR="$(cast wallet address --private-key "$PRIVATE_KEY")" +NEW_KEY="${NEW_ORACLE_PRIVATE_KEY:-0x$(openssl rand -hex 32)}" +NEW_ADDR="$(cast wallet address --private-key "$NEW_KEY")" +ORACLE_FUND_WEI="${ORACLE_FUND_WEI:-100000000000000000}" + +echo "Oracle transmitter rotation" +echo " node: $NODE_IP" +echo " vmid: $ORACLE_VMID" +echo " aggregator: $AGG" +echo " admin: $DEPLOYER_ADDR" +echo " new signer: $NEW_ADDR" +echo " secret file: $SECRET_FILE" +echo " fund wei: $ORACLE_FUND_WEI" + +if [[ "$DRY_RUN" -eq 1 ]]; then + exit 0 +fi + +mkdir -p "$(dirname "$SECRET_FILE")" +umask 077 +cat >"$SECRET_FILE" </dev/null +fi + +new_balance="$(cast balance "$NEW_ADDR" --rpc-url "$RPC")" +if [[ "$new_balance" -lt "$ORACLE_FUND_WEI" ]]; then + cast send "$NEW_ADDR" \ + --value "$ORACLE_FUND_WEI" \ + --rpc-url "$RPC" \ + --private-key "$PRIVATE_KEY" \ + --legacy \ + --gas-price 1000000000 \ + >/dev/null +fi + +ssh -o BatchMode=yes -o StrictHostKeyChecking=no "root@$NODE_IP" "\ + pct exec $ORACLE_VMID -- bash -lc 'set -euo pipefail; \ + ENV=/opt/oracle-publisher/.env; \ + grep -q \"^PRIVATE_KEY=\" \$ENV && sed -i \"s|^PRIVATE_KEY=.*|PRIVATE_KEY=$NEW_KEY|\" \$ENV || echo \"PRIVATE_KEY=$NEW_KEY\" >> \$ENV; \ + systemctl restart oracle-publisher.service; \ + systemctl is-active oracle-publisher.service >/dev/null'" + +echo "Waiting for new transmitter to confirm an oracle update..." +tx_hash="" +for _ in {1..24}; do + line="$(ssh -o BatchMode=yes -o StrictHostKeyChecking=no "root@$NODE_IP" "pct exec $ORACLE_VMID -- journalctl -u oracle-publisher.service -n 20 --no-pager | grep 'Transaction confirmed:' | tail -n 1" || true)" + if [[ -n "$line" ]]; then + tx_hash="$(printf '%s' "$line" | grep -oE '0x[a-fA-F0-9]{64}' | tail -n 1 || true)" + fi + if [[ -n "$tx_hash" ]]; then + tx_from="$(cast receipt "$tx_hash" --rpc-url "$RPC" | awk '/^from /{print $2}')" + if [[ "${tx_from,,}" == "${NEW_ADDR,,}" ]]; then + break + fi + fi + sleep 5 +done + +if [[ -z "$tx_hash" ]]; then + echo "ERROR: No confirmed oracle update observed from the new transmitter." >&2 + exit 1 +fi + +tx_from="$(cast receipt "$tx_hash" --rpc-url "$RPC" | awk '/^from /{print $2}')" +if [[ "${tx_from,,}" != "${NEW_ADDR,,}" ]]; then + echo "ERROR: Latest confirmed oracle update was not sent by the new transmitter: $tx_from" >&2 + exit 1 +fi + +if [[ "$(cast call "$AGG" 'isTransmitter(address)(bool)' "$DEPLOYER_ADDR" --rpc-url "$RPC")" == "true" ]]; then + cast send "$AGG" 'removeTransmitter(address)' "$DEPLOYER_ADDR" \ + --rpc-url "$RPC" \ + --private-key "$PRIVATE_KEY" \ + --legacy \ + --gas-price 1000000000 \ + >/dev/null +fi + +echo "Rotation complete." +echo " new transmitter: $NEW_ADDR" +echo " confirmed tx: $tx_hash" +echo " deployer signer removed from transmitter set." diff --git a/scripts/deployment/run-all-next-steps-chain138.sh b/scripts/deployment/run-all-next-steps-chain138.sh index 354e316..022ef69 100755 --- a/scripts/deployment/run-all-next-steps-chain138.sh +++ b/scripts/deployment/run-all-next-steps-chain138.sh @@ -17,8 +17,32 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +REPO_ROOT="$PROJECT_ROOT" SMOM="$PROJECT_ROOT/smom-dbis-138" +load_smom_env() { + if [[ -f "$SMOM/scripts/lib/deployment/dotenv.sh" ]]; then + # shellcheck disable=SC1090 + source "$SMOM/scripts/lib/deployment/dotenv.sh" + load_deployment_env --repo-root "$SMOM" + return 0 + fi + if [[ -f "$SMOM/.env" ]]; then + local had_nounset=0 + if [[ $- == *u* ]]; then + had_nounset=1 + set +u + fi + set -a + # shellcheck disable=SC1090 + source "$SMOM/.env" + set +a + (( had_nounset )) && set -u + return 0 + fi + return 1 +} + DRY_RUN="" SKIP_MIRROR="" SKIP_MESH="" @@ -82,8 +106,7 @@ if [[ -z "$SKIP_REGISTER_GRU" ]]; then if [[ -n "$DRY_RUN" ]]; then echo "[DRY-RUN] cd $SMOM && forge script script/deploy/RegisterGRUCompliantTokens.s.sol --rpc-url \$RPC_URL_138 --broadcast --private-key \$PRIVATE_KEY --with-gas-price 1000000000" else - if [[ -f "$SMOM/.env" ]]; then - set -a; source "$SMOM/.env"; set +a + if load_smom_env; then # Fallback: Register script expects CUSDT_ADDRESS_138/CUSDC_ADDRESS_138; use COMPLIANT_USDT/COMPLIANT_USDC if set [[ -z "${CUSDT_ADDRESS_138:-}" && -n "${COMPLIANT_USDT:-}" ]] && export CUSDT_ADDRESS_138="$COMPLIANT_USDT" [[ -z "${CUSDC_ADDRESS_138:-}" && -n "${COMPLIANT_USDC:-}" ]] && export CUSDC_ADDRESS_138="$COMPLIANT_USDC" @@ -108,8 +131,8 @@ if [[ -z "$SKIP_VERIFY" ]]; then if [[ -n "$DRY_RUN" ]]; then echo "[DRY-RUN] $PROJECT_ROOT/scripts/verify/check-contracts-on-chain-138.sh" else - [[ -f "$SMOM/.env" ]] && set -a && source "$SMOM/.env" && set +a - "$PROJECT_ROOT/scripts/verify/check-contracts-on-chain-138.sh" "${RPC_URL_138:-}" || true + load_smom_env || true + "$REPO_ROOT/scripts/verify/check-contracts-on-chain-138.sh" "${RPC_URL_138:-}" || true fi echo "" else diff --git a/scripts/deployment/run-cw-remaining-steps.sh b/scripts/deployment/run-cw-remaining-steps.sh index f9e2d2f..284e249 100755 --- a/scripts/deployment/run-cw-remaining-steps.sh +++ b/scripts/deployment/run-cw-remaining-steps.sh @@ -3,11 +3,12 @@ # See docs/07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md and docs/00-meta/CW_BRIDGE_TASK_LIST.md. # # Usage: -# ./scripts/deployment/run-cw-remaining-steps.sh [--dry-run] [--deploy] [--update-mapping] [--verify] +# ./scripts/deployment/run-cw-remaining-steps.sh [--dry-run] [--deploy] [--update-mapping] [--verify] [--verify-hard-peg] # --dry-run Run deploy-cw in dry-run mode (print commands only). # --deploy Run deploy-cw on all chains (requires RPC/PRIVATE_KEY in smom-dbis-138/.env). # --update-mapping Update config/token-mapping-multichain.json from CWUSDT_*/CWUSDC_* in .env. # --verify For each chain with CWUSDT_* set, check MINTER_ROLE/BURNER_ROLE on cW* for CW_BRIDGE_*. +# --verify-hard-peg Check Avalanche hard-peg bridge controls for cWUSDT/cWUSDC. # With no options, runs --dry-run then --update-mapping (if any CWUSDT_* in .env). set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -18,6 +19,7 @@ DRY_RUN=false DO_DEPLOY=false DO_UPDATE_MAPPING=false DO_VERIFY=false +DO_VERIFY_HARD_PEG=false for a in "$@"; do case "$a" in @@ -25,9 +27,10 @@ for a in "$@"; do --deploy) DO_DEPLOY=true ;; --update-mapping) DO_UPDATE_MAPPING=true ;; --verify) DO_VERIFY=true ;; + --verify-hard-peg) DO_VERIFY_HARD_PEG=true ;; esac done -if ! $DRY_RUN && ! $DO_DEPLOY && ! $DO_UPDATE_MAPPING && ! $DO_VERIFY; then +if ! $DRY_RUN && ! $DO_DEPLOY && ! $DO_UPDATE_MAPPING && ! $DO_VERIFY && ! $DO_VERIFY_HARD_PEG; then DRY_RUN=true DO_UPDATE_MAPPING=true fi @@ -37,7 +40,9 @@ if [[ ! -f "$SMOM/.env" ]]; then exit 1 fi set -a +set +u source "$SMOM/.env" +set -u set +a # Chain name (env suffix) -> chainId for 138 -> chain pairs @@ -135,4 +140,57 @@ if $DO_VERIFY; then done fi +call_or_unavailable() { + local rpc="$1" + local address="$2" + local signature="$3" + shift 3 + if [[ -z "$rpc" || -z "$address" ]]; then + printf 'unavailable\n' + return + fi + cast call "$address" "$signature" "$@" --rpc-url "$rpc" 2>/dev/null || printf 'legacy-or-unavailable\n' +} + +if $DO_VERIFY_HARD_PEG; then + echo "=== Verify Avalanche hard-peg bridge state ===" + + CHAIN138_L1_BRIDGE="${CW_L1_BRIDGE_CHAIN138:-}" + AVAX_CW_BRIDGE="${CW_BRIDGE_AVALANCHE:-}" + RESERVE_VERIFIER="${CW_RESERVE_VERIFIER_CHAIN138:-}" + AVALANCHE_SELECTOR_VALUE="${AVALANCHE_SELECTOR:-6433500567565415381}" + + CW_CANONICAL_USDT_ADDR="${CW_CANONICAL_USDT:-${COMPLIANT_USDT_ADDRESS:-${CUSDT_ADDRESS_138:-}}}" + CW_CANONICAL_USDC_ADDR="${CW_CANONICAL_USDC:-${COMPLIANT_USDC_ADDRESS:-${CUSDC_ADDRESS_138:-}}}" + + echo " Chain 138 L1 bridge: $CHAIN138_L1_BRIDGE" + echo " Avalanche cW bridge: $AVAX_CW_BRIDGE" + echo " Reserve verifier: ${RESERVE_VERIFIER:-unconfigured}" + echo " Avalanche selector: $AVALANCHE_SELECTOR_VALUE" + + if [[ -n "$CHAIN138_L1_BRIDGE" ]]; then + echo " L1 bridge reserveVerifier(): $(call_or_unavailable "$RPC_URL_138" "$CHAIN138_L1_BRIDGE" "reserveVerifier()(address)")" + fi + + for entry in "cUSDT:$CW_CANONICAL_USDT_ADDR:$CW_MAX_OUTSTANDING_USDT_AVALANCHE" "cUSDC:$CW_CANONICAL_USDC_ADDR:$CW_MAX_OUTSTANDING_USDC_AVALANCHE"; do + IFS=":" read -r label token desired_cap <<<"$entry" + if [[ -z "$token" ]]; then + echo " $label: canonical token not set" + continue + fi + echo " $label supportedCanonicalToken(): $(call_or_unavailable "$RPC_URL_138" "$CHAIN138_L1_BRIDGE" "supportedCanonicalToken(address)(bool)" "$token")" + echo " $label maxOutstanding(): $(call_or_unavailable "$RPC_URL_138" "$CHAIN138_L1_BRIDGE" "maxOutstanding(address,uint64)(uint256)" "$token" "$AVALANCHE_SELECTOR_VALUE")" + if [[ -n "$desired_cap" ]]; then + echo " $label desired maxOutstanding env: $desired_cap" + fi + echo " $label tokenPairFrozen(): $(call_or_unavailable "$AVALANCHE_RPC_URL" "$AVAX_CW_BRIDGE" "tokenPairFrozen(address)(bool)" "$token")" + if [[ -n "$RESERVE_VERIFIER" ]]; then + echo " $label verifier tokenConfigs(): $(call_or_unavailable "$RPC_URL_138" "$RESERVE_VERIFIER" "tokenConfigs(address)(bool,address,bool,bool,bool)" "$token" | tr '\n' ' ' | xargs)" + echo " $label verifier getVerificationStatus(): $(call_or_unavailable "$RPC_URL_138" "$RESERVE_VERIFIER" "getVerificationStatus(address,uint64)((bool,bool,bool,bool,bool,bool,bool,bool,uint256,uint256,uint256,uint256,uint256,uint256,uint256,uint256))" "$token" "$AVALANCHE_SELECTOR_VALUE" | tr '\n' ' ' | xargs)" + fi + done + + echo " Avalanche destinationFrozen(138): $(call_or_unavailable "$AVALANCHE_RPC_URL" "$AVAX_CW_BRIDGE" "destinationFrozen(uint64)(bool)" 138)" +fi + echo "Done. See docs/07-ccip/CW_DEPLOY_AND_WIRE_RUNBOOK.md for Phase E (relay and E2E)." diff --git a/scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh b/scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh new file mode 100755 index 0000000..505cae6 --- /dev/null +++ b/scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh @@ -0,0 +1,102 @@ +#!/usr/bin/env bash +# Merge Keycloak OIDC settings from the operator repo .env into LXC 7801 +# (/opt/sankofa-portal/.env and .env.local). Uses base64 over ssh for the client secret +# so special characters in KEYCLOAK_CLIENT_SECRET do not break the remote shell. +# +# Requires KEYCLOAK_CLIENT_SECRET (and loads repo .env via load-project-env when sourced +# from repo root, or export vars before calling). +# +# Run after creating the confidential client (e.g. keycloak-sankofa-ensure-client-redirects*.sh) +# or when rotating KEYCLOAK_CLIENT_SECRET. +# +# Usage: +# ./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh +# ./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh --dry-run +# ./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh --no-restart +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +# shellcheck source=/dev/null +source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh" 2>/dev/null || true +# shellcheck source=/dev/null +source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true + +PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" +VMID="${SANKOFA_PORTAL_VMID:-7801}" +CT_DIR="${SANKOFA_PORTAL_CT_DIR:-/opt/sankofa-portal}" +SERVICE_NAME="${SANKOFA_PORTAL_SERVICE:-sankofa-portal}" +SSH_OPTS=(-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new) + +KC_URL="${KEYCLOAK_URL:-https://keycloak.sankofa.nexus}" +KC_REALM="${KEYCLOAK_REALM:-master}" +KC_CID="${KEYCLOAK_CLIENT_ID:-sankofa-portal}" + +DRY_RUN=false +NO_RESTART=false +for arg in "$@"; do + case "$arg" in + --dry-run) DRY_RUN=true ;; + --no-restart) NO_RESTART=true ;; + esac +done + +if [[ -z "${KEYCLOAK_CLIENT_SECRET:-}" ]]; then + echo "ERROR: KEYCLOAK_CLIENT_SECRET is not set. Add it to repo .env (from Keycloak admin or" >&2 + echo " keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh when the client is created)," >&2 + echo " then: source scripts/lib/load-project-env.sh && $0" >&2 + exit 1 +fi + +if $DRY_RUN; then + echo "[DRY-RUN] Would upsert KEYCLOAK_* on CT ${VMID} ${CT_DIR}/.env and .env.local" + echo "[DRY-RUN] KEYCLOAK_URL=${KC_URL} KEYCLOAK_REALM=${KC_REALM} KEYCLOAK_CLIENT_ID=${KC_CID}" + echo "[DRY-RUN] restart: $([[ "$NO_RESTART" == true ]] && echo no || echo yes)" + exit 0 +fi + +B64="$(printf '%s' "$KEYCLOAK_CLIENT_SECRET" | base64 -w0)" + +ssh "${SSH_OPTS[@]}" "root@${PROXMOX_HOST}" \ + "pct exec ${VMID} -- env KCSEC_B64='${B64}' KC_URL='${KC_URL}' KC_REALM='${KC_REALM}' KC_CID='${KC_CID}' CT_DIR='${CT_DIR}' python3 -" <<'PY' +import base64 +import os +import re +from pathlib import Path + +sec = base64.b64decode(os.environ["KCSEC_B64"]).decode("utf-8") +ct = Path(os.environ["CT_DIR"]) +keys = { + "KEYCLOAK_URL": os.environ["KC_URL"], + "KEYCLOAK_REALM": os.environ["KC_REALM"], + "KEYCLOAK_CLIENT_ID": os.environ["KC_CID"], + "KEYCLOAK_CLIENT_SECRET": sec, +} + + +def upsert(text: str, k: str, v: str) -> str: + line = f"{k}={v}" + if re.search(rf"^{re.escape(k)}=", text, flags=re.M): + return re.sub(rf"^{re.escape(k)}=.*$", line, text, flags=re.M, count=1) + if text and not text.endswith("\n"): + text += "\n" + return text + line + "\n" + + +for fname in (".env", ".env.local"): + p = ct / fname + body = p.read_text() if p.exists() else "" + for k, v in keys.items(): + body = upsert(body, k, v) + p.parent.mkdir(parents=True, exist_ok=True) + p.write_text(body) + print(f"upserted Keycloak keys in {p}") +PY + +if [[ "$NO_RESTART" == true ]]; then + echo "[ok] Keycloak OIDC vars merged on CT ${VMID} (no service restart)." +else + ssh "${SSH_OPTS[@]}" "root@${PROXMOX_HOST}" \ + "pct exec ${VMID} -- systemctl restart ${SERVICE_NAME} && pct exec ${VMID} -- systemctl is-active ${SERVICE_NAME}" + echo "[ok] Keycloak OIDC vars merged on CT ${VMID}; ${SERVICE_NAME} restarted." +fi diff --git a/scripts/deployment/set-dotenv-c-tokens-and-register-gru.sh b/scripts/deployment/set-dotenv-c-tokens-and-register-gru.sh index c07a202..dc9ce41 100755 --- a/scripts/deployment/set-dotenv-c-tokens-and-register-gru.sh +++ b/scripts/deployment/set-dotenv-c-tokens-and-register-gru.sh @@ -3,8 +3,9 @@ # then run RegisterGRUCompliantTokens to register all c* as GRU in UniversalAssetRegistry. # # Addresses are from docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md and TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER.md. -# Usage: ./scripts/deployment/set-dotenv-c-tokens-and-register-gru.sh [--no-register] +# Usage: ./scripts/deployment/set-dotenv-c-tokens-and-register-gru.sh [--no-register] [--register-v2] # --no-register Only update .env; do not run RegisterGRUCompliantTokens. +# --register-v2 After V1 registration, also register staged V2 cUSDT/cUSDC using RegisterGRUCompliantTokensV2. # # Note: RegisterGRUCompliantTokens requires (1) broadcast account has REGISTRAR_ROLE, and (2) the # UniversalAssetRegistry *implementation* (not just proxy) exposes registerGRUCompliantAsset. @@ -21,7 +22,11 @@ SMOM="$PROJECT_ROOT/smom-dbis-138" ENV_FILE="$SMOM/.env" RUN_REGISTER=1 -for a in "$@"; do [[ "$a" == "--no-register" ]] && RUN_REGISTER=0; done +RUN_REGISTER_V2=0 +for a in "$@"; do + [[ "$a" == "--no-register" ]] && RUN_REGISTER=0 + [[ "$a" == "--register-v2" ]] && RUN_REGISTER_V2=1 +done if [[ ! -f "$ENV_FILE" ]]; then echo "Missing $ENV_FILE. Create it first (e.g. copy from .env.example)." >&2 @@ -45,6 +50,10 @@ set_env_var "COMPLIANT_USDT" "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22" set_env_var "COMPLIANT_USDC" "0xf22258f57794CC8E06237084b353Ab30fFfa640b" set_env_var "CUSDT_ADDRESS_138" "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22" set_env_var "CUSDC_ADDRESS_138" "0xf22258f57794CC8E06237084b353Ab30fFfa640b" +set_env_var "COMPLIANT_USDT_V2" "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29" +set_env_var "COMPLIANT_USDC_V2" "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99" +set_env_var "CUSDT_V2_ADDRESS_138" "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29" +set_env_var "CUSDC_V2_ADDRESS_138" "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99" # cEURC (TOKENS_AND_NETWORKS_MINTABLE_TO_DEPLOYER) set_env_var "CEURC_ADDRESS_138" "0x8085961F9cF02b4d800A3c6d386D31da4B34266a" @@ -68,7 +77,7 @@ set_env_var "WETH10" "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f" set_env_var "LINK_TOKEN" "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03" set_env_var "CCIP_FEE_TOKEN" "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03" -echo "Done. Set: COMPLIANT_USDT, COMPLIANT_USDC, all C*_ADDRESS_138 (cUSDT, cUSDC, cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT), UNIVERSAL_ASSET_REGISTRY, WETH9, WETH10, LINK_TOKEN, CCIP_FEE_TOKEN." +echo "Done. Set: COMPLIANT_USDT, COMPLIANT_USDC, COMPLIANT_USDT_V2, COMPLIANT_USDC_V2, all C*_ADDRESS_138 (including staged V2 addresses), UNIVERSAL_ASSET_REGISTRY, WETH9, WETH10, LINK_TOKEN, CCIP_FEE_TOKEN." echo "All c* on explorer.d-bis.org/tokens must be GRU-registered. See docs/04-configuration/EXPLORER_TOKENS_GRU_POLICY.md." if [[ "$RUN_REGISTER" -eq 0 ]]; then @@ -85,4 +94,15 @@ RPC="${RPC_URL_138:-http://192.168.11.211:8545}" export RPC_URL_138="$RPC" (cd "$SMOM" && forge script script/deploy/RegisterGRUCompliantTokens.s.sol \ --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price 1000000000) + +if [[ "$RUN_REGISTER_V2" -eq 1 ]]; then + echo "" + echo "=== Registering staged c* V2 inventory as GRU (RegisterGRUCompliantTokensV2) ===" + (cd "$SMOM" && forge script script/deploy/RegisterGRUCompliantTokensV2.s.sol \ + --rpc-url "$RPC_URL_138" --broadcast --private-key "$PRIVATE_KEY" --with-gas-price 1000000000) +else + echo "" + echo "V2 note: COMPLIANT_USDT_V2 / COMPLIANT_USDC_V2 are staged in .env but not auto-registered." + echo "Use --register-v2 once downstream registry consumers are ready for version-aware symbols." +fi echo "=== Done. ===" diff --git a/scripts/fix-explorer-http-api-v1-proxy.sh b/scripts/fix-explorer-http-api-v1-proxy.sh new file mode 100644 index 0000000..27c0419 --- /dev/null +++ b/scripts/fix-explorer-http-api-v1-proxy.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash +# Ensure the explorer nginx HTTP server block proxies /api/v1/ to token-aggregation. +# Run inside VMID 5000. + +set -euo pipefail + +CONFIG_FILE="${CONFIG_FILE:-/etc/nginx/sites-available/blockscout}" +TOKEN_AGG_PORT="${TOKEN_AGG_PORT:-3001}" + +if [[ ! -f "$CONFIG_FILE" ]]; then + echo "Config not found: $CONFIG_FILE" >&2 + exit 1 +fi + +python3 - "$CONFIG_FILE" "$TOKEN_AGG_PORT" <<'PY' +from pathlib import Path +import sys + +cfg = Path(sys.argv[1]) +port = sys.argv[2] +text = cfg.read_text() + +parts = text.split("# HTTPS server - Blockscout Explorer", 1) +if len(parts) != 2: + raise SystemExit("Could not locate HTTP/HTTPS server boundary") + +http_block, https_block = parts + +if "location /api/v1/" in http_block: + print("HTTP block already has /api/v1/") + raise SystemExit(0) + +marker = " # Blockscout API endpoint - MUST come before the redirect location\n" +if marker not in http_block: + raise SystemExit("HTTP block marker not found") + +snippet = f""" # Token-aggregation API (Chain 138 Snap: market data, swap quote, bridge routes) + location /api/v1/ {{ + proxy_pass http://127.0.0.1:{port}/api/v1/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 60s; + add_header Access-Control-Allow-Origin *; + }} + + # Blockscout API endpoint - MUST come before the redirect location +""" + +http_block = http_block.replace(marker, snippet, 1) +cfg.write_text(http_block + "# HTTPS server - Blockscout Explorer" + https_block) +print(f"Inserted HTTP /api/v1/ proxy to 127.0.0.1:{port}") +PY + +nginx -t +nginx -s reload diff --git a/scripts/get-npmplus-mappings.py b/scripts/get-npmplus-mappings.py index 08f4045..d376a71 100755 --- a/scripts/get-npmplus-mappings.py +++ b/scripts/get-npmplus-mappings.py @@ -24,6 +24,7 @@ IP_TO_VMID = { "192.168.11.51": "7801", "192.168.11.52": "7802", "192.168.11.53": "7803", + "192.168.11.94": "10092", "192.168.11.57": "6201", "192.168.11.64": "6400", "192.168.11.65": "6000", @@ -79,6 +80,7 @@ IP_TO_HOSTNAME = { "192.168.11.51": "sankofa-portal-1", "192.168.11.52": "sankofa-keycloak-1", "192.168.11.53": "sankofa-postgres-1", + "192.168.11.94": "order-mcp-legal", "192.168.11.57": "firefly-ali-1", "192.168.11.64": "indy-1", "192.168.11.65": "fabric-1", diff --git a/scripts/jvmtm/export-transaction-compliance-matrix-csv.py b/scripts/jvmtm/export-transaction-compliance-matrix-csv.py new file mode 100755 index 0000000..fcba5d1 --- /dev/null +++ b/scripts/jvmtm/export-transaction-compliance-matrix-csv.py @@ -0,0 +1,83 @@ +#!/usr/bin/env python3 +"""Export the JVMTM transaction-grade compliance matrix JSON to CSV.""" + +from __future__ import annotations + +import csv +import json +import sys +from pathlib import Path + + +FIELDNAMES = [ + "control_id", + "phase", + "domain", + "requirement", + "validation_method", + "blocking_level", + "applies_to_rail", + "source_audit_rows", + "repo_evidence_artifacts", + "validator_command", + "failure_action", + "high_value_override", + "notes", +] + + +def format_artifacts(artifacts: list[dict[str, str]]) -> str: + return " | ".join(f'{artifact["artifact_type"]}:{artifact["ref"]}' for artifact in artifacts) + + +def render_rows(matrix: dict) -> list[dict[str, str]]: + rows: list[dict[str, str]] = [] + for control in matrix["controls"]: + rows.append( + { + "control_id": control["control_id"], + "phase": control["phase"], + "domain": control["domain"], + "requirement": control["requirement"], + "validation_method": control["validation_method"], + "blocking_level": control["blocking_level"], + "applies_to_rail": " | ".join(control["applies_to_rail"]), + "source_audit_rows": " | ".join(control["source_audit_rows"]), + "repo_evidence_artifacts": format_artifacts(control["repo_evidence_artifacts"]), + "validator_command": control["validator_command"], + "failure_action": control["failure_action"], + "high_value_override": control["high_value_override"], + "notes": control["notes"], + } + ) + return rows + + +def main() -> int: + repo_root = Path(__file__).resolve().parents[2] + matrix_path = ( + Path(sys.argv[1]) + if len(sys.argv) > 1 + else repo_root / "config/jvmtm-regulatory-closure/transaction-compliance-matrix.json" + ) + csv_path = ( + Path(sys.argv[2]) + if len(sys.argv) > 2 + else repo_root / "config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv" + ) + + matrix = json.loads(matrix_path.read_text(encoding="utf-8")) + rows = render_rows(matrix) + + csv_path.parent.mkdir(parents=True, exist_ok=True) + with csv_path.open("w", encoding="utf-8", newline="") as handle: + writer = csv.DictWriter(handle, fieldnames=FIELDNAMES, lineterminator="\n") + writer.writeheader() + writer.writerows(rows) + + print(f"Wrote {csv_path} ({len(rows)} controls)") + return 0 + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/scripts/mim4u-deploy-to-7810.sh b/scripts/mim4u-deploy-to-7810.sh index 23b68f4..2368846 100755 --- a/scripts/mim4u-deploy-to-7810.sh +++ b/scripts/mim4u-deploy-to-7810.sh @@ -14,10 +14,46 @@ VMID_MIM_WEB="${VMID_MIM_WEB:-7810}" PROXMOX_HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}" MIM_WEB_IP="${IP_MIM_WEB:-192.168.11.37}" DEST="/var/www/html" +MIM_API_UPSTREAM="${MIM_API_UPSTREAM:-http://192.168.11.36:3001}" echo "Building MIM4U frontend..." (cd "$MIM_ROOT" && npm run build) echo "Deploying dist to root@$PROXMOX_HOST (pct exec $VMID_MIM_WEB) at $DEST ..." # Copy into container: tar from host, extract in container tar czf - -C "$MIM_ROOT/dist" . | ssh "root@$PROXMOX_HOST" "pct exec $VMID_MIM_WEB -- tar xzf - -C $DEST" +echo "Ensuring nginx proxies /api/ to $MIM_API_UPSTREAM ..." +ssh "root@$PROXMOX_HOST" "pct exec $VMID_MIM_WEB -- bash -lc 'cat > /etc/nginx/sites-available/mim4u <<\"EOF\" +server { + listen 80; + server_name mim4u.org www.mim4u.org secure.mim4u.org training.mim4u.org; + + root /var/www/html; + index index.html index.htm; + + location /api/ { + proxy_pass ${MIM_API_UPSTREAM}/api/; + proxy_http_version 1.1; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location / { + try_files \$uri \$uri/ /index.html; + } + + location /health { + access_log off; + return 200 \"healthy\\n\"; + add_header Content-Type text/plain; + } + + location ~* \\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { + expires 1y; + add_header Cache-Control \"public, immutable\"; + } +} +EOF +nginx -t && systemctl reload nginx'" echo "Done. Verify: curl -I http://${MIM_WEB_IP}:80/" diff --git a/scripts/nginx-proxy-manager/configure-npmplus-domains.js b/scripts/nginx-proxy-manager/configure-npmplus-domains.js index 8f6f9f6..6be1dbf 100755 --- a/scripts/nginx-proxy-manager/configure-npmplus-domains.js +++ b/scripts/nginx-proxy-manager/configure-npmplus-domains.js @@ -46,8 +46,13 @@ const DOMAINS = [ // d-bis.org zone - Private RPC endpoints (VMID 2101: besu-rpc-core-1) { domain: 'rpc-http-prv.d-bis.org', target: 'http://192.168.11.211:8545', websocket: true }, // VMID 2101 { domain: 'rpc-ws-prv.d-bis.org', target: 'http://192.168.11.211:8546', websocket: true }, // VMID 2101 + { domain: 'rpc-core.d-bis.org', target: 'http://192.168.11.211:8545', websocket: true }, // VMID 2101 (alias) - // d-bis.org zone - DBIS Core Services + // d-bis.org zone - DBIS Core Services (canonical + legacy) + { domain: 'd-bis.org', target: 'http://192.168.11.54:3001', websocket: false }, // Gov Portals DBIS VMID 7804 + { domain: 'www.d-bis.org', target: 'http://192.168.11.54:3001', websocket: false }, + { domain: 'admin.d-bis.org', target: 'http://192.168.11.130:80', websocket: false }, + { domain: 'core.d-bis.org', target: 'http://192.168.11.155:3000', websocket: false }, { domain: 'dbis-admin.d-bis.org', target: 'http://192.168.11.130:80', websocket: false }, // VMID 10130: dbis-frontend { domain: 'dbis-api.d-bis.org', target: 'http://192.168.11.155:3000', websocket: false }, // VMID 10150: dbis-api-primary { domain: 'dbis-api-2.d-bis.org', target: 'http://192.168.11.156:3000', websocket: false }, // VMID 10151: dbis-api-secondary @@ -63,8 +68,9 @@ const DOMAINS = [ // defi-oracle.io zone - ThirdWeb RPC (VMID 2400: thirdweb-rpc-1) // Note: Uses HTTPS and port 443 (Nginx with RPC Translator) { domain: 'rpc.public-0138.defi-oracle.io', target: 'https://192.168.11.240:443', websocket: true }, // VMID 2400 - { domain: 'rpc.defi-oracle.io', target: 'https://192.168.11.240:443', websocket: true }, // VMID 2400 - HTTP RPC - { domain: 'wss.defi-oracle.io', target: 'https://192.168.11.240:443', websocket: true }, // VMID 2400 - WebSocket RPC + // Align with update-npmplus-proxy-hosts-api.sh + RPC_ENDPOINTS_MASTER: defi-oracle rpc/wss → VMID 2201 Besu (not 2400) + { domain: 'rpc.defi-oracle.io', target: 'http://192.168.11.221:8545', websocket: true }, + { domain: 'wss.defi-oracle.io', target: 'http://192.168.11.221:8546', websocket: true }, ]; // www.* domains that redirect to parent domains diff --git a/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh b/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh index 3993f25..9284254 100755 --- a/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh +++ b/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh @@ -52,8 +52,8 @@ echo "🔄 Updating NPMplus Proxy Hosts via API" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "" -# NPMplus API can stall indefinitely without --max-time (override e.g. NPM_CURL_MAX_TIME=300) -NPM_CURL_MAX_TIME="${NPM_CURL_MAX_TIME:-120}" +# NPMplus API can stall indefinitely without --max-time; large proxy-host lists may need 300s+ (override NPM_CURL_MAX_TIME) +NPM_CURL_MAX_TIME="${NPM_CURL_MAX_TIME:-300}" # -L: port 81 often 301s HTTP→HTTPS; POST /api/tokens without -L returns 400 "Payload is undefined" curl_npm() { curl -s -k -L --connect-timeout 10 --max-time "$NPM_CURL_MAX_TIME" "$@"; } @@ -335,6 +335,8 @@ update_proxy_host "rpc-http-pub.d-bis.org" "http://${RPC_PUBLIC_1}:8545" true fa update_proxy_host "rpc-ws-pub.d-bis.org" "http://${RPC_PUBLIC_1}:8546" true false && updated_count=$((updated_count + 1)) || { add_proxy_host "rpc-ws-pub.d-bis.org" "${RPC_PUBLIC_1}" 8546 true false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "rpc-http-prv.d-bis.org" "http://${RPC_CORE_1}:8545" true false && updated_count=$((updated_count + 1)) || { add_proxy_host "rpc-http-prv.d-bis.org" "${RPC_CORE_1}" 8545 true false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "rpc-ws-prv.d-bis.org" "http://${RPC_CORE_1}:8546" true false && updated_count=$((updated_count + 1)) || { add_proxy_host "rpc-ws-prv.d-bis.org" "${RPC_CORE_1}" 8546 true false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) +# rpc-core.d-bis.org — same Besu backend as rpc-http-prv (VMID 2101); public HTTPS alias for wallets/scripts off-LAN +update_proxy_host "rpc-core.d-bis.org" "http://${RPC_CORE_1}:8545" true false && updated_count=$((updated_count + 1)) || { add_proxy_host "rpc-core.d-bis.org" "${RPC_CORE_1}" 8545 true false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) # ThirdWeb Admin Core RPC — VMID ${RPC_THIRDWEB_ADMIN_CORE_VMID:-2103} @ ${RPC_THIRDWEB_ADMIN_CORE} (HTTPS + WSS via NPMplus; block_exploits off for JSON-RPC POST) RPC_THIRDWEB_ADMIN_CORE="${RPC_THIRDWEB_ADMIN_CORE:-192.168.11.217}" update_proxy_host "rpc.tw-core.d-bis.org" "http://${RPC_THIRDWEB_ADMIN_CORE}:8545" true false && updated_count=$((updated_count + 1)) || { add_proxy_host "rpc.tw-core.d-bis.org" "${RPC_THIRDWEB_ADMIN_CORE}" 8545 true false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) @@ -356,10 +358,25 @@ update_proxy_host "ws.rpc2.d-bis.org" "http://${RPC_PUBLIC_1}:8546" true false & # Fireblocks-dedicated RPC (VMID 2301) update_proxy_host "rpc-fireblocks.d-bis.org" "http://${RPC_FIREBLOCKS_1:-${RPC_PRIVATE_1}}:8545" true false && updated_count=$((updated_count + 1)) || { add_proxy_host "rpc-fireblocks.d-bis.org" "${RPC_FIREBLOCKS_1:-${RPC_PRIVATE_1}}" 8545 true false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "ws.rpc-fireblocks.d-bis.org" "http://${RPC_FIREBLOCKS_1:-${RPC_PRIVATE_1}}:8546" true false && updated_count=$((updated_count + 1)) || { add_proxy_host "ws.rpc-fireblocks.d-bis.org" "${RPC_FIREBLOCKS_1:-${RPC_PRIVATE_1}}" 8546 true false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) -update_proxy_host "dbis-admin.d-bis.org" "http://${IP_DBIS_FRONTEND:-192.168.11.130}:80" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1)) +# DBIS canonical web — DBIS_INSTITUTIONAL_SUBDOMAINS.md (d-bis.org public, admin, secure, core; legacy dbis-admin) +IP_DBIS_PUBLIC_APEX="${IP_DBIS_PUBLIC_APEX:-192.168.11.54}" +DBIS_PUBLIC_APEX_PORT="${DBIS_PUBLIC_APEX_PORT:-3001}" +IP_DBIS_CORE_CLIENT="${IP_DBIS_CORE_CLIENT:-192.168.11.155}" +DBIS_CORE_CLIENT_PORT="${DBIS_CORE_CLIENT_PORT:-3000}" +update_proxy_host "d-bis.org" "http://${IP_DBIS_PUBLIC_APEX}:${DBIS_PUBLIC_APEX_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "d-bis.org" "${IP_DBIS_PUBLIC_APEX}" "${DBIS_PUBLIC_APEX_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) +update_proxy_host "www.d-bis.org" "http://${IP_DBIS_PUBLIC_APEX}:${DBIS_PUBLIC_APEX_PORT}" false false "https://d-bis.org" && updated_count=$((updated_count + 1)) || { add_proxy_host "www.d-bis.org" "${IP_DBIS_PUBLIC_APEX}" "${DBIS_PUBLIC_APEX_PORT}" false false "https://d-bis.org" && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) +update_proxy_host "admin.d-bis.org" "http://${IP_DBIS_FRONTEND:-192.168.11.130}:80" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "admin.d-bis.org" "${IP_DBIS_FRONTEND:-192.168.11.130}" 80 false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) +update_proxy_host "core.d-bis.org" "http://${IP_DBIS_CORE_CLIENT}:${DBIS_CORE_CLIENT_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "core.d-bis.org" "${IP_DBIS_CORE_CLIENT}" "${DBIS_CORE_CLIENT_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) +update_proxy_host "dbis-admin.d-bis.org" "http://${IP_DBIS_FRONTEND:-192.168.11.130}:80" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "dbis-admin.d-bis.org" "${IP_DBIS_FRONTEND:-192.168.11.130}" 80 false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "dbis-api.d-bis.org" "http://${IP_DBIS_API:-192.168.11.155}:3000" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1)) update_proxy_host "dbis-api-2.d-bis.org" "http://${IP_DBIS_API_2:-192.168.11.156}:3000" false && updated_count=$((updated_count + 1)) || { add_proxy_host "dbis-api-2.d-bis.org" "${IP_DBIS_API_2:-192.168.11.156}" 3000 false true && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "secure.d-bis.org" "http://${IP_DBIS_FRONTEND:-192.168.11.130}:80" false && updated_count=$((updated_count + 1)) || { add_proxy_host "secure.d-bis.org" "${IP_DBIS_FRONTEND:-192.168.11.130}" 80 false true && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) +# DBIS institutional program hostnames — same public apex as d-bis.org until dedicated apps split (DBIS_INSTITUTIONAL_SUBDOMAINS.md) +for _dbis_inst in members developers research policy ops identity status sandbox