docs: use Gitea for internal repo references (FusionAI, cross-chain-pmm-lps, clone URL)

- Sankofa/FusionAI-Creator: REPO_URL and doc links → gitea.d-bis.org/d-bis/FusionAI-Creator
- cross-chain-pmm-lps doc link → Gitea
- trust-wallet registry source → gitea.d-bis.org/d-bis
- README: clone URL and note that canonical source is Gitea; public refs (GRU policy, token lists) stay on GitHub

Made-with: Cursor

README.md

@@ -33,9 +33,9 @@ This will:
 
 ### Manual Setup
 
-1. **Clone the repository** (if not already done):
+1. **Clone the repository** (if not already done). Canonical source is **Gitea** (use Gitea for clone and internal repo references; public references such as GRU Monetary Policy and token lists remain on GitHub where applicable):
    ```bash
-   git clone <repository-url>
+   git clone https://gitea.d-bis.org/d-bis/proxmox.git
    cd proxmox
    ```
 

docs/03-deployment/SANKOFA_STUDIO_DEPLOYMENT.md

@@ -0,0 +1,159 @@
+# Sankofa Studio (FusionAI Creator) — Proxmox Deployment
+
+**Last Updated:** 2026-02-28  
+**Status:** Active  
+**White-label URL:** [https://studio.sankofa.nexus](https://studio.sankofa.nexus)
+
+---
+
+## Overview
+
+**Sankofa Studio** is the white-label SaaS offering of **FusionAI Creator** (multi-modal AI creative production: audio, image, video, UE5 export). It is deployed as a single Proxmox LXC (VMID **7805**) running the full stack via Docker Compose: API (port 8000), worker, Redis, and optional backend services (audio, image, video, UE5 export). The Studio UI is served at `/studio/` and the Phoenix Marketplace landing at `/marketplace/landing.html` on the same API origin.
+
+| Item | Value |
+|------|--------|
+| **VMID** | 7805 (Sankofa/Phoenix range 7800–8999) |
+| **Hostname** | sankofa-studio |
+| **IP** | 192.168.11.72 (`IP_SANKOFA_STUDIO` in `config/ip-addresses.conf`; .55 is VMID 10230 order-vault) |
+| **Node** | Default: r630-01 (override with `NODE`) |
+| **Public URL** | https://studio.sankofa.nexus |
+
+---
+
+## Architecture
+
+- **Single LXC** runs Docker and the FusionAI Creator stack (orchestrator API, worker, Redis, audio/image/video/ue5_export services).
+- **API** listens on `0.0.0.0:8000`; NPMplus proxies `studio.sankofa.nexus` → `http://192.168.11.72:8000`.
+- **Studio UI** at `https://studio.sankofa.nexus/studio/`; **Marketplace landing** at `https://studio.sankofa.nexus/marketplace/landing.html`.
+
+For scaled-out deployment (separate VMs per service), see FusionAI Creator [service-topology](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/specs/service-topology.md) and optional runbook updates.
+
+---
+
+## Prerequisites
+
+- Proxmox host with LXC support; Ubuntu 22.04 template: `local:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst`.
+- Git and network access from the container for clone (or copy repo into container via `REPO_PATH` on the Proxmox host).
+- NPMplus (VMID 10233) and Cloudflare DNS/tunnel as per [E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md](../05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md).
+
+---
+
+## Deploy (create LXC + Docker + app)
+
+The script uses `pct` (Proxmox Container Toolkit), which exists only on Proxmox nodes. Either run it **on** a Proxmox host or set **PROXMOX_HOST** so the script SSHs there to run `pct`.
+
+From the **proxmox** repo root:
+
+```bash
+source config/ip-addresses.conf 2>/dev/null || true
+
+# From another machine: SSH to Proxmox to run pct (use your Proxmox node IP, e.g. 192.168.11.11 or 192.168.11.12)
+PROXMOX_HOST=192.168.11.11 REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git ./scripts/deployment/deploy-sankofa-studio-lxc.sh
+
+# Or from the Proxmox host itself (e.g. after cloning the repo or copying the script):
+REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git ./scripts/deployment/deploy-sankofa-studio-lxc.sh
+
+# With production .env (secrets, API keys, backends)
+REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git \
+  ENV_FILE=/path/to/fusionai-production.env \
+  ./scripts/deployment/deploy-sankofa-studio-lxc.sh
+
+# From another host via SSH to Proxmox
+PROXMOX_HOST=192.168.11.11 REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git \
+  ./scripts/deployment/deploy-sankofa-studio-lxc.sh
+```
+
+- **--dry-run:** Print what would be done; no create or install.
