d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: d-bis:master
Branches Tags
d-bis:master d-bis:main
..
compare: d-bis:main
Branches Tags
d-bis:main d-bis:master

42 Commits
master ... main

Author SHA1 Message Date
defiQUG
c6c57fa585 fix(it-ops): same-name IP dupes informational; Cloudflare SSL full helper
All checks were successful
Deploy to Phoenix / deploy (push) Successful in 5s
Details 
- compute_ipam_drift: exit 2 only when same IP + different guest names; add same_name_duplicate_ip_guests
- set-sankofa-zone-ssl-mode.sh: PATCH zone ssl (full|strict|flexible|off)
- Docs + bootstrap log; AGENTS Cloudflare SSL row

Made-with: Cursor
 2026-04-09 02:32:53 -07:00
defiQUG
3e7c9b9941 fix(npm): IT API TLS helper + treat certificate_id string 0 as missing
All checks were successful
Deploy to Phoenix / deploy (push) Successful in 6s
Details 
- jq select includes certificate_id == "0" for NPM JSON quirks
- request-it-api-tls-npm.sh wraps CERT_DOMAINS_FILTER for it-api.sankofa.nexus
- Docs: TLS command, Cloudflare redirect-loop note; spec remaining items

Made-with: Cursor
 2026-04-09 02:01:50 -07:00
defiQUG
a41c3adea0 feat(it-ops): LAN bootstrap for read API, NPM proxy, Cloudflare DNS
All checks were successful
Deploy to Phoenix / deploy (push) Successful in 6s
Details 
- bootstrap-sankofa-it-read-api-lan.sh: rsync /opt/proxmox, systemd + env file,
  repo .env keys, portal CT 7801 merge, weekly export timer; tolerate export exit 2
- upsert-it-read-api-proxy-host.sh, add-it-api-sankofa-dns.sh
- systemd example uses EnvironmentFile; docs, spec, AGENTS, read API README

Made-with: Cursor
 2026-04-09 01:50:14 -07:00
defiQUG
bd3424d78b docs(deploy): sync output points to sankofa-portal-merge-it-read-api-env
All checks were successful
Deploy to Phoenix / deploy (push) Successful in 5s
Details 
Made-with: Cursor
 2026-04-09 01:27:14 -07:00
defiQUG
236e71f0f0 feat(portal): merge IT_READ_API_* from repo .env to CT 7801
All checks were successful
Deploy to Phoenix / deploy (push) Successful in 6s
Details 
- Add sankofa-portal-merge-it-read-api-env-from-repo.sh (base64-safe upsert + restart)
- Document in SANKOFA_IT_OPS_KEYCLOAK_PORTAL_NEXT_STEPS.md

Made-with: Cursor
 2026-04-09 01:23:19 -07:00
defiQUG
61841b8291 feat(it-ops): live inventory, drift API, Keycloak IT role, portal sync hint 
- Add scripts/it-ops (Proxmox collector, IPAM drift, export orchestrator)
- Add sankofa-it-read-api stub with optional CORS and refresh
- Add systemd examples for read API, weekly inventory export, timer
- Add live-inventory-drift GitHub workflow (dispatch + weekly)
- Add IT controller spec, runbooks, Keycloak ensure-it-admin-role script
- Note IT_READ_API env on portal sync completion output

Made-with: Cursor
 2026-04-09 01:20:00 -07:00
defiQUG
4eead3e53f chore(submodules): smom Besu account allowlist — ops EOA for 2103 deploy 
Made-with: Cursor
 2026-04-08 08:34:14 -07:00
defiQUG
7d68a89074 chore(submodules): dbis_core gateway+IRU; explorer master; smom bridges+TA 
- dbis_core: SolaceNet rails, marketplace, tests (IRU + gateway HTTP).
- explorer-monorepo: Gitea master mission control, wallet, backend tests.
- smom-dbis-138: contracts, token-aggregation, relay templates; btc-intake dist gitignored.