interop; do + update_proxy_host "${_dbis_inst}.d-bis.org" "http://${IP_DBIS_PUBLIC_APEX}:${DBIS_PUBLIC_APEX_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "${_dbis_inst}.d-bis.org" "${IP_DBIS_PUBLIC_APEX}" "${DBIS_PUBLIC_APEX_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) +done +# data.d-bis.org — E2E checks /v1/health; align with primary DBIS API +update_proxy_host "data.d-bis.org" "http://${IP_DBIS_API:-192.168.11.155}:3000" false && updated_count=$((updated_count + 1)) || { add_proxy_host "data.d-bis.org" "${IP_DBIS_API:-192.168.11.155}" 3000 false true && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) # DApp (VMID 5801) — frontend-dapp for Chain 138 bridge update_proxy_host "dapp.d-bis.org" "http://${IP_DAPP_LXC:-192.168.11.58}:80" false && updated_count=$((updated_count + 1)) || { add_proxy_host "dapp.d-bis.org" "${IP_DAPP_LXC:-192.168.11.58}" 80 false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) # MIM4U - VMID 7810 (mim-web-1) @ ${IP_MIM_WEB:-192.168.11.37} - Web Frontend serves main site and proxies /api/* to 7811 @@ -380,10 +397,11 @@ IP_SANKOFA_PORTAL="${IP_SANKOFA_PORTAL:-${IP_SERVICE_51:-192.168.11.51}}" IP_SANKOFA_PHOENIX_API="${IP_SANKOFA_PHOENIX_API:-${IP_SERVICE_50:-192.168.11.50}}" SANKOFA_PORTAL_PORT="${SANKOFA_PORTAL_PORT:-3000}" SANKOFA_PHOENIX_API_PORT="${SANKOFA_PHOENIX_API_PORT:-4000}" -IP_SANKOFA_PUBLIC_WEB="${IP_SANKOFA_PUBLIC_WEB:-${IP_SANKOFA_PORTAL}}" -SANKOFA_PUBLIC_WEB_PORT="${SANKOFA_PUBLIC_WEB_PORT:-${SANKOFA_PORTAL_PORT}}" +# Resolved before portal/SSO rows so dash can default to client SSO stack IP_SANKOFA_CLIENT_SSO="${IP_SANKOFA_CLIENT_SSO:-${IP_SANKOFA_PORTAL}}" SANKOFA_CLIENT_SSO_PORT="${SANKOFA_CLIENT_SSO_PORT:-${SANKOFA_PORTAL_PORT}}" +IP_SANKOFA_PUBLIC_WEB="${IP_SANKOFA_PUBLIC_WEB:-${IP_SANKOFA_PORTAL}}" +SANKOFA_PUBLIC_WEB_PORT="${SANKOFA_PUBLIC_WEB_PORT:-${SANKOFA_PORTAL_PORT}}" update_proxy_host "sankofa.nexus" "http://${IP_SANKOFA_PUBLIC_WEB}:${SANKOFA_PUBLIC_WEB_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "sankofa.nexus" "${IP_SANKOFA_PUBLIC_WEB}" "${SANKOFA_PUBLIC_WEB_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "www.sankofa.nexus" "http://${IP_SANKOFA_PUBLIC_WEB}:${SANKOFA_PUBLIC_WEB_PORT}" false false "https://sankofa.nexus" && updated_count=$((updated_count + 1)) || { add_proxy_host "www.sankofa.nexus" "${IP_SANKOFA_PUBLIC_WEB}" "${SANKOFA_PUBLIC_WEB_PORT}" false false "https://sankofa.nexus" && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "phoenix.sankofa.nexus" "http://${IP_SANKOFA_PHOENIX_API}:${SANKOFA_PHOENIX_API_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "phoenix.sankofa.nexus" "${IP_SANKOFA_PHOENIX_API}" "${SANKOFA_PHOENIX_API_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) @@ -410,13 +428,15 @@ update_proxy_host "studio.sankofa.nexus" "http://${IP_SANKOFA_STUDIO}:${SANKOFA_ # Client SSO hostnames (Next.js portal stack on 7801 typical). NEXTAUTH_URL / Keycloak redirects: https://portal.sankofa.nexus (and https://admin.sankofa.nexus). update_proxy_host "portal.sankofa.nexus" "http://${IP_SANKOFA_CLIENT_SSO}:${SANKOFA_CLIENT_SSO_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "portal.sankofa.nexus" "${IP_SANKOFA_CLIENT_SSO}" "${SANKOFA_CLIENT_SSO_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) update_proxy_host "admin.sankofa.nexus" "http://${IP_SANKOFA_CLIENT_SSO}:${SANKOFA_CLIENT_SSO_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "admin.sankofa.nexus" "${IP_SANKOFA_CLIENT_SSO}" "${SANKOFA_CLIENT_SSO_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) -# Operator systems dashboard — only when IP_SANKOFA_DASH is set (see config/ip-addresses.conf). +# Operator systems dashboard — IP_SANKOFA_DASH when set (port defaults 3000); else client SSO / portal so DNS + TLS get HTTP 200 until a dedicated dash app ships. if [[ -n "${IP_SANKOFA_DASH:-}" ]]; then - SANKOFA_DASH_PORT="${SANKOFA_DASH_PORT:-3000}" - update_proxy_host "dash.sankofa.nexus" "http://${IP_SANKOFA_DASH}:${SANKOFA_DASH_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "dash.sankofa.nexus" "${IP_SANKOFA_DASH}" "${SANKOFA_DASH_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) + SANKOFA_DASH_IP="${IP_SANKOFA_DASH}" + SANKOFA_DASH_PORT_EFFECTIVE="${SANKOFA_DASH_PORT:-3000}" else - echo "ℹ️ Skipping dash.sankofa.nexus (set IP_SANKOFA_DASH and SANKOFA_DASH_PORT to provision upstream)." + SANKOFA_DASH_IP="${IP_SANKOFA_CLIENT_SSO}" + SANKOFA_DASH_PORT_EFFECTIVE="${SANKOFA_CLIENT_SSO_PORT}" fi +update_proxy_host "dash.sankofa.nexus" "http://${SANKOFA_DASH_IP}:${SANKOFA_DASH_PORT_EFFECTIVE}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "dash.sankofa.nexus" "${SANKOFA_DASH_IP}" "${SANKOFA_DASH_PORT_EFFECTIVE}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1)) echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" diff --git a/scripts/omnl/README.md b/scripts/omnl/README.md index 8270bad..ebe4e99 100644 --- a/scripts/omnl/README.md +++ b/scripts/omnl/README.md @@ -22,6 +22,10 @@ Scripts for the **OMNL** tenancy ([omnl.hybxfinance.io](https://omnl.hybxfinance | **omnl-office-create-adf-singapore.sh** | Create Office for ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD (child of OMNL Head Office). Idempotent by externalId `202328126M`. See [ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md](../../docs/04-configuration/mifos-omnl-central-bank/ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md). | | **omnl-transaction-package-snapshot.sh** | **Regulator Section 2:** `GET /offices` + `GET /glaccounts` → `omnl_transaction_package_snapshot.json`, then **enrich** offices with LEI/entity names from `OMNL_ENTITY_MASTER_DATA.json` (`scripts/omnl/jq/enrich-snapshot-entity-master.jq`). `OUT_DIR` / `OUT_FILE` / `ENTITY_DATA` optional. | | **omnl-office-create-bank-kanaya.sh** | Create **Bank Kanaya** office (`externalId=BANK-KANAYA-ID`, parent HO). Idempotent. `DRY_RUN=1` first. See [BANK_KANAYA_OFFICE_RUNBOOK.md](../../docs/04-configuration/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md). | +| **omnl-office-create-pt-cakra-investama.sh** | Create **PT. CAKRA INVESTAMA INTERNATIONAL** office (`externalId=OMNL-ID-JKT-CAKRA-001`, parent HO). Idempotent. | +| **omnl-client-create-pt-cakra-investama.sh** | Corporate **client** for CAKRA (NPWP + director contact). Idempotent by `OMNL-ID-JKT-CAKRA-CLIENT`. Banking/tax extras: `data/pt-cakra-investama-sidecar.json`. | +| **omnl-user-cakra-office-create.sh** | Staff + user `bpramukantoro` (Office Admin) for CAKRA office. Requires `OMNL_CAKRA_ADMIN_PASSWORD` or `CAKRA_GENERATE_PASSWORD=1`. If `POST /users` returns 500, link **staff** in Fineract UI (see script stderr). | +| **omnl-cakra-onboarding-complete.sh** | Runs office → GL (optional) → client → user. `SKIP_GL=1`, `SKIP_USER=1`, `STRICT_ONBOARDING=1` optional. | | **build-transaction-package-zip.sh** | **Zip:** `transaction-package-HYBX-BATCH-001.zip` — binder + 215k ledger + Merkle + Appendix. Stages snapshot, **enrich** from `OMNL_ENTITY_MASTER_DATA.json`, copies that JSON (+ `.md`) into `Volume_A/Section_2/`. Needs root `omnl_transaction_package_snapshot.json` or `ALLOW_MISSING_OMNL_SNAPSHOT=1`. | | **generate-transaction-package-evidence.py** | Ledger, exhibits, e-sign policy, `GENERATED_EVIDENCE_ESIGN_MANIFEST.json`. | | **apply-qes-tsa-to-staging.sh** | Optional RFC 3161 TSA + CMS on anchor (`TSA_URL`, `QES_SIGN_*`). | @@ -30,6 +34,16 @@ Scripts for the **OMNL** tenancy ([omnl.hybxfinance.io](https://omnl.hybxfinance | **check-transaction-package-4995-readiness.sh** | **4.995 gate:** structural checks; `--strict` requires live OMNL snapshot, finalized ISO vault hashes, completed regulatory annex, signed attestation JSON. See `INDONESIA_PACKAGE_4_995_EVIDENCE_STANDARD.md`. | | **run-transaction-package-ci-smoke.sh** | **CI / dev:** fast package build (10-row fixture ledger, no snapshot), `verify-transaction-package-commitment.py` + structural `check-transaction-package-4995-readiness.sh`. Unsets `TSA_URL`. | | **omnl-pvp-post-clearing-bank-kanaya.sh** | **PvP clearing JEs** (HO Dr2410/Cr2100; Kanaya Dr2100/Cr1410). `DRY_RUN=1` default; `OFFICE_ID_HO` / `OFFICE_ID_KANAYA` / `AMOUNT_MINOR_UNITS`. See [PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md](../../docs/04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md). | +| **generate-3way-reconciliation-evidence.sh** | **Operational 3-way:** Fineract GL balance + Chain 138 ERC20 `balanceOf` + optional bank (`JVMTM_BANK_BALANCE_JSON` or env). Outputs `output/jvmtm-evidence/latest-3way-result.json` with `evidence_tier` / `evidence_gaps`. See `config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md`. | +| **verify-ack-before-credit.sh** | Compare ACK ISO timestamp to Fineract `journalentries/{id}` `transactionDate` (conservative ordering check). | +| **fetch-kyt-vendor-report.sh** | Vendor KYT fetch or **REFUSED** manifest (exit 2) if no `KYT_API_URL` / export — no fake PASS. | +| **bcp-rpc-failover-smoke.sh** | Appends real `eth_blockNumber` RPC check to `output/jvmtm-evidence/bcp/failover-execution-log.txt`; optional `RPC_URL_138_SECONDARY`. | +| **validate-reserve-provenance-package.sh** | **JSON Schema** check for `config/reserve-provenance-package/` (10 attestation JSON files + `schemas/reserve-provenance-package.schema.json`). CI: `validate-config.yml`. | +| **build-omnl-e2e-settlement-audit-archive.sh** | **E2E archive:** settlement JSONs, schema + examples (incl. **settlement-event.chain138-primary.example.json**), **JVMTM closure** dirs + **`INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md`** (Tables B/C/D vs `018215821582/INAAUDJVMTM/2025`), **`reserve-provenance-package/`** (3FR funding attestation layer), `schemas/jvmtm/*.schema.json`, M1/RTGS docs + **OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md**, clearing + 102B + chain attestation scripts, **AUDIT_PROOF.json** ( **`chainAttestation` + optional `chainAttestationMainnet`** ), **SETTLEMENT_CLOSURE.json**, **MANIFEST.json** + **MANIFEST.sha256**, **`cast receipt`** for 138 + mainnet when **`CHAIN_ATTESTATION_TX_HASH_MAINNET`** / **`latest-dual-attestation.json`** + **`ETHEREUM_MAINNET_RPC`**, `FETCH_LIVE_EVIDENCE=1` paginated **journalentries** offices **1, 21, 22**. **`JVMTM_CLOSURE_DIR`** = dir of live closure JSON (see `config/jvmtm-regulatory-closure/README.md`). Output: `output/omnl-e2e-settlement-audit-.zip`. | +| **build-office22-office21-compliance-archive.sh** | **Zip + manifest** for Office **22** (CAKRA) with Office **21** (Kanaya) artefacts: IPSAS/IFRS memo, matrix, PvP runbooks, M1/PvP scripts, CAKRA onboarding, maker-checker. Optional `FETCH_LIVE_EVIDENCE=1` pulls `/journalentries` + `/offices` into `evidence/`. Output: `output/office22-office21-compliance-archive-.zip` with `MANIFEST.json` + `MANIFEST.sha256`. | +| **omnl-m1-clearing-102b-chunked.sh** | **102B USD M1** office 21→22: **102 × 1B USD** chunks (Fineract-safe line size). `CHUNK_CENTS`, `STAMP` optional. Same compliance vars as clearing script when `DRY_RUN=0`. | +| **omnl-chain138-attestation-tx.sh** | **Dual-anchor attestation:** 0-value self `cast send` on **Chain 138**; also **Ethereum mainnet** when `ETHEREUM_MAINNET_RPC` or `RPC_URL_MAINNET` is set (unless `ATTEST_INCLUDE_MAINNET=0`). Writes `output/jvmtm-evidence/latest-dual-attestation.json` + `.env`. **Mainnet uses real ETH.** Optional `CORRELATION_ID` → `keccak256` log. `DRY_RUN=1` prints `cast` lines. | +| **omnl-m1-clearing-transfer-between-offices.sh** | **M1 PvP-style branch realloc:** unwind **Dr1410/Cr2100** at source office, book **Dr2100/Cr1410** at target (default 21→22). Auto-amount from GL **2100** debits at source or `AMOUNT=`. Live post requires `COMPLIANCE_AUTH_REF` + `COMPLIANCE_APPROVER` (material). `WRITE_MAKER_PAYLOADS=1` for checker workflow. Appends **IPSAS/IFRS** tag to `comments` (`COMPLIANCE_STANDARD_MEMO`); memo [OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md](../../docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md). **Operator runbook:** [OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md](../../docs/04-configuration/mifos-omnl-central-bank/OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md). | | **resolve_ids.sh** | Resolve GL IDs (1410, 2100, 2410) and payment type; write `ids.env`. Run before closures/reconciliation/templates. See [OPERATING_RAILS.md](../../docs/04-configuration/mifos-omnl-central-bank/OPERATING_RAILS.md). | | **omnl-gl-closures-post.sh** | Post GL closures for Office 20 and HO (idempotent). `CLOSING_DATE=yyyy-MM-dd`, `DRY_RUN=1`. See [OPERATING_RAILS.md](../../docs/04-configuration/mifos-omnl-central-bank/OPERATING_RAILS.md). | | **omnl-reconciliation-office20.sh** | Snapshot Office 20 (offices + GL + trial balance), timestamp, sha256. `OUT_DIR=./reconciliation`. See [OPERATING_RAILS.md](../../docs/04-configuration/mifos-omnl-central-bank/OPERATING_RAILS.md). | @@ -122,6 +136,11 @@ bash scripts/omnl/omnl-office-create-pelican.sh # ADF Asian Pacific Holding Singapore Pte Ltd — create office (child of OMNL Head Office, externalId 202328126M) DRY_RUN=1 bash scripts/omnl/omnl-office-create-adf-singapore.sh bash scripts/omnl/omnl-office-create-adf-singapore.sh + +# PT. CAKRA INVESTAMA INTERNATIONAL — office + client + GL + user (password or CAKRA_GENERATE_PASSWORD=1) +DRY_RUN=1 bash scripts/omnl/omnl-office-create-pt-cakra-investama.sh +OMNL_CAKRA_ADMIN_PASSWORD='…' bash scripts/omnl/omnl-cakra-onboarding-complete.sh +# Or: CAKRA_GENERATE_PASSWORD=1 bash scripts/omnl/omnl-cakra-onboarding-complete.sh ``` **Transaction package — env vars** diff --git a/scripts/omnl/bcp-rpc-failover-smoke.sh b/scripts/omnl/bcp-rpc-failover-smoke.sh new file mode 100755 index 0000000..4eb6b31 --- /dev/null +++ b/scripts/omnl/bcp-rpc-failover-smoke.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash +# Append a real RPC reachability line (primary, optional secondary) — minimal execution evidence, not full DR. +# This is a smoke check: eth_blockNumber over HTTP JSON-RPC. For data-centre DR, attach separate drill logs. +# +# Env (after load-project-env): +# RPC_URL_138 — primary +# RPC_URL_138_SECONDARY — optional fallback URL +# JVMTM_BCP_LOG — default output/jvmtm-evidence/bcp/failover-execution-log.txt +set -eo pipefail +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +# shellcheck source=scripts/lib/load-project-env.sh +set +u +source "${REPO_ROOT}/scripts/lib/load-project-env.sh" +set -euo pipefail + +LOG="${JVMTM_BCP_LOG:-${REPO_ROOT}/output/jvmtm-evidence/bcp/failover-execution-log.txt}" +mkdir -p "$(dirname "$LOG")" +P="${RPC_URL_138:-http://192.168.11.211:8545}" +S="${RPC_URL_138_SECONDARY:-}" +TS="$(date -u +%Y-%m-%dT%H:%M:%SZ)" + +rpc_ping() { + local url="$1" + curl -sS -m 8 -X POST "$url" \ + -H "Content-Type: application/json" \ + -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' 2>/dev/null | jq -r '.result // empty' || true +} + +R1="$(rpc_ping "$P")" +if [[ -n "$R1" ]]; then + echo "${TS} primary_ok rpc=${P} block=${R1}" >> "$LOG" + echo "primary_ok $R1" >&2 + exit 0 +fi + +echo "${TS} primary_fail rpc=${P}" >> "$LOG" +if [[ -n "$S" ]]; then + R2="$(rpc_ping "$S")" + if [[ -n "$R2" ]]; then + echo "${TS} secondary_ok rpc=${S} block=${R2} (after primary fail)" >> "$LOG" + echo "secondary_ok $R2" >&2 + exit 0 + fi + echo "${TS} secondary_fail rpc=${S}" >> "$LOG" +fi + +echo "FAIL: no RPC responded" >&2 +exit 1 diff --git a/scripts/omnl/build-office22-office21-compliance-archive.sh b/scripts/omnl/build-office22-office21-compliance-archive.sh new file mode 100755 index 0000000..769e4b9 --- /dev/null +++ b/scripts/omnl/build-office22-office21-compliance-archive.sh @@ -0,0 +1,158 @@ +#!/usr/bin/env bash +# Build a zip archive + JSON manifest for Office 22 (PT CAKRA) context including +# Office 21 (Bank Kanaya), M1 realloc, IPSAS/IFRS compliance memo, PvP runbooks, and scripts. +# +# Optional: FETCH_LIVE_EVIDENCE=1 appends Fineract GET /journalentries for offices 21 and 22 +# (needs omnl-fineract/.env or .env). +# +# Output: output/office22-office21-compliance-archive-.zip +# +# Usage: +# bash scripts/omnl/build-office22-office21-compliance-archive.sh +# FETCH_LIVE_EVIDENCE=1 bash scripts/omnl/build-office22-office21-compliance-archive.sh +# KEEP_STAGE=1 — retain staging folder under output/ after zip (default: delete staging dir). + +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +OUT_BASE="${OUT_BASE:-${REPO_ROOT}/output}" +FETCH_LIVE_EVIDENCE="${FETCH_LIVE_EVIDENCE:-0}" +STAMP_UTC="${STAMP_UTC:-$(date -u +%Y%m%dT%H%M%SZ)}" +ARCHIVE_BASENAME="office22-office21-compliance-archive-${STAMP_UTC}" +STAGE="${OUT_BASE}/${ARCHIVE_BASENAME}" +ZIP_PATH="${OUT_BASE}/${ARCHIVE_BASENAME}.zip" + +mkdir -p "$STAGE" + +# --- Copy tree: archivePath -> source relative to REPO_ROOT +declare -a PAIRS=( + "docs/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md:docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md" + "docs/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md:docs/04-configuration/mifos-omnl-central-bank/OMNL_JOURNAL_LEDGER_MATRIX.md" + "docs/mifos-omnl-central-bank/OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md:docs/04-configuration/mifos-omnl-central-bank/OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md" + "docs/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md:docs/04-configuration/mifos-omnl-central-bank/BANK_KANAYA_OFFICE_RUNBOOK.md" + "docs/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md:docs/04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md" + "docs/mifos-omnl-central-bank/README.md:docs/04-configuration/mifos-omnl-central-bank/README.md" + "docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md:docs/03-deployment/DBIS_OMNL_INDONESIA_BNI_E2E_EXECUTION_STATUS_2026-03-29.md" + "scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh:scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh" + "scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh:scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh" + "scripts/omnl/data/pt-cakra-investama-sidecar.json:scripts/omnl/data/pt-cakra-investama-sidecar.json" + "scripts/omnl/omnl-office-create-pt-cakra-investama.sh:scripts/omnl/omnl-office-create-pt-cakra-investama.sh" + "scripts/omnl/omnl-client-create-pt-cakra-investama.sh:scripts/omnl/omnl-client-create-pt-cakra-investama.sh" + "scripts/omnl/omnl-cakra-onboarding-complete.sh:scripts/omnl/omnl-cakra-onboarding-complete.sh" + "scripts/omnl/omnl-user-cakra-office-create.sh:scripts/omnl/omnl-user-cakra-office-create.sh" + "scripts/omnl/omnl-je-maker.sh:scripts/omnl/omnl-je-maker.sh" + "scripts/omnl/omnl-je-checker.sh:scripts/omnl/omnl-je-checker.sh" +) + +copy_pair() { + local dest="$1" + local src="$2" + local full="${REPO_ROOT}/${src}" + if [ ! -f "$full" ]; then + echo "WARN: missing (skip): $src" >&2 + return 0 + fi + local dir + dir="$(dirname "${STAGE}/${dest}")" + mkdir -p "$dir" + cp -a "$full" "${STAGE}/${dest}" +} + +for pair in "${PAIRS[@]}"; do + IFS=':' read -r dest src <<< "$pair" + copy_pair "$dest" "$src" +done + +mkdir -p "${STAGE}/evidence" +if [ "$FETCH_LIVE_EVIDENCE" = "1" ]; then + if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then + set +u + # shellcheck disable=SC1090 + source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true + set -u + elif [ -f "${REPO_ROOT}/.env" ]; then + set +u + # shellcheck disable=SC1090 + source "${REPO_ROOT}/.env" 2>/dev/null || true + set -u + fi + BASE_URL="${OMNL_FINERACT_BASE_URL:-}" + if [ -n "$BASE_URL" ] && [ -n "${OMNL_FINERACT_PASSWORD:-}" ]; then + TENANT="${OMNL_FINERACT_TENANT:-omnl}" + CURL=(curl -sS -H "Fineract-Platform-TenantId: ${TENANT}" -u "${OMNL_FINERACT_USER:-app.omnl}:${OMNL_FINERACT_PASSWORD}") + for oid in 21 22; do + "${CURL[@]}" "${BASE_URL}/journalentries?officeId=${oid}&offset=0&limit=500" > "${STAGE}/evidence/journalentries-office${oid}.json" || true + done + "${CURL[@]}" "${BASE_URL}/offices" > "${STAGE}/evidence/offices.json" || true + echo "Live evidence written under evidence/" >&2 + else + echo "WARN: FETCH_LIVE_EVIDENCE=1 but OMNL credentials missing; skipped API fetch." >&2 + fi +fi + +# README inside archive +cat > "${STAGE}/README_ARCHIVE.txt" < "$NDJSON" +cd "$STAGE" +while IFS= read -r f; do + p="${f#./}" + [ -z "$p" ] && continue + case "$p" in MANIFEST.json|MANIFEST.sha256|._*) continue ;; esac + sz=$(wc -c < "$f" | tr -d ' ') + h=$(sha256sum "$f" | awk '{print $1}') + jq -n --arg path "$p" --arg sha "$h" --argjson size "$sz" \ + '{path: $path, sha256: $sha, sizeBytes: $size}' >> "$NDJSON" +done < <(find . -type f | sort) + +ITEMS=$(jq -s '.' "$NDJSON") +GIT_COMMIT=$(git -C "$REPO_ROOT" rev-parse HEAD 2>/dev/null || echo "n/a") +jq -n \ + --arg id "$ARCHIVE_BASENAME" \ + --arg gen "$(date -u -Iseconds)" \ + --arg git "$GIT_COMMIT" \ + --argjson benef '{"officeId": 22, "name": "PT. CAKRA INVESTAMA INTERNATIONAL", "externalId": "OMNL-ID-JKT-CAKRA-001"}' \ + --argjson src '{"officeId": 21, "name": "Bank Kanaya (Indonesia)", "externalId": "BANK-KANAYA-ID"}' \ + --argjson files "$ITEMS" \ + '{ + archiveId: $id, + generatedAtUtc: $gen, + repositoryHeadCommit: $git, + beneficiaryOffice: $benef, + sourceOffice: $src, + description: "Office 22 package with Office 21 + IPSAS/IFRS memo, PvP/M1 realloc scripts and runbooks", + files: $files + }' > "${STAGE}/MANIFEST.json" + +# Checksums for every file in archive (including MANIFEST.json) +find . -type f ! -name '._*' ! -name 'MANIFEST.sha256' | sort | while IFS= read -r f; do + p="${f#./}" + sha256sum "$f" | awk -v p="$p" '{print $1 " " p}' +done > "${STAGE}/MANIFEST.sha256" + +rm -f "$NDJSON" +cd "$REPO_ROOT" +rm -f "$ZIP_PATH" +( + cd "$OUT_BASE" + zip -r -q "$ZIP_PATH" "$ARCHIVE_BASENAME" +) +echo "Wrote $ZIP_PATH" >&2 +ls -la "$ZIP_PATH" >&2 +if [ "${KEEP_STAGE:-0}" != "1" ]; then + rm -rf "$STAGE" +fi diff --git a/scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh b/scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh new file mode 100755 index 0000000..4c9f5e7 --- /dev/null +++ b/scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh @@ -0,0 +1,610 @@ +#!/usr/bin/env bash +# Build complete E2E archive: Audit Proof + Settlement + Closure cluster (OMNL Fineract + Chain 138). +# +# Stages: +# - Canonical settlement events (output/settlement-events/*.json) +# - settlement-event schema + min example (validation target) +# - OMNL runbooks and RTGS cross-link doc +# - Scripts: M1 clearing, 102B chunked, chain attestation +# - AUDIT_PROOF.json, SETTLEMENT_CLOSURE.json, README_E2E_ARCHIVE.txt +# - Optional live Fineract evidence (offices 1, 21, 22) and cast receipt for attestation tx +# +# Env: +# FETCH_LIVE_EVIDENCE=1 — pull /journalentries + /offices + /glaccounts (needs omnl-fineract/.env) +# CHAIN_ATTESTATION_TX_HASH — default 102B closure attestation on Chain 138 (override if different) +# CHAIN_ATTESTATION_TX_HASH_MAINNET — optional Ethereum mainnet 0-value attestation tx (dual-anchor) +# ETHEREUM_MAINNET_RPC / RPC_URL_MAINNET — for mainnet cast receipt; if unset, mainnet receipt skipped +# Auto: if output/jvmtm-evidence/latest-dual-attestation.json exists (from omnl-chain138-attestation-tx.sh), +# CHAIN_ATTESTATION_TX_HASH_MAINNET is read from chainId 1 when env not set. +# RPC_URL_138 — for cast receipt (default LAN Core RPC) +# KEEP_STAGE=1 — keep staging dir after zip +# JVMTM_CLOSURE_DIR — optional dir with live regulatory closure JSON/txt (see config/jvmtm-regulatory-closure/README.md). +# If unset, stages repo examples (placeholders) into reconciliation/, liquidity/, acknowledgements/, etc. +# If JVMTM_CLOSURE_DIR/transactions/*.json exists, stages live transaction execution envelopes into transactions/. +# Stages config/reserve-provenance-package/ (3FR reserve attestation JSON) when present. +# +# Output: output/omnl-e2e-settlement-audit-.zip +# +# Usage: +# bash scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh +# FETCH_LIVE_EVIDENCE=1 bash scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh +# +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +OUT_BASE="${OUT_BASE:-${REPO_ROOT}/output}" +FETCH_LIVE_EVIDENCE="${FETCH_LIVE_EVIDENCE:-0}" +JVMTM_CLOSURE_DIR="${JVMTM_CLOSURE_DIR:-}" +STAMP_UTC="${STAMP_UTC:-$(date -u +%Y%m%dT%H%M%SZ)}" +ARCHIVE_BASENAME="omnl-e2e-settlement-audit-${STAMP_UTC}" +STAGE="${OUT_BASE}/${ARCHIVE_BASENAME}" +ZIP_PATH="${OUT_BASE}/${ARCHIVE_BASENAME}.zip" +CHAIN_ATTESTATION_TX_HASH="${CHAIN_ATTESTATION_TX_HASH:-0xb90f2da51d9c506f552d276d9aa57f4ae485528f2ee6025f435f188d09d405f4}" +RPC_URL_138="${RPC_URL_138:-http://192.168.11.211:8545}" + +if [ -f "${REPO_ROOT}/smom-dbis-138/.env" ]; then + set +u + set -a + # shellcheck disable=SC1090 + source "${REPO_ROOT}/smom-dbis-138/.env" 2>/dev/null || true + set +a + set -u +fi +if [ -f "${REPO_ROOT}/.env" ]; then + set +u + set -a + # shellcheck disable=SC1090 + source "${REPO_ROOT}/.env" 2>/dev/null || true + set +a + set -u +fi +ETHEREUM_MAINNET_RPC="${ETHEREUM_MAINNET_RPC:-${RPC_URL_MAINNET:-}}" +CHAIN_ATTESTATION_TX_HASH_MAINNET="${CHAIN_ATTESTATION_TX_HASH_MAINNET:-}" +DUAL_ATTEST_JSON="${REPO_ROOT}/output/jvmtm-evidence/latest-dual-attestation.json" +if [ -z "$CHAIN_ATTESTATION_TX_HASH_MAINNET" ] && [ -f "$DUAL_ATTEST_JSON" ] && command -v jq &>/dev/null; then + CHAIN_ATTESTATION_TX_HASH_MAINNET="$(jq -r '[.attestations[]? | select(.chainId == 1)] | first | .transactionHash // empty' "$DUAL_ATTEST_JSON")" +fi + +mkdir -p "$STAGE"/{settlement-events,schemas,schemas/jvmtm,examples,docs,scripts,evidence,audit-proof,reconciliation,liquidity,acknowledgements,exceptions,validation,bcp,disaster-recovery,monitoring,transactions,config/jvmtm-regulatory-closure,config/jvmtm-regulatory-closure/examples} + +copy_if_exists() { + local dest_dir="$1" + local src="$2" + local full="${REPO_ROOT}/${src}" + if [ -f "$full" ]; then + cp -a "$full" "${STAGE}/${dest_dir}/" + else + echo "WARN: missing (skip): $src" >&2 + fi +} + +# JVMTM / regulatory closure: live dir overrides repo examples (basename match). +jvmtm_stage() { + local basename="$1" + local dest_subdir="$2" + local example_path="$3" + local dest="${STAGE}/${dest_subdir}/${basename}" + if [ -n "$JVMTM_CLOSURE_DIR" ] && [ -f "${JVMTM_CLOSURE_DIR}/${basename}" ]; then + cp -a "${JVMTM_CLOSURE_DIR}/${basename}" "$dest" + echo "JVMTM: staged live ${basename} -> ${dest_subdir}/" >&2 + else + cp -a "${REPO_ROOT}/${example_path}" "$dest" + echo "JVMTM: staged template ${basename} -> ${dest_subdir}/ (set JVMTM_CLOSURE_DIR for live)" >&2 + fi +} + +# Settlement artefacts (repo-generated) +for f in omnl-102b-ledger-and-chain-20260331.json omnl-102b-notional-status-20260331.json omnl-m1-kanaya-cakra-20260331.json; do + copy_if_exists "settlement-events" "output/settlement-events/$f" +done + +copy_if_exists "schemas" "config/dbis-institutional/schemas/settlement-event.schema.json" +copy_if_exists "examples" "config/dbis-institutional/examples/settlement-event.example.json" +copy_if_exists "examples" "config/dbis-institutional/examples/settlement-event.chain138-primary.example.json" +copy_if_exists "examples" "config/dbis-institutional/examples/settlement-event.min.json" + +# JVMTM regulatory closure artefacts (Tables B/C/D style evidence) +jvmtm_stage "daily-3way-reconciliation-report.json" "reconciliation" "config/jvmtm-regulatory-closure/examples/daily-3way-reconciliation-report.example.json" +jvmtm_stage "prefunding-proof.json" "liquidity" "config/jvmtm-regulatory-closure/examples/prefunding-proof.example.json" +jvmtm_stage "pre-settlement-ack.json" "acknowledgements" "config/jvmtm-regulatory-closure/examples/pre-settlement-ack.example.json" +jvmtm_stage "sample-exception-event.json" "exceptions" "config/jvmtm-regulatory-closure/examples/sample-exception-event.example.json" +jvmtm_stage "kyt-screening-result.json" "validation" "config/jvmtm-regulatory-closure/examples/kyt-screening-result.example.json" +jvmtm_stage "recovery-time-report.json" "bcp" "config/jvmtm-regulatory-closure/examples/recovery-time-report.example.json" +jvmtm_stage "failover-test-log.txt" "bcp" "config/jvmtm-regulatory-closure/examples/failover-test-log.example.txt" +jvmtm_stage "DR-simulation-report.json" "disaster-recovery" "config/jvmtm-regulatory-closure/examples/dr-simulation-report.example.json" +jvmtm_stage "real-time-balance-snapshot.json" "monitoring" "config/jvmtm-regulatory-closure/examples/real-time-balance-snapshot.example.json" + +if [ -n "$JVMTM_CLOSURE_DIR" ] && [ -d "${JVMTM_CLOSURE_DIR}/transactions" ]; then + shopt -s nullglob + tx_files=("${JVMTM_CLOSURE_DIR}/transactions/"*.json) + if [ "${#tx_files[@]}" -gt 0 ]; then + cp -a "${tx_files[@]}" "${STAGE}/transactions/" + echo "JVMTM: staged ${#tx_files[@]} live transaction envelope(s) -> transactions/" >&2 + fi + shopt -u nullglob +fi + +if [ -n "$JVMTM_CLOSURE_DIR" ] && [ -f "${JVMTM_CLOSURE_DIR}/exception-policy.md" ]; then + cp -a "${JVMTM_CLOSURE_DIR}/exception-policy.md" "${STAGE}/exceptions/exception-policy.md" +else + cp -a "${REPO_ROOT}/config/jvmtm-regulatory-closure/policies/exception-policy.md" "${STAGE}/exceptions/exception-policy.md" +fi +if [ -n "$JVMTM_CLOSURE_DIR" ] && [ -f "${JVMTM_CLOSURE_DIR}/retry-log.txt" ]; then + cp -a "${JVMTM_CLOSURE_DIR}/retry-log.txt" "${STAGE}/exceptions/retry-log.txt" +else + printf '%s\n' "retry-log (template) — append exception_id, timestamp, action per resolution; JVMTM closure" > "${STAGE}/exceptions/retry-log.txt" +fi + +for js in "$REPO_ROOT"/config/jvmtm-regulatory-closure/schemas/*.schema.json; do + [ -f "$js" ] || continue + cp -a "$js" "${STAGE}/schemas/jvmtm/" +done +for pack_file in \ + README.md \ + OPERATIONAL_EVIDENCE_VS_TEMPLATES.md \ + INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md \ + JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md \ + transaction-compliance-matrix.json \ + transaction-compliance-matrix.csv +do + if [ -f "${REPO_ROOT}/config/jvmtm-regulatory-closure/${pack_file}" ]; then + cp -a "${REPO_ROOT}/config/jvmtm-regulatory-closure/${pack_file}" "${STAGE}/config/jvmtm-regulatory-closure/" + fi +done +if [ -f "${REPO_ROOT}/config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md" ]; then + echo "Included config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md (Tables B/C/D closure mapping)" >&2 +fi +for pack_example in \ + transaction-compliance-execution.example.json \ + transaction-compliance-execution.blocked.example.json +do + if [ -f "${REPO_ROOT}/config/jvmtm-regulatory-closure/examples/${pack_example}" ]; then + cp -a "${REPO_ROOT}/config/jvmtm-regulatory-closure/examples/${pack_example}" "${STAGE}/config/jvmtm-regulatory-closure/examples/" + fi +done + +# Machine-generated 3-way result (run generate-3way-reconciliation-evidence.sh before archiving) +if [ -f "${REPO_ROOT}/output/jvmtm-evidence/latest-3way-result.json" ]; then + cp -a "${REPO_ROOT}/output/jvmtm-evidence/latest-3way-result.json" "${STAGE}/reconciliation/3way-result.json" + echo "Included reconciliation/3way-result.json from output/jvmtm-evidence/latest-3way-result.json" >&2 +fi + +# Reserve provenance + funding attestation (3FR narrative; staged bank/KYT pending) +if [ -d "${REPO_ROOT}/config/reserve-provenance-package" ]; then + cp -a "${REPO_ROOT}/config/reserve-provenance-package" "${STAGE}/" + echo "Included reserve-provenance-package/ (legal, settlement, provenance, bank, kyt, reconciliation, reserve, governance)" >&2 +fi + +declare -a DOCS=( + "docs/04-configuration/mifos-omnl-central-bank/OMNL_M1_INTEROFFICE_OFFICE_TO_OFFICE_CLEARING_RUNBOOK.md" + "docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md" + "docs/04-configuration/mifos-omnl-central-bank/OMNL_PHASE_C_INTEROFFICE_DUE_TO_DUE_FROM.md" + "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md" + "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md" + "config/dbis-institutional/README.md" +) + +for d in "${DOCS[@]}"; do + if [ -f "${REPO_ROOT}/$d" ]; then + mkdir -p "${STAGE}/$(dirname "$d")" + cp -a "${REPO_ROOT}/$d" "${STAGE}/$d" + fi +done + +declare -a SCRIPTS=( + "scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh" + "scripts/omnl/omnl-m1-clearing-102b-chunked.sh" + "scripts/omnl/omnl-chain138-attestation-tx.sh" + "scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh" + "scripts/validation/validate-dbis-institutional-schemas.sh" + "scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh" + "scripts/validation/validate-jvmtm-transaction-compliance-pack.py" + "scripts/jvmtm/export-transaction-compliance-matrix-csv.py" + "scripts/omnl/generate-3way-reconciliation-evidence.sh" + "scripts/omnl/verify-ack-before-credit.sh" + "scripts/omnl/fetch-kyt-vendor-report.sh" + "scripts/omnl/bcp-rpc-failover-smoke.sh" + "scripts/validation/validate-reserve-provenance-package.sh" +) + +for s in "${SCRIPTS[@]}"; do + if [ -f "${REPO_ROOT}/$s" ]; then + mkdir -p "${STAGE}/$(dirname "$s")" + cp -a "${REPO_ROOT}/$s" "${STAGE}/$s" + chmod a+x "${STAGE}/$s" 2>/dev/null || true + fi +done + +# Chain receipts (best-effort): Chain 138 + optional Ethereum mainnet +if command -v cast &>/dev/null && [ -n "$CHAIN_ATTESTATION_TX_HASH" ]; then + if cast receipt "$CHAIN_ATTESTATION_TX_HASH" --rpc-url "$RPC_URL_138" &>"${STAGE}/evidence/chain138-attestation-receipt.txt"; then + echo "Wrote evidence/chain138-attestation-receipt.txt" >&2 + else + echo "WARN: cast receipt failed; wrote empty or partial file" >&2 + fi +else + echo "cast not found or hash empty; skip Chain 138 on-chain receipt" >&2 + echo "CHAIN_ATTESTATION_TX_HASH=${CHAIN_ATTESTATION_TX_HASH:-}" > "${STAGE}/evidence/chain138-attestation-placeholder.txt" +fi + +if command -v cast &>/dev/null && [ -n "${CHAIN_ATTESTATION_TX_HASH_MAINNET:-}" ] && [ -n "$ETHEREUM_MAINNET_RPC" ]; then + if cast receipt "$CHAIN_ATTESTATION_TX_HASH_MAINNET" --rpc-url "$ETHEREUM_MAINNET_RPC" &>"${STAGE}/evidence/mainnet-attestation-receipt.txt"; then + echo "Wrote evidence/mainnet-attestation-receipt.txt" >&2 + else + echo "WARN: mainnet cast receipt failed; check ETHEREUM_MAINNET_RPC and CHAIN_ATTESTATION_TX_HASH_MAINNET" >&2 + fi +elif [ -n "${CHAIN_ATTESTATION_TX_HASH_MAINNET:-}" ] && [ -z "$ETHEREUM_MAINNET_RPC" ]; then + echo "CHAIN_ATTESTATION_TX_HASH_MAINNET=${CHAIN_ATTESTATION_TX_HASH_MAINNET}" > "${STAGE}/evidence/mainnet-attestation-placeholder.txt" + echo "WARN: mainnet tx hash set but ETHEREUM_MAINNET_RPC unset; wrote mainnet-attestation-placeholder.txt" >&2 +fi + +# Live Fineract pulls +if [ "$FETCH_LIVE_EVIDENCE" = "1" ]; then + if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then + set +u + # shellcheck disable=SC1090 + source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true + set +u + elif [ -f "${REPO_ROOT}/.env" ]; then + set +u + # shellcheck disable=SC1090 + source "${REPO_ROOT}/.env" 2>/dev/null || true + set +u + fi + BASE_URL="${OMNL_FINERACT_BASE_URL:-}" + if [ -n "$BASE_URL" ] && [ -n "${OMNL_FINERACT_PASSWORD:-}" ]; then + TENANT="${OMNL_FINERACT_TENANT:-omnl}" + CURL=(curl -sS -H "Fineract-Platform-TenantId: ${TENANT}" -u "${OMNL_FINERACT_USER:-app.omnl}:${OMNL_FINERACT_PASSWORD}") + for oid in 1 21 22; do + offset=0 + limit=500 + merge="${STAGE}/evidence/._je_batches_${oid}.ndjson" + : > "$merge" + while true; do + resp=$("${CURL[@]}" "${BASE_URL}/journalentries?officeId=${oid}&offset=${offset}&limit=${limit}") + echo "$resp" | jq -c '.pageItems // []' >> "$merge" + n=$(echo "$resp" | jq '.pageItems | length') + total=$(echo "$resp" | jq -r '.totalFilteredRecords // 0') + offset=$((offset + n)) + if [ "$n" -lt "$limit" ] || [ "$offset" -ge "$total" ]; then + break + fi + done + jq -s 'map(.