+- **--skip-create:** Assume container 7805 already exists; only install Docker (if missing), clone/copy app, and run `docker compose up -d`.
+
+### Env overrides
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| VMID | 7805 | Container ID |
+| HOSTNAME | sankofa-studio | Container hostname |
+| IP_SANKOFA_STUDIO | 192.168.11.72 | Static IP (avoid .55: used by VMID 10230 order-vault) |
+| PROXMOX_HOST | (none) | SSH here to run `pct` |
+| NODE | (none) | Proxmox node for `pct --node` |
+| REPO_URL | (none) | Git URL to clone (preferred for remote deploy) |
+| REPO_PATH | (none) | Local path to copy into container (must be on Proxmox host when PROXMOX_HOST is set) |
+| ENV_FILE | (none) | Path to `.env` for FusionAI (API key, Redis, service URLs, TTS/image backends) |
+| MEMORY_MB | 8192 | RAM |
+| CORES | 4 | CPU cores |
+| DISK_GB | 60 | Root disk |
+| APP_DIR | /srv/fusionai-creator | Path inside container for the app |
+
+---
+
+## NPMplus proxy (studio.sankofa.nexus)
+
+1. In NPMplus (https://192.168.11.167 or your NPMplus URL), add **Proxy Host**:
+   - **Domain:** `studio.sankofa.nexus`
+   - **Scheme:** HTTP  
+   - **Forward hostname / IP:** `192.168.11.72`  
+   - **Forward port:** `8000`
+2. Request **SSL certificate** (Let's Encrypt or Cloudflare Origin) and enable **Force SSL**.
+
+---
+
+## Cloudflare DNS and tunnel (E2E)
+
+1. **DNS:** In Cloudflare (zone `sankofa.nexus`), add **CNAME** `studio` → `<your-tunnel>.cfargotunnel.com` (Proxied), or **A** `studio` → `76.53.10.36` if using direct port forward.
+2. **Tunnel (if used):** In Cloudflare Zero Trust → Networks → Tunnels, add **Public Hostname:** `studio.sankofa.nexus` → **URL** `https://192.168.11.167:443` (or your NPMplus origin; No TLS Verify if backend is HTTP).
+3. **E2E check:** Run [verify-end-to-end-routing.sh](../05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md) and ensure `studio.sankofa.nexus` passes DNS, SSL, and HTTPS (e.g. 200 on `/health` or `/studio/`).
+
+---
+
+## Production .env
+
+Use the template [sankofa-studio.env.example](sankofa-studio.env.example) in this directory. Set in `.env` (or `ENV_FILE` when deploying):
+
+- `FUSIONAI_ARTIFACT_ROOT` — persistent path for artifacts (e.g. `/data/artifacts`; mount volume in compose).
+- `FUSIONAI_REDIS_URL` — `redis://redis:6379/0` (compose service name).
+- `FUSIONAI_API_URL` — `http://api:8000` or public URL for webhooks.
+- Service URLs (inside compose): `FUSIONAI_AUDIO_SERVICE_URL=http://audio:8001`, etc.
+- Optional: `FUSIONAI_API_KEY`, `FUSIONAI_TTS_BACKEND`, `FUSIONAI_IMAGE_BACKEND`, and keys (ElevenLabs, OpenAI, Replicate) per [FusionAI Creator .env.example](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/.env.example).
+
+---
+
+## Updating the app
+
+```bash
+# From Proxmox host
+pct exec 7805 -- bash -c 'cd /srv/fusionai-creator && git pull && docker compose up -d --build'
+```
+
+Or SSH into the container and run the same.
+
+---
+
+## Health and verification
+
+- **Health:** `curl -s http://192.168.11.72:8000/health`
+- **Studio UI:** https://studio.sankofa.nexus/studio/
+- **Marketplace landing:** https://studio.sankofa.nexus/marketplace/landing.html
+
+---
+
+## VMID / IP reference
+
+See [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) for 7805 and the Sankofa Phoenix table. See [RPC_ENDPOINTS_MASTER.md](../04-configuration/RPC_ENDPOINTS_MASTER.md) for edge/NPMplus context.
+
+---
+
+## E2E flow
+
+For the full sequence (deploy → NPMplus → Cloudflare → verify), see **[SANKOFA_STUDIO_E2E_FLOW.md](SANKOFA_STUDIO_E2E_FLOW.md)**. Run:
+
+```bash
+./scripts/deployment/run-sankofa-studio-e2e.sh
+```
+
+With `REPO_URL` set, the script deploys then prints NPMplus and Cloudflare steps.
+
+---
+
+## Related
+
+- FusionAI Creator: [README](https://gitea.d-bis.org/d-bis/FusionAI-Creator), [RUNBOOK](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/RUNBOOK.md), [Sankofa Studio doc](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/sankofa-studio.md), [service-topology](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/specs/service-topology.md).
+- Proxmox: [VMID_ALLOCATION_FINAL.md](../02-architecture/VMID_ALLOCATION_FINAL.md) (7800–8999 Sankofa/Phoenix), [DAPP_LXC_DEPLOYMENT.md](DAPP_LXC_DEPLOYMENT.md) (pattern for LXC deploy).

docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md

@@ -0,0 +1,145 @@
+# Sankofa Studio — E2E Flow (studio.sankofa.nexus → 192.168.11.72:8000)
+
+**Last Updated:** 2026-02-28  
+**Purpose:** Execute the full E2E flow for Sankofa Studio (FusionAI Creator) at https://studio.sankofa.nexus.
+
+---
+
+## Summary
+
+| Step | Action | Where |
+|------|--------|--------|
+| 1 | Deploy LXC 7805 + Docker + FusionAI Creator | Proxmox host or via SSH |
+| 2 | Add NPMplus proxy: studio.sankofa.nexus → 192.168.11.72:8000 | NPMplus UI (192.168.11.167) |
+| 3 | Add Cloudflare DNS (and tunnel if used) | Cloudflare dashboard |
+| 4 | Verify health and E2E routing | From repo or LAN |
+
+---
+
+## Step 1: Deploy LXC and app
+
+From the **proxmox** repo root (or from a host that can SSH to Proxmox):
+
+```bash
+cd /home/intlc/projects/proxmox
+source config/ip-addresses.conf 2>/dev/null || true
+
+# Option A: Deploy with Git clone (set your FusionAI-Creator repo URL)
+export REPO_URL="https://gitea.d-bis.org/d-bis/FusionAI-Creator.git"
+# Optional: production .env
+# export ENV_FILE="/path/to/fusionai-production.env"
+
+# From Proxmox host:
+./scripts/deployment/deploy-sankofa-studio-lxc.sh
+
+# Option B: From another machine via SSH to Proxmox
+export PROXMOX_HOST=192.168.11.11
+./scripts/deployment/deploy-sankofa-studio-lxc.sh
+```
+
+- Use `--dry-run` to print commands only.
+- Use `--skip-create` if container 7805 already exists (only install/deploy app).
+
+After deploy, confirm the API is up:
+
+```bash
+curl -s http://192.168.11.72:8000/health
+```
+
+---
+
+## Step 2: NPMplus proxy
+
+**Automated (from repo root, requires NPM_PASSWORD in .env):**
+
+```bash
+cd /home/intlc/projects/proxmox
+bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh
+```
+
+Then request SSL for the host (one of the hosts without a cert):
+
+```bash
+FIRST_ONLY=1 bash scripts/request-npmplus-certificates.sh
+# Or run without FIRST_ONLY to request for all hosts missing certs
+```
+
+**Manual:** In **NPMplus** (https://192.168.11.167 or your NPMplus URL):
+
+1. Add **Proxy Host**
+   - **Domain names:** `studio.sankofa.nexus`
+   - **Scheme:** HTTP
+   - **Forward hostname / IP:** `192.168.11.72`
+   - **Forward port:** `8000`
+2. **SSL:** Request certificate (Let's Encrypt or Cloudflare Origin), enable **Force SSL**.
+
+---
+
+## Step 3: Cloudflare DNS and tunnel
+
+**Automated (from repo root, requires CLOUDFLARE_API_TOKEN and CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS in .env):**
+
+```bash
+cd /home/intlc/projects/proxmox
+bash scripts/cloudflare/add-studio-sankofa-dns.sh
+```
+
+This creates/updates **A** `studio.sankofa.nexus` → `76.53.10.36` (or `PUBLIC_IP` from .env).
+
+**Manual DNS (zone `sankofa.nexus`):**
+
+- **CNAME** `studio` → `<your-tunnel>.cfargotunnel.com` (Proxied), **or**
+- **A** `studio` → `76.53.10.36` (if using direct port forward to NPMplus).
+
+**Tunnel (if using Cloudflare Tunnel):**
+
+- In Zero Trust → Networks → Tunnels → your tunnel → Public Hostname:
+  - **Subdomain:** `studio` (or full hostname `studio.sankofa.nexus`)
+  - **URL:** `https://192.168.11.167:443` (NPMplus); **No TLS Verify** if backend is HTTP.
+
+---
+
+## Step 4: Verify E2E
+
+**Health (from LAN or Proxmox):**
+
+```bash
+curl -s http://192.168.11.72:8000/health
+curl -s http://192.168.11.72:8000/studio/ -o /dev/null -w "%{http_code}\n"
+```
+
+**Full E2E routing (includes studio.sankofa.nexus):**
+
+```bash
+cd /home/intlc/projects/proxmox
+bash scripts/verify/verify-end-to-end-routing.sh
+```
+
+- Report: `docs/04-configuration/verification-evidence/e2e-verification-<timestamp>/verification_report.md`
+- Optional: `ACCEPT_ANY_DNS=1` if DNS points to Fastly or other edge.
+
+**Browser:**
+
+- Studio UI: https://studio.sankofa.nexus/studio/
+- Marketplace landing: https://studio.sankofa.nexus/marketplace/landing.html
+
+---
+
+## One-liner (deploy + next steps)
+
+```bash
+cd /home/intlc/projects/proxmox && \
+  source config/ip-addresses.conf 2>/dev/null || true && \
+  REPO_URL="${REPO_URL:-https://gitea.d-bis.org/d-bis/FusionAI-Creator.git}" \
+  ./scripts/deployment/run-sankofa-studio-e2e.sh
+```
+
+If `REPO_URL` is set, the script runs the deploy then prints Step 2–4. If not set, it prints all steps.
+
+---
+
+## Reference
+
+- Full runbook: [SANKOFA_STUDIO_DEPLOYMENT.md](SANKOFA_STUDIO_DEPLOYMENT.md)
+- VMID 7805, IP 192.168.11.72: [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)
+- E2E runbook: [E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md](../05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md)