Made-with: Cursor
 2026-04-07 23:40:59 -07:00
defiQUG
81c78f9c1c chore(submodules): MIM Azure chat + UI; the-order finance baskets and BTC flows 
Made-with: Cursor
 2026-04-07 22:59:46 -07:00
defiQUG
7058c9c300 chore(submodules): cross-chain sim refresh; metamask token sync; MIM env examples 
- cross-chain-pmm-lps: deployment status, pool matrix, scenario tooling.
- metamask-integration: token list and provider Chain 138 configs.
- miracles_in_motion: VITE chat env documentation only.

Made-with: Cursor
 2026-04-07 22:56:28 -07:00
defiQUG
86a250f188 fix(scripts): surgical-clean honors submodules with .git file (gitdir pointer) 
Made-with: Cursor
 2026-04-07 22:48:05 -07:00
defiQUG
b117585cfd chore(submodules): miracles deploy-package hygiene; PMM micro-trade scenario 
- miracles_in_motion: untrack api/deploy-package tsc emit (zip layout from api/dist).
- cross-chain-pmm-lps: add gas-budgeted micro-trade scenario JSON + doc.
- surgical-clean-submodule-artifacts.sh: miracles_in_motion step; SUBMODULE_HYGIENE note.

Made-with: Cursor
 2026-04-07 22:46:39 -07:00
defiQUG
08940e85aa chore(submodules): ai-mcp canonical pools; metamask untrack dist; extend surgical clean 
- ai-mcp-pmm-controller: Chain 138 allowlist matches funded PMM pool addresses.
- metamask-integration: ignore and stop tracking tsc dist/.
- surgical-clean-submodule-artifacts.sh: include metamask-integration dist/ step.
- SUBMODULE_HYGIENE: note metamask dist/ pattern.

Made-with: Cursor
 2026-04-07 22:15:11 -07:00
defiQUG
518923203e docs(submodules): document surgical artifact cleanup helper; fix gitignore probe 
Made-with: Cursor
 2026-04-07 22:10:42 -07:00
defiQUG
07e0273dbc chore(submodules): record the-order + smom artifact hygiene; add surgical clean helper 
- Bump the-order to drop tracked tsc output under packages/*/src (dist is canonical).
- Bump smom-dbis-138 to gitignore/untrack Foundry artifacts/.
- submodules-clean: print dirty count and names first.
- scripts/maintenance/surgical-clean-submodule-artifacts.sh for repeat idempotent cleanup.

Made-with: Cursor
 2026-04-07 22:10:10 -07:00
defiQUG
fbe027bf04 chore: bump metamask-integration and explorer-monorepo submodules 
- metamask-integration: merge GitHub origin CNAME; sync Open Snap submodule path
- explorer-monorepo: wallet page Open Snap allowlist UX + resolveExplorerApiBase

Made-with: Cursor
 2026-04-05 01:23:36 -07:00
defiQUG
d92cfab10b chore: bump metamask-integration submodule (chain138-snap-minimal README) 
Made-with: Cursor
 2026-04-05 01:19:02 -07:00
defiQUG
7a53e64c1e chore: chain138-open-snap canonical repo, submodule, publish script 
- Point AGENTS.md at Defi-Oracle-Tooling/chain138-snap-minimal; document nested submodule in SUBMODULE_RELATIONSHIP_MAP
- Bump metamask-integration submodule (chain138-snap-minimal nested submodule on Gitea)
- Add publish-chain138-open-snap.sh with canonical repo comment