[]) | { officeId: '"$oid"', totalLines: length, pageItems: . }' "$merge" > "${STAGE}/evidence/journalentries-office${oid}-all.json" + rm -f "$merge" + done + "${CURL[@]}" "${BASE_URL}/offices" > "${STAGE}/evidence/offices.json" || true + "${CURL[@]}" "${BASE_URL}/glaccounts" > "${STAGE}/evidence/glaccounts.json" || true + echo "Live Fineract evidence written." >&2 + else + echo "WARN: FETCH_LIVE_EVIDENCE=1 but OMNL credentials missing." >&2 + fi +fi + +GIT_COMMIT=$(git -C "$REPO_ROOT" rev-parse HEAD 2>/dev/null || echo "n/a") +GENERATED="$(date -u -Iseconds)" +TRANSACTION_ENVELOPE_COUNT="$(find "${STAGE}/transactions" -maxdepth 1 -type f -name '*.json' | wc -l | tr -d ' ')" +TRANSACTION_ENVELOPES_JSON="$(cd "$STAGE" && find ./transactions -maxdepth 1 -type f -name '*.json' | sort | jq -R -s 'split("\n") | map(select(length > 0)) | map(sub("^\\./"; ""))')" + +# Validate settlement JSONs in archive (best-effort) +VALIDATION_NOTE="Install check-jsonschema (see config/dbis-institutional/README.md), then: check-jsonschema --schemafile schemas/settlement-event.schema.json settlement-events/*.json" +TRANSACTION_ENVELOPE_VALIDATION_NOTE="No staged transaction execution envelopes." +if command -v check-jsonschema &>/dev/null; then + FAILS=() + for sf in "${STAGE}"/settlement-events/*.json; do + [ -f "$sf" ] || continue + check-jsonschema --schemafile "${STAGE}/schemas/settlement-event.schema.json" "$sf" &>/dev/null || FAILS+=("$(basename "$sf")") + done + if [ "${#FAILS[@]}" -eq 0 ]; then + VALIDATION_NOTE="All settlement-events/*.json passed check-jsonschema against bundled schema." + else + VALIDATION_NOTE="Schema validation FAIL: ${FAILS[*]}" + fi + + TX_FAILS=() + for tf in "${STAGE}"/transactions/*.json; do + [ -f "$tf" ] || continue + check-jsonschema --schemafile "${STAGE}/schemas/jvmtm/transaction-compliance-execution.schema.json" "$tf" &>/dev/null || TX_FAILS+=("$(basename "$tf")") + done + if [ "$TRANSACTION_ENVELOPE_COUNT" -gt 0 ]; then + if [ "${#TX_FAILS[@]}" -eq 0 ]; then + TRANSACTION_ENVELOPE_VALIDATION_NOTE="All transactions/*.json passed check-jsonschema against bundled transaction-compliance-execution.schema.json." + else + echo "ERROR: transaction execution envelope schema validation failed: ${TX_FAILS[*]}" >&2 + exit 1 + fi + fi +elif [ "$TRANSACTION_ENVELOPE_COUNT" -gt 0 ]; then + TRANSACTION_ENVELOPE_VALIDATION_NOTE="Transaction execution envelopes staged, but schema validation skipped because check-jsonschema is not installed." +fi + +cat > "${STAGE}/README_E2E_ARCHIVE.txt" < 0 then { + chainId: 1, + rpcUrlUsed: $mRpc, + transactionHash: $mTx, + description: "0-value self-send attestation on Ethereum mainnet (dual-anchor with Chain 138)", + deployerAddress: "0x4A666F96fC8764181194447A7dFdb7d471b301C8" + } else null end), + closureCluster: { + correlationId: $corr, + canonicalSettlementEventFile: "settlement-events/omnl-102b-ledger-and-chain-20260331.json", + eventType: "CHAIN_SETTLEMENT", + statusExtension: "FINALIZED" + }, + jvmtmRegulatoryClosure: { + description: "JVMTM-style audit commentary evidence (Tables B/C/D); templates unless JVMTM_CLOSURE_DIR set", + auditEngagementReference: "018215821582/INAAUDJVMTM/2025", + tablesBCDClosureMatrix: "config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md", + mandatoryPaths: [ + "reconciliation/daily-3way-reconciliation-report.json", + "liquidity/prefunding-proof.json", + "acknowledgements/pre-settlement-ack.json", + "exceptions/exception-policy.md", + "exceptions/sample-exception-event.json" + ], + supplementaryPaths: [ + "config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md", + "reconciliation/3way-result.json", + "config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md", + "validation/kyt-screening-result.json", + "bcp/recovery-time-report.json", + "bcp/failover-test-log.txt", + "disaster-recovery/DR-simulation-report.json", + "monitoring/real-time-balance-snapshot.json", + "exceptions/retry-log.txt" + ], + transactionGradePackPaths: [ + "config/jvmtm-regulatory-closure/JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md", + "config/jvmtm-regulatory-closure/transaction-compliance-matrix.json", + "config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv" + ], + exampleExecutionEnvelopes: [ + "config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.example.json", + "config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.blocked.example.json" + ], + executionEnvelopeSchema: "schemas/jvmtm/transaction-compliance-execution.schema.json", + stagedTransactionEnvelopeCount: $txCount, + stagedTransactionEnvelopes: $txEnvelopes, + transactionEnvelopeArchiveDir: "transactions/", + schemaDir: "schemas/jvmtm", + operatorReadme: "config/jvmtm-regulatory-closure/README.md", + operationalEvidenceNote: "Templates structure controls; generated/vendor/execution artifacts prove operation — see OPERATIONAL_EVIDENCE_VS_TEMPLATES.md" + }, + reserveProvenancePackage: { + description: "Staged reserve / funding origin attestation (3FR); HYBX-OMNL-DBIS regulatory stack + reserve hosting map; counsel review; MT940-camt.053-API keystone still required for bank leg", + root: "reserve-provenance-package/", + readme: "reserve-provenance-package/README.md", + schema: "reserve-provenance-package/schemas/reserve-provenance-package.schema.json", + artifacts: [ + "reserve-provenance-package/legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json", + "reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json", + "reserve-provenance-package/provenance/FUNDING_ORIGIN_CHAIN_3FR.json", + "reserve-provenance-package/bank/JVMTM_BANK_BALANCE_JSON.json", + "reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt", + "reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt", + "reserve-provenance-package/bank/README_BANK_REQUEST_MT940_CAMT053.md", + "reserve-provenance-package/bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json", + "reserve-provenance-package/kyt/KYT_EXECUTION_RECORD.json", + "reserve-provenance-package/reconciliation/3WAY_RECONCILIATION_TRIGGER.json", + "reserve-provenance-package/reserve/RESERVE_RECOGNITION_DECLARATION.json", + "reserve-provenance-package/reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json", + "reserve-provenance-package/reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json", + "reserve-provenance-package/governance/REGULATORY_STACK_DECLARATION.json", + "reserve-provenance-package/governance/REGULATORY_STACK_NARRATIVE.txt" + ] + } + }' > "${STAGE}/audit-proof/AUDIT_PROOF.json" + +jq -n \ + --arg gen "$GENERATED" \ + --arg corr "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d" \ + --arg tx "$CHAIN_ATTESTATION_TX_HASH" \ + --arg mtx "${CHAIN_ATTESTATION_TX_HASH_MAINNET:-}" \ + --argjson txEnvelopes "${TRANSACTION_ENVELOPES_JSON}" \ + '{ + closureRecord: "SETTLEMENT_CLOSURE", + generatedAtUtc: $gen, + layers: { + layer1_interofficeLedger: "102 chunked M1 posts office 21 to 22; refs OMNL-102B-CH*-20260331", + layer2_invariant: "Operator to confirm net M1 across 21+22 per SOP; HO unchanged for m1-clearing-only legs", + layer3_identifiers: { + correlationId: $corr, + chainTxHash: $tx, + chainId: 138, + ethereumMainnetChainTxHash: (if ($mtx | length) > 0 then $mtx else null end), + ethereumMainnetChainId: (if ($mtx | length) > 0 then 1 else null end) + }, + layer4_schema: "settlement-events/*.json validate against settlement-event.schema.json", + layer5_transactionExecutionEnvelopes: $txEnvelopes + }, + artefacts: ([ + "audit-proof/AUDIT_PROOF.json", + "audit-proof/SETTLEMENT_CLOSURE.json", + "config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md", + "config/jvmtm-regulatory-closure/JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md", + "config/jvmtm-regulatory-closure/transaction-compliance-matrix.json", + "config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv", + "config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.example.json", + "config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.blocked.example.json", + "schemas/jvmtm/transaction-compliance-execution.schema.json", + "settlement-events/omnl-102b-ledger-and-chain-20260331.json", + "evidence/chain138-attestation-receipt.txt", + "evidence/mainnet-attestation-receipt.txt", + "reconciliation/daily-3way-reconciliation-report.json", + "liquidity/prefunding-proof.json", + "acknowledgements/pre-settlement-ack.json", + "exceptions/exception-policy.md", + "exceptions/sample-exception-event.json", + "exceptions/retry-log.txt", + "validation/kyt-screening-result.json", + "bcp/recovery-time-report.json", + "bcp/failover-test-log.txt", + "disaster-recovery/DR-simulation-report.json", + "monitoring/real-time-balance-snapshot.json", + "reserve-provenance-package/README.md", + "reserve-provenance-package/legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json", + "reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json", + "reserve-provenance-package/provenance/FUNDING_ORIGIN_CHAIN_3FR.json", + "reserve-provenance-package/bank/JVMTM_BANK_BALANCE_JSON.json", + "reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt", + "reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt", + "reserve-provenance-package/bank/README_BANK_REQUEST_MT940_CAMT053.md", + "reserve-provenance-package/bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json", + "reserve-provenance-package/kyt/KYT_EXECUTION_RECORD.json", + "reserve-provenance-package/reconciliation/3WAY_RECONCILIATION_TRIGGER.json", + "reserve-provenance-package/reserve/RESERVE_RECOGNITION_DECLARATION.json", + "reserve-provenance-package/reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json", + "reserve-provenance-package/reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json", + "reserve-provenance-package/governance/REGULATORY_STACK_DECLARATION.json", + "reserve-provenance-package/governance/REGULATORY_STACK_NARRATIVE.txt", + "reserve-provenance-package/schemas/reserve-provenance-package.schema.json", + "MANIFEST.json", + "MANIFEST.sha256" + ] + $txEnvelopes) + }' > "${STAGE}/audit-proof/SETTLEMENT_CLOSURE.json" + +# Manifest + sha256 +NDJSON="${STAGE}/._manifest_items.ndjson" +: > "$NDJSON" +cd "$STAGE" +while IFS= read -r f; do + p="${f#./}" + [ -z "$p" ] && continue + case "$p" in MANIFEST.json|MANIFEST.sha256|._*) continue ;; esac + sz=$(wc -c < "$f" | tr -d ' ') + h=$(sha256sum "$f" | awk '{print $1}') + jq -n --arg path "$p" --arg sha "$h" --argjson size "$sz" \ + '{path: $path, sha256: $sha, sizeBytes: $size}' >> "$NDJSON" +done < <(find . -type f | sort) + +ITEMS=$(jq -s '.' "$NDJSON") +jq -n \ + --arg id "$ARCHIVE_BASENAME" \ + --arg gen "$GENERATED" \ + --arg git "$GIT_COMMIT" \ + --argjson files "$ITEMS" \ + '{ + archiveId: $id, + generatedAtUtc: $gen, + repositoryHeadCommit: $git, + description: "E2E OMNL settlement + audit proof + closure cluster (Fineract + Chain 138 attestation; optional Ethereum mainnet dual-anchor)", + files: $files + }' > "${STAGE}/MANIFEST.json" + +find . -type f ! -name '._*' ! -name 'MANIFEST.sha256' | sort | while IFS= read -r f; do + p="${f#./}" + sha256sum "$f" | awk -v p="$p" '{print $1 " " p}' +done > "${STAGE}/MANIFEST.sha256" + +rm -f "$NDJSON" +cd "$REPO_ROOT" +rm -f "$ZIP_PATH" +( + cd "$OUT_BASE" + zip -r -q "$ZIP_PATH" "$ARCHIVE_BASENAME" +) +echo "Wrote $ZIP_PATH" >&2 +ls -la "$ZIP_PATH" >&2 +if [ "${KEEP_STAGE:-0}" != "1" ]; then + rm -rf "$STAGE" +fi diff --git a/scripts/omnl/build-transaction-package-zip.sh b/scripts/omnl/build-transaction-package-zip.sh index ce78ab4..e428c14 100755 --- a/scripts/omnl/build-transaction-package-zip.sh +++ b/scripts/omnl/build-transaction-package-zip.sh @@ -38,7 +38,7 @@ fi cp "$DOCS/INDONESIA_SAMPLE_COVER_AND_TOC.md" "$STAGING/00_Cover/" cat > "$STAGING/00_Cover/README.txt" << 'COVERREADME' -HYBX-BATCH-001 | Bank Kanaya (OMNL office 22) | USD 1,000,000,000.00 +HYBX-BATCH-001 | Bank Kanaya (OMNL office 21) | USD 1,000,000,000.00 Cover/TOC: INDONESIA_SAMPLE_COVER_AND_TOC.md Integrity: ELECTRONIC_SIGNATURE_AND_HASH_NOTARIZATION_POLICY.txt; GENERATED_EVIDENCE_ESIGN_MANIFEST.json; HASH_NOTARIZATION_ANCHOR.txt; audit_and_hashes.txt; audit_manifest.json (contentCommitmentSha256). @@ -123,7 +123,7 @@ fi cat > "$STAGING/Volume_B/Section_3/SECTION_3_NA_MEMORANDUM.txt" << 'EOF' SECTION 3 — CORRESPONDENT BANKING — NOT APPLICABLE (HYBX-BATCH-001) -Settlement via OMNL central-bank-ledger design; USD leg on OMNL books. Bank Kanaya office 22. +Settlement via OMNL central-bank-ledger design; USD leg on OMNL books. Bank Kanaya office 21. No multi-hop nostro/vostro chain applies. See Appendix/INDONESIA_MASTER_PROOF_MANIFEST.md. EOF @@ -152,7 +152,7 @@ section_readme() { local out="$2" { echo "HYBX-BATCH-001 — Section index ($id)" - echo "Settlement ref: HYBX-BATCH-001 | Value date: 2026-03-17 | Beneficiary: Bank Kanaya (office 22)" + echo "Settlement ref: HYBX-BATCH-001 | Value date: 2026-03-17 | Beneficiary: Bank Kanaya (office 21)" echo "See Appendix/INDONESIA_MASTER_PROOF_MANIFEST.md for required exhibits." } >"$out" } @@ -174,7 +174,7 @@ section_readme "Volume F §15" "$STAGING/Volume_F/Section_15/README.txt" cat > "$STAGING/README.txt" << 'ZIPREADME' TRANSACTION PACKAGE — HYBX-BATCH-001 -Beneficiary: Bank Kanaya (Indonesia) — OMNL officeId 22 | USD 1,000,000,000.00 +Beneficiary: Bank Kanaya (Indonesia) — OMNL officeId 21 | USD 1,000,000,000.00 Structure: 00_Cover, Volume_A–F, Appendix. Generator: scripts/omnl/generate-transaction-package-evidence.py Override ledger: HYBX_LEDGER_FILE=/path/to.csv. Integrity: 00_Cover/HASH_NOTARIZATION_ANCHOR.txt + audit_manifest.json ZIPREADME @@ -210,7 +210,7 @@ CONTENT_COMMITMENT=$(LC_ALL=C sort "$HASH_TSV" | sha256sum | awk '{print $1}') cat > "$ANCHOR_FILE" <&2 + exit 0 +fi + +if [[ -z "${KYT_API_URL:-}" ]]; then + jq -n \ + --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ + '{status: "REFUSED", reason: "No KYT_API_URL or KYT_VENDOR_EXPORT_JSON; vendor evidence not fabricated.", generated_at: $ts}' \ + > "$OUT" + echo "REFUSED: wrote $OUT (exit 2)" >&2 + exit 2 +fi + +TMP="$(mktemp)" +trap 'rm -f "$TMP"' EXIT +if [[ -n "${KYT_API_KEY:-}" ]]; then + curl -sS -H "Authorization: Bearer ${KYT_API_KEY}" "${KYT_API_URL}" -o "$TMP" || { echo "curl failed" >&2; exit 2; } +else + curl -sS "${KYT_API_URL}" -o "$TMP" || { echo "curl failed" >&2; exit 2; } +fi +if jq -e . "$TMP" &>/dev/null; then + jq --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" '. + {fetched_at: $ts, source: "curl:KYT_API_URL"}' "$TMP" > "$OUT" +else + jq -n \ + --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ + --arg sha "$(sha256sum "$TMP" 2>/dev/null | awk '{print $1}')" \ + '{status: "RAW", note: "non-JSON KYT response; store full body out-of-band", response_sha256: $sha, fetched_at: $ts}' > "$OUT" +fi +echo "Wrote $OUT from KYT_API_URL" >&2 +exit 0 diff --git a/scripts/omnl/generate-3way-reconciliation-evidence.sh b/scripts/omnl/generate-3way-reconciliation-evidence.sh new file mode 100755 index 0000000..7d6afc1 --- /dev/null +++ b/scripts/omnl/generate-3way-reconciliation-evidence.sh @@ -0,0 +1,269 @@ +#!/usr/bin/env bash +# Generate three-way reconciliation JSON from Fineract (ledger) + optional bank file/env + Chain 138 ERC20 balance. +# Operational evidence: bank leg requires operator-supplied statement/API (file or env). See +# config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md +# +# Env (after sourcing load-project-env): +# OMNL_FINERACT_BASE_URL, OMNL_FINERACT_USER, OMNL_FINERACT_PASSWORD, OMNL_FINERACT_TENANT (default omnl) +# RECON_OFFICE_ID (default 21), RECON_GL_CODE (default 2100) +# RECON_TOKEN_ADDRESS (default canonical cUSDT on 138), RECON_CHAIN_HOLDER (default deployer), RECON_TOKEN_DECIMALS (default 6) +# JVMTM_CORRELATION_ID — use real UUID for examination (not literal PLACEHOLDER) +# JVMTM_BANK_BALANCE_JSON — path: {"value_major","statement_ref","fetched_at"?} +# JVMTM_BANK_BALANCE_MAJOR + JVMTM_BANK_STATEMENT_REF — alternative +# JVMTM_EVIDENCE_DIR — default REPO/output/jvmtm-evidence +# AS_OF — YYYY-MM-DD (default UTC today) +# +# Output: 3way-.json + latest-3way-result.json +# +set -eo pipefail +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +# shellcheck source=scripts/lib/load-project-env.sh +set +u +source "${REPO_ROOT}/scripts/lib/load-project-env.sh" +if [[ -f "${REPO_ROOT}/omnl-fineract/.env" ]]; then + set -a + # shellcheck disable=SC1090 + source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true + set +a +fi +set -euo pipefail + +AS_OF="${AS_OF:-$(date -u +%Y-%m-%d)}" +OUT_DIR="${JVMTM_EVIDENCE_DIR:-${REPO_ROOT}/output/jvmtm-evidence}" +mkdir -p "$OUT_DIR" + +OFFICE_ID="${RECON_OFFICE_ID:-21}" +GL_CODE="${RECON_GL_CODE:-2100}" +CORR="${JVMTM_CORRELATION_ID:-PLACEHOLDER}" +TOKEN_ADDR="${RECON_TOKEN_ADDRESS:-0x93E66202A11B1772E55407B32B44e5Cd8eda7f22}" +HOLDER="${RECON_CHAIN_HOLDER:-0x4A666F96fC8764181194447A7dFdb7d471b301C8}" +DECIMALS="${RECON_TOKEN_DECIMALS:-6}" +RPC="${RPC_URL_138:-http://192.168.11.211:8545}" + +REPORT_ID="3WAY-GEN-${AS_OF}-$(date -u +%H%M%S)" +GAPS=() +LEDGER_SOURCE="fineract:/glaccounts" +CHAIN_SOURCE="cast:erc20_balanceOf" + +RPC_HOST="$(RPC_URL="$RPC" python3 -c "from urllib.parse import urlparse; import os; print(urlparse(os.environ['RPC_URL']).hostname or os.environ['RPC_URL'])")" + +BASE_URL="${OMNL_FINERACT_BASE_URL:-}" +PASS="${OMNL_FINERACT_PASSWORD:-}" +USER="${OMNL_FINERACT_USER:-app.omnl}" +TENANT="${OMNL_FINERACT_TENANT:-omnl}" + +if [[ -n "$BASE_URL" && -n "$PASS" ]]; then + GL_RAW="$(curl -sS -H "Fineract-Platform-TenantId: ${TENANT}" -u "${USER}:${PASS}" "${BASE_URL}/glaccounts" || true)" + LEDGER_BLOCK="$(GL_RAW="$GL_RAW" OFFICE_ID="$OFFICE_ID" GL_CODE="$GL_CODE" python3 <<'PY' +import json, os +from datetime import datetime, timezone +office = int(os.environ["OFFICE_ID"]) +code = os.environ["GL_CODE"] +raw = os.environ.get("GL_RAW", "[]") +try: + data = json.loads(raw) +except json.JSONDecodeError: + data = [] +if isinstance(data, dict) and "pageItems" in data: + data = data["pageItems"] +rows = [ + x for x in data + if isinstance(x, dict) and str(x.get("glCode")) == code + and (x.get("officeId") == office or x.get("officeId") is None) +] +acc = rows[0] if rows else {} +bal = acc.get("organizationRunningBalance") +if bal is None: + bal = acc.get("runningBalance") +if bal is None: + s = acc.get("summary") + if isinstance(s, dict): + bal = s.get("runningBalance") +out = { + "value_major": None, + "source": "fineract:/glaccounts", + "fetched_at": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"), + "gl_code": code, + "office_id": office, + "gl_account_id": acc.get("id"), + "raw_field": "organizationRunningBalance|runningBalance", +} +if bal is not None: + out["value_major"] = str(bal) +print(json.dumps({"ledger_line": out, "found": bool(acc)})) +PY +)" + LEDGER_VAL="$(echo "$LEDGER_BLOCK" | jq -r '.ledger_line.value_major // empty')" + if [[ "$(echo "$LEDGER_BLOCK" | jq -r '.found')" != "true" ]] || [[ -z "$LEDGER_VAL" ]]; then + GAPS+=("fineract_gl_balance_missing") + fi + LEDGER_JSON="$(echo "$LEDGER_BLOCK" | jq -c '.ledger_line')" +else + GAPS+=("fineract_unreachable_or_unconfigured") + LEDGER_JSON="$(jq -nc \ + --arg s "$LEDGER_SOURCE" \ + --arg ft "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ + --argjson oid "$OFFICE_ID" \ + --arg gc "$GL_CODE" \ + '{value_major: null, source: $s, fetched_at: $ft, gl_code: $gc, office_id: $oid, raw_field: "n/a"}')" +fi + +if command -v cast &>/dev/null; then + RAW_BAL="$(cast call "$TOKEN_ADDR" "balanceOf(address)(uint256)" "$HOLDER" --rpc-url "$RPC" 2>/dev/null || echo "")" + if [[ -n "$RAW_BAL" ]]; then + RAW_ONE="$(echo "$RAW_BAL" | awk '{print $1}')" + CHAIN_JSON="$(RAW_BAL="$RAW_ONE" DECIMALS="$DECIMALS" TOKEN_ADDR="$TOKEN_ADDR" HOLDER="$HOLDER" RPC_HOST="$RPC_HOST" python3 <<'PY' +import os, json +from decimal import Decimal +from datetime import datetime, timezone +raw = int(os.environ["RAW_BAL"].strip(), 0) +dec = int(os.environ["DECIMALS"]) +major = str(Decimal(raw) / (Decimal(10) ** dec)) +out = { + "value_major": major, + "source": "cast:erc20_balanceOf", + "fetched_at": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"), + "rpc_url_host": os.environ.get("RPC_HOST", ""), + "chain_id": 138, + "token_address": os.environ["TOKEN_ADDR"], + "holder_address": os.environ["HOLDER"], + "decimals": dec, +} +print(json.dumps(out)) +PY +)" + else + GAPS+=("chain_balance_query_failed") + CHAIN_JSON="$(jq -nc \ + --arg s "$CHAIN_SOURCE" \ + --arg ft "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ + --arg th "$RPC_HOST" \ + --arg ta "$TOKEN_ADDR" \ + --arg hd "$HOLDER" \ + --argjson dec "$DECIMALS" \ + '{value_major: null, source: $s, fetched_at: $ft, rpc_url_host: $th, chain_id: 138, token_address: $ta, holder_address: $hd, decimals: $dec}')" + fi +else + GAPS+=("cast_not_installed") + CHAIN_JSON="$(jq -nc \ + --arg s "$CHAIN_SOURCE" \ + --arg ft "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ + --arg th "$RPC_HOST" \ + --arg ta "$TOKEN_ADDR" \ + --arg hd "$HOLDER" \ + --argjson dec "$DECIMALS" \ + '{value_major: null, source: $s, fetched_at: $ft, rpc_url_host: $th, chain_id: 138, token_address: $ta, holder_address: $hd, decimals: $dec}')" +fi + +if [[ -n "${JVMTM_BANK_BALANCE_JSON:-}" && -f "${JVMTM_BANK_BALANCE_JSON}" ]]; then + BANK_JSON="$(jq -c \ + --arg now "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ + '{value_major: .value_major, source: (.source // "operator:jvmtm_bank_json_file"), fetched_at: (.fetched_at // $now), statement_ref: .statement_ref}' \ + "${JVMTM_BANK_BALANCE_JSON}")" + BANK_VAL="$(echo "$BANK_JSON" | jq -r '.value_major // empty')" + if [[ -z "$BANK_VAL" ]]; then + GAPS+=("bank_file_missing_value_major") + BANK_JSON="null" + fi +elif [[ -n "${JVMTM_BANK_BALANCE_MAJOR:-}" ]]; then + BANK_JSON="$(jq -nc \ + --arg v "${JVMTM_BANK_BALANCE_MAJOR}" \ + --arg r "${JVMTM_BANK_STATEMENT_REF:-nostro-export}" \ + --arg ft "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ + '{value_major: $v, source: "operator:env_JVMTM_BANK_BALANCE_MAJOR", fetched_at: $ft, statement_ref: $r}')" +else + GAPS+=("bank_statement_not_supplied") + BANK_JSON="null" +fi + +[[ ${#CORR} -lt 8 ]] && GAPS+=("correlation_id_too_short_use_JVMTM_CORRELATION_ID") +[[ "$CORR" == "PLACEHOLDER" ]] && GAPS+=("correlation_id_placeholder_not_examination_grade") + +GAPS_JSON="$(printf '%s\n' "${GAPS[@]}" | jq -R -s -c 'split("\n") | map(select(length>0))')" +ARGV_JSON="$(python3 -c 'import json,sys; print(json.dumps(sys.argv[1:]))' -- "$@")" + +export LEDGER_JSON CHAIN_JSON BANK_JSON GAPS_JSON CORR REPORT_ID AS_OF ARGV_JSON + +FINAL_JSON="$(python3 <<'PY' +import json, os +from decimal import Decimal, InvalidOperation + +def D(x): + if x is None or x == "": + return None + try: + return Decimal(str(x)) + except InvalidOperation: + return None + +ledger = json.loads(os.environ["LEDGER_JSON"]) +chain = json.loads(os.environ["CHAIN_JSON"]) +bank_s = os.environ["BANK_JSON"] +bank = json.loads(bank_s) if bank_s != "null" else None +gaps = json.loads(os.environ["GAPS_JSON"]) +corr = os.environ["CORR"] +report_id = os.environ["REPORT_ID"] +as_of = os.environ["AS_OF"] +argv = json.loads(os.environ["ARGV_JSON"]) + +lv = D(ledger.get("value_major")) +cv = D(chain.get("value_major") if chain else None) +bv = D(bank.get("value_major") if bank else None) + +eps = Decimal("0.01") + +def sub(a, b): + if a is None or b is None: + return None + return str(a - b) + +var = { + "ledger_vs_bank_major": sub(lv, bv) if bv is not None else "n/a", + "ledger_vs_chain_major": sub(lv, cv) if cv is not None else "n/a", + "bank_vs_chain_major": sub(bv, cv) if bv is not None and cv is not None else "n/a", +} + +matched = False +if lv is not None and cv is not None and bv is not None: + matched = abs(lv - cv) <= eps and abs(lv - bv) <= eps and abs(bv - cv) <= eps +elif lv is not None and cv is not None and bv is None: + matched = abs(lv - cv) <= eps + +if any(g in gaps for g in ("bank_statement_not_supplied", "bank_file_missing_value_major")): + tier = "GENERATED_PARTIAL" +elif not gaps: + tier = "GENERATED_FULL" if matched and bv is not None else "GENERATED_PARTIAL" +else: + tier = "INCOMPLETE" + +from datetime import datetime, timezone +import socket + +gen_at = datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") + +out = { + "schema_version": 1, + "report_id": report_id, + "as_of": as_of, + "correlation_id": corr, + "currency": "USD", + "evidence_tier": tier, + "evidence_gaps": gaps, + "ledger": ledger, + "bank": bank, + "chain": chain, + "variance": var, + "matched": matched, + "generated_at": gen_at, + "generator": { + "script": "scripts/omnl/generate-3way-reconciliation-evidence.sh", + "argv": argv, + "host": socket.gethostname(), + }, +} +print(json.dumps(out, indent=2)) +PY +)" + +echo "$FINAL_JSON" | tee "${OUT_DIR}/3way-${AS_OF}.json" > "${OUT_DIR}/latest-3way-result.json" +echo "Wrote ${OUT_DIR}/3way-${AS_OF}.json and latest-3way-result.json" >&2 diff --git a/scripts/omnl/generate-transaction-package-evidence.py b/scripts/omnl/generate-transaction-package-evidence.py index 09a58ee..8d8bccd 100755 --- a/scripts/omnl/generate-transaction-package-evidence.py +++ b/scripts/omnl/generate-transaction-package-evidence.py @@ -207,7 +207,7 @@ def write_section1(staging: str) -> str: core = f"""INSTITUTIONAL AUTHORIZATION — EVIDENCE REGISTER Settlement batch: {BATCH} Value date: {VALUE_DATE} -Beneficiary: Bank Kanaya (Indonesia) — OMNL officeId 22 (externalId BANK-KANAYA-ID) +Beneficiary: Bank Kanaya (Indonesia) — OMNL officeId 21 (externalId BANK-KANAYA-ID) OMNL (settlement ledger authority) Legal name: ORGANISATION MONDIALE DU NUMERIQUE L.P.B.C. @@ -271,7 +271,7 @@ def write_section5(staging: str) -> str: Settlement cycle: {CYCLE} Value date: {VALUE_DATE} -Bank Kanaya (office 22) +1000000000.00 +Bank Kanaya (office 21) +1000000000.00 OMNL Liquidity Pool -1000000000.00 System net 0.00 @@ -357,7 +357,7 @@ Cross-check: Appendix/INDONESIA_MASTER_PROOF_MANIFEST.md Section 9. os.path.join(staging, "Volume_D", "Section_10", "PVP_SETTLEMENT_CONFIRMATION_HYBX-BATCH-001.txt"), f"""PVP SETTLEMENT CONFIRMATION — {BATCH} Value date: {VALUE_DATE} -Beneficiary: Bank Kanaya (office 22) +Beneficiary: Bank Kanaya (office 21) Cross-check: Appendix/INDONESIA_MASTER_PROOF_MANIFEST.md Section 10. """, ), @@ -372,7 +372,7 @@ Cross-check: Appendix/INDONESIA_MASTER_PROOF_MANIFEST.md Section 11. ( os.path.join(staging, "Volume_E", "Section_12", "AML_COMPLIANCE_SUMMARY_HYBX-BATCH-001.txt"), f"""AML COMPLIANCE SUMMARY — {BATCH} -Beneficiary: Bank Kanaya (Indonesia) — officeId 22 +Beneficiary: Bank Kanaya (Indonesia) — officeId 21 Primary schedule (4.995): Appendix/AML_PPATK_EVIDENCE_SCHEDULE_HYBX-BATCH-001.md Screening / STR / retention: complete per schedule §6 certification. Cross-check: Appendix/INDONESIA_MASTER_PROOF_MANIFEST.md Section 12; diff --git a/scripts/omnl/omnl-cakra-onboarding-complete.sh b/scripts/omnl/omnl-cakra-onboarding-complete.sh new file mode 100755 index 0000000..53785df --- /dev/null +++ b/scripts/omnl/omnl-cakra-onboarding-complete.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# OMNL / HYBX — Run recommended onboarding for PT. CAKRA INVESTAMA INTERNATIONAL: +# 1) Office (idempotent) +# 2) Tenant GL accounts (idempotent; skip with SKIP_GL=1) +# 3) Corporate client + NPWP + contact (idempotent) +# 4) Staff + Office Admin user (idempotent; needs password or CAKRA_GENERATE_PASSWORD=1) +# +# Usage (repo root): +# OMNL_CAKRA_ADMIN_PASSWORD='…' bash scripts/omnl/omnl-cakra-onboarding-complete.sh +# CAKRA_GENERATE_PASSWORD=1 bash scripts/omnl/omnl-cakra-onboarding-complete.sh +# SKIP_USER=1 bash scripts/omnl/omnl-cakra-onboarding-complete.sh # office + client + GL only +# +# Banking rails and AML/FATCA/CRS are not Fineract core fields — see: +# scripts/omnl/data/pt-cakra-investama-sidecar.json + +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +SKIP_GL="${SKIP_GL:-0}" +SKIP_USER="${SKIP_USER:-0}" + +echo "=== 1. Office (PT CAKRA) ===" >&2 +bash "${REPO_ROOT}/scripts/omnl/omnl-office-create-pt-cakra-investama.sh" + +if [ "$SKIP_GL" != "1" ]; then + echo "=== 2. GL accounts (tenant-wide, idempotent) ===" >&2 + bash "${REPO_ROOT}/scripts/omnl/omnl-gl-accounts-create.sh" || true +fi + +echo "=== 3. Client (corporate + NPWP + contact) ===" >&2 +bash "${REPO_ROOT}/scripts/omnl/omnl-client-create-pt-cakra-investama.sh" + +if [ "$SKIP_USER" != "1" ]; then + echo "=== 4. User (bpramukantoro @ CAKRA office) ===" >&2 + if ! bash "${REPO_ROOT}/scripts/omnl/omnl-user-cakra-office-create.sh"; then + echo "WARNING: User API step failed; staff may still exist — see script stderr for STAFF_ID and UI steps." >&2 + [ "${STRICT_ONBOARDING:-0}" = "1" ] && exit 1 + fi +else + echo "=== 4. User step skipped (SKIP_USER=1) ===" >&2 +fi + +echo "=== Done ===" >&2 +echo "Sidecar JSON: ${REPO_ROOT}/scripts/omnl/data/pt-cakra-investama-sidecar.json" >&2 diff --git a/scripts/omnl/omnl-chain138-attestation-tx.sh b/scripts/omnl/omnl-chain138-attestation-tx.sh new file mode 100755 index 0000000..baf3d3e --- /dev/null +++ b/scripts/omnl/omnl-chain138-attestation-tx.sh @@ -0,0 +1,148 @@ +#!