docs/04-configuration/pr-ready/trust-wallet-registry-chain138.json

@@ -0,0 +1,28 @@
+{
+  "id": "dfiometa",
+  "name": "Defi Oracle Meta Mainnet",
+  "coinId": 10000138,
+  "symbol": "ETH",
+  "decimals": 18,
+  "blockchain": "Ethereum",
+  "derivation": [
+    { "path": "m/44'/60'/0'/0/0" }
+  ],
+  "curve": "secp256k1",
+  "publicKeyType": "secp256k1Extended",
+  "chainId": "138",
+  "addressHasher": "keccak256",
+  "explorer": {
+    "url": "https://explorer.d-bis.org",
+    "txPath": "/tx/",
+    "accountPath": "/address/",
+    "sampleTx": "0xbc36c6050ea6b6f484009a1fcd8f8c6c2c2bd629661bc75fa5e84829c662a604",
+    "sampleAccount": "0x4A666F96fC8764181194447A7dFdb7d471b301C8"
+  },
+  "info": {
+    "url": "https://d-bis.org",
+    "source": "https://gitea.d-bis.org/d-bis",
+    "rpc": "https://rpc-http-pub.d-bis.org",
+    "documentation": "https://d-bis.org"
+  }
+}

docs/11-references/TOKEN_CONTRACT_DEPLOYMENTS_REMAINING.md

@@ -0,0 +1,126 @@
+# Token Contract Deployments — Remaining
+
+**Last Updated:** 2026-02-28  
+**Purpose:** Single list of all **remaining** token-related contract deployments (by category and chain).  
+**Related:** [TOKEN_CATEGORIES_CANONICAL](TOKEN_CATEGORIES_CANONICAL.md), [DEPLOYED_COINS_TOKENS_AND_NETWORKS](DEPLOYED_COINS_TOKENS_AND_NETWORKS.md), [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md).
+
+---
+
+## Summary
+
+| Category | Chain(s) | Status | Script / notes |
+|----------|----------|--------|----------------|
+| **1. Canonical 138 Compliant (extra)** | 138 | Not deployed | DeployCompliantFiatTokens.s.sol |
+| **2. ALL Mainnet (Alltra)** | 651940 | ACADT not deployed | No script in repo; TBD |
+| **3. Compliant Wrapped (cW\*)** | 1, 56, 137, 10, 42161, etc. | Not deployed | Bridge + pool-matrix per chain |
+| **4. D-WIN W on 138 / 651940** | 138, 651940 | Optional | DeployISO4217WSystem or extend |
+| **5. Vault ac\* / vdc\* / sdc\*** | 138 | After base tokens | DeployAcVdcSdcVaults (extend for new base) |
+| **6. cAUSDT** | 138 | Not deployed | Env / bridge when Alltra compliant token defined |
+
+---
+
+## 1. Canonical 138 Compliant — Remaining
+
+Tokens in **Category 1** that do not yet have deployed addresses on Chain 138 (WETH, WETH10, LINK, cUSDT, cUSDC are already deployed).
+
+### 1.1 DeployCompliantFiatTokens (CREATE2)
+
+**Script:** `smom-dbis-138/script/deploy/DeployCompliantFiatTokens.s.sol`
+
+**Tokens deployed by script:** cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT.
+
+**Prerequisite:** `CREATE2_FACTORY_ADDRESS` (e.g. from DeployDeterministicCore).
+
+**Command (example):**
+```bash
+cd smom-dbis-138
+source .env
+forge script script/deploy/DeployCompliantFiatTokens.s.sol:DeployCompliantFiatTokens \
+  --rpc-url $RPC_URL_138 --broadcast --private-key $PRIVATE_KEY --with-gas-price 1000000000
+```
+
+**After deploy:** Update [CHAIN138_TOKEN_ADDRESSES](CHAIN138_TOKEN_ADDRESSES.md) and env (e.g. `cEURC_ADDRESS_138`, `cEURT_ADDRESS_138`, …). Update token-aggregation `canonical-tokens.ts` FALLBACK_ADDRESSES or env if used.
+
+### 1.2 Optional: cCADT (Tether-style CAD)
+
+**Naming:** Category 1 uses **cCADT** (Tether CAD) and **cCADC** (Coin CAD). The current script deploys only **cCADC**. To deploy **cCADT** as well, add a line to `DeployCompliantFiatTokens.s.sol` (e.g. `_deploy(..., "cCADT", "Tether CAD (Compliant)", "CAD");`) and run the script again.
+
+### 1.3 cAUSDT (Compliant Alltra/USD T)
+
+**Status:** No deployment script in repo. Referenced in [TOKEN_CATEGORIES_CANONICAL](TOKEN_CATEGORIES_CANONICAL.md) and ISO4217/tests. Deploy or configure via env when the Alltra/bridge compliant USD token is defined.
+
+---
+
+## 2. ALL Mainnet (Alltra) — Remaining
+
+**Chain:** 651940 (ALL Mainnet).