Made-with: Cursor
 2026-04-05 01:18:42 -07:00
defiQUG
15cd7aa057 fix(validation): use grep instead of rg in validate-xdc-zero-relayer-env (portable cross-checks) 
Made-with: Cursor
 2026-04-01 16:19:06 -07:00
defiQUG
76e2e64008 chainlist PR 8124: EIP2718/EIP2930 in eip155-138; bump chains submodule 
Made-with: Cursor
 2026-04-01 15:29:44 -07:00
defiQUG
79e5f4e9af docs: PR 8124 status — maintainer pinged, fork CI noted 
Made-with: Cursor
 2026-04-01 15:25:46 -07:00
defiQUG
11fce67025 docs(pr-ready): align eip155-138.json with ethereum-lists/chains PR #8124 (Prettier) 
Made-with: Cursor
 2026-04-01 15:25:36 -07:00
defiQUG
9e106e2da4 chainlist PR 8124: pin chains submodule after removing INSTALL_JAVA; document PR status 
Made-with: Cursor
 2026-04-01 15:01:18 -07:00
defiQUG
de1a274f6a fix(ops): Proxmox SSH user for pool clear; optional preflight RPC override 
- clear-all-transaction-pools: use PROXMOX_SSH_USER (never root@pam for SSH);
  align R630 host with ip-addresses PROXMOX_R630_01; document post-clear RPC delay
- preflight-chain138-deploy: CHAIN138_PREFLIGHT_RPC_URL for nonce/RPC checks when
  Core 2101 is restarting (e.g. after pool clear) but public RPC is up

Made-with: Cursor
 2026-04-01 11:46:20 -07:00
defiQUG
d81375117a Sync asset-scoped jurisdiction governance updates 2026-04-01 11:28:41 -07:00
defiQUG
e8e22daeb9 feat(deploy): --skip-preflight for run-all-next-steps-chain138 
Allows verify-only / read-only steps when nonce gate fails (e.g. stuck pool)
until operator clears pools with SSH access; unsafe for broadcast deploys.

Made-with: Cursor
 2026-04-01 11:24:01 -07:00
defiQUG
0bb4aa41dd Sync GRU governance submodule updates 2026-04-01 01:59:43 -07:00
defiQUG
5e73159e80 fix(verify): submodule check informational in check-completion-status 
Default: show dirty submodule output as WARN without failing exit 1.
Set STRICT_SUBMODULE_CLEAN=1 for pre-release strict gate (submodules-clean).

Made-with: Cursor
 2026-03-31 23:20:07 -07:00
defiQUG
b85101f4c2 fix(env): safe dotenv sourcing under set -u; report API prefix fallback 
- load-project-env: _lpr_dotenv_source / _lpr_source_relaxed so smom-dbis-138/.env
  lines like ${ARBITRUM_MAINNET_RPC} do not abort scripts using set -u
- check-public-report-api: detect /token-aggregation vs apex /api/v1 for networks
- run-completable-tasks: enforce public report API (remove SKIP_EXIT bypass)
- Document verifier behavior in TOKEN_AGGREGATION_REPORT_API_RUNBOOK and verify README

Made-with: Cursor
 2026-03-31 23:18:37 -07:00
defiQUG
6390174bb7 feat(xdc-zero): Chain 138 bridge runbook, config fragments, merge helper 
- Add CHAIN138_XDC_ZERO_BRIDGE_RUNBOOK and 07-ccip pointer doc
- Add config/xdc-zero templates, parent register fragment, README
- Add merge-endpointconfig-chain138.sh (jq merge, XDC_ZERO_ENDPOINT_DIR)
- Add xdc-zero-chain138-preflight.sh; trim XDC URL vars in load-project-env
- Wire AGENTS.md, MASTER_INDEX, verify README, .env.master.example

Made-with: Cursor
 2026-03-31 23:10:36 -07:00
defiQUG
f411a89908 feat(mcp): Cursor project config + scripts for wormhole-docs server 
- .cursor/mcp.json: wormhole-docs via node ./mcp-wormhole-docs/index.js + cwd
- package.json: mcp:wormhole, verify:wormhole-mcp
- MCP_SETUP + mcp-wormhole-docs README: Cursor reload + health check

Made-with: Cursor
 2026-03-31 22:59:08 -07:00
defiQUG
5fc90e1913 assets: GRU token SVG logos under token-lists/logos/gru 
Optional list artwork for explorer/token-list consumers; README describes usage.