/usr/bin/env bash +# Broadcast minimal attestation transactions (0-value self-send) to anchor settlement finality +# when DBIS SettlementRouter is not deployed. Does NOT move 102B tokens. +# +# Default: Chain 138 only (RPC_URL_138 / LAN). +# Dual-anchor: also Ethereum mainnet (chain id 1) when ETHEREUM_MAINNET_RPC or RPC_URL_MAINNET +# is set — unless ATTEST_INCLUDE_MAINNET=0. Set ATTEST_INCLUDE_MAINNET=1 to force mainnet when +# RPC is configured; mainnet consumes real ETH gas. +# +# Prerequisites: PRIVATE_KEY (same deployer on both chains — ensure account has ETH on mainnet). +# +# Usage: +# CORRELATION_ID=uuid bash scripts/omnl/omnl-chain138-attestation-tx.sh +# ATTEST_INCLUDE_MAINNET=0 bash scripts/omnl/omnl-chain138-attestation-tx.sh # 138 only +# DRY_RUN=1 bash scripts/omnl/omnl-chain138-attestation-tx.sh +# +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +DRY_RUN="${DRY_RUN:-0}" +CORRELATION_ID="${CORRELATION_ID:-}" + +if [ -f "${REPO_ROOT}/smom-dbis-138/.env" ]; then + set +u + set -a + # shellcheck disable=SC1090 + source "${REPO_ROOT}/smom-dbis-138/.env" 2>/dev/null || true + set +a + set -u +fi +if [ -f "${REPO_ROOT}/.env" ]; then + set +u + set -a + # shellcheck disable=SC1090 + source "${REPO_ROOT}/.env" 2>/dev/null || true + set +a + set -u +fi + +RPC_138="${RPC_URL_138:-http://192.168.11.211:8545}" +MAINNET_RPC="${ETHEREUM_MAINNET_RPC:-${RPC_URL_MAINNET:-}}" + +# Mainnet: auto-enable when RPC is configured, unless explicitly disabled. +if [ "${ATTEST_INCLUDE_MAINNET:-}" = "0" ]; then + DO_MAINNET=0 +elif [ "${ATTEST_INCLUDE_MAINNET:-}" = "1" ]; then + DO_MAINNET=1 +elif [ -n "$MAINNET_RPC" ]; then + DO_MAINNET=1 +else + DO_MAINNET=0 +fi + +if [ "$DO_MAINNET" = "1" ] && [ -z "$MAINNET_RPC" ]; then + echo "ERROR: mainnet attestation requested (ATTEST_INCLUDE_MAINNET=1) but ETHEREUM_MAINNET_RPC / RPC_URL_MAINNET unset" >&2 + exit 1 +fi + +if ! command -v cast &>/dev/null; then + echo "ERROR: cast (Foundry) not on PATH" >&2 + exit 1 +fi + +if [ -z "${PRIVATE_KEY:-}" ] && [ "$DRY_RUN" != "1" ]; then + echo "ERROR: PRIVATE_KEY unset (set in smom-dbis-138/.env or .env)" >&2 + exit 1 +fi + +ADDR="${ATTEST_FROM_ADDRESS:-}" +if [ -n "${PRIVATE_KEY:-}" ]; then + ADDR="$(cast wallet address --private-key "$PRIVATE_KEY")" +elif [ "$DRY_RUN" = "1" ]; then + ADDR="0x0000000000000000000000000000000000000001" +fi + +FINGERPRINT="" +if [ -n "$CORRELATION_ID" ]; then + FINGERPRINT="$(cast keccak "$(printf '%s' "$CORRELATION_ID")")" +fi + +extract_tx_hash() { + local out="$1" + local h + h="$(echo "$out" | sed -n 's/.*transactionHash[[:space:]]*//p' | head -1)" + if [ -z "$h" ]; then + h="$(echo "$out" | grep -oE '0x[a-fA-F0-9]{64}' | head -1 || true)" + fi + printf '%s' "$h" +} + +LAST_TX_HASH="" +broadcast_one() { + local rpc="$1" + local chain_label="$2" + LAST_TX_HASH="" + echo "Attestation [$chain_label] From/To: $ADDR | RPC: $rpc | keccak(correlation_id): ${FINGERPRINT:0:18}..." >&2 + if [ "$DRY_RUN" = "1" ]; then + echo "DRY_RUN: cast send $ADDR --value 0 --private-key --rpc-url $rpc" >&2 + LAST_TX_HASH="" + return 0 + fi + local OUT + OUT="$(cast send "$ADDR" --value 0 --private-key "$PRIVATE_KEY" --rpc-url "$rpc" 2>&1)" || { + echo "$OUT" >&2 + return 1 + } + echo "$OUT" + LAST_TX_HASH="$(extract_tx_hash "$OUT")" + echo "chain_tx_hash[$chain_label]=$LAST_TX_HASH" >&2 +} + +TX_138="" +TX_MAINNET="" + +broadcast_one "$RPC_138" "138" || exit 1 +TX_138="$LAST_TX_HASH" + +if [ "$DO_MAINNET" = "1" ]; then + echo "WARN: Also broadcasting on Ethereum mainnet (chain 1) — uses real ETH gas. Same PRIVATE_KEY / address as Chain 138." >&2 + broadcast_one "$MAINNET_RPC" "1" || exit 1 + TX_MAINNET="$LAST_TX_HASH" +fi + +OUT_DIR="${REPO_ROOT}/output/jvmtm-evidence" +if [ "$DRY_RUN" != "1" ]; then + mkdir -p "$OUT_DIR" + GEN_AT="$(date -u -Iseconds)" + if command -v jq &>/dev/null; then + jq -n \ + --arg h138 "$TX_138" \ + --arg h1 "$TX_MAINNET" \ + --arg gen "$GEN_AT" \ + --arg corr "${CORRELATION_ID:-}" \ + '{ + generatedAtUtc: $gen, + correlationId: (if $corr != "" then $corr else null end), + attestations: [ + { chainId: 138, transactionHash: $h138, rpcKind: "RPC_URL_138" } + ] + (if $h1 != "" then [{ chainId: 1, transactionHash: $h1, rpcKind: "ETHEREUM_MAINNET_RPC" }] else [] end) + }' > "${OUT_DIR}/latest-dual-attestation.json" + echo "Wrote ${OUT_DIR}/latest-dual-attestation.json" >&2 + fi + + { + echo "CHAIN_ATTESTATION_TX_HASH=${TX_138}" + echo "CHAIN_ATTESTATION_TX_HASH_MAINNET=${TX_MAINNET}" + } > "${OUT_DIR}/latest-dual-attestation.env" + echo "Wrote ${OUT_DIR}/latest-dual-attestation.env (source before build-omnl-e2e-settlement-audit-archive.sh)" >&2 +fi diff --git a/scripts/omnl/omnl-client-create-pt-cakra-investama.sh b/scripts/omnl/omnl-client-create-pt-cakra-investama.sh new file mode 100755 index 0000000..5cd04a6 --- /dev/null +++ b/scripts/omnl/omnl-client-create-pt-cakra-investama.sh @@ -0,0 +1,116 @@ +#!/usr/bin/env bash +# OMNL Fineract — Corporate Client for PT. CAKRA INVESTAMA INTERNATIONAL (office CAKRA). +# Idempotent by client externalId. Adds contact (director), NPWP as "Any Other Id Type" if not present. +# +# Usage (repo root): +# DRY_RUN=1 bash scripts/omnl/omnl-client-create-pt-cakra-investama.sh +# bash scripts/omnl/omnl-client-create-pt-cakra-investama.sh +# +# Optional env: +# CAKRA_OFFICE_EXTERNAL_ID default OMNL-ID-JKT-CAKRA-001 +# CAKRA_CLIENT_EXTERNAL_ID default OMNL-ID-JKT-CAKRA-CLIENT +# CAKRA_CLIENT_NAME default PT. CAKRA INVESTAMA INTERNATIONAL +# CAKRA_CONTACT_EMAIL default bambangpram04@gmail.com +# CAKRA_CONTACT_MOBILE default +62811400001 +# CAKRA_NPWP default 08.540.442.4-603.000 +# SKIP_NPWP_IDENTIFIER=1 skip NPWP POST (e.g. if using another id type in tenant) +# +# Settlement / bank / AHU metadata: scripts/omnl/data/pt-cakra-investama-sidecar.json (not Fineract-native). + +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +DRY_RUN="${DRY_RUN:-0}" +CAKRA_OFFICE_EXTERNAL_ID="${CAKRA_OFFICE_EXTERNAL_ID:-OMNL-ID-JKT-CAKRA-001}" +CAKRA_CLIENT_EXTERNAL_ID="${CAKRA_CLIENT_EXTERNAL_ID:-OMNL-ID-JKT-CAKRA-CLIENT}" +CAKRA_CLIENT_NAME="${CAKRA_CLIENT_NAME:-PT. CAKRA INVESTAMA INTERNATIONAL}" +CAKRA_CONTACT_EMAIL="${CAKRA_CONTACT_EMAIL:-bambangpram04@gmail.com}" +CAKRA_CONTACT_MOBILE="${CAKRA_CONTACT_MOBILE:-+62811400001}" +CAKRA_NPWP="${CAKRA_NPWP:-08.540.442.4-603.000}" +SKIP_NPWP_IDENTIFIER="${SKIP_NPWP_IDENTIFIER:-0}" +SUBMITTED_DATE="${SUBMITTED_DATE:-$(date +%Y-%m-%d)}" +LEGAL_FORM_ID="${LEGAL_FORM_ID:-2}" + +# shellcheck source=lib/omnl-fineract-common.sh +source "${REPO_ROOT}/scripts/omnl/lib/omnl-fineract-common.sh" +omnl_fineract_load_env +omnl_fineract_init_curl || exit 1 + +offices_json=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/offices" 2>/dev/null) +OFFICE_ID=$(echo "$offices_json" | jq -r --arg e "$CAKRA_OFFICE_EXTERNAL_ID" '.[] | select(.externalId == $e) | .id' 2>/dev/null | head -1) +if [ -z "$OFFICE_ID" ] || [ "$OFFICE_ID" = "null" ]; then + echo "Office not found for externalId=$CAKRA_OFFICE_EXTERNAL_ID — run omnl-office-create-pt-cakra-investama.sh first." >&2 + exit 1 +fi + +clients_wrap=$(omnl_fineract_fetch_all_clients_pageitems) +existing_id=$(echo "$clients_wrap" | jq -r --arg e "$CAKRA_CLIENT_EXTERNAL_ID" '.pageItems[] | select(.externalId == $e) | .id' 2>/dev/null | head -1) + +if [ -n "$existing_id" ] && [ "$existing_id" != "null" ]; then + CLIENT_ID="$existing_id" + echo "Client already exists: clientId=$CLIENT_ID (externalId=$CAKRA_CLIENT_EXTERNAL_ID)" >&2 +else + payload=$(jq -n \ + --argjson officeId "$OFFICE_ID" \ + --argjson legalFormId "$LEGAL_FORM_ID" \ + --arg firstname "$CAKRA_CLIENT_NAME" \ + --arg externalId "$CAKRA_CLIENT_EXTERNAL_ID" \ + --arg submittedOnDate "$SUBMITTED_DATE" \ + '{ + officeId: $officeId, + legalFormId: $legalFormId, + firstname: $firstname, + lastname: ".", + externalId: $externalId, + dateFormat: "yyyy-MM-dd", + locale: "en", + active: false, + submittedOnDate: $submittedOnDate + }') + if [ "$DRY_RUN" = "1" ]; then + echo "DRY_RUN: would POST /clients $payload" >&2 + exit 0 + fi + res=$(curl "${CURL_OPTS[@]}" -X POST -d "$payload" "${BASE_URL}/clients" 2>/dev/null) || true + if echo "$res" | jq -e '.resourceId // .clientId' >/dev/null 2>&1; then + CLIENT_ID=$(echo "$res" | jq -r '.resourceId // .clientId') + echo "Created client clientId=$CLIENT_ID" >&2 + else + echo "Failed to create client: $res" >&2 + exit 1 + fi +fi + +if [ "$DRY_RUN" = "1" ]; then + exit 0 +fi + +# Contact (director channel) +payload_contact=$(jq -n --arg m "$CAKRA_CONTACT_MOBILE" --arg e "$CAKRA_CONTACT_EMAIL" '{ mobileNo: $m, emailAddress: $e }') +curl "${CURL_OPTS[@]}" -X PUT -d "$payload_contact" "${BASE_URL}/clients/${CLIENT_ID}" >/dev/null 2>&1 || true + +# NPWP — tenant allows one active "Any Other Id Type" (id 4) per client +if [ "$SKIP_NPWP_IDENTIFIER" != "1" ] && [ -n "$CAKRA_NPWP" ]; then + if omnl_fineract_client_has_document_key "$CLIENT_ID" "$CAKRA_NPWP"; then + echo "NPWP identifier already present on client $CLIENT_ID" >&2 + else + has_other=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/clients/${CLIENT_ID}/identifiers" 2>/dev/null | jq -e ' + (if type == "array" then . else (.pageItems // []) end) + | map(select((.documentType?.name // "") == "Any Other Id Type" and (.status == "Active" or .status == null))) + | length > 0 + ' >/dev/null 2>&1 && echo yes || echo no) + if [ "$has_other" = "yes" ]; then + echo "Skip NPWP POST: client already has an active Any Other Id Type (store AHU/NPWP detail in sidecar or deactivate old id)." >&2 + else + payload_npwp=$(jq -n --arg key "$CAKRA_NPWP" --argjson typeId 4 '{ documentKey: $key, documentTypeId: $typeId, description: "NPWP (Indonesia tax ID)", status: "Active" }') + res=$(curl "${CURL_OPTS[@]}" -X POST -d "$payload_npwp" "${BASE_URL}/clients/${CLIENT_ID}/identifiers" 2>/dev/null) || true + if echo "$res" | jq -e '.resourceId' >/dev/null 2>&1; then + echo "Posted NPWP identifier for client $CLIENT_ID" >&2 + else + echo "NPWP POST skipped or failed: $res" >&2 + fi + fi + fi +fi + +echo "CLIENT_ID_CAKRA=$CLIENT_ID" +echo "Sidecar (banking, AHU, compliance placeholders): ${REPO_ROOT}/scripts/omnl/data/pt-cakra-investama-sidecar.json" >&2 diff --git a/scripts/omnl/omnl-fineract-authentication-login.sh b/scripts/omnl/omnl-fineract-authentication-login.sh new file mode 100755 index 0000000..e1affee --- /dev/null +++ b/scripts/omnl/omnl-fineract-authentication-login.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash +# OMNL Fineract — obtain base64EncodedAuthenticationKey via POST /authentication. +# Subsequent API calls use this value as HTTP Basic (not Bearer on standard Fineract). +# +# Usage (repo root, env from omnl-fineract/.env or .env): +# bash scripts/omnl/omnl-fineract-authentication-login.sh +# bash scripts/omnl/omnl-fineract-authentication-login.sh --export # prints export line for current shell +# OMNL_AUTH_USER=x OMNL_AUTH_PASSWORD=y bash scripts/omnl/omnl-fineract-authentication-login.sh +# +# Standard follow-up request: +# curl -H "Fineract-Platform-TenantId: ${OMNL_FINERACT_TENANT}" \ +# -H "Authorization: Basic ${OMNL_FINERACT_AUTH_KEY}" \ +# "${OMNL_FINERACT_BASE_URL}/offices" + +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +EXPORT_MODE=0 +[[ "${1:-}" == "--export" ]] && EXPORT_MODE=1 + +if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then set +u; source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true; set -u; fi +if [ -f "${REPO_ROOT}/.env" ]; then set +u; source "${REPO_ROOT}/.env" 2>/dev/null || true; set -u; fi + +BASE_URL="${OMNL_FINERACT_BASE_URL:-}" +TENANT="${OMNL_FINERACT_TENANT:-omnl}" +USER="${OMNL_AUTH_USER:-${OMNL_FINERACT_USER:-app.omnl}}" +PASS="${OMNL_AUTH_PASSWORD:-${OMNL_FINERACT_PASSWORD:-}}" + +if [ -z "$BASE_URL" ] || [ -z "$PASS" ]; then + echo "Set OMNL_FINERACT_BASE_URL and OMNL_FINERACT_PASSWORD (or OMNL_AUTH_USER / OMNL_AUTH_PASSWORD)." >&2 + exit 1 +fi + +BODY=$(jq -n --arg u "$USER" --arg p "$PASS" '{ username: $u, password: $p }') +RESP=$(curl -s -S -X POST "${BASE_URL}/authentication" \ + -H "Fineract-Platform-TenantId: ${TENANT}" \ + -H "Content-Type: application/json" \ + -d "$BODY") + +KEY=$(echo "$RESP" | jq -r '.base64EncodedAuthenticationKey // empty') +if [ -z "$KEY" ] || [ "$KEY" = "null" ]; then + echo "Authentication failed or unexpected response:" >&2 + echo "$RESP" | jq . 2>/dev/null || echo "$RESP" >&2 + exit 1 +fi + +if [ "$EXPORT_MODE" = "1" ]; then + echo "export OMNL_FINERACT_AUTH_KEY='${KEY}'" +else + echo "$RESP" | jq . + echo "" >&2 + echo "Use on API calls: Authorization: Basic ${KEY}" >&2 + echo "(Fineract-Platform-TenantId: ${TENANT})" >&2 +fi diff --git a/scripts/omnl/omnl-m1-clearing-102b-chunked.sh b/scripts/omnl/omnl-m1-clearing-102b-chunked.sh new file mode 100755 index 0000000..a7b85a5 --- /dev/null +++ b/scripts/omnl/omnl-m1-clearing-102b-chunked.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash +# OMNL Fineract — Move USD 102,000,000,000.00 from FROM_OFFICE to TO_OFFICE using chunked M1 clearing. +# Fineract journal line amounts must stay within DB limits; this repo verified 1B USD (100_000_000_000 cents) per line. +# +# Prerequisites: omnl-fineract/.env (or root .env) with OMNL API credentials. +# Live: COMPLIANCE_AUTH_REF, COMPLIANCE_APPROVER, DRY_RUN=0 +# +# Usage (repo root): +# DRY_RUN=1 bash scripts/omnl/omnl-m1-clearing-102b-chunked.sh +# DRY_RUN=0 COMPLIANCE_AUTH_REF=... COMPLIANCE_APPROVER="..." bash scripts/omnl/omnl-m1-clearing-102b-chunked.sh +# +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +DRY_RUN="${DRY_RUN:-1}" +FROM_OFFICE="${FROM_OFFICE:-21}" +TO_OFFICE="${TO_OFFICE:-22}" +# 102 billion USD in cents = 102 * 10^9 * 100 +TOTAL_CENTS=$((102000000000 * 100)) +# Per-chunk: 1 billion USD in cents (Fineract-safe on this tenant) +CHUNK_CENTS="${CHUNK_CENTS:-100000000000}" +COMPLIANCE_AUTH_REF="${COMPLIANCE_AUTH_REF:-}" +COMPLIANCE_APPROVER="${COMPLIANCE_APPROVER:-}" +STAMP="${STAMP:-20260331}" + +if [ "$DRY_RUN" != "1" ]; then + if [ -z "$COMPLIANCE_AUTH_REF" ] || [ -z "$COMPLIANCE_APPROVER" ]; then + echo "ERROR: Live run requires COMPLIANCE_AUTH_REF and COMPLIANCE_APPROVER" >&2 + exit 1 + fi +fi + +n_full=$((TOTAL_CENTS / CHUNK_CENTS)) +rem=$((TOTAL_CENTS % CHUNK_CENTS)) +chunks=() +i=1 +while [ "$i" -le "$n_full" ]; do + chunks+=("$CHUNK_CENTS") + i=$((i + 1)) +done +if [ "$rem" -gt 0 ]; then + chunks+=("$rem") +fi +total_chunks=${#chunks[@]} +echo "Total USD (major): 102,000,000,000.00 | total cents: $TOTAL_CENTS | chunk cents: $CHUNK_CENTS | chunks: $total_chunks | DRY_RUN=$DRY_RUN" >&2 + +idx=0 +for amt in "${chunks[@]}"; do + idx=$((idx + 1)) + REFERENCE_BASE="OMNL-102B-CH${idx}-OF${FROM_OFFICE}-TO${TO_OFFICE}-${STAMP}" + SETTLEMENT_CONTEXT="OMNL 102B USD chunked M1 realloc chunk ${idx}/${total_chunks} (${amt} cents)" + export REFERENCE_BASE SETTLEMENT_CONTEXT + echo "--- Chunk $idx / $total_chunks | AMOUNT=$amt | ref=$REFERENCE_BASE ---" >&2 + DRY_RUN="$DRY_RUN" \ + FETCH_AMOUNT_FROM_API=0 \ + AMOUNT="$amt" \ + FROM_OFFICE="$FROM_OFFICE" \ + TO_OFFICE="$TO_OFFICE" \ + COMPLIANCE_AUTH_REF="$COMPLIANCE_AUTH_REF" \ + COMPLIANCE_APPROVER="$COMPLIANCE_APPROVER" \ + bash "${REPO_ROOT}/scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh" || { + echo "ERROR: chunk $idx failed" >&2 + exit 1 + } +done +echo "Done. Posted $total_chunks chunk pairs (unwind + book)." >&2 diff --git a/scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh b/scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh new file mode 100755 index 0000000..707543d --- /dev/null +++ b/scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh @@ -0,0 +1,212 @@ +#!/usr/bin/env bash +# OMNL Fineract — Move M1 clearing-style position (GL 2100 / 1410) from one office to another. +# +# Accounting (same structure as omnl-pvp-post-clearing-bank-kanaya.sh branch leg): +# - Unwind source office: Dr 1410 / Cr 2100 (reverses Dr 2100 / Cr 1410) +# - Book target office: Dr 2100 / Cr 1410 (same as PvP beneficiary branch leg) +# Head office leg (Dr 2410 / Cr 2100) is unchanged — beneficiary reallocates at branch level only. +# +# Compliance (live post, DRY_RUN=0): +# - Set COMPLIANCE_AUTH_REF (e.g. committee minute id, ticket, legal opinion ref). +# - Set COMPLIANCE_APPROVER (human name) for material amounts (>= MATERIAL_THRESHOLD_COMPLIANCE, default 10_000_000). +# - Stable REFERENCE_BASE in journal referenceNumber (default HYBX-BATCH-001-BEN-REALLOC). +# - Run DRY_RUN=1 first; use maker-checker (WRITE_MAKER_PAYLOADS=1) if policy requires segregated duties. +# IPSAS / IFRS (IFGA default): comments append COMPLIANCE_STANDARD_MEMO — see +# docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md +# +# Amount: +# - Default: FETCH_AMOUNT_FROM_API=1 sums non-reversed DEBIT lines on GL 2100 at FROM_OFFICE (matches posted PvP Kanaya legs). +# - Override: AMOUNT= (required if fetch yields 0). +# +# Usage: +# DRY_RUN=1 bash scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh +# FROM_OFFICE=21 TO_OFFICE=22 DRY_RUN=0 COMPLIANCE_AUTH_REF=DIR-2026-0330 COMPLIANCE_APPROVER="CFO Name" \ +# bash scripts/omnl/omnl-m1-clearing-transfer-between-offices.sh +# +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" + +DRY_RUN="${DRY_RUN:-1}" +TRANSACTION_DATE="${TRANSACTION_DATE:-$(date +%Y-%m-%d)}" +FROM_OFFICE="${FROM_OFFICE:-21}" +TO_OFFICE="${TO_OFFICE:-22}" +REFERENCE_BASE="${REFERENCE_BASE:-HYBX-BATCH-001-BEN-REALLOC}" +SETTLEMENT_CONTEXT="${SETTLEMENT_CONTEXT:-HYBX-BATCH-001 multilateral net beneficiary realloc Bank Kanaya to PT CAKRA}" +FETCH_AMOUNT_FROM_API="${FETCH_AMOUNT_FROM_API:-1}" +AMOUNT="${AMOUNT:-}" +MATERIAL_THRESHOLD_COMPLIANCE="${MATERIAL_THRESHOLD_COMPLIANCE:-10000000}" +COMPLIANCE_AUTH_REF="${COMPLIANCE_AUTH_REF:-}" +COMPLIANCE_APPROVER="${COMPLIANCE_APPROVER:-}" +WRITE_MAKER_PAYLOADS="${WRITE_MAKER_PAYLOADS:-0}" +# Appended to Fineract comments (IPSAS + IFRS; IFGA = IFRS unless org defines otherwise) +COMPLIANCE_STANDARD_MEMO="${COMPLIANCE_STANDARD_MEMO:-IPSAS:1,3,9,28,29 accrual double-entry inter-office M1 realloc no revenue. IFRS/IFGA-default: IAS32 IFRS7 IFRS9 amortised cost no PnL on symmetric 1410/2100 legs.}" + +if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then + set +u + # shellcheck disable=SC1090 + source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true + set -u +elif [ -f "${REPO_ROOT}/.env" ]; then + set +u + # shellcheck disable=SC1090 + source "${REPO_ROOT}/.env" 2>/dev/null || true + set -u +fi + +BASE_URL="${OMNL_FINERACT_BASE_URL:-}" +TENANT="${OMNL_FINERACT_TENANT:-omnl}" +USER="${OMNL_FINERACT_USER:-app.omnl}" +PASS="${OMNL_FINERACT_PASSWORD:-}" + +if [ -z "$BASE_URL" ] || [ -z "$PASS" ]; then + echo "Set OMNL_FINERACT_BASE_URL and OMNL_FINERACT_PASSWORD" >&2 + exit 1 +fi + +CURL_GET=(-s -S -H "Fineract-Platform-TenantId: ${TENANT}" -H "Content-Type: application/json" -u "${USER}:${PASS}") +CURL_POST=(-s -S -w "\n%{http_code}" -H "Fineract-Platform-TenantId: ${TENANT}" -H "Content-Type: application/json" -u "${USER}:${PASS}") + +fetch_office_journal_all() { + local oid="$1" + local offset=0 + local limit=500 + local acc='[]' + while true; do + local resp + resp=$(curl "${CURL_GET[@]}" "${BASE_URL}/journalentries?officeId=${oid}&offset=${offset}&limit=${limit}") + local batch + batch=$(echo "$resp" | jq -c '.pageItems // []') + local n + n=$(echo "$batch" | jq 'length') + acc=$(jq -n --argjson a "$acc" --argjson b "$batch" '$a + $b') + local total + total=$(echo "$resp" | jq -r '.totalFilteredRecords // 0') + offset=$((offset + n)) + if [ "$n" -lt "$limit" ] || [ "$offset" -ge "$total" ]; then + break + fi + done + echo "$acc" +} + +sum_2100_debits() { + local items="$1" + echo "$items" | jq '[.[] | select((.reversed // false) | not) | select(.glAccountCode == "2100") | select((.entryType.value // .entryType // "") | ascii_downcase | test("debit"))] | map(.amount | tonumber) | add // 0' +} + +GL_RAW=$(curl "${CURL_GET[@]}" "${BASE_URL}/glaccounts") +GL_JSON=$(echo "$GL_RAW" | jq -c 'if type == "array" then . else (.pageItems // []) end' 2>/dev/null || echo "[]") + +get_gl_id() { + local code="$1" + echo "$GL_JSON" | jq -r --arg c "$code" '.[]? | select(.glCode == $c) | .id // empty' 2>/dev/null | head -n1 +} + +ID_1410="$(get_gl_id "1410")" +ID_2100="$(get_gl_id "2100")" + +if [ -z "$ID_1410" ] || [ -z "$ID_2100" ]; then + echo "ERROR: Missing GL 1410 or 2100." >&2 + exit 1 +fi + +FROM_NAME=$(curl "${CURL_GET[@]}" "${BASE_URL}/offices" | jq -r --argjson id "$FROM_OFFICE" '.[] | select(.id == $id) | .name // empty' | head -1) +TO_NAME=$(curl "${CURL_GET[@]}" "${BASE_URL}/offices" | jq -r --argjson id "$TO_OFFICE" '.[] | select(.id == $id) | .name // empty' | head -1) +if [ -z "$FROM_NAME" ] || [ -z "$TO_NAME" ]; then + echo "ERROR: Could not resolve office name for FROM_OFFICE=$FROM_OFFICE or TO_OFFICE=$TO_OFFICE" >&2 + exit 1 +fi + +if [ -n "$AMOUNT" ]; then + TRANSFER_AMT="$AMOUNT" +elif [ "$FETCH_AMOUNT_FROM_API" = "1" ]; then + ITEMS=$(fetch_office_journal_all "$FROM_OFFICE") + TRANSFER_AMT=$(sum_2100_debits "$ITEMS") +else + echo "ERROR: Set AMOUNT= or FETCH_AMOUNT_FROM_API=1" >&2 + exit 1 +fi + +if ! awk -v a="$TRANSFER_AMT" 'BEGIN { if (a + 0 > 0) exit 0; exit 1 }'; then + echo "ERROR: Transfer amount must be > 0 (got ${TRANSFER_AMT}). Set AMOUNT explicitly or ensure GL 2100 debits exist at FROM_OFFICE." >&2 + exit 1 +fi + +REF_UNWIND="${REFERENCE_BASE}-UNWIND-${FROM_OFFICE}" +REF_BOOK="${REFERENCE_BASE}-BOOK-${TO_OFFICE}" + +NARR_UNWIND="M1 clearing beneficiary realloc: unwind at ${FROM_NAME} (office ${FROM_OFFICE}). Auth: ${COMPLIANCE_AUTH_REF:-n/a}. ${SETTLEMENT_CONTEXT} | ${COMPLIANCE_STANDARD_MEMO}" +NARR_BOOK="M1 clearing beneficiary realloc: book at ${TO_NAME} (office ${TO_OFFICE}). Auth: ${COMPLIANCE_AUTH_REF:-n/a}. ${SETTLEMENT_CONTEXT} | ${COMPLIANCE_STANDARD_MEMO}" + +if [ "$DRY_RUN" != "1" ]; then + if [ -z "$COMPLIANCE_AUTH_REF" ]; then + echo "ERROR: Live post requires COMPLIANCE_AUTH_REF (governance / ticket / minute reference)." >&2 + exit 1 + fi + if awk -v a="$TRANSFER_AMT" -v t="$MATERIAL_THRESHOLD_COMPLIANCE" 'BEGIN { exit !(a >= t) }'; then + if [ -z "$COMPLIANCE_APPROVER" ]; then + echo "ERROR: Amount ${TRANSFER_AMT} >= ${MATERIAL_THRESHOLD_COMPLIANCE}; set COMPLIANCE_APPROVER for dual-control attestation." >&2 + exit 1 + fi + fi +fi + +post_je() { + local office_id="$1" + local debit_id="$2" + local credit_id="$3" + local ref="$4" + local memo="$5" + local body + body=$(jq -n \ + --argjson officeId "$office_id" \ + --arg transactionDate "$TRANSACTION_DATE" \ + --arg comments "$memo" \ + --arg referenceNumber "$ref" \ + --argjson debitId "$debit_id" \ + --argjson creditId "$credit_id" \ + --argjson amount "$TRANSFER_AMT" \ + '{ officeId: $officeId, transactionDate: $transactionDate, dateFormat: "yyyy-MM-dd", locale: "en", currencyCode: "USD", comments: $comments, referenceNumber: $referenceNumber, debits: [ { glAccountId: $debitId, amount: $amount } ], credits: [ { glAccountId: $creditId, amount: $amount } ] }') + if [ "$WRITE_MAKER_PAYLOADS" = "1" ]; then + local pdir="${REPO_ROOT}/reconciliation" + mkdir -p "$pdir" + local safe + safe=$(echo "$ref" | tr -c 'A-Za-z0-9_-' '_') + local to_write="$body" + if awk -v a="$TRANSFER_AMT" -v t="$MATERIAL_THRESHOLD_COMPLIANCE" 'BEGIN { exit !(a >= t) }' \ + && [ -n "${COMPLIANCE_APPROVER:-}" ]; then + to_write=$(echo "$body" | jq --arg approver "$COMPLIANCE_APPROVER" --arg approvedAt "$(date -u -Iseconds)" \ + '. + { approvalMetadata: { approver: $approver, approvedAt: $approvedAt } }') + fi + echo "$to_write" > "${pdir}/je-${safe}.payload.json" + sha256sum "${pdir}/je-${safe}.payload.json" | awk '{print $1}' > "${pdir}/je-${safe}.payload.sha256" + echo "Wrote maker payload ${pdir}/je-${safe}.payload.json (post: PAYLOAD_FILE=... DRY_RUN=0 bash scripts/omnl/omnl-je-checker.sh)" >&2 + fi + if [ "$DRY_RUN" = "1" ]; then + echo "DRY_RUN JE: office=$office_id ref=$ref" >&2 + echo "$body" | jq . + return 0 + fi + local out code resp + out=$(curl "${CURL_POST[@]}" -X POST -d "$body" "${BASE_URL}/journalentries" 2>/dev/null) + code=$(echo "$out" | tail -n1) + resp=$(echo "$out" | sed '$d') + if [ "$code" = "200" ] || [ "${code:0:1}" = "2" ]; then + echo "OK office=$office_id ref=$ref HTTP $code" >&2 + echo "$resp" | jq . 2>/dev/null || echo "$resp" + else + echo "FAIL office=$office_id ref=$ref HTTP $code: $resp" >&2 + return 1 + fi +} + +echo "M1 clearing transfer | from office ${FROM_OFFICE} (${FROM_NAME}) → ${TO_OFFICE} (${TO_NAME}) | amount=${TRANSFER_AMT} | DRY_RUN=${DRY_RUN}" >&2 +echo "JE1 unwind: office ${FROM_OFFICE} Dr 1410 Cr 2100 | ref ${REF_UNWIND}" >&2 +echo "JE2 book: office ${TO_OFFICE} Dr 2100 Cr 1410 | ref ${REF_BOOK}" >&2 + +# Unwind source (mirror of PvP branch leg) +post_je "$FROM_OFFICE" "$ID_1410" "$ID_2100" "$REF_UNWIND" "$NARR_UNWIND" +# Book target +post_je "$TO_OFFICE" "$ID_2100" "$ID_1410" "$REF_BOOK" "$NARR_BOOK" + +echo "Done." >&2 diff --git a/scripts/omnl/omnl-office-create-pt-cakra-investama.sh b/scripts/omnl/omnl-office-create-pt-cakra-investama.sh new file mode 100755 index 0000000..e0d1363 --- /dev/null +++ b/scripts/omnl/omnl-office-create-pt-cakra-investama.sh @@ -0,0 +1,77 @@ +#!/usr/bin/env bash +# OMNL Fineract (HYBX) — Create Office for PT. CAKRA INVESTAMA INTERNATIONAL (Jakarta). +# CIS-derived: AHU-0091539.AH.01.01.TAHUN 2025, opening 2025-10-24, under Head Office (parentId 1). +# Uses POST /offices (name, parentId, openingDate, externalId, dateFormat, locale). +# +# Usage (repo root): +# DRY_RUN=1 bash scripts/omnl/omnl-office-create-pt-cakra-investama.sh +# bash scripts/omnl/omnl-office-create-pt-cakra-investama.sh +# +# Optional overrides: +# CAKRA_EXTERNAL_ID (default OMNL-ID-JKT-CAKRA-001) +# CAKRA_OFFICE_NAME OPENING_DATE PARENT_OFFICE_ID +# +# Env: omnl-fineract/.env or .env — OMNL_FINERACT_BASE_URL, OMNL_FINERACT_PASSWORD, OMNL_FINERACT_TENANT, OMNL_FINERACT_USER + +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +DRY_RUN="${DRY_RUN:-0}" +OPENING_DATE="${OPENING_DATE:-2025-10-24}" +CAKRA_EXTERNAL_ID="${CAKRA_EXTERNAL_ID:-OMNL-ID-JKT-CAKRA-001}" +CAKRA_OFFICE_NAME="${CAKRA_OFFICE_NAME:-PT. CAKRA INVESTAMA INTERNATIONAL}" +PARENT_OFFICE_ID="${PARENT_OFFICE_ID:-1}" + +if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then + set +u + source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true + set -u +elif [ -f "${REPO_ROOT}/.env" ]; then + set +u + source "${REPO_ROOT}/.env" 2>/dev/null || true + set -u +fi + +BASE_URL="${OMNL_FINERACT_BASE_URL:-}" +TENANT="${OMNL_FINERACT_TENANT:-omnl}" +USER="${OMNL_FINERACT_USER:-app.omnl}" +PASS="${OMNL_FINERACT_PASSWORD:-}" + +if [ -z "$BASE_URL" ] || [ -z "$PASS" ]; then + echo "Set OMNL_FINERACT_BASE_URL and OMNL_FINERACT_PASSWORD (omnl-fineract/.env or .env)." >&2 + echo "Example: OMNL_FINERACT_BASE_URL=https://omnl.hybx.global/fineract-provider/api/v1" >&2 + exit 1 +fi + +CURL_OPTS=(-s -S -H "Fineract-Platform-TenantId: ${TENANT}" -H "Content-Type: application/json" -u "${USER}:${PASS}") + +offices_json=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/offices" 2>/dev/null) +existing_id=$(echo "$offices_json" | jq -r --arg e "$CAKRA_EXTERNAL_ID" '.[] | select(.externalId == $e) | .id' 2>/dev/null | head -1) + +if [ -n "$existing_id" ] && [ "$existing_id" != "null" ]; then + echo "CAKRA office already exists: officeId=$existing_id (externalId=$CAKRA_EXTERNAL_ID)" >&2 + echo "OFFICE_ID_CAKRA=$existing_id" + exit 0 +fi + +payload=$(jq -n \ + --arg name "$CAKRA_OFFICE_NAME" \ + --arg openingDate "$OPENING_DATE" \ + --arg externalId "$CAKRA_EXTERNAL_ID" \ + --argjson parentId "$PARENT_OFFICE_ID" \ + '{ name: $name, parentId: $parentId, openingDate: $openingDate, externalId: $externalId, dateFormat: "yyyy-MM-dd", locale: "en" }') + +if [ "$DRY_RUN" = "1" ]; then + echo "DRY_RUN: would POST ${BASE_URL}/offices" >&2 + echo "Payload: $payload" >&2 + exit 0 +fi + +res=$(curl "${CURL_OPTS[@]}" -X POST -d "$payload" "${BASE_URL}/offices" 2>/dev/null) || true +if echo "$res" | jq -e '.resourceId // .officeId' >/dev/null 2>&1; then + CAKRA_OFFICE_ID=$(echo "$res" | jq -r '.resourceId // .officeId') + echo "Created CAKRA office: officeId=$CAKRA_OFFICE_ID" >&2 + echo "OFFICE_ID_CAKRA=$CAKRA_OFFICE_ID" +else + echo "Failed to create office: $res" >&2 + exit 1 +fi diff --git a/scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh b/scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh index fb9a7bd..9e22544 100755 --- a/scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh +++ b/scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh @@ -7,20 +7,22 @@ # # Usage: # DRY_RUN=1 bash scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh # print payloads only (default) -# DRY_RUN=0 OFFICE_ID_HO=1 OFFICE_ID_KANAYA=22 bash scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh +# DRY_RUN=0 OFFICE_ID_HO=1 OFFICE_ID_KANAYA=21 bash scripts/omnl/omnl-pvp-post-clearing-bank-kanaya.sh # # Prerequisites: GL 1410, 2100, 2410 exist. Run resolve_ids.sh or let script resolve via GET /glaccounts. # See: docs/04-configuration/mifos-omnl-central-bank/PvP_MULTILATERAL_NET_SETTLEMENT_BANK_KANAYA.md +# IPSAS/IFRS: docs/04-configuration/mifos-omnl-central-bank/OMNL_IPSAS_IFRS_INTEROFFICE_COMPLIANCE.md set -euo pipefail REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" DRY_RUN="${DRY_RUN:-1}" TRANSACTION_DATE="${TRANSACTION_DATE:-$(date +%Y-%m-%d)}" OFFICE_ID_HO="${OFFICE_ID_HO:-1}" -OFFICE_ID_KANAYA="${OFFICE_ID_KANAYA:-22}" +OFFICE_ID_KANAYA="${OFFICE_ID_KANAYA:-21}" # 1,000,000,000.00 USD in cents AMOUNT_MINOR="${AMOUNT_MINOR_UNITS:-100000000000}" REF="${REFERENCE_COMMENT:-HYBX-BATCH-001-CLEARING}" +COMPLIANCE_STANDARD_MEMO="${COMPLIANCE_STANDARD_MEMO:-IPSAS:1,3,28,29 PvP clearing HO+branch. IFRS/IFGA-default: IAS32 IFRS7 IFRS9 no PnL on symmetric monetary legs.}" if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then set +u @@ -77,7 +79,7 @@ post_je() { body=$(jq -n \ --argjson officeId "$office_id" \ --arg transactionDate "$TRANSACTION_DATE" \ - --arg comments "$memo — $REF" \ + --arg comments "$memo — $REF | $COMPLIANCE_STANDARD_MEMO" \ --argjson debitId "$debit_id" \ --argjson creditId "$credit_id" \ --argjson amount "$AMOUNT_MINOR" \ diff --git a/scripts/omnl/omnl-user-cakra-office-create.sh b/scripts/omnl/omnl-user-cakra-office-create.sh new file mode 100755 index 0000000..190cd11 --- /dev/null +++ b/scripts/omnl/omnl-user-cakra-office-create.sh @@ -0,0 +1,105 @@ +#!/usr/bin/env bash +# OMNL Fineract — Staff + User for PT CAKRA office (President Director login, office-scoped). +# Default office: resolve by CAKRA_OFFICE_EXTERNAL_ID or CAKRA_OFFICE_ID (default external OMNL-ID-JKT-CAKRA-001). +# +# Env (required unless CAKRA_GENERATE_PASSWORD=1): +# OMNL_CAKRA_ADMIN_PASSWORD Password for Fineract user bpramukantoro +# Optional: +# CAKRA_GENERATE_PASSWORD=1 Generate a password and print it once to stderr (save securely). +# CAKRA_USERNAME default bpramukantoro +# CAKRA_OFFICE_ID integer office id (skips resolve by external id) +# CAKRA_OFFICE_EXTERNAL_ID default OMNL-ID-JKT-CAKRA-001 +# CAKRA_ROLE_NAME default "Office Admin" +# +# Requires: omnl-fineract/.env or .env with OMNL_FINERACT_* admin credentials. + +set -euo pipefail +REPO_ROOT="${REPO_ROOT:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +CAKRA_USERNAME="${CAKRA_USERNAME:-bpramukantoro}" +STAFF_FIRSTNAME="${CAKRA_STAFF_FIRSTNAME:-Bambang}" +STAFF_LASTNAME="${CAKRA_STAFF_LASTNAME:-Pramukantoro}" +CAKRA_OFFICE_EXTERNAL_ID="${CAKRA_OFFICE_EXTERNAL_ID:-OMNL-ID-JKT-CAKRA-001}" +CAKRA_OFFICE_ID="${CAKRA_OFFICE_ID:-}" +CAKRA_ROLE_NAME="${CAKRA_ROLE_NAME:-Office Admin}" +CAKRA_GENERATE_PASSWORD="${CAKRA_GENERATE_PASSWORD:-0}" + +if [ -f "${REPO_ROOT}/omnl-fineract/.env" ]; then set +u; source "${REPO_ROOT}/omnl-fineract/.env" 2>/dev/null || true; set -u; fi +if [ -f "${REPO_ROOT}/.env" ]; then set +u; source "${REPO_ROOT}/.env" 2>/dev/null || true; set -u; fi + +BASE_URL="${OMNL_FINERACT_BASE_URL:-}" +TENANT="${OMNL_FINERACT_TENANT:-omnl}" +ADMIN_USER="${OMNL_FINERACT_USER:-app.omnl}" +ADMIN_PASS="${OMNL_FINERACT_PASSWORD:-}" +CAKRA_PASS="${OMNL_CAKRA_ADMIN_PASSWORD:-}" + +[ -z "$BASE_URL" ] || [ -z "$ADMIN_PASS" ] && { echo "Set OMNL_FINERACT_BASE_URL and OMNL_FINERACT_PASSWORD" >&2; exit 1; } + +if [ -z "$CAKRA_PASS" ]; then + if [ "$CAKRA_GENERATE_PASSWORD" = "1" ]; then + CAKRA_PASS="$(openssl rand -base64 18 | tr -d '\n')" + echo "Generated password for ${CAKRA_USERNAME} (save securely, not logged again):" >&2 + echo "$CAKRA_PASS" >&2 + else + echo "Set OMNL_CAKRA_ADMIN_PASSWORD or run with CAKRA_GENERATE_PASSWORD=1" >&2 + exit 1 + fi +fi + +CURL_OPTS=(-s -S -w "\n%{http_code}" -H "Fineract-Platform-TenantId: ${TENANT}" -H "Content-Type: application/json" -u "${ADMIN_USER}:${ADMIN_PASS}") + +if [ -z "$CAKRA_OFFICE_ID" ]; then + offices_json=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/offices" 2>/dev/null | sed '$d') + CAKRA_OFFICE_ID=$(echo "$offices_json" | jq -r --arg e "$CAKRA_OFFICE_EXTERNAL_ID" '.[] | select(.externalId == $e) | .id' 2>/dev/null | head -1) +fi +if [ -z "$CAKRA_OFFICE_ID" ] || [ "$CAKRA_OFFICE_ID" = "null" ]; then + echo "Could not resolve office id for externalId=$CAKRA_OFFICE_EXTERNAL_ID (create office first)." >&2 + exit 1 +fi + +users_json=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/users" 2>/dev/null | sed '$d') +existing_uid=$(echo "$users_json" | jq -r --arg u "$CAKRA_USERNAME" '.[] | select(.username == $u) | .id' 2>/dev/null | head -1) +if [ -n "$existing_uid" ] && [ "$existing_uid" != "null" ]; then + echo "User already exists: username=$CAKRA_USERNAME userId=$existing_uid" >&2 + echo "USER_ID_CAKRA=$existing_uid" + exit 0 +fi + +EXISTING_STAFF=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/staff?officeId=${CAKRA_OFFICE_ID}" 2>/dev/null | sed '$d') +STAFF_ID=$(echo "$EXISTING_STAFF" | jq -r 'if type == "array" then (.