+
+| Token | Description | Status |
+|-------|-------------|--------|
+| **ACADT** | Alltra CAD (Tether-style) | Not deployed; no script in repo. Address TBD when Alltra ecosystem adds CAD token. |
+| **ACADC** | Alltra CAD (Coin-style) | Optional; same as above. |
+
+AUSDT, USDT, USDC, WETH, WALL are already deployed on 651940. See [DEPLOYED_COINS_TOKENS_AND_NETWORKS](DEPLOYED_COINS_TOKENS_AND_NETWORKS.md) § Chain 651940.
+
+---
+
+## 3. Compliant Wrapped (cW*) — Remaining
+
+**Chains:** Ethereum (1), BSC (56), Polygon (137), Optimism (10), Arbitrum (42161), Base (8453), Avalanche (43114), etc.
+
+**Tokens:** cWUSDT, cWUSDC, cWEURT, cWEURC, cWGBPT, cWGBPC, cWAUDT, cWAUDC, cWJPYT, cWJPYC, cWCHFT, cWCHFC, **cWCADT**, **cWCADC**, cWUSDW, cWEURW, cWGBPW, cWAUDW, cWJPYW, cWCHFW, **cWCADW**.
+
+**Status:** No addresses in deployment-status; deployment from this repo not yet done. When a deployment path exists (bridge + factory or DODO):
+
+1. Deploy or bridge cW* tokens per chain.
+2. Create and fund PMM edge pools per [cross-chain-pmm-lps](https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps) pool-matrix and [LIQUIDITY_POOLS_MASTER_MAP](LIQUIDITY_POOLS_MASTER_MAP.md).
+
+**References:** [UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS](../03-deployment/UNDEPLOYED_CONTRACTS_PRE_DEPLOYMENT_TASKS.md) § 4.5, [DEPLOYMENT_ORDER_OF_OPERATIONS](../03-deployment/DEPLOYMENT_ORDER_OF_OPERATIONS.md) § 5.2.
+
+---
+
+## 4. D-WIN W Tokens — Remaining (optional)
+
+**Already deployed:** USDW, EURW, GBPW, AUDW, JPYW, CHFW, CADW on **Cronos (25)**. See [DEPLOYED_COINS_TOKENS_AND_NETWORKS](DEPLOYED_COINS_TOKENS_AND_NETWORKS.md) § Chain 25.
+
+**Remaining (optional):**
+
+| Chain | Tokens | Script / notes |
+|-------|--------|----------------|
+| **138** | USDW, EURW, GBPW, AUDW, JPYW, CHFW, CADW | DeployISO4217WSystem or extend; optional for Chain 138. |
+| **651940** | Same | Optional; same script or Alltra-specific deployment. |
+
+**Script:** `smom-dbis-138/script/deploy/iso4217w/DeployISO4217WSystem.s.sol` (Cronos deployment done; 138/651940 are optional).
+
+---
+
+## 5. Vault ac* / vdc* / sdc* — Remaining
+
+**Chain:** 138 (and optionally 651940).
+
+**Script:** `smom-dbis-138/script/deploy/vault/DeployAcVdcSdcVaults.s.sol`
+
+**Current scope:** Creates vaults for **acUSDC**, **acUSDT** (and corresponding vdc/sdc). Run after DeployVaultSystem and when cUSDC/cUSDT addresses are set.
+
+**Remaining:** After deploying **DeployCompliantFiatTokens** (cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT), extend DeployAcVdcSdcVaults (or add a new script) to create ac*/vdc*/sdc* for each new base token. See [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) § Vault ac* / vdc* / sdc*.
+
+---
+
+## 6. Naming reference (CAD and Alltra)
+
+| Symbol | Meaning | D-WIN | Wrapped (cW*) | Alltra |
+|--------|---------|-------|---------------|--------|
+| **cCADT** | Compliant Tether CAD | — | cWCADT | — |
+| **cCADC** | Compliant Canadian Dollar (Coin) | — | cWCADC | — |
+| **CADW** | D-WIN CAD W Token | ✅ Cronos | cWCADW | — |
+| **ACADT** | Alltra CAD (Tether-style) | — | — | ✅ To deploy |
+
+---
+
+## References
+
+- [TOKEN_CATEGORIES_CANONICAL](TOKEN_CATEGORIES_CANONICAL.md) — Category definitions and symbols
+- [CHAIN138_TOKEN_ADDRESSES](CHAIN138_TOKEN_ADDRESSES.md) — Deployed tokens on 138
+- [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) — Env, gas price, order
+- [CRONOS_FULL_DEPLOYMENT_TODO](../../smom-dbis-138/docs/deployment/CRONOS_FULL_DEPLOYMENT_TODO.md) — Token factories and scripts
+- [MULTI_CHAIN_EXECUTION_DETERMINISTIC_DEPLOYMENT](../runbooks/MULTI_CHAIN_EXECUTION_DETERMINISTIC_DEPLOYMENT.md) — CREATE2 and DeployCompliantFiatTokens