Made-with: Cursor
 2026-03-31 22:53:26 -07:00
defiQUG
13d0d7130e feat(gru): governance supervision profile, storage standard, naming 03–04, identity reports 
- config/gru-governance-supervision-profile.json + gru-standards-profile cross-refs
- GRU_STORAGE_GOVERNANCE_AND_SUPERVISION_STANDARD.md; GRU matrix/profile doc updates
- naming-conventions: 03 bridges/cross-chain, 04 registry JSON fields; README table complete
- validate-config-files: governance profile checks (existing jq rules)
- reports/identity-completion: templates + README for DID/governance completion path
- mlfo-gitea-avatar.svg; refreshed transaction-package-HYBX-BATCH-001.zip
- gitignore: .codex, tmp/, regenerated output audit trees/zips, token-lists/logos PNGs

Submodules remain dirty locally (commit inside each submodule separately).

Made-with: Cursor
 2026-03-31 22:52:53 -07:00
defiQUG
5c69993ce9 docs: UTRNF naming conventions (01–02), c* V2 transport verify extras 
- Add naming-conventions/ with UTRNF reference and DBIS namespace mapping
- Index from 04-configuration README and MASTER_INDEX
- check-cstar-v2-transport-stack: CompliantWrappedToken + JurisdictionalGovernance suites
- gitignore: config/production/dbis-identity-public-did-secrets.env

Made-with: Cursor
 2026-03-31 22:41:23 -07:00
defiQUG
748c1c9e14 chore(pnpm): remove transaction-composer from workspace list 
Package remains a local nested clone; use submodule when ready to track.

Made-with: Cursor
 2026-03-31 22:33:02 -07:00
defiQUG
33b1920111 fix: drop accidental transaction-composer gitlink; ignore nested clone 
transaction-composer was a nested .git repo; track as submodule only after explicit submodule add.

Made-with: Cursor
 2026-03-31 22:32:31 -07:00
defiQUG
6c5fdcfd62 chore: pnpm lockfile, info-defi-oracle-138 app, token-lists, OMNL discovery output 
- Refresh pnpm-lock.yaml / workspace after prior merge
- Add Chain 138 info hub SPA (info-defi-oracle-138)
- Token list and validation script tweaks; path_b report; Hyperledger proxmox install notes
- HYBX implementation roadmap and routing graph data model

Note: transaction-composer is a nested git repo — convert to submodule before tracking.
Made-with: Cursor
 2026-03-31 22:32:15 -07:00
defiQUG
7ac74f432b chore: sync docs, config schemas, scripts, and meta task alignment 
- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON
- Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path)
- Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README
- Meta docs, integration gaps, live verification log, architecture updates
- CI validate-config workflow updates

Operator/LAN items, submodule working trees, and public token-aggregation edge
routes remain follow-up (see TODOS_CONSOLIDATED P1).

Made-with: Cursor
 2026-03-31 22:31:39 -07:00
defiQUG
00880304d4 chore(gitignore): Wormhole mirror paths + .venv-checkjson 
Ignore third-party/wormhole-ai-docs blobs; keep README and manifest.json trackable.

Made-with: Cursor
 2026-03-31 21:05:56 -07:00
defiQUG
7668acf8c3 chore(pnpm): register mcp-wormhole-docs in workspace 
Includes lockfile refresh for @modelcontextprotocol/sdk + node-fetch.
Also adds transaction-composer and info-defi-oracle-138 to workspace list (local workspace layout).

Made-with: Cursor
 2026-03-31 21:05:20 -07:00
defiQUG
0f70fb6c90 feat(wormhole): AI docs mirror, MCP server, playbook, RAG, verify script 
- Playbook + RAG doc; Cursor rule; sync script + manifest snapshot
- mcp-wormhole-docs: resources + wormhole_doc_search (read-only)
- verify-wormhole-ai-docs-setup.sh health check

Wire pnpm-workspace + lockfile + AGENTS/MCP_SETUP/MASTER_INDEX in a follow-up if not already committed.