[0].id // empty) else empty end' 2>/dev/null) +if [ -n "$STAFF_ID" ]; then + echo "Using existing staff id=$STAFF_ID for office $CAKRA_OFFICE_ID" >&2 +else + JOINING_DATE="${JOINING_DATE:-$(date +%Y-%m-%d)}" + STAFF_JSON=$(jq -n --argjson officeId "$CAKRA_OFFICE_ID" --arg fn "$STAFF_FIRSTNAME" --arg ln "$STAFF_LASTNAME" --arg jd "$JOINING_DATE" '{ officeId: $officeId, firstname: $fn, lastname: $ln, joiningDate: $jd, dateFormat: "yyyy-MM-dd", locale: "en", isActive: true }') + STAFF_OUT=$(curl "${CURL_OPTS[@]}" -X POST -d "$STAFF_JSON" "${BASE_URL}/staff" 2>/dev/null) + STAFF_CODE=$(echo "$STAFF_OUT" | tail -n1) + STAFF_RESP=$(echo "$STAFF_OUT" | sed '$d') + [ "$STAFF_CODE" = "200" ] || [ "${STAFF_CODE:0:1}" = "2" ] || { echo "Staff failed $STAFF_CODE: $STAFF_RESP" >&2; exit 1; } + STAFF_ID=$(echo "$STAFF_RESP" | jq -r '.resourceId // empty') + [ -n "$STAFF_ID" ] || { echo "No staff resourceId" >&2; exit 1; } + echo "Staff created id=$STAFF_ID" >&2 +fi + +ROLES_JSON=$(curl "${CURL_OPTS[@]}" "${BASE_URL}/roles" 2>/dev/null | sed '$d') +ROLE_ID=$(echo "$ROLES_JSON" | jq -r --arg rn "$CAKRA_ROLE_NAME" '(.[] | select(.name == $rn) | .id) // empty' 2>/dev/null | head -n1) +if [ -z "$ROLE_ID" ] || [ "$ROLE_ID" = "null" ]; then + ROLE_ID=$(echo "$ROLES_JSON" | jq -r '(.[] | select(.name == "Office Admin") | .id) // (.[] | select(.name != "Super user" and .name != "System") | .id) // .[0].id // 2' 2>/dev/null | head -n1) +fi +ROLE_ID=${ROLE_ID:-3} + +USER_JSON=$(jq -n --arg u "$CAKRA_USERNAME" --arg p "$CAKRA_PASS" --argjson sid "$STAFF_ID" --argjson oid "$CAKRA_OFFICE_ID" --arg fn "$STAFF_FIRSTNAME" --arg ln "$STAFF_LASTNAME" --argjson roleId "$ROLE_ID" '{ username: $u, password: $p, repeatPassword: $p, staffId: $sid, officeId: $oid, firstname: $fn, lastname: $ln, roles: [$roleId], passwordNeverExpires: true }') +USER_OUT=$(curl "${CURL_OPTS[@]}" -X POST -d "$USER_JSON" "${BASE_URL}/users" 2>/dev/null) +USER_CODE=$(echo "$USER_OUT" | tail -n1) +USER_RESP=$(echo "$USER_OUT" | sed '$d') +if [ "$USER_CODE" = "200" ] || [ "${USER_CODE:0:1}" = "2" ]; then + NEW_UID=$(echo "$USER_RESP" | jq -r '.resourceId // empty') + echo "User $CAKRA_USERNAME created for office $CAKRA_OFFICE_ID (userId=$NEW_UID)" >&2 + echo "USER_ID_CAKRA=${NEW_UID:-unknown}" + exit 0 +fi + +echo "POST /users failed HTTP $USER_CODE: $USER_RESP" >&2 +echo "Staff record is ready for manual linking: STAFF_ID_CAKRA=$STAFF_ID officeId=$CAKRA_OFFICE_ID" >&2 +echo "If this tenant returns 500 on POST /users (known on some HYBX builds), create the user in the Fineract UI:" >&2 +echo " Administration → Users → Create, office=$CAKRA_OFFICE_ID, link staff id $STAFF_ID, role Office Admin, username=$CAKRA_USERNAME" >&2 +exit 1 diff --git a/scripts/omnl/verify-ack-before-credit.sh b/scripts/omnl/verify-ack-before-credit.sh new file mode 100755 index 0000000..716a5c8 --- /dev/null +++ b/scripts/omnl/verify-ack-before-credit.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash +# Prove ACK instant is before journal credit (regulatory ordering: ack before credit). +# Usage: verify-ack-before-credit.sh +# ack.json: include "timestamp" or "ack_timestamp" as full ISO-8601 (UTC recommended). +# Fineract often returns transactionDate as YYYY-MM-DD only; we treat credit as end of that UTC day +# (conservative: ACK must be strictly before 23:59:59.999Z on that date unless you extend this script). +# +# Exit: 0 pass, 1 fail ordering, 2 usage/API/parse error. +set -eo pipefail +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +# shellcheck source=scripts/lib/load-project-env.sh +set +u +source "${REPO_ROOT}/scripts/lib/load-project-env.sh" +set -euo pipefail + +ACK_FILE="${1:-}" +JE_ID="${2:-}" +if [[ -z "$ACK_FILE" || -z "$JE_ID" || ! -f "$ACK_FILE" ]]; then + echo "Usage: $0 " >&2 + exit 2 +fi + +BASE_URL="${OMNL_FINERACT_BASE_URL:-}" +PASS="${OMNL_FINERACT_PASSWORD:-}" +USER="${OMNL_FINERACT_USER:-app.omnl}" +TENANT="${OMNL_FINERACT_TENANT:-omnl}" +if [[ -z "$BASE_URL" || -z "$PASS" ]]; then + echo "error: OMNL_FINERACT_BASE_URL and OMNL_FINERACT_PASSWORD required" >&2 + exit 2 +fi + +ACK_TS="$(jq -r '.timestamp // .ack_timestamp // empty' "$ACK_FILE")" +[[ -z "$ACK_TS" ]] && echo "error: ack file missing timestamp / ack_timestamp" >&2 && exit 2 + +JE_JSON="$(curl -sS -H "Fineract-Platform-TenantId: ${TENANT}" -u "${USER}:${PASS}" "${BASE_URL}/journalentries/${JE_ID}")" +CREDIT_DATE="$(echo "$JE_JSON" | jq -r '.transactionDate // empty')" +[[ -z "$CREDIT_DATE" ]] && echo "error: journalentries/${JE_ID} missing transactionDate" >&2 && exit 2 + +ACK_TS="$ACK_TS" CREDIT_DATE="$CREDIT_DATE" python3 <<'PY' +import os, sys +from datetime import datetime, timezone + +ack_s = os.environ["ACK_TS"].strip().replace("Z", "+00:00") +try: + ack = datetime.fromisoformat(ack_s) +except ValueError: + print("error: cannot parse ACK timestamp as ISO-8601", file=sys.stderr) + sys.exit(2) +if ack.tzinfo is None: + ack = ack.replace(tzinfo=timezone.utc) + +d = os.environ["CREDIT_DATE"].strip()[:10] +try: + y, m, day = (int(d[0:4]), int(d[5:7]), int(d[8:10])) + credit_end = datetime(y, m, day, 23, 59, 59, 999000, tzinfo=timezone.utc) +except Exception: + print("error: bad transactionDate", file=sys.stderr) + sys.exit(2) + +if ack < credit_end: + print(f"OK: ack {ack.isoformat()} is before credit value-date end {credit_end.isoformat()}") + sys.exit(0) +print(f"FAIL: ack {ack.isoformat()} is not before credit window end {credit_end.isoformat()}", file=sys.stderr) +sys.exit(1) +PY diff --git a/scripts/optimize-besu-nodes.sh b/scripts/optimize-besu-nodes.sh index 0d16650..21205e8 100755 --- a/scripts/optimize-besu-nodes.sh +++ b/scripts/optimize-besu-nodes.sh @@ -45,7 +45,6 @@ p2p-port=30303 # QBFT Consensus miner-enabled=false -miner-coinbase="0x0000000000000000000000000000000000000000" sync-mode="FULL" diff --git a/scripts/reassign-vlan200-to-vlan11.sh b/scripts/reassign-vlan200-to-vlan11.sh index e49fcfc..1641115 100755 --- a/scripts/reassign-vlan200-to-vlan11.sh +++ b/scripts/reassign-vlan200-to-vlan11.sh @@ -56,6 +56,7 @@ available_ips=( "${IP_SERVICE_52:-${IP_SERVICE_52:-192.168.11.52}}" "${DB_HOST:-192.168.11.53}" "${IP_ORDER_LEGAL:-192.168.11.87}" + "${IP_ORDER_MCP_LEGAL:-192.168.11.94}" "${IP_SERVICE_55:-${IP_SERVICE_55:-192.168.11.55}}" "${IP_SERVICE_56:-${IP_SERVICE_56:-192.168.11.56}}" "${IP_SERVICE_57:-${IP_SERVICE_57:-192.168.11.57}}" diff --git a/scripts/recreate-containers-privileged-and-complete-all.sh b/scripts/recreate-containers-privileged-and-complete-all.sh index 479fb15..07caa31 100644 --- a/scripts/recreate-containers-privileged-and-complete-all.sh +++ b/scripts/recreate-containers-privileged-and-complete-all.sh @@ -152,7 +152,7 @@ declare -A CONTAINERS=( ["10080"]="order-eresidency:${IP_SERVICE_43:-${IP_SERVICE_43:-${IP_SERVICE_43:-192.168.11.43}}}:2048:2:20" ["10090"]="order-portal-public:${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-${IP_SERVICE_36:-192.168.11.36}}}}}}:2048:2:20" ["10091"]="order-portal-internal:${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-192.168.11.35}}}}}}:2048:2:20" - ["10092"]="order-mcp-legal:${IP_MIM_WEB:-192.168.11.37}:2048:2:20" + ["10092"]="order-mcp-legal:${IP_ORDER_MCP_LEGAL:-192.168.11.94}:2048:2:20" ["10100"]="dbis-postgres-primary:${PROXMOX_HOST_ML110}5:4096:4:50" ["10101"]="dbis-postgres-replica-1:${PROXMOX_HOST_ML110}6:4096:4:50" ["10120"]="dbis-redis:${PROXMOX_HOST_R630_02}0:2048:2:20" diff --git a/scripts/run-completable-tasks-from-anywhere.sh b/scripts/run-completable-tasks-from-anywhere.sh index 0a069df..e5acb32 100755 --- a/scripts/run-completable-tasks-from-anywhere.sh +++ b/scripts/run-completable-tasks-from-anywhere.sh @@ -19,10 +19,12 @@ for a in "$@"; do [[ "$a" == "--dry-run" ]] && DRY_RUN=true && break; done if $DRY_RUN; then echo "=== Completable from anywhere (--dry-run: commands only) ===" echo "" - echo "1. Config validation: bash scripts/validation/validate-config-files.sh [--dry-run]" - echo "2. On-chain check (138): SKIP_EXIT=1 bash scripts/verify/check-contracts-on-chain-138.sh || true" - echo "3. All validation: bash scripts/verify/run-all-validation.sh --skip-genesis" - echo "4. Reconcile .env: bash scripts/verify/reconcile-env-canonical.sh --print" + echo "1. Config validation: bash scripts/validation/validate-config-files.sh [--dry-run]" + echo " (optional: python3 -m pip install check-jsonschema — step 1 then validates config/dbis-institutional JSON Schemas too)" + echo "2. On-chain check (138): SKIP_EXIT=1 bash scripts/verify/check-contracts-on-chain-138.sh || true" + echo "3. All validation: bash scripts/verify/run-all-validation.sh --skip-genesis" + echo "4. Public report API: SKIP_EXIT=1 bash scripts/verify/check-public-report-api.sh || true" + echo "5. Reconcile .env: bash scripts/verify/reconcile-env-canonical.sh --print" echo "" echo "Run without --dry-run to execute. Exit 0 = success." exit 0 @@ -32,22 +34,27 @@ echo "=== Completable from anywhere (no LAN/creds) ===" echo "" # 1. Config validation -echo "[Step 1/4] Config validation..." +echo "[Step 1/5] Config validation..." bash scripts/validation/validate-config-files.sh echo "" # 2. On-chain contract check (Chain 138) — may warn if RPC unreachable -echo "[Step 2/4] On-chain contract check (Chain 138)..." +echo "[Step 2/5] On-chain contract check (Chain 138)..." SKIP_EXIT=1 bash scripts/verify/check-contracts-on-chain-138.sh || true echo "" # 3. Full validation (skip genesis to avoid RPC) -echo "[Step 3/4] Run all validation (--skip-genesis)..." +echo "[Step 3/5] Run all validation (--skip-genesis)..." bash scripts/verify/run-all-validation.sh --skip-genesis echo "" # 4. Emit canonical .env lines for reconciliation -echo "[Step 4/4] Canonical .env (reconcile smom-dbis-138/.env)..." +echo "[Step 4/5] Public report API / token-aggregation health..." +SKIP_EXIT=1 bash scripts/verify/check-public-report-api.sh || true +echo "" + +# 5. Emit canonical .env lines for reconciliation +echo "[Step 5/5] Canonical .env (reconcile smom-dbis-138/.env)..." bash scripts/verify/reconcile-env-canonical.sh --print echo "" diff --git a/scripts/run-full-operator-completion-from-lan.sh b/scripts/run-full-operator-completion-from-lan.sh new file mode 100755 index 0000000..48f8064 --- /dev/null +++ b/scripts/run-full-operator-completion-from-lan.sh @@ -0,0 +1,412 @@ +#!/usr/bin/env bash +# Run the full remaining operator checklist from a LAN-connected host. +# Order: +# 1. Fix token-aggregation DB + explorer /api/v1 proxy +# 2. Wave 0 (NPMplus RPC fix + backup) +# 3. Blockscout verification +# 4. Public/private E2E +# 5. Optional E2E remediation +# 6. Optional config-ready chains + LINK funding +# 7. Optional Chain 138 next steps +# 8. Optional real sendCrossChain +# 9. Optional local security / cron +# 10. Final completion summary +# +# Usage: +# ./scripts/run-full-operator-completion-from-lan.sh --dry-run +# ./scripts/run-full-operator-completion-from-lan.sh +# ./scripts/run-full-operator-completion-from-lan.sh --fix-e2e-if-needed --install-cron +# ./scripts/run-full-operator-completion-from-lan.sh --include-config-ready-chains --include-chain138-next-steps +# ./scripts/run-full-operator-completion-from-lan.sh --include-send-cross-chain --send-amount 0.01 [--send-recipient 0x...] +# ./scripts/run-full-operator-completion-from-lan.sh --force-nginx-reset + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" +cd "$PROJECT_ROOT" + +if [[ -f "$PROJECT_ROOT/config/ip-addresses.conf" ]]; then + # shellcheck source=config/ip-addresses.conf + source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true +fi + +DRY_RUN=false +SKIP_TOKEN_API_FIX=false +SKIP_WAVE0=false +SKIP_VERIFY=false +SKIP_E2E=false +SKIP_BACKUP=false +FIX_E2E_IF_NEEDED=false +INCLUDE_CONFIG_READY_CHAINS=false +INCLUDE_CHAIN138_NEXT_STEPS=false +INCLUDE_SEND_CROSS_CHAIN=false +INSTALL_CRON=false +APPLY_LOCAL_SECURITY=false +FORCE_NGINX_RESET=false +TOKEN_AGG_PORT_OVERRIDE="" +LINK_AMOUNT="" +SEND_AMOUNT="" +SEND_RECIPIENT="" + +while [[ $# -gt 0 ]]; do + case "$1" in + --dry-run) DRY_RUN=true ;; + --skip-token-api-fix) SKIP_TOKEN_API_FIX=true ;; + --skip-wave0) SKIP_WAVE0=true ;; + --skip-verify) SKIP_VERIFY=true ;; + --skip-e2e) SKIP_E2E=true ;; + --skip-backup) SKIP_BACKUP=true ;; + --fix-e2e-if-needed) FIX_E2E_IF_NEEDED=true ;; + --include-config-ready-chains) INCLUDE_CONFIG_READY_CHAINS=true ;; + --include-chain138-next-steps) INCLUDE_CHAIN138_NEXT_STEPS=true ;; + --include-send-cross-chain) INCLUDE_SEND_CROSS_CHAIN=true ;; + --install-cron) INSTALL_CRON=true ;; + --apply-local-security) APPLY_LOCAL_SECURITY=true ;; + --force-nginx-reset) FORCE_NGINX_RESET=true ;; + --token-agg-port) + shift + TOKEN_AGG_PORT_OVERRIDE="${1:-}" + ;; + --link) + shift + LINK_AMOUNT="${1:-}" + ;; + --send-amount) + shift + SEND_AMOUNT="${1:-}" + ;; + --send-recipient) + shift + SEND_RECIPIENT="${1:-}" + ;; + -h|--help) + sed -n '1,28p' "$0" + exit 0 + ;; + *) + echo "Unknown argument: $1" >&2 + exit 1 + ;; + esac + shift +done + +if [[ "$INCLUDE_SEND_CROSS_CHAIN" == true && -z "$SEND_AMOUNT" ]]; then + echo "ERROR: --include-send-cross-chain requires --send-amount " >&2 + exit 1 +fi + +PROXMOX_HOST="${PROXMOX_HOST_OVERRIDE:-${PROXMOX_HOST_R630_02:-192.168.11.12}}" + +log_info() { printf '\033[0;34m[INFO]\033[0m %s\n' "$1"; } +log_ok() { printf '\033[0;32m[OK]\033[0m %s\n' "$1"; } +log_warn() { printf '\033[0;33m[WARN]\033[0m %s\n' "$1"; } +log_err() { printf '\033[0;31m[ERR]\033[0m %s\n' "$1"; } +section() { printf '\n=== %s ===\n' "$1"; } + +print_cmd() { + printf ' ' + printf '%q ' "$@" + printf '\n' +} + +run_cmd() { + if [[ "$DRY_RUN" == true ]]; then + printf '[DRY-RUN]\n' + print_cmd "$@" + return 0 + fi + "$@" +} + +run_ssh() { + if [[ "$DRY_RUN" == true ]]; then + printf '[DRY-RUN]\n' + print_cmd ssh "$@" + return 0 + fi + ssh "$@" +} + +run_scp() { + if [[ "$DRY_RUN" == true ]]; then + printf '[DRY-RUN]\n' + print_cmd scp "$@" + return 0 + fi + scp "$@" +} + +push_script_to_vmid5000() { + local local_script="$1" + local remote_tmp="/tmp/$(basename "$local_script")" + local remote_vm="/root/$(basename "$local_script")" + run_scp "$local_script" "root@${PROXMOX_HOST}:${remote_tmp}" + run_ssh "root@${PROXMOX_HOST}" "pct push 5000 ${remote_tmp} ${remote_vm}" + run_ssh "root@${PROXMOX_HOST}" "pct exec 5000 -- chmod +x ${remote_vm}" +} + +detect_token_agg_port() { + if [[ -n "$TOKEN_AGG_PORT_OVERRIDE" ]]; then + printf '%s\n' "$TOKEN_AGG_PORT_OVERRIDE" + return 0 + fi + + local attempt + for attempt in $(seq 1 12); do + if ssh "root@${PROXMOX_HOST}" "pct exec 5000 -- bash -lc ' + ss -lntp 2>/dev/null | grep -q \"*:3001\" && { echo 3001; exit 0; } + ss -lntp 2>/dev/null | grep -q \"*:3000\" && { echo 3000; exit 0; } + for p in 3001 3000; do + curl -fsS --max-time 5 http://127.0.0.1:\$p/api/v1/networks >/dev/null 2>&1 && { echo \$p; exit 0; } + done + exit 1 + '" 2>/dev/null; then + return 0 + fi + sleep 2 + done + return 1 +} + +fix_public_report_api() { + section "Step 1: Token-Aggregation DB + /api/v1 Proxy" + + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash "$SCRIPT_DIR/apply-token-aggregation-fix.sh" --dry-run + else + run_cmd bash "$SCRIPT_DIR/apply-token-aggregation-fix.sh" + fi + + local token_agg_port="${TOKEN_AGG_PORT_OVERRIDE:-auto}" + if [[ "$DRY_RUN" != true ]]; then + token_agg_port="$(detect_token_agg_port)" || { + log_err "Could not detect token-aggregation port inside VMID 5000. Re-run with --token-agg-port 3001 or 3000." + exit 1 + } + log_info "Detected token-aggregation port: ${token_agg_port}" + else + log_info "Would auto-detect token-aggregation port inside VMID 5000 (prefers 3001, then 3000)." + fi + + if [[ "$FORCE_NGINX_RESET" == true ]]; then + log_warn "Using full nginx reset for VMID 5000." + push_script_to_vmid5000 "$PROJECT_ROOT/explorer-monorepo/scripts/fix-nginx-conflicts-vmid5000.sh" + run_ssh "root@${PROXMOX_HOST}" "pct exec 5000 -- bash -lc '/root/fix-nginx-conflicts-vmid5000.sh'" + else + push_script_to_vmid5000 "$PROJECT_ROOT/explorer-monorepo/scripts/apply-nginx-token-aggregation-proxy.sh" + run_ssh "root@${PROXMOX_HOST}" "pct exec 5000 -- bash -lc 'TOKEN_AGG_PORT=${token_agg_port} CONFIG_FILE=/etc/nginx/sites-available/blockscout /root/apply-nginx-token-aggregation-proxy.sh'" + fi + + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash "$SCRIPT_DIR/verify/check-public-report-api.sh" + else + if ! bash "$SCRIPT_DIR/verify/check-public-report-api.sh"; then + log_warn "Public report API still failing after HTTPS proxy patch. Applying HTTP /api/v1/ fallback on VMID 5000..." + push_script_to_vmid5000 "$PROJECT_ROOT/scripts/fix-explorer-http-api-v1-proxy.sh" + run_ssh "root@${PROXMOX_HOST}" "pct exec 5000 -- bash -lc 'TOKEN_AGG_PORT=${token_agg_port} /root/fix-explorer-http-api-v1-proxy.sh'" + bash "$SCRIPT_DIR/verify/check-public-report-api.sh" + fi + fi + run_cmd bash "$PROJECT_ROOT/metamask-integration/chain138-snap/scripts/verify-snap-api-and-icons.sh" "https://explorer.d-bis.org" +} + +run_wave0() { + section "Step 2: Wave 0" + if [[ "$SKIP_BACKUP" == true ]]; then + run_cmd bash "$SCRIPT_DIR/run-wave0-from-lan.sh" --skip-backup + else + run_cmd bash "$SCRIPT_DIR/run-wave0-from-lan.sh" + fi +} + +run_blockscout_verify() { + section "Step 3: Blockscout Verification" + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash -lc "set -a; source '$PROJECT_ROOT/smom-dbis-138/.env' 2>/dev/null || true; set +a; '$SCRIPT_DIR/verify/run-contract-verification-with-proxy.sh'" + else + bash -lc "set -a; source '$PROJECT_ROOT/smom-dbis-138/.env' 2>/dev/null || true; set +a; '$SCRIPT_DIR/verify/run-contract-verification-with-proxy.sh'" + fi +} + +run_e2e_with_optional_fix() { + section "Step 4: Public/Private E2E" + + local public_ok=0 + local private_ok=0 + + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=public + run_cmd bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=private + if [[ "$FIX_E2E_IF_NEEDED" == true ]]; then + run_cmd bash "$SCRIPT_DIR/maintenance/address-all-remaining-502s.sh" --run-besu-fix --e2e --dry-run + fi + return 0 + fi + + if bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=public; then + public_ok=1 + log_ok "Public E2E passed." + else + log_warn "Public E2E failed." + fi + + if bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=private; then + private_ok=1 + log_ok "Private E2E passed." + else + log_warn "Private E2E failed." + fi + + if [[ "$public_ok" == 1 && "$private_ok" == 1 ]]; then + return 0 + fi + + if [[ "$FIX_E2E_IF_NEEDED" != true ]]; then + log_warn "E2E remediation not requested. Re-run with --fix-e2e-if-needed to attempt backend/NPM/Besu fixes." + return 0 + fi + + section "Step 4b: E2E Remediation" + bash "$SCRIPT_DIR/maintenance/address-all-remaining-502s.sh" --run-besu-fix --e2e + bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=public || log_warn "Public E2E still failing after remediation." + bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=private || log_warn "Private E2E still failing after remediation." +} + +run_config_ready_chains() { + section "Step 5: Config-Ready Chains + LINK Funding" + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash -lc "cd '$PROJECT_ROOT/smom-dbis-138' && DRY_RUN=1 ./scripts/deployment/complete-config-ready-chains.sh" + if [[ -n "$LINK_AMOUNT" ]]; then + run_cmd bash -lc "cd '$PROJECT_ROOT/smom-dbis-138' && ./scripts/deployment/fund-ccip-bridges-with-link.sh --dry-run --link '$LINK_AMOUNT'" + else + run_cmd bash -lc "cd '$PROJECT_ROOT/smom-dbis-138' && ./scripts/deployment/fund-ccip-bridges-with-link.sh --dry-run" + fi + return 0 + fi + + (cd "$PROJECT_ROOT/smom-dbis-138" && ./scripts/deployment/complete-config-ready-chains.sh) + if [[ -n "$LINK_AMOUNT" ]]; then + (cd "$PROJECT_ROOT/smom-dbis-138" && ./scripts/deployment/fund-ccip-bridges-with-link.sh --link "$LINK_AMOUNT") + else + (cd "$PROJECT_ROOT/smom-dbis-138" && ./scripts/deployment/fund-ccip-bridges-with-link.sh) + fi +} + +run_chain138_next_steps() { + section "Step 6: Chain 138 Next Steps" + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash "$SCRIPT_DIR/deployment/run-all-next-steps-chain138.sh" --dry-run + else + run_cmd bash "$SCRIPT_DIR/deployment/run-all-next-steps-chain138.sh" + fi +} + +run_send_cross_chain() { + section "Step 7: Real sendCrossChain" + if [[ -n "$SEND_RECIPIENT" ]]; then + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash "$SCRIPT_DIR/bridge/run-send-cross-chain.sh" "$SEND_AMOUNT" "$SEND_RECIPIENT" --dry-run + else + run_cmd bash "$SCRIPT_DIR/bridge/run-send-cross-chain.sh" "$SEND_AMOUNT" "$SEND_RECIPIENT" + fi + else + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash "$SCRIPT_DIR/bridge/run-send-cross-chain.sh" "$SEND_AMOUNT" --dry-run + else + run_cmd bash "$SCRIPT_DIR/bridge/run-send-cross-chain.sh" "$SEND_AMOUNT" + fi + fi +} + +run_local_security_and_cron() { + section "Step 8: Local Security + Cron" + + if [[ "$DRY_RUN" == true ]]; then + [[ -f "$PROJECT_ROOT/.env" ]] && run_cmd chmod 600 "$PROJECT_ROOT/.env" + [[ -f "$PROJECT_ROOT/smom-dbis-138/.env" ]] && run_cmd chmod 600 "$PROJECT_ROOT/smom-dbis-138/.env" + else + [[ -f "$PROJECT_ROOT/.env" ]] && chmod 600 "$PROJECT_ROOT/.env" + [[ -f "$PROJECT_ROOT/smom-dbis-138/.env" ]] && chmod 600 "$PROJECT_ROOT/smom-dbis-138/.env" + log_ok "Local .env permissions tightened where present." + fi + + if [[ "$APPLY_LOCAL_SECURITY" == true ]]; then + if [[ "$DRY_RUN" == true ]]; then + run_cmd bash "$SCRIPT_DIR/security/setup-ssh-key-auth.sh" --apply + run_cmd bash "$SCRIPT_DIR/security/firewall-proxmox-8006.sh" --apply "192.168.11.0/24" + else + run_cmd bash "$SCRIPT_DIR/security/setup-ssh-key-auth.sh" --apply + run_cmd bash "$SCRIPT_DIR/security/firewall-proxmox-8006.sh" --apply "192.168.11.0/24" + fi + else + run_cmd bash "$SCRIPT_DIR/security/setup-ssh-key-auth.sh" + run_cmd bash "$SCRIPT_DIR/security/firewall-proxmox-8006.sh" --dry-run "192.168.11.0/24" + fi + + if [[ "$INSTALL_CRON" == true ]]; then + run_cmd bash "$SCRIPT_DIR/maintenance/schedule-npmplus-backup-cron.sh" --install + run_cmd bash "$SCRIPT_DIR/maintenance/schedule-daily-weekly-cron.sh" --install + else + run_cmd bash "$SCRIPT_DIR/maintenance/schedule-npmplus-backup-cron.sh" --show + run_cmd bash "$SCRIPT_DIR/maintenance/schedule-daily-weekly-cron.sh" --show + fi +} + +print_external_remainder() { + section "Still Manual / External" + cat <<'EOF' +- LINK support on the mainnet relay: docs/07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md +- WEMIX verification if policy changes: docs/07-ccip/WEMIX_TOKEN_VERIFICATION.md +- Phase 2-4 infra expansion and observability: docs/00-meta/OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md +- Ledger, Trust Wallet, Consensys, CoinGecko, CMC submissions: docs/00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md +EOF +} + +section "Run Full Operator Completion" +printf ' dry-run=%s skip-token-api-fix=%s skip-wave0=%s skip-verify=%s skip-e2e=%s fix-e2e-if-needed=%s include-config-ready-chains=%s include-chain138-next-steps=%s include-send-cross-chain=%s install-cron=%s apply-local-security=%s force-nginx-reset=%s\n' \ + "$DRY_RUN" "$SKIP_TOKEN_API_FIX" "$SKIP_WAVE0" "$SKIP_VERIFY" "$SKIP_E2E" "$FIX_E2E_IF_NEEDED" "$INCLUDE_CONFIG_READY_CHAINS" "$INCLUDE_CHAIN138_NEXT_STEPS" "$INCLUDE_SEND_CROSS_CHAIN" "$INSTALL_CRON" "$APPLY_LOCAL_SECURITY" "$FORCE_NGINX_RESET" +printf ' proxmox-host=%s token-agg-port=%s\n' "$PROXMOX_HOST" "${TOKEN_AGG_PORT_OVERRIDE:-auto}" + +if [[ "$SKIP_TOKEN_API_FIX" != true ]]; then + fix_public_report_api +else + log_warn "Skipping token-aggregation/API fix." +fi + +if [[ "$SKIP_WAVE0" != true ]]; then + run_wave0 +else + log_warn "Skipping Wave 0." +fi + +if [[ "$SKIP_VERIFY" != true ]]; then + run_blockscout_verify +else + log_warn "Skipping Blockscout verification." +fi + +if [[ "$SKIP_E2E" != true ]]; then + run_e2e_with_optional_fix +else + log_warn "Skipping E2E." +fi + +if [[ "$INCLUDE_CONFIG_READY_CHAINS" == true ]]; then + run_config_ready_chains +fi + +if [[ "$INCLUDE_CHAIN138_NEXT_STEPS" == true ]]; then + run_chain138_next_steps +fi + +if [[ "$INCLUDE_SEND_CROSS_CHAIN" == true ]]; then + run_send_cross_chain +fi + +run_local_security_and_cron + +section "Step 9: Completion Summary" +run_cmd bash "$SCRIPT_DIR/verify/check-completion-status.sh" +print_external_remainder diff --git a/scripts/run-via-proxmox-ssh.sh b/scripts/run-via-proxmox-ssh.sh index c73aa54..623dc51 100644 --- a/scripts/run-via-proxmox-ssh.sh +++ b/scripts/run-via-proxmox-ssh.sh @@ -157,7 +157,9 @@ case "$MODE" in run_remote "$PROXMOX_HOST" "bash scripts/run-wave0-from-lan.sh $SKIP_BACKUP" ;; npmplus) - run_remote "$PROXMOX_HOST" "bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh" + # Large proxy lists can exceed default curl max-time (see NPM_CURL_MAX_TIME in update script). + _npm_curl_max="${NPM_CURL_MAX_TIME:-600}" + run_remote "$PROXMOX_HOST" "NPM_CURL_MAX_TIME=$_npm_curl_max bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh" ;; backup) run_remote "$PROXMOX_HOST" "bash scripts/verify/backup-npmplus.sh" diff --git a/scripts/update-all-dns-to-public-ip.sh b/scripts/update-all-dns-to-public-ip.sh index 6a23b34..4bf58fb 100755 --- a/scripts/update-all-dns-to-public-ip.sh +++ b/scripts/update-all-dns-to-public-ip.sh @@ -332,6 +332,7 @@ main() { "www" # www.sankofa.nexus "portal" # portal.sankofa.nexus (client SSO) "admin" # admin.sankofa.nexus (client access admin) + "dash" # dash.sankofa.nexus (operator dash; NPM upstream may follow portal until IP_SANKOFA_DASH set) "keycloak" # keycloak.sankofa.nexus (IdP) "studio" # studio.sankofa.nexus (FusionAI Creator) "phoenix" # phoenix.sankofa.nexus @@ -349,6 +350,26 @@ main() { # d-bis.org domain records if [ "$run_dbis" = 1 ] && [ -n "$ZONE_D_BIS_ORG" ]; then DBIS_RECORDS=( + "@" # d-bis.org (public apex) + "www" # www.d-bis.org → NPM (301 to apex in advanced_config) + "admin" # admin.d-bis.org (canonical admin console) + "core" # core.d-bis.org (DBIS Core client portal) + "members" # members.d-bis.org (institutional program) + "developers" # developers.d-bis.org + "data" # data.d-bis.org (API / health) + "research" # research.d-bis.org + "policy" # policy.d-bis.org + "ops" # ops.d-bis.org + "identity" # identity.d-bis.org + "status" # status.d-bis.org + "sandbox" # sandbox.d-bis.org + "interop" # interop.d-bis.org + "docs" # docs.d-bis.org + "mifos" # mifos.d-bis.org + "dapp" # dapp.d-bis.org + "gitea" # gitea.d-bis.org + "dev" # dev.d-bis.org + "codespaces" # codespaces.d-bis.org "rpc-http-pub" # rpc-http-pub.d-bis.org "rpc-ws-pub" # rpc-ws-pub.d-bis.org "rpc" # rpc.d-bis.org (primary RPC) @@ -357,8 +378,19 @@ main() { "ws.rpc2" # ws.rpc2.d-bis.org (secondary WebSocket) "rpc-http-prv" # rpc-http-prv.d-bis.org "rpc-ws-prv" # rpc-ws-prv.d-bis.org + "rpc-core" # rpc-core.d-bis.org (alias to VMID 2101 core RPC; deploy still prefers IP:8545) + "rpc-fireblocks" # rpc-fireblocks.d-bis.org + "ws.rpc-fireblocks" # ws.rpc-fireblocks.d-bis.org + "rpc-alltra" # rpc-alltra.d-bis.org + "rpc-alltra-2" # rpc-alltra-2.d-bis.org + "rpc-alltra-3" # rpc-alltra-3.d-bis.org + "rpc-hybx" # rpc-hybx.d-bis.org + "rpc-hybx-2" # rpc-hybx-2.d-bis.org + "rpc-hybx-3" # rpc-hybx-3.d-bis.org + "cacti-alltra" # cacti-alltra.d-bis.org + "cacti-hybx" # cacti-hybx.d-bis.org "explorer" # explorer.d-bis.org - "dbis-admin" # dbis-admin.d-bis.org + "dbis-admin" # dbis-admin.d-bis.org (legacy alias) "dbis-api" # dbis-api.d-bis.org "dbis-api-2" # dbis-api-2.d-bis.org "secure" # secure.d-bis.org diff --git a/scripts/validation/validate-config-files.sh b/scripts/validation/validate-config-files.sh index e58c209..d98a376 100755 --- a/scripts/validation/validate-config-files.sh +++ b/scripts/validation/validate-config-files.sh @@ -51,7 +51,7 @@ check_env() { if $DRY_RUN; then echo "=== Validation (--dry-run: would check) ===" - echo " REQUIRED_FILES: ${REQUIRED_FILES:-}" + echo " REQUIRED_FILES: ${REQUIRED_FILES:-}" echo " OPTIONAL_ENV: ${OPTIONAL_ENV:-}" exit 0 fi @@ -63,6 +63,7 @@ if [[ -n "$REQUIRED_FILES" ]]; then else # Default: check common locations [[ -d "$PROJECT_ROOT/config" ]] && check_file "$PROJECT_ROOT/config/ip-addresses.conf" || true + [[ -f "$PROJECT_ROOT/config/smart-contracts-master.json" ]] && check_file "$PROJECT_ROOT/config/smart-contracts-master.json" || true [[ -f "$PROJECT_ROOT/.env.example" ]] && log_ok ".env.example present (copy to .env and fill)" || true # Token mapping (Chain 138 ↔ Mainnet): optional but validate structure if present if [[ -f "$PROJECT_ROOT/config/token-mapping.json" ]]; then @@ -91,6 +92,283 @@ else fi fi fi + if [[ -f "$PROJECT_ROOT/config/gru-transport-active.json" ]]; then + log_ok "Found: config/gru-transport-active.json" + if command -v jq &>/dev/null; then + if jq -e ' + (.system.name | type == "string") + and (.system.shortName | type == "string") + and (.enabledCanonicalTokens | type == "array") + and (.enabledDestinationChains | type == "array") + and (.approvedBridgePeers | type == "array") + and (.transportPairs | type == "array") + and (.publicPools | type == "array") + ' "$PROJECT_ROOT/config/gru-transport-active.json" &>/dev/null; then + log_ok "gru-transport-active.json: top-level overlay structure is valid" + else + log_err "gru-transport-active.json: invalid top-level structure" + ERRORS=$((ERRORS + 1)) + fi + fi + + if command -v node &>/dev/null; then + if PROJECT_ROOT="$PROJECT_ROOT" node <<'NODE' +const fs = require('fs'); +const path = require('path'); + +const projectRoot = process.env.PROJECT_ROOT; + +function readJson(relativePath) { + return JSON.parse(fs.readFileSync(path.join(projectRoot, relativePath), 'utf8')); +} + +function normalizeAddress(address) { + return typeof address === 'string' ? address.trim().toLowerCase() : ''; +} + +function isNonZeroAddress(address) { + const normalized = normalizeAddress(address); + return /^0x[a-f0-9]{40}$/.test(normalized) && normalized !== '0x0000000000000000000000000000000000000000'; +} + +function refConfigured(ref) { + return !!ref && typeof ref === 'object' && ( + (typeof ref.address === 'string' && ref.address.trim() !== '') || + (typeof ref.env === 'string' && ref.env.trim() !== '') + ); +} + +const active = readJson('config/gru-transport-active.json'); +const multichain = readJson('config/token-mapping-multichain.json'); +const deployment = readJson('cross-chain-pmm-lps/config/deployment-status.json'); +const poolMatrix = readJson('cross-chain-pmm-lps/config/pool-matrix.json'); +const currencyManifest = readJson('config/gru-iso4217-currency-manifest.json'); + +const errors = []; + +const canonicalChainId = Number(active.system?.canonicalChainId ?? 138); +const enabledCanonicalTokens = Array.isArray(active.enabledCanonicalTokens) ? active.enabledCanonicalTokens : []; +const enabledCanonical = new Set(enabledCanonicalTokens.map((token) => String(token.symbol))); +const enabledChainsArray = Array.isArray(active.enabledDestinationChains) ? active.enabledDestinationChains : []; +const enabledChains = new Set(enabledChainsArray.map((chain) => Number(chain.chainId))); +const peersByKey = new Map((active.approvedBridgePeers || []).map((peer) => [String(peer.key), peer])); +const reserveVerifiers = active.reserveVerifiers && typeof active.reserveVerifiers === 'object' + ? active.reserveVerifiers + : {}; +const transportPairsByKey = new Map((active.transportPairs || []).map((pair) => [String(pair.key), pair])); +const publicPoolsByKey = new Map((active.publicPools || []).map((pool) => [String(pool.key), pool])); +const manifestByCode = new Map((currencyManifest.currencies || []).map((currency) => [String(currency.code), currency])); + +function getMappingPair(fromChainId, toChainId) { + return (multichain.pairs || []).find( + (entry) => Number(entry.fromChainId) === Number(fromChainId) && Number(entry.toChainId) === Number(toChainId) + ); +} + +function getMappingToken(fromChainId, toChainId, mappingKey) { + const pair = getMappingPair(fromChainId, toChainId); + if (!pair) return null; + return (pair.tokens || []).find((token) => token.key === mappingKey) || null; +} + +function getExpectedPoolKey(chainId, mirroredSymbol) { + const chain = poolMatrix.chains?.[String(chainId)]; + const hubStable = typeof chain?.hubStable === 'string' ? chain.hubStable.trim() : ''; + if (!hubStable) return null; + return `${chainId}-${mirroredSymbol}-${hubStable}`; +} + +for (const chain of active.enabledDestinationChains || []) { + if (!peersByKey.has(String(chain.peerKey || ''))) { + errors.push(`enabledDestinationChains[${chain.chainId}] references missing peerKey ${chain.peerKey}`); + } +} + +for (const token of enabledCanonicalTokens) { + const currency = manifestByCode.get(String(token.currencyCode || '')); + if (!currency) { + errors.push(`enabledCanonicalTokens[${token.symbol}] references missing currencyCode ${token.currencyCode} in gru-iso4217-currency-manifest.json`); + continue; + } + if (currency.status?.deployed !