scripts/deployment/deploy-sankofa-studio-lxc.sh

@@ -0,0 +1,156 @@
+#!/usr/bin/env bash
+# Create LXC 7805 (sankofa-studio): FusionAI Creator stack (API + worker + services) for Sankofa Studio at https://studio.sankofa.nexus
+# Usage: ./scripts/deployment/deploy-sankofa-studio-lxc.sh [--dry-run] [--skip-create]
+#   --dry-run     Print commands only.
+#   --skip-create Use existing container 7805 (only install Docker / compose / deploy app).
+# Env: PROXMOX_HOST, NODE, VMID, HOSTNAME, IP_SANKOFA_STUDIO, REPO_URL or REPO_PATH, ENV_FILE.
+# See: docs/03-deployment/SANKOFA_STUDIO_DEPLOYMENT.md
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROXMOX_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+IP_CONFIG_PATH="${IP_CONFIG_PATH:-}"
+if [[ -n "$IP_CONFIG_PATH" && -f "$IP_CONFIG_PATH" ]]; then
+  source "$IP_CONFIG_PATH" 2>/dev/null || true
+elif [[ -f "$PROXMOX_ROOT/config/ip-addresses.conf" ]]; then
+  source "$PROXMOX_ROOT/config/ip-addresses.conf" 2>/dev/null || true
+elif [[ -f "$SCRIPT_DIR/../../config/ip-addresses.conf" ]]; then
+  source "$SCRIPT_DIR/../../config/ip-addresses.conf" 2>/dev/null || true
+fi
+
+VMID="${VMID:-${SANKOFA_STUDIO_VMID:-7805}}"
+HOSTNAME="${HOSTNAME:-sankofa-studio}"
+IP="${IP_SANKOFA_STUDIO:-192.168.11.72}"
+GATEWAY="${NETWORK_GATEWAY:-192.168.11.1}"
+NETWORK="${NETWORK:-vmbr0}"
+STORAGE="${STORAGE:-local-lvm}"
+TEMPLATE="${TEMPLATE:-local:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst}"
+MEMORY_MB="${MEMORY_MB:-8192}"
+CORES="${CORES:-4}"
+DISK_GB="${DISK_GB:-60}"
+REPO_URL="${REPO_URL:-}"
+REPO_PATH="${REPO_PATH:-}"
+ENV_FILE="${ENV_FILE:-}"
+APP_DIR="${APP_DIR:-/srv/fusionai-creator}"
+
+PROXMOX_HOST="${PROXMOX_HOST:-}"
+NODE="${NODE:-}"
+SSH_OPTS="-o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
+
+DRY_RUN=false
+SKIP_CREATE=false
+for a in "$@"; do
+  [[ "$a" == "--dry-run" ]] && DRY_RUN=true
+  [[ "$a" == "--skip-create" ]] && SKIP_CREATE=true
+done
+
+run_cmd() {
+  if [[ -n "$PROXMOX_HOST" ]]; then
+    ssh $SSH_OPTS root@"$PROXMOX_HOST" "$@"
+  else
+    bash -c "$*"
+  fi
+}
+
+run_pct() {
+  local node_opt=""
+  [[ -n "$NODE" && -z "$PROXMOX_HOST" ]] && node_opt="--node $NODE"
+  if [[ -n "$PROXMOX_HOST" ]]; then
+    ssh $SSH_OPTS root@"$PROXMOX_HOST" "pct $node_opt $*"
+  else
+    pct $node_opt "$@"
+  fi
+}
+
+pct_exec() {
+  run_pct "exec $VMID -- $*"
+}
+
+echo "=== Sankofa Studio LXC ($VMID) — $HOSTNAME ==="
+echo "URL: https://studio.sankofa.nexus → http://${IP}:8000"
+echo "IP: $IP | Memory: ${MEMORY_MB}MB | Cores: $CORES | Disk: ${DISK_GB}G"
+echo ""
+
+# pct runs only on Proxmox hosts; from another machine set PROXMOX_HOST to SSH there
+if ! $DRY_RUN && [[ -z "${PROXMOX_HOST:-}" ]] && ! command -v pct &>/dev/null; then
+  echo "ERROR: 'pct' not found. This script must run on a Proxmox host or with PROXMOX_HOST set."
+  echo ""
+  echo "From your current machine, run:"
+  echo "  PROXMOX_HOST=192.168.11.11 REPO_URL='https://gitea.d-bis.org/d-bis/FusionAI-Creator.git' $0"
+  echo ""
+  echo "Or SSH to the Proxmox host and run the script there (with REPO_URL set)."
+  exit 1
+fi
+