== true) { + errors.push(`enabledCanonicalTokens[${token.symbol}] requires manifest currency ${token.currencyCode} to be deployed`); + } + if (currency.status?.transportActive !== true) { + errors.push(`enabledCanonicalTokens[${token.symbol}] requires manifest currency ${token.currencyCode} to mark transportActive=true`); + } +} + +for (const pair of active.transportPairs || []) { + const canonicalChainId = Number(pair.canonicalChainId ?? active.system?.canonicalChainId ?? 138); + const destinationChainId = Number(pair.destinationChainId); + const canonicalSymbol = String(pair.canonicalSymbol || ''); + const mirroredSymbol = String(pair.mirroredSymbol || ''); + + if (!enabledCanonical.has(canonicalSymbol)) { + errors.push(`transportPairs[${pair.key}] uses canonicalSymbol ${canonicalSymbol} which is not enabled`); + } + + if (!enabledChains.has(destinationChainId)) { + errors.push(`transportPairs[${pair.key}] uses destinationChainId ${destinationChainId} which is not enabled`); + } + + const peer = peersByKey.get(String(pair.peerKey || '')); + if (!peer) { + errors.push(`transportPairs[${pair.key}] is missing approved bridge peer ${pair.peerKey}`); + } else { + if (!refConfigured(peer.l1Bridge)) { + errors.push(`approvedBridgePeers[${peer.key}] is missing l1Bridge wiring`); + } + if (!refConfigured(peer.l2Bridge)) { + errors.push(`approvedBridgePeers[${peer.key}] is missing l2Bridge wiring`); + } + } + + const maxOutstanding = pair.maxOutstanding && typeof pair.maxOutstanding === 'object' ? pair.maxOutstanding : null; + if (!maxOutstanding || (!maxOutstanding.amount && !maxOutstanding.env)) { + errors.push(`transportPairs[${pair.key}] is missing maxOutstanding amount/env`); + } + + const mappingToken = getMappingToken(canonicalChainId, destinationChainId, pair.mappingKey); + if (!mappingToken) { + errors.push(`transportPairs[${pair.key}] mappingKey ${pair.mappingKey} is missing from token-mapping-multichain.json`); + } else { + if (!isNonZeroAddress(mappingToken.addressFrom)) { + errors.push(`transportPairs[${pair.key}] has invalid canonical addressFrom in token-mapping-multichain.json`); + } + if (!isNonZeroAddress(mappingToken.addressTo)) { + errors.push(`transportPairs[${pair.key}] mapping exists but cW pair is not deployed (addressTo missing/zero)`); + } + } + + const deploymentChain = deployment.chains?.[String(destinationChainId)]; + const deployedMirror = deploymentChain?.cwTokens?.[mirroredSymbol]; + if (!deploymentChain || !isNonZeroAddress(deployedMirror)) { + errors.push(`transportPairs[${pair.key}] mapping exists but deployment-status.json has no deployed ${mirroredSymbol} for chain ${destinationChainId}`); + } else if (mappingToken && normalizeAddress(deployedMirror) !== normalizeAddress(mappingToken.addressTo)) { + errors.push(`transportPairs[${pair.key}] deployment-status.json ${mirroredSymbol} does not match token-mapping-multichain.json addressTo`); + } + + if ((pair.publicPoolKeys || []).length > 0) { + for (const publicPoolKey of pair.publicPoolKeys) { + if (!publicPoolsByKey.has(String(publicPoolKey))) { + errors.push(`transportPairs[${pair.key}] references missing public pool key ${publicPoolKey}`); + } + } + } + + if (pair.reserveVerifierKey) { + const verifier = reserveVerifiers[pair.reserveVerifierKey]; + if (!verifier) { + errors.push(`transportPairs[${pair.key}] requires missing reserve verifier ${pair.reserveVerifierKey}`); + } else { + if (!refConfigured(verifier.bridgeRef)) { + errors.push(`reserveVerifiers.${pair.reserveVerifierKey} is missing bridgeRef wiring`); + } + if (!refConfigured(verifier.verifierRef)) { + errors.push(`reserveVerifiers.${pair.reserveVerifierKey} is missing verifierRef wiring`); + } + if (verifier.requireVaultBacking && !refConfigured(verifier.vaultRef)) { + errors.push(`reserveVerifiers.${pair.reserveVerifierKey} requires vault backing but vaultRef is unset`); + } + if (verifier.requireReserveSystemBalance && !refConfigured(verifier.reserveSystemRef)) { + errors.push(`reserveVerifiers.${pair.reserveVerifierKey} requires reserve-system balance checks but reserveSystemRef is unset`); + } + } + } +} + +for (const pool of active.publicPools || []) { + if (pool.active === true) { + if (!isNonZeroAddress(pool.poolAddress)) { + errors.push(`publicPools[${pool.key}] is active but has no poolAddress`); + continue; + } + const deploymentChain = deployment.chains?.[String(pool.chainId)]; + const deployedPools = Array.isArray(deploymentChain?.pmmPools) ? deploymentChain.pmmPools : []; + const deploymentMatch = deployedPools.some((entry) => normalizeAddress(entry?.poolAddress) === normalizeAddress(pool.poolAddress)); + if (!deploymentMatch) { + errors.push(`publicPools[${pool.key}] is active but deployment-status.json does not contain its poolAddress`); + } + } +} + +for (const [chainIdKey, deploymentChain] of Object.entries(deployment.chains || {})) { + const destinationChainId = Number(chainIdKey); + if (destinationChainId === canonicalChainId) continue; + if (deploymentChain?.bridgeAvailable !== true) continue; + + const mappingPair = getMappingPair(canonicalChainId, destinationChainId); + if (!mappingPair) continue; + + let compatible = true; + for (const token of enabledCanonicalTokens) { + const mappingKey = String(token.mappingKey || ''); + const mirroredSymbol = String(token.mirroredSymbol || ''); + const mappingToken = mappingKey ? (mappingPair.tokens || []).find((entry) => entry.key === mappingKey) : null; + const deployedMirror = deploymentChain?.cwTokens?.[mirroredSymbol]; + const expectedPoolKey = getExpectedPoolKey(destinationChainId, mirroredSymbol); + + if ( + !mappingKey || + !mappingToken || + !isNonZeroAddress(mappingToken.addressTo) || + !isNonZeroAddress(deployedMirror) || + normalizeAddress(mappingToken.addressTo) !== normalizeAddress(deployedMirror) || + !expectedPoolKey + ) { + compatible = false; + break; + } + } + + if (!compatible) continue; + + const enabledChain = enabledChainsArray.find((chain) => Number(chain.chainId) === destinationChainId); + if (!enabledChain) { + errors.push(`compatible destination chain ${destinationChainId} (${deploymentChain?.name || 'unknown'}) is missing from enabledDestinationChains`); + continue; + } + + for (const token of enabledCanonicalTokens) { + const expectedPairKey = `${canonicalChainId}-${destinationChainId}-${token.symbol}-${token.mirroredSymbol}`; + const expectedPoolKey = getExpectedPoolKey(destinationChainId, String(token.mirroredSymbol || '')); + const pair = transportPairsByKey.get(expectedPairKey); + + if (!pair) { + errors.push(`compatible destination chain ${destinationChainId} is missing transport pair ${expectedPairKey}`); + continue; + } + + if (expectedPoolKey && !publicPoolsByKey.has(expectedPoolKey)) { + errors.push(`compatible destination chain ${destinationChainId} is missing public pool placeholder ${expectedPoolKey}`); + } + + if (expectedPoolKey && !(pair.publicPoolKeys || []).includes(expectedPoolKey)) { + errors.push(`transportPairs[${pair.key}] must include the pool-matrix first-hop key ${expectedPoolKey}`); + } + } +} + +if (errors.length > 0) { + console.error(errors.join('\n')); + process.exit(1); +} +NODE + then + log_ok "gru-transport-active.json: overlay cross-checks passed" + else + log_err "gru-transport-active.json: overlay cross-checks failed" + ERRORS=$((ERRORS + 1)) + fi + else + log_err "Node.js is required to validate gru-transport-active.json cross-file wiring" + ERRORS=$((ERRORS + 1)) + fi + else + log_err "Missing config/gru-transport-active.json" + ERRORS=$((ERRORS + 1)) + fi [[ -f "$PROJECT_ROOT/config/smart-contracts-master.json" ]] && log_ok "Found: config/smart-contracts-master.json" || true # Token lists (Uniswap format): validate structure if present for list in token-lists/lists/dbis-138.tokenlist.json token-lists/lists/cronos.tokenlist.json token-lists/lists/all-mainnet.tokenlist.json; do @@ -154,6 +432,79 @@ else log_err "Missing config/proxmox-operational-template.json" ERRORS=$((ERRORS + 1)) fi + if [[ -f "$PROJECT_ROOT/config/gru-iso4217-currency-manifest.json" ]]; then + log_ok "Found: config/gru-iso4217-currency-manifest.json" + if command -v jq &>/dev/null; then + if jq -e ' + (.name | type == "string") + and (.version | type == "string") + and (.updated | type == "string") + and (.canonicalChainId | type == "number") + and (.currencies | type == "array") + and ((.currencies | length) > 0) + and ((.currencies | map(.code) | unique | length) == (.currencies | length)) + and ( + all(.currencies[]; + (.code | type == "string") + and ((.code | length) >= 3) + and (.name | type == "string") + and (.type == "fiat" or .type == "commodity") + and ((.minorUnits == null) or (.minorUnits | type == "number")) + and (.status.planned | type == "boolean") + and (.status.deployed | type == "boolean") + and (.status.transportActive | type == "boolean") + and (.status.x402Ready | type == "boolean") + and (.canonicalAssets | type == "object") + ) + ) + ' "$PROJECT_ROOT/config/gru-iso4217-currency-manifest.json" &>/dev/null; then + log_ok "gru-iso4217-currency-manifest.json: top-level manifest structure is valid" + else + log_err "gru-iso4217-currency-manifest.json: invalid top-level structure" + ERRORS=$((ERRORS + 1)) + fi + fi + fi + if [[ -f "$PROJECT_ROOT/config/gru-standards-profile.json" ]]; then + log_ok "Found: config/gru-standards-profile.json" + if command -v jq &>/dev/null; then + if jq -e ' + (.name | type == "string") + and (.profileId | type == "string") + and (.version | type == "string") + and (.updated | type == "string") + and (.canonicalChainId | type == "number") + and (.scope | type == "object") + and (.paymentProfiles | type == "array") + and (.baseTokenStandards | type == "array") + and (.transportAndWrapperStandards | type == "array") + and (.governanceAndPolicyStandards | type == "array") + ' "$PROJECT_ROOT/config/gru-standards-profile.json" &>/dev/null; then + log_ok "gru-standards-profile.json: top-level standards profile structure is valid" + else + log_err "gru-standards-profile.json: invalid top-level structure" + ERRORS=$((ERRORS + 1)) + fi + + if jq -e ' + (.canonicalChainId == $activeChain) + and (.canonicalChainId == $manifestChain) + and (.references.transportOverlay == "config/gru-transport-active.json") + and (.references.currencyManifest == "config/gru-iso4217-currency-manifest.json") + ' \ + --argjson activeChain "$(jq -r '.system.canonicalChainId' "$PROJECT_ROOT/config/gru-transport-active.json")" \ + --argjson manifestChain "$(jq -r '.canonicalChainId' "$PROJECT_ROOT/config/gru-iso4217-currency-manifest.json")" \ + "$PROJECT_ROOT/config/gru-standards-profile.json" &>/dev/null; then + log_ok "gru-standards-profile.json: canonical-chain and reference wiring matches active overlay + currency manifest" + else + log_err "gru-standards-profile.json: canonical-chain or reference wiring does not match active overlay / currency manifest" + ERRORS=$((ERRORS + 1)) + fi + fi + else + log_err "Missing config/gru-standards-profile.json" + ERRORS=$((ERRORS + 1)) + fi fi if [[ -n "$OPTIONAL_ENV" ]]; then @@ -162,6 +513,34 @@ if [[ -n "$OPTIONAL_ENV" ]]; then done fi +# DBIS institutional Digital Master Plan example JSON +if [[ -f "$PROJECT_ROOT/config/dbis-institutional/examples/trust.json" ]] && [[ -x "$SCRIPT_DIR/validate-dbis-institutional-json.sh" ]]; then + if bash "$SCRIPT_DIR/validate-dbis-institutional-json.sh" &>/dev/null; then + log_ok "DBIS institutional examples (JSON parse)" + else + log_err "DBIS institutional examples failed JSON parse" + ERRORS=$((ERRORS + 1)) + fi +fi + +if command -v check-jsonschema &>/dev/null && [[ -x "$SCRIPT_DIR/validate-dbis-institutional-schemas.sh" ]]; then + if SCHEMA_STRICT=1 bash "$SCRIPT_DIR/validate-dbis-institutional-schemas.sh" &>/dev/null; then + log_ok "DBIS institutional JSON Schemas (settlement-event, address-registry-entry)" + else + log_err "DBIS institutional JSON Schema validation failed (pip install check-jsonschema)" + ERRORS=$((ERRORS + 1)) + fi +fi + +if [[ -f "$PROJECT_ROOT/config/smart-contracts-master.json" ]] && command -v jq &>/dev/null && [[ -x "$SCRIPT_DIR/validate-explorer-chain138-inventory.sh" ]]; then + if bash "$SCRIPT_DIR/validate-explorer-chain138-inventory.sh" &>/dev/null; then + log_ok "Explorer address-inventory Chain 138 vs smart-contracts-master.json" + else + log_err "Explorer address-inventory Chain 138 drift (see validate-explorer-chain138-inventory.sh)" + ERRORS=$((ERRORS + 1)) + fi +fi + if [[ $ERRORS -gt 0 ]]; then log_err "Validation failed with $ERRORS error(s). Set VALIDATE_REQUIRED_FILES='path1 path2' to require specific files." exit 1 diff --git a/scripts/validation/validate-dbis-identity-package.sh b/scripts/validation/validate-dbis-identity-package.sh new file mode 100755 index 0000000..732993b --- /dev/null +++ b/scripts/validation/validate-dbis-identity-package.sh @@ -0,0 +1,389 @@ +#!/usr/bin/env bash +# Validate the DBIS identity completion package. +# Usage: +# bash scripts/validation/validate-dbis-identity-package.sh \ +# --package config/production/dbis-identity-public-did-package.json \ +# --secrets config/production/dbis-identity-public-did-secrets.env +# +# For template validation only: +# bash scripts/validation/validate-dbis-identity-package.sh \ +# --package config/production/dbis-identity-public-did-package.example.json \ +# --secrets config/production/dbis-identity-public-did-secrets.example.env \ +# --allow-placeholders + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" + +PACKAGE_PATH="$PROJECT_ROOT/config/production/dbis-identity-public-did-package.json" +SECRETS_PATH="$PROJECT_ROOT/config/production/dbis-identity-public-did-secrets.env" +ALLOW_PLACEHOLDERS=false +PARTIAL_EXTERNAL_ALLOWED=false + +log_info() { echo "[INFO] $1"; } +log_ok() { echo "[OK] $1"; } +log_warn() { echo "[WARN] $1"; } +log_err() { echo "[ERROR] $1"; } + +while [[ $# -gt 0 ]]; do + case "$1" in + --package) + PACKAGE_PATH="$2" + shift 2 + ;; + --secrets) + SECRETS_PATH="$2" + shift 2 + ;; + --allow-placeholders) + ALLOW_PLACEHOLDERS=true + shift + ;; + *) + log_err "Unknown argument: $1" + exit 1 + ;; + esac +done + +ERRORS=0 +WARNINGS=0 + +require_file() { + local path="$1" + if [[ -f "$path" ]]; then + log_ok "Found: $path" + else + log_err "Missing file: $path" + ERRORS=$((ERRORS + 1)) + fi +} + +check_placeholder_string() { + local label="$1" + local value="$2" + if [[ -z "$value" ]]; then + log_err "$label is empty" + ERRORS=$((ERRORS + 1)) + return + fi + if [[ "$value" == *"/dev/null 2>&1; then + log_err "jq is required" + exit 1 +fi + +if [[ $ERRORS -gt 0 ]]; then + exit 1 +fi + +if jq -e ' + (.schemaVersion | type == "string") and + (.programId | type == "string") and + (.packageStatus | type == "string") and + (.ariesAgent.adminUrl | type == "string") and + (.ariesAgent.didcommUrl | type == "string") and + (.ariesAgent.walletType | type == "string") and + (.ariesAgent.adminAuthMode | type == "string") and + (.ariesAgent.adminApiKeyEnv | type == "string") and + (.ledger.type | type == "string") and + (.ledger.targetNetwork | type == "string") and + (.ledger.trustScope | type == "string") and + (.ledger.poolName | type == "string") and + (.ledger.genesisSource | type == "string") and + (.ledger.didMethod | type == "string") and + (.ledger.nymWriteMode | type == "string") and + (.governance.governanceVersion | type == "string") and + (.governance.changeControlRef | type == "string") and + (.governance.changeControlFormat | type == "string") and + (.governance.operatorOwner | type == "string") and + (.governance.approvalOwner | type == "string") and + (.governance.endorserGovernanceModel.type | type == "string") and + (.governance.endorserGovernanceModel.quorum | type == "string") and + (.governance.endorserGovernanceModel.custodians | type == "array") and + (.governance.endorserGovernanceModel.custodians | length >= 3) and + (.governance.endorserGovernanceModel.singleKeyDidControl | type == "string") and + (.governance.endorserGovernanceModel.currentPhase | type == "string") and + (.governance.endorserGovernanceModel.futurePhases | type == "array") and + (.governance.endorserGovernanceModel.futurePhases | length >= 1) and + (.roles.author.alias | type == "string") and + (.roles.author.connectionIdEnv | type == "string") and + (.roles.endorser.alias | type == "string") and + (.roles.endorser.did | type == "string") and + (.roles.endorser.connectionIdEnv | type == "string") and + (.anoncreds.schemas | type == "array") and + (.anoncreds.schemas | length >= 1) and + (.anoncreds.verificationProfiles | type == "array") and + (.anoncreds.verificationProfiles | length >= 1) and + (.evidence.outputDir | type == "string") and + (.evidence.requiredArtifacts | type == "array") and + (.evidence.requiredArtifacts | length >= 1) +' "$PACKAGE_PATH" >/dev/null; then + log_ok "Package JSON structure is valid" +else + log_err "Package JSON structure is invalid" + ERRORS=$((ERRORS + 1)) +fi + +PACKAGE_STATUS="$(jq -r '.packageStatus' "$PACKAGE_PATH")" +if [[ "$PACKAGE_STATUS" == "awaiting-external-endorser" ]]; then + PARTIAL_EXTERNAL_ALLOWED=true + log_info "Package status allows external-governance gaps to remain warnings" +fi + +check_placeholder_string "schemaVersion" "$(jq -r '.schemaVersion' "$PACKAGE_PATH")" +check_placeholder_string "programId" "$(jq -r '.programId' "$PACKAGE_PATH")" +check_placeholder_string "ariesAgent.adminUrl" "$(jq -r '.ariesAgent.adminUrl' "$PACKAGE_PATH")" +check_placeholder_string "ariesAgent.didcommUrl" "$(jq -r '.ariesAgent.didcommUrl' "$PACKAGE_PATH")" +check_placeholder_string "ariesAgent.adminAuthMode" "$(jq -r '.ariesAgent.adminAuthMode' "$PACKAGE_PATH")" +check_placeholder_string "ledger.targetNetwork" "$(jq -r '.ledger.targetNetwork' "$PACKAGE_PATH")" +check_placeholder_string "ledger.trustScope" "$(jq -r '.ledger.trustScope' "$PACKAGE_PATH")" +check_placeholder_string "ledger.poolName" "$(jq -r '.ledger.poolName' "$PACKAGE_PATH")" +check_placeholder_string "ledger.genesisSource" "$(jq -r '.ledger.genesisSource' "$PACKAGE_PATH")" +check_placeholder_string "ledger.didMethod" "$(jq -r '.ledger.didMethod' "$PACKAGE_PATH")" +check_placeholder_string "ledger.nymWriteMode" "$(jq -r '.ledger.nymWriteMode' "$PACKAGE_PATH")" +check_placeholder_string "governance.governanceVersion" "$(jq -r '.governance.governanceVersion' "$PACKAGE_PATH")" +CHANGE_CONTROL_REF="$(jq -r '.governance.changeControlRef' "$PACKAGE_PATH")" +check_placeholder_string "governance.changeControlRef" "$CHANGE_CONTROL_REF" +check_change_control_ref "$CHANGE_CONTROL_REF" +check_placeholder_string "governance.changeControlFormat" "$(jq -r '.governance.changeControlFormat' "$PACKAGE_PATH")" +check_placeholder_string "governance.operatorOwner" "$(jq -r '.governance.operatorOwner' "$PACKAGE_PATH")" +check_placeholder_string "governance.approvalOwner" "$(jq -r '.governance.approvalOwner' "$PACKAGE_PATH")" +check_placeholder_string "governance.endorserGovernanceModel.type" "$(jq -r '.governance.endorserGovernanceModel.type' "$PACKAGE_PATH")" +GOV_QUORUM="$(jq -r '.governance.endorserGovernanceModel.quorum' "$PACKAGE_PATH")" +check_placeholder_string "governance.endorserGovernanceModel.quorum" "$GOV_QUORUM" +check_quorum_format "$GOV_QUORUM" +check_placeholder_string "governance.endorserGovernanceModel.singleKeyDidControl" "$(jq -r '.governance.endorserGovernanceModel.singleKeyDidControl' "$PACKAGE_PATH")" +check_placeholder_string "governance.endorserGovernanceModel.currentPhase" "$(jq -r '.governance.endorserGovernanceModel.currentPhase' "$PACKAGE_PATH")" +if jq -e '(.governance.endorserGovernanceModel.custodians | type == "array") and (.governance.endorserGovernanceModel.custodians | length >= 3)' "$PACKAGE_PATH" >/dev/null; then + log_ok "governance.endorserGovernanceModel.custodians has at least 3 entries" +else + log_err "governance.endorserGovernanceModel.custodians must have at least 3 entries" + ERRORS=$((ERRORS + 1)) +fi +if jq -e '(.governance.endorserGovernanceModel.futurePhases | type == "array") and (.governance.endorserGovernanceModel.futurePhases | length >= 1)' "$PACKAGE_PATH" >/dev/null; then + log_ok "governance.endorserGovernanceModel.futurePhases is populated" +else + log_err "governance.endorserGovernanceModel.futurePhases must contain at least one entry" + ERRORS=$((ERRORS + 1)) +fi +check_placeholder_string "roles.author.alias" "$(jq -r '.roles.author.alias' "$PACKAGE_PATH")" +AUTHOR_PUBLIC_DID="$(jq -r '.roles.author.publicDid' "$PACKAGE_PATH")" +ENDORSER_DID="$(jq -r '.roles.endorser.did' "$PACKAGE_PATH")" + +check_placeholder_string_maybe_partial "roles.author.publicDid" "$AUTHOR_PUBLIC_DID" +check_placeholder_string_maybe_partial "roles.author.verkey" "$(jq -r '.roles.author.verkey' "$PACKAGE_PATH")" +check_placeholder_string "roles.endorser.alias" "$(jq -r '.roles.endorser.alias' "$PACKAGE_PATH")" +check_placeholder_string_maybe_partial "roles.endorser.did" "$ENDORSER_DID" +check_placeholder_string "anoncreds.schemas[0].name" "$(jq -r '.anoncreds.schemas[0].name' "$PACKAGE_PATH")" +check_placeholder_string "anoncreds.schemas[0].version" "$(jq -r '.anoncreds.schemas[0].version' "$PACKAGE_PATH")" + +if [[ -n "$AUTHOR_PUBLIC_DID" ]]; then + check_indy_did_format "roles.author.publicDid" "$AUTHOR_PUBLIC_DID" +fi + +if [[ -n "$ENDORSER_DID" && "$ENDORSER_DID" != *"/dev/null + echo "OK $f" +done +echo "All institutional example JSON files parse." diff --git a/scripts/validation/validate-dbis-institutional-schemas.sh b/scripts/validation/validate-dbis-institutional-schemas.sh new file mode 100755 index 0000000..7547f7c --- /dev/null +++ b/scripts/validation/validate-dbis-institutional-schemas.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash +# Validate dbis-institutional examples against JSON Schemas (draft 2020-12). +# Uses `check-jsonschema` when available (pip install check-jsonschema). +# In CI, install first: pip install check-jsonschema +# +# Env: +# SCHEMA_STRICT=1 exit 1 if check-jsonschema is missing (default: skip with 0) +# +set -euo pipefail +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +SCHEMA_DIR="$ROOT/config/dbis-institutional/schemas" +EX_DIR="$ROOT/config/dbis-institutional/examples" + +# validate_json_array EX_FILE SCHEMA_FILE LABEL +validate_json_array() { + local ex_file="$1" schema_file="$2" label="$3" + if [[ ! -f "$ex_file" ]]; then + return 0 + fi + if ! command -v jq &>/dev/null; then + echo "error: jq is required for $label validation" >&2 + exit 1 + fi + local n + n=$(jq 'length' "$ex_file") + if [[ "${n:-0}" -lt 1 ]]; then + echo "error: $ex_file must be a non-empty array" >&2 + exit 1 + fi + local batch_tmp idx + batch_tmp="$(mktemp)" + trap 'rm -f "$batch_tmp"' RETURN + idx=0 + while IFS= read -r line; do + echo "$line" >"$batch_tmp" + check-jsonschema --schemafile "$schema_file" "$batch_tmp" + idx=$((idx + 1)) + done < <(jq -c '.[]' "$ex_file") + echo "OK $label ($idx items)" + rm -f "$batch_tmp" + trap - RETURN +} + +if ! command -v check-jsonschema &>/dev/null; then + if [[ "${SCHEMA_STRICT:-0}" == "1" ]]; then + echo "error: check-jsonschema not found; pip install check-jsonschema" >&2 + exit 1 + fi + echo "skip: check-jsonschema not installed (pip install check-jsonschema); JSON parse still covered by validate-dbis-institutional-json.sh" + exit 0 +fi + +check-jsonschema --schemafile "$SCHEMA_DIR/settlement-event.schema.json" "$EX_DIR/settlement-event.example.json" +check-jsonschema --schemafile "$SCHEMA_DIR/settlement-event.schema.json" "$EX_DIR/settlement-event.chain138-primary.example.json" +check-jsonschema --schemafile "$SCHEMA_DIR/settlement-event.schema.json" "$EX_DIR/settlement-event.min.json" +validate_json_array "$EX_DIR/settlement-events-batch.example.json" "$SCHEMA_DIR/settlement-event.schema.json" "settlement-events-batch" + +check-jsonschema --schemafile "$SCHEMA_DIR/address-registry-entry.schema.json" "$EX_DIR/address-registry-entry.example.json" +validate_json_array "$EX_DIR/address-registry-entries-batch.example.json" "$SCHEMA_DIR/address-registry-entry.schema.json" "address-registry-entries-batch" + +check-jsonschema --schemafile "$SCHEMA_DIR/trust.schema.json" "$EX_DIR/trust.json" +check-jsonschema --schemafile "$SCHEMA_DIR/governance.schema.json" "$EX_DIR/governance.json" +check-jsonschema --schemafile "$SCHEMA_DIR/policy-manifest.schema.json" "$EX_DIR/policy.json" +echo "OK dbis-institutional schema validation (settlement-event, settlement-event.chain138-primary, settlement-events-batch, address-registry-entry, address-registry-entries-batch, trust, governance, policy-manifest)" diff --git a/scripts/validation/validate-explorer-chain138-inventory.sh b/scripts/validation/validate-explorer-chain138-inventory.sh new file mode 100755 index 0000000..9430066 --- /dev/null +++ b/scripts/validation/validate-explorer-chain138-inventory.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +# Compare explorer-monorepo Chain 138 keys in address-inventory.json to +# config/smart-contracts-master.json (G3 drift guard). +# Usage: bash scripts/validation/validate-explorer-chain138-inventory.sh +# Requires: jq + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +MASTER="${PROJECT_ROOT}/config/smart-contracts-master.json" +INV="${PROJECT_ROOT}/explorer-monorepo/config/address-inventory.json" + +norm() { echo "$1" | tr '[:upper:]' '[:lower:]'; } + +if ! command -v jq &>/dev/null; then + echo "[WARN] jq not installed; skip explorer Chain 138 inventory alignment check" + exit 0 +fi + +if [[ ! -f "$MASTER" ]]; then + echo "[ERROR] Missing $MASTER" + exit 1 +fi + +if [[ ! -f "$INV" ]]; then + echo "[WARN] Missing $INV; skip explorer inventory check" + exit 0 +fi + +ERR=0 +expect_match() { + local key="$1" + local jqpath="$2" + local exp + exp=$(jq -r "$jqpath" "$MASTER") + local got + got=$(jq -r --arg k "$key" '.inventory[$k] // empty' "$INV") + if [[ -z "$got" ]]; then + echo "[ERROR] inventory missing key: $key" + ERR=$((ERR + 1)) + return + fi + if [[ "$(norm "$exp")" != "$(norm "$got")" ]]; then + echo "[ERROR] $key mismatch: inventory=$got master=$exp" + ERR=$((ERR + 1)) + fi +} + +expect_match "CCIP_ROUTER_138" '.chains["138"].contracts.CCIP_Router' +expect_match "CCIP_ROUTER_ADDRESS" '.chains["138"].contracts.CCIP_Router' +expect_match "CCIPWETH9_BRIDGE_138" '.chains["138"].contracts.CCIPWETH9_Bridge' +expect_match "CCIPWETH9_BRIDGE" '.chains["138"].contracts.CCIPWETH9_Bridge' +expect_match "LINK_TOKEN_138" '.chains["138"].contracts.LINK' +expect_match "ISO20022_ROUTER" '.chains["138"].contracts.ISO20022Router' + +if [[ $ERR -gt 0 ]]; then + echo "[ERROR] Explorer address-inventory Chain 138 drift ($ERR). Update explorer-monorepo/config/address-inventory.json or smart-contracts-master.json." + exit 1 +fi + +echo "[OK] Explorer address-inventory Chain 138 keys match smart-contracts-master.json" diff --git a/scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh b/scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh new file mode 100755 index 0000000..200d8d4 --- /dev/null +++ b/scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash +# Validate JVMTM / regulatory closure example JSON against local schemas (draft 2020-12). +# Uses check-jsonschema when available; SCHEMA_STRICT=1 fails if missing. +set -euo pipefail +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +BASE="$ROOT/config/jvmtm-regulatory-closure" +SCHEMA="$BASE/schemas" +EX="$BASE/examples" + +HAVE_CHECK_JSONSCHEMA=1 + +if ! command -v check-jsonschema &>/dev/null; then + HAVE_CHECK_JSONSCHEMA=0 + if [[ "${SCHEMA_STRICT:-0}" == "1" ]]; then + echo "error: check-jsonschema not found; pip install check-jsonschema" >&2 + exit 1 + fi + echo "skip: check-jsonschema not installed (pip install check-jsonschema)" +fi + +validate_pair() { + local schema_file="$1" example_file="$2" + check-jsonschema --schemafile "$schema_file" "$example_file" +} + +if [[ "$HAVE_CHECK_JSONSCHEMA" == "1" ]]; then + validate_pair "$SCHEMA/daily-3way-reconciliation-report.schema.json" "$EX/daily-3way-reconciliation-report.example.json" + validate_pair "$SCHEMA/three-way-reconciliation-result.schema.json" "$EX/three-way-reconciliation-result.example.json" + validate_pair "$SCHEMA/prefunding-proof.schema.json" "$EX/prefunding-proof.example.json" + validate_pair "$SCHEMA/pre-settlement-ack.schema.json" "$EX/pre-settlement-ack.example.json" + validate_pair "$SCHEMA/sample-exception-event.schema.json" "$EX/sample-exception-event.example.json" + validate_pair "$SCHEMA/kyt-screening-result.schema.json" "$EX/kyt-screening-result.example.json" + validate_pair "$SCHEMA/recovery-time-report.schema.json" "$EX/recovery-time-report.example.json" + validate_pair "$SCHEMA/dr-simulation-report.schema.json" "$EX/dr-simulation-report.example.json" + validate_pair "$SCHEMA/real-time-balance-snapshot.schema.json" "$EX/real-time-balance-snapshot.example.json" + validate_pair "$SCHEMA/transaction-compliance-execution.schema.json" "$EX/transaction-compliance-execution.example.json" + validate_pair "$SCHEMA/transaction-compliance-execution.schema.json" "$EX/transaction-compliance-execution.blocked.example.json" +fi + +if ! command -v python3 &>/dev/null; then + echo "error: python3 not found; required for JVMTM transaction-grade pack validation" >&2 + exit 1 +fi + +python3 "$ROOT/scripts/validation/validate-jvmtm-transaction-compliance-pack.py" + +if [[ "$HAVE_CHECK_JSONSCHEMA" == "1" ]]; then + echo "OK jvmtm-regulatory-closure schema validation (11 example/schema pairs + transaction-grade pack checks)" +else + echo "OK jvmtm-regulatory-closure transaction-grade pack validation (schema checks skipped: check-jsonschema not installed)" +fi diff --git a/scripts/validation/validate-jvmtm-transaction-compliance-pack.py b/scripts/validation/validate-jvmtm-transaction-compliance-pack.py new file mode 100755 index 0000000..8eb0ce9 --- /dev/null +++ b/scripts/validation/validate-jvmtm-transaction-compliance-pack.py @@ -0,0 +1,341 @@ +#!/usr/bin/env python3 +"""Validate the JVMTM transaction-grade compliance pack.""" + +from __future__ import annotations + +import csv +import io +import json +import sys +from pathlib import Path + + +RAIL_MODES = {"chain138-primary", "swift", "hybrid", "internal-only"} +BLOCKING_LEVELS = {"HARD_STOP", "ESCALATE", "POST_EVENT"} +DECISION_STATUSES = {"READY", "BLOCKED", "ESCALATE"} +CONTROL_STATUSES = {"PASS", "FAIL", "PENDING", "WAIVED"} +EVIDENCE_REF_TYPES = {"repo-path", "runtime-slot", "archive-path", "external-ref"} +REQUIRED_CONTROL_FIELDS = [ + "control_id", + "phase", + "domain", + "requirement", + "validation_method", + "blocking_level", + "applies_to_rail", + "source_audit_rows", + "repo_evidence_artifacts", + "validator_command", + "failure_action", + "high_value_override", + "notes", +] +CSV_FIELDNAMES = [ + "control_id", + "phase", + "domain", + "requirement", + "validation_method", + "blocking_level", + "applies_to_rail", + "source_audit_rows", + "repo_evidence_artifacts", + "validator_command", + "failure_action", + "high_value_override", + "notes", +] + + +def fail(message: str) -> None: + raise SystemExit(f"error: {message}") + + +def load_json(path: Path) -> dict: + try: + return json.loads(path.read_text(encoding="utf-8")) + except FileNotFoundError: + fail(f"missing JSON file: {path}") + except json.JSONDecodeError as exc: + fail(f"invalid JSON in {path}: {exc}") + + +def format_artifacts(artifacts: list[dict[str, str]]) -> str: + return " | ".join(f'{artifact["artifact_type"]}:{artifact["ref"]}' for artifact in artifacts) + + +def render_csv(matrix: dict) -> str: + buffer = io.StringIO(newline="") + writer = csv.DictWriter(buffer, fieldnames=CSV_FIELDNAMES, lineterminator="\n") + writer.writeheader() + for control in matrix["controls"]: + writer.writerow( + { + "control_id": control["control_id"], + "phase": control["phase"], + "domain": control["domain"], + "requirement": control["requirement"], + "validation_method": control["validation_method"], + "blocking_level": control["blocking_level"], + "applies_to_rail": " | ".join(control["applies_to_rail"]), + "source_audit_rows": " | ".join(control["source_audit_rows"]), + "repo_evidence_artifacts": format_artifacts(control["repo_evidence_artifacts"]), + "validator_command": control["validator_command"], + "failure_action": control["failure_action"], + "high_value_override": control["high_value_override"], + "notes": control["notes"], + } + ) + return buffer.getvalue() + + +def validate_evidence_ref(ref: dict, label: str) -> None: + if not isinstance(ref, dict): + fail(f"{label} must be an object") + for key in ("artifact_type", "ref"): + if key not in ref or not isinstance(ref[key], str) or not ref[key].strip(): + fail(f"{label} missing non-empty {key}") + if ref["artifact_type"] not in EVIDENCE_REF_TYPES: + fail(f"{label} uses unsupported artifact_type {ref['artifact_type']}") + if "sha256" in ref: + sha256 = ref["sha256"] + if not isinstance(sha256, str) or len(sha256) != 64 or any(c not in "0123456789abcdefABCDEF" for c in sha256): + fail(f"{label} sha256 must be a 64-character hex string") + + +def validate_pack_reference(ref: dict, label: str, repo_root: Path, slot_refs: set[str]) -> None: + validate_evidence_ref(ref, label) + artifact_type = ref["artifact_type"] + target = ref["ref"] + if artifact_type == "repo-path": + if not (repo_root / target).exists(): + fail(f"{label} repo-path does not exist: {target}") + elif artifact_type == "runtime-slot": + if target not in slot_refs: + fail(f"{label} runtime-slot does not exist in the matrix: {target}") + + +def validate_execution_example( + path: Path, + control_ids: set[str], + expected_status: str, + matrix_version: str, + repo_root: Path, + slot_refs: set[str], +) -> None: + payload = load_json(path) + required_top_level = [ + "schema_version", + "matrix_version", + "transaction_id", + "correlation_id", + "rail_mode", + "amount", + "currency", + "decision_status", + "decision_reason", + "validated_at", + "approved_by", + "instruction_ref", + "control_results", + ] + for field in required_top_level: + if field not in payload: + fail(f"{path} missing required field {field}") + + if payload["decision_status"] not in DECISION_STATUSES: + fail(f"{path} uses unsupported decision_status {payload['decision_status']}") + if payload["rail_mode"] not in RAIL_MODES: + fail(f"{path} uses unsupported rail_mode {payload['rail_mode']}") + if payload["decision_status"] != expected_status: + fail(f"{path} decision_status expected {expected_status} but found {payload['decision_status']}") + if payload["matrix_version"] != matrix_version: + fail(f"{path} matrix_version {payload['matrix_version']} does not match canonical matrix_version {matrix_version}") + + validate_pack_reference(payload["instruction_ref"], f"{path}:instruction_ref", repo_root, slot_refs) + if "settlement_event_ref" in payload: + validate_pack_reference(payload["settlement_event_ref"], f"{path}:settlement_event_ref", repo_root, slot_refs) + + if not isinstance(payload["control_results"], list) or not payload["control_results"]: + fail(f"{path} control_results must be a non-empty array") + + seen = set() + for index, result in enumerate(payload["control_results"]): + label = f"{path}:control_results[{index}]" + if not isinstance(result, dict): + fail(f"{label} must be an object") + for key in ("control_id", "status", "blocking", "validated_at", "validator_ref", "evidence_refs"): + if key not in result: + fail(f"{label} missing required field {key}") + control_id = result["control_id"] + if control_id not in control_ids: + fail(f"{label} references unknown control_id {control_id}") + if control_id in seen: + fail(f"{path} repeats control_id {control_id}") + seen.add(control_id) + if result["status"] not in CONTROL_STATUSES: + fail(f"{label} uses unsupported status {result['status']}") + if result["blocking"] not in BLOCKING_LEVELS: + fail(f"{label} uses unsupported blocking value {result['blocking']}") + if not isinstance(result["evidence_refs"], list) or not result["evidence_refs"]: + fail(f"{label} evidence_refs must be a non-empty array") + for ref_index, evidence_ref in enumerate(result["evidence_refs"]): + validate_pack_reference(evidence_ref, f"{label}:evidence_refs[{ref_index}]", repo_root, slot_refs) + + if expected_status == "READY": + if "settlement_event_ref" not in payload: + fail(f"{path} must include settlement_event_ref for the READY example") + statuses = {result["control_id"]: result["status"] for result in payload["control_results"]} + if statuses.get("PT-02") != "PASS" or statuses.get("TX-02") != "PASS": + fail(f"{path} must show PT-02 and TX-02 as PASS for READY examples") + if expected_status == "BLOCKED": + if "settlement_event_ref" in payload: + fail(f"{path} should omit settlement_event_ref for the BLOCKED pre-execution example") + statuses = {result["control_id"]: result["status"] for result in payload["control_results"]} + if statuses.get("PT-02") != "FAIL": + fail(f"{path} must show PT-02 as FAIL for BLOCKED examples") + if statuses.get("TX-02") not in {"FAIL", "PENDING"}: + fail(f"{path} must show TX-02 as FAIL or PENDING for BLOCKED examples") + + +def main() -> int: + repo_root = Path(__file__).resolve().parents[2] + config_dir = repo_root / "config/jvmtm-regulatory-closure" + + matrix_path = config_dir / "transaction-compliance-matrix.json" + csv_path = config_dir / "transaction-compliance-matrix.csv" + markdown_path = config_dir / "JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md" + schema_path = config_dir / "schemas/transaction-compliance-execution.schema.json" + ready_example_path = config_dir / "examples/transaction-compliance-execution.example.json" + blocked_example_path = config_dir / "examples/transaction-compliance-execution.blocked.example.json" + + for path in (matrix_path, csv_path, markdown_path, schema_path, ready_example_path, blocked_example_path): + if not path.exists(): + fail(f"missing required pack file: {path}") + + matrix = load_json(matrix_path) + if matrix.get("schema_version") != 1: + fail(f"{matrix_path} schema_version must equal 1") + if not isinstance(matrix.get("matrix_version"), str) or not matrix["matrix_version"]: + fail(f"{matrix_path} matrix_version must be a non-empty string") + if not isinstance(matrix.get("runtime_slots"), list) or not matrix["runtime_slots"]: + fail(f"{matrix_path} runtime_slots must be a non-empty array") + if not isinstance(matrix.get("controls"), list) or not matrix["controls"]: + fail(f"{matrix_path} controls must be a non-empty array") + if matrix.get("canonical_format") != "json": + fail(f"{matrix_path} canonical_format must equal 'json'") + if matrix.get("csv_export") != "config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv": + fail(f"{matrix_path} csv_export must point to the canonical CSV path") + if not isinstance(matrix.get("source_baseline"), list) or not matrix["source_baseline"]: + fail(f"{matrix_path} source_baseline must be a non-empty array") + for baseline_ref in matrix["source_baseline"]: + if not isinstance(baseline_ref, str) or not baseline_ref.strip(): + fail(f"{matrix_path} contains an invalid source_baseline entry") + if not (repo_root / baseline_ref).exists(): + fail(f"{matrix_path} source_baseline path does not exist: {baseline_ref}") + + slot_refs: set[str] = set() + for index, slot in enumerate(matrix["runtime_slots"]): + if not isinstance(slot, dict): + fail(f"{matrix_path} runtime_slots[{index}] must be an object") + for key in ("slot", "source", "archive_path", "description"): + if key not in slot or not isinstance(slot[key], str) or not slot[key].strip(): + fail(f"{matrix_path} runtime_slots[{index}] missing non-empty {key}") + if slot["slot"] in slot_refs: + fail(f"{matrix_path} repeats runtime slot {slot['slot']}") + slot_refs.add(slot["slot"]) + + control_ids: set[str] = set() + for index, control in enumerate(matrix["controls"]): + label = f"{matrix_path}:controls[{index}]" + if not isinstance(control, dict): + fail(f"{label} must be an object") + for field in REQUIRED_CONTROL_FIELDS: + if field not in control: + fail(f"{label} missing field {field}") + control_id = control["control_id"] + if not isinstance(control_id, str) or not control_id.strip(): + fail(f"{label} control_id must be a non-empty string") + if control_id in control_ids: + fail(f"{matrix_path} repeats control_id {control_id}") + control_ids.add(control_id) + if control["blocking_level"] not in BLOCKING_LEVELS: + fail(f"{label} uses unsupported blocking_level {control['blocking_level']}") + if not isinstance(control["applies_to_rail"], list) or not control["applies_to_rail"]: + fail(f"{label} applies_to_rail must be a non-empty array") + if any(rail not in RAIL_MODES for rail in control["applies_to_rail"]): + fail(f"{label} uses unsupported rail mode") + if not isinstance(control["source_audit_rows"], list) or not control["source_audit_rows"]: + fail(f"{label} source_audit_rows must be a non-empty array") + artifacts = control["repo_evidence_artifacts"] + if not isinstance(artifacts, list) or not artifacts: + fail(f"{label} repo_evidence_artifacts must be a non-empty array") + for artifact_index, artifact in enumerate(artifacts): + if not isinstance(artifact, dict): + fail(f"{label}:repo_evidence_artifacts[{artifact_index}] must be an object") + for key in ("artifact_type", "ref"): + if key not in artifact or not isinstance(artifact[key], str) or not artifact[key].strip(): + fail(f"{label}:repo_evidence_artifacts[{artifact_index}] missing non-empty {key}") + artifact_type = artifact["artifact_type"] + ref = artifact["ref"] + if artifact_type == "repo-path": + if not (repo_root / ref).exists(): + fail(f"{label}:repo_evidence_artifacts[{artifact_index}] repo-path does not exist: {ref}") + elif artifact_type == "runtime-slot": + if ref not in slot_refs: + fail(f"{label}:repo_evidence_artifacts[{artifact_index}] unknown runtime slot: {ref}") + else: + fail(f"{label}:repo_evidence_artifacts[{artifact_index}] unsupported artifact_type {artifact_type}") + + expected_csv = render_csv(matrix) + actual_csv = csv_path.read_text(encoding="utf-8") + if actual_csv != expected_csv: + fail( + "transaction-compliance-matrix.csv is out of date with transaction-compliance-matrix.json; " + "run scripts/jvmtm/export-transaction-compliance-matrix-csv.py" + ) + + actual_rows = [line for line in actual_csv.splitlines() if line.strip()] + expected_row_count = len(matrix["controls"]) + 1 + if len(actual_rows) != expected_row_count: + fail( + f"{csv_path} row count mismatch: expected {expected_row_count} including header, " + f"found {len(actual_rows)}" + ) + + markdown_text = markdown_path.read_text(encoding="utf-8") + if matrix["title"] not in markdown_text: + fail(f"{markdown_path} does not contain the canonical matrix title: {matrix['title']}") + missing_markdown_controls = [control_id for control_id in control_ids if control_id not in markdown_text] + if missing_markdown_controls: + fail( + f"{markdown_path} is missing control ids present in the canonical matrix: " + f"{', '.join(sorted(missing_markdown_controls))}" + ) + + validate_execution_example( + ready_example_path, + control_ids, + "READY", + matrix["matrix_version"], + repo_root, + slot_refs, + ) + validate_execution_example( + blocked_example_path, + control_ids, + "BLOCKED", + matrix["matrix_version"], + repo_root, + slot_refs, + ) + + print( + "OK jvmtm transaction-grade compliance pack " + f"({len(control_ids)} controls, {len(slot_refs)} runtime slots, CSV synchronized)" + ) + return 0 + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/scripts/validation/validate-reserve-provenance-package.sh b/scripts/validation/validate-reserve-provenance-package.sh new file mode 100755 index 0000000..eab6631 --- /dev/null +++ b/scripts/validation/validate-reserve-provenance-package.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +# Validate 3FR reserve provenance package JSON files against schemas/reserve-provenance-package.schema.json +set -euo pipefail +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +PKG="$ROOT/config/reserve-provenance-package" +SCHEMA="$PKG/schemas/reserve-provenance-package.schema.json" + +if ! command -v check-jsonschema &>/dev/null; then + if [[ "${SCHEMA_STRICT:-0}" == "1" ]]; then + echo "error: check-jsonschema not found; pip install check-jsonschema" >&2 + exit 1 + fi + for f in "$PKG"/legal/*.json "$PKG"/settlement/*.json "$PKG"/provenance/*.json "$PKG"/bank/*.json "$PKG"/kyt/*.json "$PKG"/reconciliation/*.json "$PKG"/reserve/*.json "$PKG"/governance/*.json; do + [[ -f "$f" ]] || continue + [[ "$f" == *.example.json ]] && continue + python3 -m json.tool "$f" >/dev/null + echo "OK parse $f" + done + echo "skip: check-jsonschema not installed (JSON parse only)" + exit 0 +fi + +for f in "$PKG"/legal/*.json "$PKG"/settlement/*.json "$PKG"/provenance/*.json "$PKG"/bank/*.json "$PKG"/kyt/*.json "$PKG"/reconciliation/*.json "$PKG"/reserve/*.json "$PKG"/governance/*.json; do + [[ -f "$f" ]] || continue + [[ "$f" == *.example.json ]] && continue + check-jsonschema --schemafile "$SCHEMA" "$f" +done +echo "OK reserve-provenance-package (10 JSON files + schema)" diff --git a/scripts/verify/README.md b/scripts/verify/README.md index 5f81c16..aedbe7b 100644 --- a/scripts/verify/README.md +++ b/scripts/verify/README.md @@ -29,8 +29,15 @@ One-line install (Debian/Ubuntu): `sudo apt install -y sshpass rsync dnsutils ip - `backup-npmplus.sh` - Full NPMplus backup (database, API exports, certificates) - `check-contracts-on-chain-138.sh` - Check that Chain 138 deployed contracts have bytecode on-chain (`cast code` for 31 addresses; requires `cast` and RPC access). Use `[RPC_URL]` or env `RPC_URL_138`; `--dry-run` lists addresses only (no RPC calls); `SKIP_EXIT=1` to exit 0 when RPC unreachable. +- `check-public-report-api.sh` - Verify that `explorer.d-bis.org/api/v1/report/*` and `/api/v1/networks` return token-aggregation JSON rather than Blockscout-style `/api/v1` responses. Use `SKIP_EXIT=1` for diagnostic-only mode. Set `SKIP_BRIDGE_ROUTES=0` to assert `/api/v1/bridge/routes`, and `SKIP_BRIDGE_PREFLIGHT=0` to assert `/api/v1/bridge/preflight` payload shape. +- `check-token-aggregation-chain138-api.sh` - Hits tokens, pools, quote, `bridge/routes`, `bridge/status`, `bridge/preflight`, and networks on both `/api/v1/*` and `/token-aggregation/api/v1/*`. `BASE_URL=https://explorer.d-bis.org` (default) or `http://192.168.11.140`. +- `check-gru-transport-preflight.sh` - Operator-focused GRU runtime preflight. Calls `/api/v1/bridge/preflight`, prints blocked pairs with `eligibilityBlockers` / `runtimeMissingRequirements`, and fails unless all active pairs are runtime-ready or `ALLOW_BLOCKED=1` is set. +- `check-cstar-v2-transport-stack.sh` - Predeploy Forge verifier for the `c* V2` bridge stack. Runs the base V2 token suite, legacy reserve-verifier compatibility suite, V2 reserve/verifier full L1/L2 round-trip suite, and the core `CWMultiTokenBridge` round-trip suite. +- `run-repo-green-test-path.sh` - Local deterministic green-path aggregate behind root `pnpm test`. Runs config validation, then the focused `smom-dbis-138` contract and service CI targets. +- `check-completion-status.sh` - One-command summary of repo-completable checks, public report API health, and pointers to operator/external remaining work. - `reconcile-env-canonical.sh` - Emit recommended .env lines for Chain 138 (canonical source of truth); use to reconcile `smom-dbis-138/.env` with [CONTRACT_ADDRESSES_REFERENCE](../../docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md). Usage: `./scripts/verify/reconcile-env-canonical.sh [--print]` - `check-deployer-balance-blockscout-vs-rpc.sh` - Compare deployer native balance from Blockscout API vs RPC (to verify index matches current chain); see [EXPLORER_AND_BLOCKSCAN_REFERENCE](../../docs/11-references/EXPLORER_AND_BLOCKSCAN_REFERENCE.md) +- `sync-blockscout-address-labels-from-registry.sh` - Plan or sync Blockscout address labels from `address-registry-entry` JSON (`config/dbis-institutional/schemas/address-registry-entry.schema.json`: `blockscout.label`, `status: active`). Supports `--mode=http`, `--mode=db`, and `--mode=auto`; on the self-hosted Chain 138 explorer, `db` is the right live mode because `/api/v1/*` is token-aggregation, not a native Blockscout label-write API. DB mode writes primary labels into Blockscout `public.address_names` through CT `5000`. See `config/dbis-institutional/README.md` and [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../../docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md). - `check-dependencies.sh` - Verify required tools (bash, curl, jq, openssl, ssh) - `export-cloudflare-dns-records.sh` - Export Cloudflare DNS records - `export-npmplus-config.sh` - Export NPMplus proxy hosts and certificates via API @@ -43,7 +50,9 @@ One-line install (Debian/Ubuntu): `sudo apt install -y sshpass rsync dnsutils ip ## Task runners (no LAN vs from LAN) -- **From anywhere (no LAN/creds):** `../run-completable-tasks-from-anywhere.sh` — runs config validation, on-chain contract check, run-all-validation --skip-genesis, and reconcile-env-canonical. +- **From anywhere (no LAN/creds):** `../run-completable-tasks-from-anywhere.sh` — runs config validation, on-chain contract check, run-all-validation --skip-genesis, public report API diagnostics, and reconcile-env-canonical. +- **Completion snapshot:** `check-completion-status.sh` — summarizes what is complete locally and what still depends on operator or external execution. +- **Full LAN execution order:** `../run-full-operator-completion-from-lan.sh` — starts with the token-aggregation `/api/v1` repair, then Wave 0, verification, E2E, and optional operator-only deployment steps. Use `--dry-run` first. - **From LAN (NPM_PASSWORD, optional PRIVATE_KEY):** `../run-operator-tasks-from-lan.sh` — runs W0-1 (NPMplus RPC fix), W0-3 (NPMplus backup), O-1 (Blockscout verification); use `--dry-run` to print commands only. See [ALL_TASKS_DETAILED_STEPS](../../docs/00-meta/ALL_TASKS_DETAILED_STEPS.md). ## Environment diff --git a/scripts/verify/check-chain138-token-permit-support.sh b/scripts/verify/check-chain138-token-permit-support.sh index b763e50..78ad065 100755 --- a/scripts/verify/check-chain138-token-permit-support.sh +++ b/scripts/verify/check-chain138-token-permit-support.sh @@ -2,8 +2,9 @@ # Check whether Chain 138 deployed tokens (cUSDT, cUSDC) support ERC-2612 permit or ERC-3009. # Used to determine x402 compatibility: thirdweb x402 requires permit or ERC-3009. # -# Usage: ./scripts/verify/check-chain138-token-permit-support.sh [RPC_URL] +# Usage: ./scripts/verify/check-chain138-token-permit-support.sh [RPC_URL] [--token SYMBOL=ADDRESS]... # RPC_URL: optional; default from RPC_URL_138 or CHAIN_138_RPC_URL or https://rpc-core.d-bis.org +# --token SYMBOL=ADDRESS: optional; inspect custom token inventory (repeatable) # --dry-run: print RPC and token addresses only (no RPC calls). # # Exit: 0 if script runs; output is human-readable. Use output to fill CHAIN138_X402_TOKEN_SUPPORT.md. @@ -14,19 +15,55 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" cd "$PROJECT_ROOT" -[[ -f "${SCRIPT_DIR}/../lib/load-project-env.sh" ]] && source "${SCRIPT_DIR}/../lib/load-project-env.sh" 2>/dev/null || true - DRY_RUN="" RPC_ARG="" -for a in "$@"; do - if [[ "$a" == "--dry-run" ]]; then DRY_RUN=1; else [[ -z "$RPC_ARG" ]] && RPC_ARG="$a"; fi +declare -A TOKENS=() +TOKEN_ORDER=() + +add_token() { + local spec="$1" + local symbol="${spec%%=*}" + local address="${spec#*=}" + if [[ -z "$symbol" || -z "$address" || "$symbol" == "$address" ]]; then + echo "ERROR: invalid token spec '$spec' (expected SYMBOL=ADDRESS)" >&2 + exit 1 + fi + TOKENS["$symbol"]="$address" + TOKEN_ORDER+=("$symbol") +} + +while [[ $# -gt 0 ]]; do + case "$1" in + --dry-run) + DRY_RUN=1 + shift + ;; + --token) + [[ $# -ge 2 ]] || { echo "ERROR: --token requires SYMBOL=ADDRESS" >&2; exit 1; } + add_token "$2" + shift 2 + ;; + --token=*) + add_token "${1#--token=}" + shift + ;; + *) + if [[ -z "$RPC_ARG" ]]; then + RPC_ARG="$1" + else + add_token "$1" + fi + shift + ;; + esac done + RPC="${RPC_ARG:-${RPC_URL_138:-${CHAIN_138_RPC_URL:-https://rpc-core.d-bis.org}}}" -# Token name, address (from CHAIN138_TOKEN_ADDRESSES.md) -declare -A TOKENS -TOKENS[cUSDT]="0x93E66202A11B1772E55407B32B44e5Cd8eda7f22" -TOKENS[cUSDC]="0xf22258f57794CC8E06237084b353Ab30fFfa640b" +if [[ ${#TOKEN_ORDER[@]} -eq 0 ]]; then + add_token "cUSDT=0x93E66202A11B1772E55407B32B44e5Cd8eda7f22" + add_token "cUSDC=0xf22258f57794CC8E06237084b353Ab30fFfa640b" +fi # Test holder for nonces(address) call (any address is fine) HOLDER="0x0000000000000000000000000000000000000001" @@ -34,7 +71,7 @@ HOLDER="0x0000000000000000000000000000000000000001" if [[ -n "$DRY_RUN" ]]; then echo "=== Chain 138 token permit support check (--dry-run) ===" echo "RPC: $RPC" - for sym in cUSDT cUSDC; do echo " $sym: ${TOKENS[$sym]}"; done + for sym in "${TOKEN_ORDER[@]}"; do echo " $sym: ${TOKENS[$sym]}"; done exit 0 fi @@ -48,7 +85,7 @@ if ! command -v cast &>/dev/null; then exit 1 fi -for sym in cUSDT cUSDC; do +for sym in "${TOKEN_ORDER[@]}"; do addr="${TOKENS[$sym]}" echo "--- $sym ($addr) ---" diff --git a/scripts/verify/check-chain138-x402-readiness.sh b/scripts/verify/check-chain138-x402-readiness.sh new file mode 100755 index 0000000..54b5535 --- /dev/null +++ b/scripts/verify/check-chain138-x402-readiness.sh @@ -0,0 +1,203 @@ +#!/usr/bin/env bash +# Check whether Chain 138 is operationally ready for x402 and whether its payment tokens are x402-capable. +# +# Usage: +# ./scripts/verify/check-chain138-x402-readiness.sh [CORE_RPC] [PUBLIC_RPC] [EXPLORER_STATS] [--token SYMBOL=ADDRESS]... +# ./scripts/verify/check-chain138-x402-readiness.sh --strict +# +# Exit codes: +# 0 when the script runs successfully +# 1 when --strict is used and x402 is not fully ready + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +cd "$PROJECT_ROOT" + +STRICT=0 +POSITIONAL=() +declare -A TOKENS=() +TOKEN_ORDER=() + +add_token() { + local spec="$1" + local symbol="${spec%%=*}" + local address="${spec#*=}" + if [[ -z "$symbol" || -z "$address" || "$symbol" == "$address" ]]; then + echo "ERROR: invalid token spec '$spec' (expected SYMBOL=ADDRESS)" >&2 + exit 1 + fi + TOKENS["$symbol"]="$address" + TOKEN_ORDER+=("$symbol") +} + +while [[ $# -gt 0 ]]; do + case "$1" in + --strict) + STRICT=1 + shift + ;; + --token) + [[ $# -ge 2 ]] || { echo "ERROR: --token requires SYMBOL=ADDRESS" >&2; exit 1; } + add_token "$2" + shift 2 + ;; + --token=*) + add_token "${1#--token=}" + shift + ;; + *) + POSITIONAL+=("$1") + shift + ;; + esac +done + +CORE_RPC="${POSITIONAL[0]:-${RPC_URL_138:-${CHAIN_138_RPC_URL:-http://192.168.11.211:8545}}}" +PUBLIC_RPC="${POSITIONAL[1]:-${PUBLIC_RPC_URL_138:-https://rpc.public-0138.defi-oracle.io}}" +EXPLORER_STATS="${POSITIONAL[2]:-${EXPLORER_STATS_URL_138:-https://explorer.d-bis.org/api/v2/stats}}" + +if [[ ${#TOKEN_ORDER[@]} -eq 0 ]]; then + add_token "cUSDT=0x93E66202A11B1772E55407B32B44e5Cd8eda7f22" + add_token "cUSDC=0xf22258f57794CC8E06237084b353Ab30fFfa640b" +fi + +HOLDER="0x0000000000000000000000000000000000000001" +ZERO_BYTES32="0x0000000000000000000000000000000000000000000000000000000000000000" + +rpc_call() { + local url="$1" + local method="$2" + local params="${3:-[]}" + curl -sS --max-time 15 \ + -H 'Content-Type: application/json' \ + --data "{\"jsonrpc\":\"2.0\",\"method\":\"${method}\",\"params\":${params},\"id\":1}" \ + "$url" +} + +json_field() { + local json="$1" + local jq_expr="$2" + jq -r "$jq_expr" <<<"$json" 2>/dev/null || true +} + +http_status() { + local url="$1" + local body_file="$2" + curl -k -sS --max-time 15 -o "$body_file" -w "%{http_code}" "$url" +} + +echo "=== Chain 138 x402 readiness ===" +echo "Core RPC: $CORE_RPC" +echo "Public RPC: $PUBLIC_RPC" +echo "Explorer: $EXPLORER_STATS" +echo "" + +core_ok=0 +public_ok=0 +explorer_ok=0 +token_ready=0 + +core_block="n/a" +core_peers="n/a" +core_syncing="n/a" +public_client="n/a" +explorer_blocks="n/a" + +if core_block_json="$(rpc_call "$CORE_RPC" "eth_blockNumber")"; then + core_block="$(json_field "$core_block_json" '.result // "n/a"')" + if [[ "$core_block" != "n/a" && "$core_block" != "null" ]]; then + core_ok=1 + fi +fi + +if [[ "$core_ok" -eq 1 ]]; then + core_peers="$(json_field "$(rpc_call "$CORE_RPC" "net_peerCount")" '.result // "n/a"')" + core_syncing="$(json_field "$(rpc_call "$CORE_RPC" "eth_syncing")" '.result')" +fi + +public_body_file="$(mktemp)" +explorer_body_file="$(mktemp)" +trap 'rm -f "$public_body_file" "$explorer_body_file"' EXIT + +public_status="$(curl -k -sS --max-time 15 -o "$public_body_file" -w "%{http_code}" \ + -H 'Content-Type: application/json' \ + --data '{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":1}' \ + "$PUBLIC_RPC" || true)" +public_result="$(cat "$public_body_file" 2>/dev/null || true)" +public_client="$(json_field "$public_result" '.result // empty')" +if [[ "$public_status" == "200" && -n "$public_client" ]]; then + public_ok=1 +fi + +explorer_status="$(http_status "$EXPLORER_STATS" "$explorer_body_file" || true)" +explorer_result="$(cat "$explorer_body_file" 2>/dev/null || true)" +explorer_blocks="$(json_field "$explorer_result" '.total_blocks // "n/a"')" +if [[ "$explorer_status" == "200" && "$explorer_blocks" != "n/a" && "$explorer_blocks" != "null" ]]; then + explorer_ok=1 +fi + +echo "Operational readiness" +echo " core_rpc_ok: $core_ok" +echo " core_block: $core_block" +echo " core_peer_count: $core_peers" +echo " core_syncing: $core_syncing" +echo " public_rpc_ok: $public_ok" +echo " public_rpc_http: ${public_status:-n/a}" +echo " public_client: ${public_client:-n/a}" +echo " explorer_ok: $explorer_ok" +echo " explorer_http: ${explorer_status:-n/a}" +echo " explorer_blocks: $explorer_blocks" +echo "" + +echo "Token compatibility" +if ! command -v cast >/dev/null 2>&1; then + echo " cast_available: 0" + echo " note: install foundry/cast to perform on-chain permit checks" +else + echo " cast_available: 1" + for sym in "${TOKEN_ORDER[@]}"; do + addr="${TOKENS[$sym]}" + permit_supported=0 + auth_supported=0 + + if cast call "$addr" "nonces(address)(uint256)" "$HOLDER" --rpc-url "$CORE_RPC" >/dev/null 2>&1; then + permit_supported=1 + fi + if cast call "$addr" "authorizationState(address,bytes32)(bool)" "$HOLDER" "$ZERO_BYTES32" --rpc-url "$CORE_RPC" >/dev/null 2>&1; then + auth_supported=1 + fi + if [[ "$permit_supported" -eq 1 || "$auth_supported" -eq 1 ]]; then + token_ready=1 + fi + + echo " ${sym}_address: $addr" + echo " ${sym}_erc2612: $permit_supported" + echo " ${sym}_erc3009: $auth_supported" + done +fi + +echo "" +if [[ "$core_ok" -eq 1 && "$public_ok" -eq 1 && "$explorer_ok" -eq 1 ]]; then + echo "Operational verdict: Chain 138 edge services are healthy." +else + echo "Operational verdict: Chain 138 edge services are not fully healthy." +fi + +if [[ "$token_ready" -eq 1 ]]; then + echo "Token verdict: At least one canonical Chain 138 payment token is x402-capable." +else + echo "Token verdict: Canonical Chain 138 payment tokens are still not x402-capable." +fi + +if [[ "$core_ok" -eq 1 && "$public_ok" -eq 1 && "$explorer_ok" -eq 1 && "$token_ready" -eq 1 ]]; then + echo "x402 verdict: READY" +else + echo "x402 verdict: BLOCKED" + echo " note: thirdweb x402 still needs an ERC-2612 or ERC-3009 payment token on Chain 138." +fi + +if [[ "$STRICT" -eq 1 && ! ( "$core_ok" -eq 1 && "$public_ok" -eq 1 && "$explorer_ok" -eq 1 && "$token_ready" -eq 1 ) ]]; then + exit 1 +fi diff --git a/scripts/verify/check-completion-status.sh b/scripts/verify/check-completion-status.sh new file mode 100755 index 0000000..5273c7f --- /dev/null +++ b/scripts/verify/check-completion-status.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +# Summarize repo-completable vs operator/external completion state in one place. +# Usage: bash scripts/verify/check-completion-status.sh +# Exit codes: +# 0 = all repo-completable checks passed and public API looks healthy +# 1 = one or more checks reported issues +# Set SKIP_EXIT=1 to always exit 0 after printing the summary. + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +cd "$PROJECT_ROOT" +SKIP_EXIT="${SKIP_EXIT:-0}" +FAILURES=0 + +section() { + printf '\n=== %s ===\n' "$1" +} + +run_check() { + local label="$1" + shift + printf -- '- %s\n' "$label" + if "$@"; then + printf ' [OK] %s\n' "$label" + else + printf ' [WARN] %s\n' "$label" + FAILURES=$((FAILURES + 1)) + fi +} + +section "Repo-Completable Checks" +run_check "Config validation" bash scripts/validation/validate-config-files.sh +run_check "All validation (--skip-genesis)" bash scripts/verify/run-all-validation.sh --skip-genesis +run_check "Submodule working trees" env SKIP_EXIT=0 bash scripts/verify/submodules-clean.sh + +section "Public API Health" +run_check "Public report API" env SKIP_EXIT=0 KEEP_GOING=1 bash scripts/verify/check-public-report-api.sh + +section "Status Interpretation" +cat <<'EOF' +- Repo-local validation is complete when the config, validation, and submodule checks pass. +- Public report API problems are usually operator-side nginx/proxy deployment issues, not repo code issues. +- Remaining non-local work is tracked in: + - docs/00-meta/STILL_NOT_DONE_EXECUTION_CHECKLIST.md + - docs/00-meta/OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md + - docs/00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md +EOF + +section "Summary" +if (( FAILURES == 0 )); then + echo "- All repo-completable checks passed." + echo "- Public report API looks healthy." +else + echo "- Checks with warnings: $FAILURES" + echo "- Review the warnings above to distinguish repo-local cleanup from operator-side work." +fi + +if (( FAILURES > 0 )) && [[ "$SKIP_EXIT" != "1" ]]; then + exit 1 +fi diff --git a/scripts/verify/check-contracts-on-chain-138.sh b/scripts/verify/check-contracts-on-chain-138.sh index 9ca2a4b..eb7dd95 100755 --- a/scripts/verify/check-contracts-on-chain-138.sh +++ b/scripts/verify/check-contracts-on-chain-138.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # Check that Chain 138 deployed contracts have bytecode on-chain. -# Address list: 61 (core, CCIP, PMM, vault/reserve, oracle keeper path, CompliantFiatTokens). Source: CONTRACT_ADDRESSES_REFERENCE, ADDRESS_MATRIX. +# Address list: 64 (core, CCIP canonical+legacy routers, WETH9 canonical+legacy bridges, PMM, vault/reserve, oracle keeper path, CompliantFiatTokens, ISO20022Router). Aligns with smom-dbis-138/.env and ADDRESS_MATRIX. # Usage: ./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL] [--dry-run] # Default RPC: from env RPC_URL_138 (Chain 138 Core standard) or config/ip-addresses.conf, else https://rpc-core.d-bis.org # Optional: SKIP_EXIT=1 to exit 0 even when some addresses MISS (e.g. when RPC unreachable from this host). @@ -14,9 +14,17 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +export PROJECT_ROOT -# Load project env so RPC_URL_138 (Chain 138 Core) from config/ip-addresses.conf or smom-dbis-138/.env is used -[[ -f "${SCRIPT_DIR}/../lib/load-project-env.sh" ]] && source "${SCRIPT_DIR}/../lib/load-project-env.sh" 2>/dev/null || true +# Load project env so RPC_URL_138 (Chain 138 Core) from config/ip-addresses.conf or smom-dbis-138/.env is used. +# export PROJECT_ROOT so load-project-env does not re-derive a wrong path from BASH_SOURCE and hit err_exit. +# Temporarily relax -e/-u: nested dotenv may invoke helpers not on PATH or reference unset vars (exit 127 / set -u). +if [[ -f "${SCRIPT_DIR}/../lib/load-project-env.sh" ]]; then + set +eu + # shellcheck source=../lib/load-project-env.sh + source "${SCRIPT_DIR}/../lib/load-project-env.sh" 2>/dev/null || true + set -euo pipefail +fi # Parse args: first non-option is RPC_URL; --dry-run = print only, no cast calls DRY_RUN="" @@ -49,9 +57,11 @@ else "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f" # WETH10 "0x99b3511a2d315a497c8112c1fdd8d508d4b1e506" # Multicall / Oracle Aggregator "0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6" # Oracle Proxy - "0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e" # CCIP Router + "0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817" # CCIP Router (canonical; CCIP_ROUTER / relay path) + "0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e" # CCIP Router direct legacy (CCIP_ROUTER_DIRECT_LEGACY) "0x105F8A15b819948a89153505762444Ee9f324684" # CCIP Sender - "0x971cD9D156f193df8051E48043C476e53ECd4693" # CCIPWETH9Bridge + "0xcacfd227A040002e49e2e01626363071324f820a" # CCIPWETH9Bridge (canonical sendCrossChain) + "0x971cD9D156f193df8051E48043C476e53ECd4693" # CCIPWETH9Bridge direct legacy (CCIPWETH9_BRIDGE_DIRECT_LEGACY) "0xe0E93247376aa097dB308B92e6Ba36bA015535D0" # CCIPWETH10Bridge "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03" # LINK "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22" # cUSDT @@ -106,6 +116,7 @@ else "0x54dBd40cF05e15906A2C21f600937e96787f5679" # cCADC "0x290E52a8819A4fbD0714E517225429aA2B70EC6b" # cXAUC "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E" # cXAUT + "0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074" # ISO20022Router (explorer address-inventory ISO20022_ROUTER) ) fi diff --git a/scripts/verify/check-cstar-v2-transport-stack.sh b/scripts/verify/check-cstar-v2-transport-stack.sh new file mode 100644 index 0000000..3ed7341 --- /dev/null +++ b/scripts/verify/check-cstar-v2-transport-stack.