+if ! $SKIP_CREATE; then
+  if $DRY_RUN; then
+    echo "[DRY-RUN] Would create LXC $VMID with hostname=$HOSTNAME, ip=$IP/24 (Docker + FusionAI Creator)"
+    exit 0
+  fi
+
+  if run_pct list 2>/dev/null | grep -q " $VMID "; then
+    echo "Container $VMID already exists. Use --skip-create to only install/deploy app."
+    exit 0
+  fi
+
+  echo "Creating CT $VMID ($HOSTNAME)..."
+  node_opt=""
+  [[ -n "$NODE" && -z "$PROXMOX_HOST" ]] && node_opt="--node $NODE"
+  run_cmd "pct create $VMID $TEMPLATE \
+    --hostname $HOSTNAME \
+    --memory $MEMORY_MB \
+    --cores $CORES \
+    --rootfs $STORAGE:${DISK_GB} \
+    --net0 name=eth0,bridge=$NETWORK,ip=$IP/24,gw=$GATEWAY \
+    --nameserver ${DNS_PRIMARY:-1.1.1.1} \
+    --description 'Sankofa Studio (FusionAI Creator) - studio.sankofa.nexus. See docs/03-deployment/SANKOFA_STUDIO_DEPLOYMENT.md' \
+    --start 1 \
+    --onboot 1 \
+    --unprivileged 0 \
+    --features nesting=1 \
+    $node_opt"
+
+  echo "Waiting for container to boot..."
+  sleep 25
+fi
+
+if $DRY_RUN; then
+  echo "[DRY-RUN] Would install Docker, clone/copy app, set .env, docker-compose up -d"
+  exit 0
+fi
+
+echo "Installing Docker and Docker Compose..."
+pct_exec "bash -c 'export DEBIAN_FRONTEND=noninteractive && apt-get update -qq && apt-get install -y -qq ca-certificates curl gnupg'"
+# Docker repo: source os-release in same shell so \$ID and \$VERSION_CODENAME are set
+pct_exec "bash -c 'source /etc/os-release; install -m 0755 -d /etc/apt/keyrings; curl -fsSL \"https://download.docker.com/linux/\$ID/gpg\" | gpg --batch --dearmor -o /etc/apt/keyrings/docker.gpg; chmod a+r /etc/apt/keyrings/docker.gpg'"
+pct_exec "bash -c 'source /etc/os-release; echo \"deb [arch=\$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/\$ID \$VERSION_CODENAME stable\" | tee /etc/apt/sources.list.d/docker.list > /dev/null'"
+pct_exec "bash -c 'apt-get update -qq && apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin git'"
+pct_exec "systemctl enable docker && systemctl start docker"
+
+if [[ -z "$REPO_URL" && -z "$REPO_PATH" ]]; then
+  echo "REPO_URL or REPO_PATH not set. Skipping clone/copy. Create $APP_DIR and add docker-compose + .env manually, then run: docker compose -f $APP_DIR/docker-compose.yml up -d"
+  exit 0
+fi
+
+pct_exec "mkdir -p $(dirname "$APP_DIR")"
+if [[ -n "$REPO_PATH" && -d "$REPO_PATH" ]]; then
+  echo "Copying repo from $REPO_PATH into container..."
+  run_pct "push $VMID $REPO_PATH $APP_DIR"
+elif [[ -n "$REPO_URL" ]]; then
+  echo "Cloning $REPO_URL into container..."
+  pct_exec "bash -c 'git clone --depth 1 \"$REPO_URL\" \"$APP_DIR\"'"
+fi
+
+if [[ -n "$ENV_FILE" && -f "$ENV_FILE" ]]; then
+  echo "Pushing .env from $ENV_FILE..."
+  run_pct "push $VMID $ENV_FILE $APP_DIR/.env"
+fi
+
+echo "Starting FusionAI Creator stack (docker compose up -d)..."
+pct_exec "bash -c 'cd \"$APP_DIR\" && docker compose up -d'"
+
+echo ""
+echo "Done. Verify: curl -s http://${IP}:8000/health"
+echo "Studio UI: http://${IP}:8000/studio/"
+echo "Configure NPMplus: studio.sankofa.nexus -> http://${IP}:8000 (see SANKOFA_STUDIO_DEPLOYMENT.md)"