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +# Verify that the c* V2 token, reserve, and c* <-> cW* transport stack are green before deploy. +# Usage: bash scripts/verify/check-cstar-v2-transport-stack.sh +# +# Env: +# DRY_RUN=1 Print the commands without executing them + +set -euo pipefail + +PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +SMOM_ROOT="${PROJECT_ROOT}/smom-dbis-138" +DRY_RUN="${DRY_RUN:-0}" + +log() { printf '%s\n' "$*"; } +ok() { printf '[OK] %s\n' "$*"; } + +run() { + if [[ "$DRY_RUN" == "1" ]]; then + printf '[DRY_RUN] %s\n' "$*" + return 0 + fi + "$@" +} + +if ! command -v forge >/dev/null 2>&1; then + printf '[FAIL] forge is required but not installed or not on PATH.\n' >&2 + exit 1 +fi + +log "=== c* V2 transport stack verifier ===" +log "Repo: ${SMOM_ROOT}" +log "" + +pushd "$SMOM_ROOT" >/dev/null + +# Foundry's JSON cache occasionally drifts when toolchain output shapes change. +# Removing the generated cache keeps these focused suites reliable in CI and local runs. +rm -f cache/solidity-files-cache.json + +run forge test --match-path "test/compliance/CompliantFiatTokenV2.t.sol" +ok "CompliantFiatTokenV2 base token suite passed." + +run forge test --match-path "test/bridge/CWReserveVerifierVaultIntegration.t.sol" +ok "Legacy reserve-verifier bridge compatibility suite passed." + +run forge test --match-path "test/bridge/CWReserveVerifierVaultV2Integration.t.sol" +ok "V2 reserve-verifier + full L1/L2 transport suite passed." + +run forge test --match-path "test/bridge/CWMultiTokenBridge.t.sol" +ok "Core CWMultiTokenBridge round-trip suite passed." + +popd >/dev/null + +log "" +ok "c* V2 bridge and transport stack is green." diff --git a/scripts/verify/check-gru-transport-preflight.sh b/scripts/verify/check-gru-transport-preflight.sh new file mode 100755 index 0000000..7823e94 --- /dev/null +++ b/scripts/verify/check-gru-transport-preflight.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +# Verify GRU Monetary Transport Layer runtime readiness via /api/v1/bridge/preflight. +# Usage: bash scripts/verify/check-gru-transport-preflight.sh [base_url] +# base_url: Optional API base, defaults to https://explorer.d-bis.org +# +# Exit codes: +# 0 = endpoint healthy and, unless ALLOW_BLOCKED=1, no blocked pairs remain +# 1 = endpoint unreachable, wrong payload, or blocked pairs remain +# +# Env: +# SKIP_EXIT=1 Print diagnostics but always exit 0 +# ALLOW_BLOCKED=1 Treat blocked pairs as warnings instead of failures + +set -euo pipefail + +BASE_URL="${1:-${BASE_URL:-https://explorer.d-bis.org}}" +BASE_URL="${BASE_URL%/}" +SKIP_EXIT="${SKIP_EXIT:-0}" +ALLOW_BLOCKED="${ALLOW_BLOCKED:-0}" +HAD_FAILURE=0 + +log() { printf '%s\n' "$*"; } +ok() { printf '[OK] %s\n' "$*"; } +warn() { printf '[WARN] %s\n' "$*"; } +fail() { + printf '[FAIL] %s\n' "$*" + HAD_FAILURE=1 + if [[ "$SKIP_EXIT" != "1" ]]; then + exit 1 + fi +} + +tmp_body="$(mktemp)" +trap 'rm -f "$tmp_body"' EXIT + +fetch_preflight() { + local prefix + for prefix in "" "/token-aggregation"; do + local url="${BASE_URL}${prefix}/api/v1/bridge/preflight" + local code + code="$(curl -sS -o "$tmp_body" -w "%{http_code}" -m 25 "$url" 2>/dev/null || echo "000")" + if [[ "$code" == "200" ]]; then + printf '%s\n' "$prefix" + return 0 + fi + done + return 1 +} + +log "=== GRU Transport preflight ===" +log "Base URL: $BASE_URL" +log "" + +if ! prefix="$(fetch_preflight)"; then + fail "Could not fetch /api/v1/bridge/preflight on either /api/v1 or /token-aggregation/api/v1." +fi + +if ! jq -e ' + type == "object" and + (.gruTransport | type == "object") and + (.gruTransport.summary.transportPairs | type == "number") and + (.gruTransport.blockedPairs | type == "array") and + (.gruTransport.readyPairs | type == "array") +' "$tmp_body" >/dev/null 2>&1; then + summary="$(head -c 300 "$tmp_body" | tr '\n' ' ')" + fail "Unexpected /api/v1/bridge/preflight payload shape. Sample: $summary" +fi + +transport_pairs="$(jq -r '.gruTransport.summary.transportPairs // 0' "$tmp_body")" +runtime_ready_pairs="$(jq -r '.gruTransport.summary.runtimeReadyTransportPairs // 0' "$tmp_body")" +blocked_pairs="$(jq -r '.gruTransport.blockedPairs | length' "$tmp_body")" +ready_pairs="$(jq -r '.gruTransport.readyPairs | length' "$tmp_body")" + +display_path="${prefix}/api/v1/bridge/preflight" +if [[ -z "$prefix" ]]; then + display_path="/api/v1/bridge/preflight" +fi +ok "Preflight endpoint reachable at ${display_path}" +log "Transport pairs: $transport_pairs" +log "Runtime-ready pairs: $runtime_ready_pairs" +log "Ready pairs returned: $ready_pairs" +log "Blocked pairs returned: $blocked_pairs" + +if (( blocked_pairs > 0 )); then + log "" + warn "Blocked GRU transport pairs:" + jq -r ' + .gruTransport.blockedPairs[] + | "- \(.key): eligibilityBlockers=\(((.eligibilityBlockers // []) | join(",")) // "") runtimeMissingRequirements=\(((.runtimeMissingRequirements // []) | join(",")) // "")" + ' "$tmp_body" + + if [[ "$ALLOW_BLOCKED" != "1" ]]; then + fail "GRU transport preflight has blocked pairs. Set ALLOW_BLOCKED=1 for diagnostic-only mode." + else + warn "ALLOW_BLOCKED=1 set: blocked pairs reported without failing." + fi +else + ok "All active GRU transport pairs are runtime-ready." +fi + +if [[ "$SKIP_EXIT" == "1" ]]; then + warn "SKIP_EXIT=1 set: diagnostic mode." +fi diff --git a/scripts/verify/check-public-report-api.sh b/scripts/verify/check-public-report-api.sh new file mode 100755 index 0000000..2f20c3f --- /dev/null +++ b/scripts/verify/check-public-report-api.sh @@ -0,0 +1,128 @@ +#!/usr/bin/env bash +# Verify that the public token-aggregation/report API is reachable and not misrouted to Blockscout. +# Usage: bash scripts/verify/check-public-report-api.sh [base_url] +# base_url: Optional API base, defaults to https://explorer.d-bis.org +# +# Exit codes: +# 0 = all expected endpoints returned token-aggregation-style JSON +# 1 = one or more endpoints returned the wrong shape or were unreachable +# Set SKIP_EXIT=1 to print diagnostics but exit 0. +# Set KEEP_GOING=1 to keep checking every endpoint before exiting non-zero. +# Set SKIP_BRIDGE_ROUTES=0 to assert /api/v1/bridge/routes payload shape. +# Set SKIP_BRIDGE_PREFLIGHT=0 to assert /api/v1/bridge/preflight payload shape. + +set -euo pipefail + +BASE_URL="${1:-https://explorer.d-bis.org}" +SKIP_EXIT="${SKIP_EXIT:-0}" +KEEP_GOING="${KEEP_GOING:-0}" +HAD_FAILURE=0 + +log() { printf '%s\n' "$*"; } +ok() { printf '[OK] %s\n' "$*"; } +warn() { printf '[WARN] %s\n' "$*"; } +fail() { + printf '[FAIL] %s\n' "$*" + HAD_FAILURE=1 + if [[ "$SKIP_EXIT" != "1" && "$KEEP_GOING" != "1" ]]; then + exit 1 + fi +} + +check_json_shape() { + local name="$1" + local url="$2" + local jq_expr="$3" + local expected_desc="$4" + local response + local body + local status + + if ! response="$(curl -sSL --max-time 20 -w $'\n%{http_code}' "$url" 2>/dev/null)"; then + fail "$name request failed: $url" + return 0 + fi + + status="$(printf '%s' "$response" | tail -n 1)" + body="$(printf '%s' "$response" | sed '$d')" + + if printf '%s' "$body" | jq -e 'type == "object" and has("message") and has("result") and has("status")' >/dev/null 2>&1; then + fail "$name is returning Blockscout-style JSON (HTTP $status) instead of token-aggregation JSON. See docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md" + return 0 + fi + + if printf '%s' "$body" | jq -e 'type == "object" and has("error")' >/dev/null 2>&1; then + local api_error + api_error="$(printf '%s' "$body" | jq -r '.error' 2>/dev/null || echo 'unknown error')" + fail "$name returned token-aggregation error payload (HTTP $status): $api_error" + return 0 + fi + + if printf '%s' "$body" | jq -e "$jq_expr" >/dev/null 2>&1; then + ok "$name healthy ($expected_desc, HTTP $status)" + return 0 + fi + + local summary + summary="$(printf '%s' "$body" | head -c 240 | tr '\n' ' ')" + fail "$name returned unexpected payload (HTTP $status). Expected $expected_desc. Sample: $summary" +} + +log "=== Public report API check ===" +log "Base URL: $BASE_URL" +log "" + +check_json_shape \ + "token-list" \ + "$BASE_URL/api/v1/report/token-list?chainId=138" \ + 'type == "object" and (.tokens | type == "array")' \ + 'object with .tokens[]' + +check_json_shape \ + "coingecko report" \ + "$BASE_URL/api/v1/report/coingecko?chainId=138" \ + 'type == "object"' \ + 'token-aggregation report JSON object' + +check_json_shape \ + "cmc report" \ + "$BASE_URL/api/v1/report/cmc?chainId=138" \ + 'type == "object"' \ + 'token-aggregation report JSON object' + +check_json_shape \ + "networks" \ + "$BASE_URL/api/v1/networks" \ + 'type == "object" and (.networks | type == "array")' \ + 'object with .networks[]' + +# Bridge routes (requires token-aggregation build with GET /api/v1/bridge/routes). Off by default until edge is deployed. +if [[ "${SKIP_BRIDGE_ROUTES:-1}" != "1" ]]; then + check_json_shape \ + "bridge-routes" \ + "$BASE_URL/api/v1/bridge/routes" \ + 'type == "object" and (.chain138Bridges | type == "object") and (.routes | type == "object")' \ + 'object with .chain138Bridges and .routes' +fi + +# GRU preflight (shape only; does not require all pairs to be runtime-ready). Off by default until edge is deployed. +if [[ "${SKIP_BRIDGE_PREFLIGHT:-1}" != "1" ]]; then + check_json_shape \ + "bridge-preflight" \ + "$BASE_URL/api/v1/bridge/preflight" \ + 'type == "object" and (.gruTransport | type == "object") and (.gruTransport.summary.transportPairs | type == "number") and (.gruTransport.blockedPairs | type == "array")' \ + 'object with .gruTransport.summary and .gruTransport.blockedPairs[]' +fi + +log "" +if (( HAD_FAILURE > 0 )); then + if [[ "$SKIP_EXIT" == "1" ]]; then + warn "SKIP_EXIT=1 set: non-healthy endpoints were reported without failing." + elif [[ "$KEEP_GOING" == "1" ]]; then + exit 1 + fi +elif [[ "$SKIP_EXIT" == "1" ]]; then + warn "SKIP_EXIT=1 set: non-healthy endpoints were reported without failing." +else + ok "Public report API endpoints look healthy." +fi diff --git a/scripts/verify/check-rpc-fqdns-e2e.sh b/scripts/verify/check-rpc-fqdns-e2e.sh new file mode 100755 index 0000000..663da6f --- /dev/null +++ b/scripts/verify/check-rpc-fqdns-e2e.sh @@ -0,0 +1,121 @@ +#!/usr/bin/env bash +# E2E: every public RPC FQDN — HTTP JSON-RPC eth_chainId (+ WSS where listed). +# Exit 0 only if all HTTP checks pass; WSS failures warn unless STRICT_WSS=1 (then exit 1). +# +# Usage: bash scripts/verify/check-rpc-fqdns-e2e.sh +# Env: RPC_TIMEOUT_SEC (default 25), STRICT_WSS=1 to fail on wscat errors + +set -euo pipefail + +TO="${RPC_TIMEOUT_SEC:-25}" +BODY='{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' +# Chain 138 +EXPECT='0x8a' + +# HTTP JSON-RPC hostnames (inventory: verify-end-to-end-routing.sh + RPC_ENDPOINTS_MASTER + NPM tw-core / core-2) +HTTP_FQDNS=( + rpc-http-pub.d-bis.org + rpc.d-bis.org + rpc2.d-bis.org + rpc-http-prv.d-bis.org + rpc-fireblocks.d-bis.org + rpc.public-0138.defi-oracle.io + rpc.defi-oracle.io + rpc-alltra.d-bis.org + rpc-alltra-2.d-bis.org + rpc-alltra-3.d-bis.org + rpc-hybx.d-bis.org + rpc-hybx-2.d-bis.org + rpc-hybx-3.d-bis.org + rpc.tw-core.d-bis.org + rpc-core-2.d-bis.org + rpc-core.d-bis.org +) + +# WebSocket RPC hostnames (wss://) +WS_FQDNS=( + rpc-ws-pub.d-bis.org + ws.rpc.d-bis.org + ws.rpc2.d-bis.org + rpc-ws-prv.d-bis.org + ws.rpc-fireblocks.d-bis.org + wss.defi-oracle.io + wss.tw-core.d-bis.org +) + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +echo "" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "RPC FQDN E2E — eth_chainId (HTTP) + WSS smoke" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "" + +http_fail=0 +echo -e "${BLUE}--- HTTP (POST / JSON-RPC) ---${NC}" +for host in "${HTTP_FQDNS[@]}"; do + url="https://${host}" + if ! getent ahosts "$host" >/dev/null 2>&1; then + echo -e "${YELLOW}SKIP${NC} $url — hostname does not resolve (add DNS or use Core IP :8545)" + continue + fi + resp=$(mktemp) + code=$(curl -sS -m "$TO" -X POST "$url" \ + -H 'Content-Type: application/json' \ + -d "$BODY" \ + -k -w '%{http_code}' -o "$resp" 2>/dev/null || echo "000") + cid=$(jq -r '.result // empty' "$resp" 2>/dev/null || true) + err=$(head -c 120 "$resp" 2>/dev/null | tr -d '\r\n') + rm -f "$resp" + if [[ "$code" == "200" && "$cid" == "$EXPECT" ]]; then + echo -e "${GREEN}OK${NC} $url chainId=$cid" + elif [[ "$code" == "200" && -n "$cid" ]]; then + echo -e "${YELLOW}WARN${NC} $url HTTP $code chainId=$cid (expected $EXPECT)" + ((http_fail++)) || true + else + echo -e "${RED}FAIL${NC} $url HTTP $code ${err}" + ((http_fail++)) || true + fi +done + +echo "" +echo -e "${BLUE}--- WebSocket (wscat eth_chainId) ---${NC}" +ws_fail=0 +if ! command -v wscat >/dev/null 2>&1; then + echo -e "${YELLOW}SKIP${NC} wscat not installed (npm i -g wscat)" + ws_fail=0 +else + for host in "${WS_FQDNS[@]}"; do + if out=$(timeout "$((TO + 5))" wscat -n -c "wss://${host}" -x "$BODY" -w 8 2>&1); then + if echo "$out" | grep -q '"result"'; then + echo -e "${GREEN}OK${NC} wss://${host}" + else + echo -e "${YELLOW}OK*${NC} wss://${host} (connected, no JSON line)" + fi + else + echo -e "${RED}FAIL${NC} wss://${host} $(echo "$out" | tail -1)" + ((ws_fail++)) || true + fi + done +fi + +echo "" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +if [[ "$http_fail" -eq 0 ]]; then + echo -e "${GREEN}HTTP: all passed ($EXPECT)${NC}" +else + echo -e "${RED}HTTP: $http_fail failure(s)${NC}" +fi +if [[ "${STRICT_WSS:-0}" == "1" ]] && [[ "$ws_fail" -gt 0 ]]; then + echo -e "${RED}WSS: $ws_fail failure(s) (STRICT_WSS=1)${NC}" + exit 1 +fi +if [[ "$http_fail" -gt 0 ]]; then + exit 1 +fi +echo -e "${GREEN}Done.${NC}" +exit 0 diff --git a/scripts/verify/check-token-aggregation-chain138-api.sh b/scripts/verify/check-token-aggregation-chain138-api.sh new file mode 100755 index 0000000..e1b7118 --- /dev/null +++ b/scripts/verify/check-token-aggregation-chain138-api.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash +# Verify token-aggregation HTTP surface for Chain 138 (pools, quotes, bridge routes, and GRU preflight). +# Usage: BASE_URL=https://explorer.d-bis.org bash scripts/verify/check-token-aggregation-chain138-api.sh +# Tries both /api/v1/* and /token-aggregation/api/v1/* (explorer nginx layouts differ). + +set -euo pipefail + +BASE_URL="${BASE_URL:-https://explorer.d-bis.org}" +BASE_URL="${BASE_URL%/}" + +CUSDT="0x93E66202A11B1772E55407B32B44e5Cd8eda7f22" +CUSDC="0xf22258f57794CC8E06237084b353Ab30fFfa640b" + +try_path() { + local prefix="$1" + local path="$2" + local url="${BASE_URL}${prefix}${path}" + local code + code=$(curl -sS -o /tmp/ta-check.json -w "%{http_code}" -m 25 "$url" || echo "000") + echo " $code ${prefix}${path}" + if [[ "$code" == 200 ]]; then + head -c 220 /tmp/ta-check.json + echo + fi +} + +echo "== Token-aggregation checks against ${BASE_URL} ==" +for prefix in "" "/token-aggregation"; do + echo "" + echo "-- prefix: ${prefix:-/} (root /api/v1) --" + try_path "${prefix}" "/api/v1/tokens?chainId=138&limit=3&includeDodoPool=true" + try_path "${prefix}" "/api/v1/tokens/${CUSDT}/pools?chainId=138" + try_path "${prefix}" "/api/v1/quote?chainId=138&tokenIn=${CUSDT}&tokenOut=${CUSDC}&amountIn=1000000" + try_path "${prefix}" "/api/v1/bridge/routes" + try_path "${prefix}" "/api/v1/bridge/status" + try_path "${prefix}" "/api/v1/bridge/preflight" + try_path "${prefix}" "/api/v1/networks" +done + +echo "" +echo "" +echo "== bridge summary ==" +for prefix in "" "/token-aggregation"; do + code=$(curl -sS -o /tmp/br.json -w "%{http_code}" -m 20 "${BASE_URL}${prefix}/api/v1/bridge/routes" 2>/dev/null || echo 000) + echo "${prefix:-/} -> HTTP $code" + if [[ "$code" == "200" ]] && command -v jq >/dev/null 2>&1; then + jq '{weth9: .chain138Bridges.weth9, weth10: .chain138Bridges.weth10}' /tmp/br.json 2>/dev/null || head -c 200 /tmp/br.json + echo + fi +done + +echo "" +echo "== bridge/preflight summary ==" +for prefix in "" "/token-aggregation"; do + code=$(curl -sS -o /tmp/gru-preflight.json -w "%{http_code}" -m 20 "${BASE_URL}${prefix}/api/v1/bridge/preflight" 2>/dev/null || echo 000) + echo "${prefix:-/} -> HTTP $code" + if [[ "$code" == "200" ]] && command -v jq >/dev/null 2>&1; then + jq '{transportPairs: .gruTransport.summary.transportPairs, runtimeReadyTransportPairs: .gruTransport.summary.runtimeReadyTransportPairs, blockedPairs: (.gruTransport.blockedPairs | length)}' /tmp/gru-preflight.json 2>/dev/null || head -c 200 /tmp/gru-preflight.json + echo + fi +done + +echo "" +echo "Notes:" +echo " - Empty tokens/pools: set DATABASE_URL + migrations; RPC to 138; PMM integration now defaults on-chain if env unset." +echo " - bridge/routes 404: redeploy token-aggregation from repo (implements GET /api/v1/bridge/routes)." +echo " - bridge/preflight blocked pairs: run bash scripts/verify/check-gru-transport-preflight.sh [BASE_URL] for exact missing refs." +echo " - Health: curl -s http://127.0.0.1:3001/health on explorer VM (not always proxied as /health)." diff --git a/scripts/verify/export-cloudflare-dns-records.sh b/scripts/verify/export-cloudflare-dns-records.sh index 2638f0c..3902fd5 100755 --- a/scripts/verify/export-cloudflare-dns-records.sh +++ b/scripts/verify/export-cloudflare-dns-records.sh @@ -41,6 +41,7 @@ declare -A DOMAIN_ZONES=( ["rpc-http-pub.d-bis.org"]="d-bis.org" ["rpc-ws-pub.d-bis.org"]="d-bis.org" ["rpc-http-prv.d-bis.org"]="d-bis.org" + ["rpc-core.d-bis.org"]="d-bis.org" ["rpc-ws-prv.d-bis.org"]="d-bis.org" ["dbis-admin.d-bis.org"]="d-bis.org" ["dbis-api.d-bis.org"]="d-bis.org" diff --git a/scripts/verify/run-p1-local-verification.sh b/scripts/verify/run-p1-local-verification.sh new file mode 100755 index 0000000..4b40ffd --- /dev/null +++ b/scripts/verify/run-p1-local-verification.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +# P1 local verification — no LAN deploys, no Proxmox SSH, no on-chain txs. +# Completes automatable slices documented in docs/00-meta/TODOS_CONSOLIDATED.md (P1-F*). +# +# Usage: +# ./scripts/verify/run-p1-local-verification.sh # config + completable +# ./scripts/verify/run-p1-local-verification.sh --with-iru-tests # + dbis_core pnpm test:iru-marketplace +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +cd "$ROOT" + +WITH_IRU=0 +for a in "$@"; do + [[ "$a" == "--with-iru-tests" ]] && WITH_IRU=1 +done + +echo "== P1 local verification (repo root: $ROOT) ==" +echo "" + +echo "[1/3] validate-config-files.sh" +bash scripts/validation/validate-config-files.sh +echo "" + +echo "[2/3] run-completable-tasks-from-anywhere.sh" +./scripts/run-completable-tasks-from-anywhere.sh +echo "" + +if [[ "$WITH_IRU" -eq 1 ]]; then + echo "[3/3] dbis_core pnpm test:iru-marketplace" + if command -v pnpm &>/dev/null; then + (cd dbis_core && pnpm test:iru-marketplace) + else + echo "SKIP: pnpm not installed; run: cd dbis_core && pnpm test:iru-marketplace" + fi +else + echo "[3/3] SKIP IRU tests (pass --with-iru-tests to run)" +fi + +echo "" +echo "[OK] P1 local verification finished." diff --git a/scripts/verify/run-repo-green-test-path.sh b/scripts/verify/run-repo-green-test-path.sh new file mode 100755 index 0000000..5d74b1a --- /dev/null +++ b/scripts/verify/run-repo-green-test-path.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +# Run the repo's local deterministic green-path tests for Chain 138 / GRU transport. +# Usage: bash scripts/verify/run-repo-green-test-path.sh + +set -euo pipefail + +PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" + +log() { printf '%s\n' "$*"; } +ok() { printf '[OK] %s\n' "$*"; } + +run_step() { + local label="$1" + shift + log "" + log "=== ${label} ===" + "$@" +} + +run_step "Config validation" \ + bash "$PROJECT_ROOT/scripts/validation/validate-config-files.sh" + +run_step "Chain 138 package CI targets" \ + pnpm --dir "$PROJECT_ROOT/smom-dbis-138" run test:ci + +log "" +ok "Repo green-path tests passed." diff --git a/scripts/verify/submodules-clean.sh b/scripts/verify/submodules-clean.sh index 8c283b7..ecf40bd 100755 --- a/scripts/verify/submodules-clean.sh +++ b/scripts/verify/submodules-clean.sh @@ -1,9 +1,11 @@ #!/usr/bin/env bash # Exit 0 if every submodule has a clean working tree (no modified/untracked files). # Use in CI or after merges: bash scripts/verify/submodules-clean.sh +# Set SKIP_EXIT=1 to report dirty submodules without failing. set -euo pipefail ROOT="$(cd "$(dirname "$0")/../.." && pwd)" cd "$ROOT" +SKIP_EXIT="${SKIP_EXIT:-0}" tmp="$(mktemp)" trap 'rm -f "$tmp"' EXIT @@ -25,7 +27,10 @@ done < <(git config --file .gitmodules --get-regexp '^submodule\..*\.path$' | aw if (( dirty )); then echo "submodules-clean: dirty submodule working trees:" >&2 cat "$tmp" >&2 - exit 1 + if [[ "$SKIP_EXIT" != "1" ]]; then + exit 1 + fi + exit 0 fi echo "submodules-clean: OK (all submodules clean)" diff --git a/scripts/verify/sync-blockscout-address-labels-from-registry.sh b/scripts/verify/sync-blockscout-address-labels-from-registry.sh new file mode 100755 index 0000000..bedb62b --- /dev/null +++ b/scripts/verify/sync-blockscout-address-labels-from-registry.sh @@ -0,0 +1,284 @@ +#!/usr/bin/env bash +# Sync address labels from DBIS institutional registry JSON into Blockscout. +# Default: print the planned action only. Use --apply to write. +# +# Supported modes: +# http - POST JSON to a Blockscout-compatible label endpoint +# db - write primary labels directly into Blockscout Postgres address_names +# auto - prefer HTTP if the route exists; otherwise fall back to DB sync +# +# Registry shape: config/dbis-institutional/schemas/address-registry-entry.schema.json +# +# Env (HTTP mode): +# BLOCKSCOUT_BASE_URL default https://explorer.d-bis.org +# BLOCKSCOUT_LABEL_PATH default /api/v1/labels +# BLOCKSCOUT_API_KEY optional Bearer token if the endpoint requires it +# +# Env (DB mode): +# BLOCKSCOUT_DB_SSH_HOST default root@192.168.11.12 +# BLOCKSCOUT_DB_CT_VMID default 5000 +# BLOCKSCOUT_DB_CONTAINER default blockscout-postgres +# BLOCKSCOUT_DB_USER default blockscout +# BLOCKSCOUT_DB_NAME default blockscout +# +# Usage: +# bash scripts/verify/sync-blockscout-address-labels-from-registry.sh file1.json [file2.json ...] +# bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --from-dir config/dbis-institutional/registry +# bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry +# +set -euo pipefail + +APPLY=0 +FROM_DIR="" +SYNC_MODE="${BLOCKSCOUT_SYNC_MODE:-auto}" + +while [[ $# -gt 0 ]]; do + case "$1" in + --apply) APPLY=1; shift ;; + --from-dir=*) + FROM_DIR="${1#*=}" + shift + ;; + --from-dir) + FROM_DIR="${2:?}" + shift 2 + ;; + --mode=*) + SYNC_MODE="${1#*=}" + shift + ;; + --mode) + SYNC_MODE="${2:?}" + shift 2 + ;; + -h|--help) + sed -n '2,42p' "$0" | sed 's/^# \{0,1\}//' + exit 0 + ;; + *) break ;; + esac +done + +case "$SYNC_MODE" in + auto|http|db) ;; + *) + echo "error: --mode must be one of: auto, http, db" >&2 + exit 1 + ;; +esac + +BASE_URL="${BLOCKSCOUT_BASE_URL:-https://explorer.d-bis.org}" +LABEL_PATH="${BLOCKSCOUT_LABEL_PATH:-/api/v1/labels}" +URL="${BASE_URL%/}${LABEL_PATH}" + +BLOCKSCOUT_DB_SSH_HOST="${BLOCKSCOUT_DB_SSH_HOST:-root@192.168.11.12}" +BLOCKSCOUT_DB_CT_VMID="${BLOCKSCOUT_DB_CT_VMID:-5000}" +BLOCKSCOUT_DB_CONTAINER="${BLOCKSCOUT_DB_CONTAINER:-blockscout-postgres}" +BLOCKSCOUT_DB_USER="${BLOCKSCOUT_DB_USER:-blockscout}" +BLOCKSCOUT_DB_NAME="${BLOCKSCOUT_DB_NAME:-blockscout}" + +files=() +if [[ -n "$FROM_DIR" ]]; then + if [[ ! -d "$FROM_DIR" ]]; then + echo "error: --from-dir not a directory: $FROM_DIR" >&2 + exit 1 + fi + while IFS= read -r -d '' f; do + files+=("$f") + done < <(find "$FROM_DIR" -maxdepth 1 -name '*.json' -print0 2>/dev/null || true) +else + files=("$@") +fi + +if [[ ${#files[@]} -eq 0 ]]; then + echo "usage: $0 [--apply] [--mode auto|http|db] [--from-dir DIR] [...]" >&2 + echo " or: REGISTRY_DIR=... $0 --from-dir \"\$REGISTRY_DIR\"" >&2 + exit 1 +fi + +if ! command -v jq &>/dev/null; then + echo "error: jq is required" >&2 + exit 1 +fi + +sql_quote() { + printf "%s" "$1" | sed "s/'/''/g" +} + +probe_http_sync() { + local tmp status + tmp=$(mktemp) + status=$(curl -sS -o "$tmp" -w '%{http_code}' -X POST "$URL" -H 'Content-Type: application/json' --data '{}' || true) + local body + body=$(cat "$tmp") + rm -f "$tmp" + + # 2xx/4xx except 404 means the route exists and reached a handler. + if [[ "$status" =~ ^(200|201|202|204|400|401|403|405|409|415|422)$ ]]; then + return 0 + fi + + if [[ "$status" == "404" && "$body" == *'"error":"Not found"'* ]]; then + return 1 + fi + + return 1 +} + +run_db_sql() { + local sql="$1" + ssh "$BLOCKSCOUT_DB_SSH_HOST" \ + "pct exec ${BLOCKSCOUT_DB_CT_VMID} -- docker exec -i ${BLOCKSCOUT_DB_CONTAINER} psql -U ${BLOCKSCOUT_DB_USER} -d ${BLOCKSCOUT_DB_NAME} -v ON_ERROR_STOP=1 -f -" \ + <<<"$sql" +} + +emit_http() { + local display="$1" + local address="$2" + local label="$3" + local ltype="$4" + + local body + body=$(jq -nc --arg a "$address" --arg l "$label" --arg t "$ltype" '{address:$a,label:$l,type:$t}') + + if [[ "$APPLY" -ne 1 ]]; then + echo "PLAN mode=http file=$display" + echo " POST $URL" + echo " $body" + return 0 + fi + + local hdr=() + if [[ -n "${BLOCKSCOUT_API_KEY:-}" ]]; then + hdr=(-H "Authorization: Bearer ${BLOCKSCOUT_API_KEY}" -H "Content-Type: application/json") + else + hdr=(-H "Content-Type: application/json") + fi + + echo "POST $display -> $URL" + curl -fsS "${hdr[@]}" -X POST "$URL" -d "$body" >/dev/null + echo "ok http $address" +} + +emit_db() { + local display="$1" + local address="$2" + local label="$3" + local ltype="$4" + local normalized_address="${address#0x}" + normalized_address="${normalized_address#0X}" + normalized_address=$(printf '%s' "$normalized_address" | tr '[:upper:]' '[:lower:]') + + if [[ ! "$normalized_address" =~ ^[0-9a-f]{40}$ ]]; then + echo "skip (invalid address): $display" >&2 + return 0 + fi + + local metadata + metadata=$(jq -nc \ + --arg source "registry" \ + --arg registryFile "$display" \ + --arg labelType "$ltype" \ + '{source:$source,registryFile:$registryFile,labelType:$labelType}') + + local sql + sql=$(cat < CT $BLOCKSCOUT_DB_CT_VMID -> ${BLOCKSCOUT_DB_NAME}.public.address_names" + echo " address=$address label=$label type=$ltype" + return 0 + fi + + echo "UPSERT $display -> ${BLOCKSCOUT_DB_NAME}.public.address_names" + run_db_sql "$sql" >/dev/null + echo "ok db $address" +} + +emit_one() { + local file="$1" + local display="${2:-$file}" + local mode="$3" + local blob + blob=$(jq -e . "$file" 2>/dev/null) || { echo "skip (invalid JSON): $display" >&2; return 0; } + + local status address label ltype + status=$(echo "$blob" | jq -r '.status // "active"') + [[ "$status" == "active" ]] || { echo "skip (status=$status): $display" >&2; return 0; } + + address=$(echo "$blob" | jq -r '.address // empty') + label=$(echo "$blob" | jq -r '.blockscout.label // empty') + ltype=$(echo "$blob" | jq -r '.blockscout.labelType // "contract"') + + if [[ -z "$address" || -z "$label" ]]; then + echo "skip (missing address or blockscout.label): $display" >&2 + return 0 + fi + + case "$mode" in + http) emit_http "$display" "$address" "$label" "$ltype" ;; + db) emit_db "$display" "$address" "$label" "$ltype" ;; + *) + echo "error: unsupported mode: $mode" >&2 + return 1 + ;; + esac +} + +SELECTED_MODE="$SYNC_MODE" +if [[ "$SYNC_MODE" == "auto" && "$APPLY" -eq 1 ]]; then + if probe_http_sync; then + SELECTED_MODE="http" + else + SELECTED_MODE="db" + fi +fi + +for f in "${files[@]}"; do + [[ -f "$f" ]] || { echo "skip (not a file): $f" >&2; continue; } + if jq -e 'type == "object" and (.address|type=="string")' "$f" &>/dev/null; then + emit_one "$f" "$f" "$SELECTED_MODE" || exit 1 + elif jq -e 'type == "array"' "$f" &>/dev/null; then + tmpdir=$(mktemp -d) + len=$(jq 'length' "$f") + for ((i = 0; i < len; i++)); do + jq ".[$i]" "$f" >"$tmpdir/single.json" + emit_one "$tmpdir/single.json" "$f (item $i)" "$SELECTED_MODE" || { rm -rf "$tmpdir"; exit 1; } + done + rm -rf "$tmpdir" + else + echo "skip (not object or array of objects): $f" >&2 + fi +done + +if [[ "$APPLY" -ne 1 ]]; then + echo "" + echo "Dry run only. Re-run with --apply. Use --mode=db for this self-hosted Blockscout when /api/v1 labels is not available." +else + echo "" + echo "Completed in mode=$SELECTED_MODE." +fi diff --git a/scripts/verify/troubleshoot-rpc-failures.sh b/scripts/verify/troubleshoot-rpc-failures.sh index b4cc8fc..6f8ed66 100644 --- a/scripts/verify/troubleshoot-rpc-failures.sh +++ b/scripts/verify/troubleshoot-rpc-failures.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Troubleshoot the 6 E2E RPC HTTP failures (405 at edge). +# Troubleshoot E2E RPC HTTP failures (405 at edge); tests 7 primary FQDNs (+ optional --lan NPM Host checks). # Usage: bash scripts/verify/troubleshoot-rpc-failures.sh [--lan] # --lan Also test NPMplus direct (192.168.11.167) with Host header; requires LAN access. @@ -17,6 +17,7 @@ RPC_DOMAINS=( "rpc.d-bis.org" "rpc2.d-bis.org" "rpc-http-prv.d-bis.org" + "rpc-core.d-bis.org" "rpc.defi-oracle.io" ) RPC_BODY='{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' @@ -35,7 +36,7 @@ info() { echo -e "${BLUE}[INFO]${NC} $1"; } echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -echo "Troubleshoot 6 RPC E2E failures (POST → public IP)" +echo "Troubleshoot RPC E2E failures (POST → public IP)" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "" diff --git a/scripts/verify/verify-end-to-end-routing.sh b/scripts/verify/verify-end-to-end-routing.sh index 10cabb1..dcd60a9 100755 --- a/scripts/verify/verify-end-to-end-routing.sh +++ b/scripts/verify/verify-end-to-end-routing.sh @@ -65,10 +65,13 @@ declare -A DOMAIN_TYPES_ALL=( ["ws.rpc.d-bis.org"]="rpc-ws" ["ws.rpc2.d-bis.org"]="rpc-ws" ["rpc-http-prv.d-bis.org"]="rpc-http" + ["rpc-core.d-bis.org"]="rpc-http" ["rpc-ws-prv.d-bis.org"]="rpc-ws" ["rpc-fireblocks.d-bis.org"]="rpc-http" ["ws.rpc-fireblocks.d-bis.org"]="rpc-ws" + ["admin.d-bis.org"]="web" ["dbis-admin.d-bis.org"]="web" + ["core.d-bis.org"]="web" ["dbis-api.d-bis.org"]="api" ["dbis-api-2.d-bis.org"]="api" ["secure.d-bis.org"]="web" @@ -111,6 +114,19 @@ declare -A DOMAIN_TYPES_ALL=( ["gitea.d-bis.org"]="web" ["dev.d-bis.org"]="web" ["codespaces.d-bis.org"]="web" + # DBIS institutional multi-portal program (optional-when-fail until provisioned) + ["d-bis.org"]="web" + ["www.d-bis.org"]="web" + ["members.d-bis.org"]="web" + ["developers.d-bis.org"]="web" + ["data.d-bis.org"]="api" + ["research.d-bis.org"]="web" + ["policy.d-bis.org"]="web" + ["ops.d-bis.org"]="web" + ["identity.d-bis.org"]="web" + ["status.d-bis.org"]="web" + ["sandbox.d-bis.org"]="web" + ["interop.d-bis.org"]="web" ) # Private/admin profile domains (private RPC + Fireblocks RPC only). declare -a PRIVATE_PROFILE_DOMAINS=( @@ -174,7 +190,7 @@ else fi # Domains that are optional when any test fails (off-LAN, 502, unreachable); fail → skip so run passes. -_PUB_OPTIONAL_WHEN_FAIL="dapp.d-bis.org mifos.d-bis.org explorer.d-bis.org dbis-admin.d-bis.org dbis-api.d-bis.org dbis-api-2.d-bis.org secure.d-bis.org sankofa.nexus www.sankofa.nexus phoenix.sankofa.nexus www.phoenix.sankofa.nexus the-order.sankofa.nexus www.the-order.sankofa.nexus studio.sankofa.nexus keycloak.sankofa.nexus admin.sankofa.nexus portal.sankofa.nexus dash.sankofa.nexus docs.d-bis.org blockscout.defi-oracle.io mim4u.org www.mim4u.org secure.mim4u.org training.mim4u.org rpc-http-pub.d-bis.org rpc.d-bis.org rpc2.d-bis.org rpc.public-0138.defi-oracle.io rpc.defi-oracle.io ws.rpc.d-bis.org ws.rpc2.d-bis.org" +_PUB_OPTIONAL_WHEN_FAIL="dapp.d-bis.org mifos.d-bis.org explorer.d-bis.org admin.d-bis.org dbis-admin.d-bis.org core.d-bis.org dbis-api.d-bis.org dbis-api-2.d-bis.org secure.d-bis.org d-bis.org www.d-bis.org members.d-bis.org developers.d-bis.org data.d-bis.org research.d-bis.org policy.d-bis.org ops.d-bis.org identity.d-bis.org status.d-bis.org sandbox.d-bis.org interop.d-bis.org sankofa.nexus www.sankofa.nexus phoenix.sankofa.nexus www.phoenix.sankofa.nexus the-order.sankofa.nexus www.the-order.sankofa.nexus studio.sankofa.nexus keycloak.sankofa.nexus admin.sankofa.nexus portal.sankofa.nexus dash.sankofa.nexus docs.d-bis.org blockscout.defi-oracle.io mim4u.org www.mim4u.org secure.mim4u.org training.mim4u.org rpc-http-pub.d-bis.org rpc.d-bis.org rpc2.d-bis.org rpc-core.d-bis.org rpc.public-0138.defi-oracle.io rpc.defi-oracle.io ws.rpc.d-bis.org ws.rpc2.d-bis.org" _PRIV_OPTIONAL_WHEN_FAIL="rpc-http-prv.d-bis.org rpc-ws-prv.d-bis.org rpc-fireblocks.d-bis.org ws.rpc-fireblocks.d-bis.org" if [[ -z "${E2E_OPTIONAL_WHEN_FAIL:-}" ]]; then if [[ "$PROFILE" == "private" ]]; then @@ -199,6 +215,7 @@ declare -A E2E_HTTPS_PATH=( ["phoenix.sankofa.nexus"]="/health" ["www.phoenix.sankofa.nexus"]="/health" ["studio.sankofa.nexus"]="/studio/" + ["data.d-bis.org"]="/v1/health" ) # Expected apex URL for NPM www → canonical 301/308 (Location must use this host; path from E2E_HTTPS_PATH must appear when set)