scripts/deployment/run-sankofa-studio-e2e.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+# Run Sankofa Studio E2E: deploy (when REPO_URL set) then print NPMplus, Cloudflare, and verify steps.
+# Usage: ./scripts/deployment/run-sankofa-studio-e2e.sh [--dry-run]
+# Env: REPO_URL (optional), ENV_FILE (optional), PROXMOX_HOST (optional).
+# See: docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROXMOX_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+cd "$PROXMOX_ROOT"
+
+source config/ip-addresses.conf 2>/dev/null || true
+
+IP="${IP_SANKOFA_STUDIO:-192.168.11.72}"
+VMID="${SANKOFA_STUDIO_VMID:-7805}"
+DRY_RUN=false
+[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true
+
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "  Sankofa Studio E2E — studio.sankofa.nexus → ${IP}:8000"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+if [[ -n "${REPO_URL:-}" ]]; then
+  echo "[Step 1] Deploying LXC ${VMID} and FusionAI Creator..."
+  if $DRY_RUN; then
+    ./scripts/deployment/deploy-sankofa-studio-lxc.sh --dry-run
+  else
+    ./scripts/deployment/deploy-sankofa-studio-lxc.sh
+  fi
+  echo ""
+else
+  echo "[Step 1] Skipped (REPO_URL not set). To deploy:"
+  echo "  export REPO_URL='https://gitea.d-bis.org/d-bis/FusionAI-Creator.git'"
+  echo "  ./scripts/deployment/deploy-sankofa-studio-lxc.sh"
+  echo ""
+fi
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "  Next: NPMplus + Cloudflare + Verify"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+echo "2. NPMplus (https://192.168.11.167):"
+echo "   Add Proxy Host: studio.sankofa.nexus → http://${IP}:8000"
+echo "   Request SSL, enable Force SSL."
+echo ""
+echo "3. Cloudflare (zone sankofa.nexus):"
+echo "   Add CNAME studio → <tunnel>.cfargotunnel.com (Proxied)"
+echo "   OR A record studio → 76.53.10.36"
+echo "   If using tunnel: add Public Hostname studio.sankofa.nexus → https://192.168.11.167:443"
+echo ""
+echo "4. Verify:"
+echo "   curl -s http://${IP}:8000/health"
+echo "   bash scripts/verify/verify-end-to-end-routing.sh"
+echo "   https://studio.sankofa.nexus/studio/"
+echo ""
+echo "Full flow: docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md"
+echo ""