Made-with: Cursor
 2026-03-31 21:05:06 -07:00
defiQUG
7f3dcf2513 feat(sankofa): public web CT 7806, portal NPM/DNS defaults, Keycloak redirect helper 
- Provision/sync scripts and systemd for corporate Next on 7806; IP_SANKOFA_PUBLIC_WEB for apex NPM
- Portal stack: NEXTAUTH_URL default portal.sankofa.nexus; NPM fleet + migrate + DNS ordering
- keycloak-sankofa-ensure-client-redirects.sh (KEYCLOAK_ADMIN_PASSWORD); .env.master.example hints
- Docs: task list, inventory, FQDN/E2E/EXPECTED_WEB_CONTENT, AGENTS pointers

Made-with: Cursor
 2026-03-29 13:41:02 -07:00
1151 changed files with 76803 additions and 10810 deletions
Expand all files Collapse all files

9
.cursor/mcp.json Normal file
View File

@@ -0,0 +1,9 @@
{
"mcpServers": {
"wormhole-docs": {
"command": "node",
"args": ["./mcp-wormhole-docs/index.js"],
"cwd": "${workspaceFolder}"
}
}
}

20
.cursor/rules/wormhole-ai-resources.mdc Normal file
View File

@@ -0,0 +1,20 @@
---
description: When to use Wormhole AI doc bundles vs repo Chain 138 / CCIP canonicals
alwaysApply: false
---
# Wormhole AI resources vs this repo
## Use Wormholes bundles for
- Wormhole protocol behavior: VAAs, Guardians, NTT, Connect, Executor, Wormhole CCTP integration, Wormhole Queries, MultiGov, Settlement, TypeScript/Solidity SDK **as documented by Wormhole**.
- Prefer the **tier ladder**: `llms.txt` → `site-index.json` → category `.md` → `llms-full.jsonl` only for RAG or very large context.
- Canonical URLs and mirror script: [docs/04-configuration/WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md](docs/04-configuration/WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md).
- Optional MCP: `mcp-wormhole-docs` (read-only resources + `wormhole_doc_search`); see [docs/04-configuration/MCP_SETUP.md](docs/04-configuration/MCP_SETUP.md).
## Use repo canonical docs for
- **Chain 138** token addresses, PMM pools, DODOPMMIntegration, deployer wallet, Blockscout alignment.
- **CCIP** routes, receivers, and this projects bridge runbooks.
Do not answer “what is the canonical cUSDT address on 138?” from Wormhole docs. Do not answer “how does Wormhole NTT deploy on Solana?” from `ADDRESS_MATRIX_AND_STATUS.md` unless it explicitly cites Wormhole.

85
.env.master.example
View File

@@ -34,6 +34,10 @@ CLOUDFLARE_TUNNEL_ID_MIFOS_R630_02=
CLOUDFLARE_TUNNEL_TOKEN_MIFOS_R630_02=
CLOUDFLARE_ORIGIN_CA_KEY=
CLOUDFLARE_ACCOUNT_ID=
# Turnstile (Captcha) for IRU marketplace inquiry — Dashboard → Turnstile; NOT the DNS API key
CLOUDFLARE_TURNSTILE_SECRET_KEY=
# dbis_core Vite marketplace: VITE_CLOUDFLARE_TURNSTILE_SITE_KEY=
# Sankofa portal Next.js (sibling repo): NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY=
# --- ClouDNS ---
CLOUDNS_AUTH_ID=
@@ -52,6 +56,14 @@ NPMPLUS_ALLTRA_HYBX_VMID=
IP_NPMPLUS_ALLTRA_HYBX=
NPM_URL_MIFOS=
# --- Keycloak Admin API (optional) ---
# For scripts/deployment/keycloak-sankofa-ensure-client-redirects.sh — merge portal/admin redirect URIs.
# KEYCLOAK_URL=https://keycloak.sankofa.nexus
# KEYCLOAK_REALM=master
# KEYCLOAK_CLIENT_ID=sankofa-portal
# KEYCLOAK_ADMIN=admin
# KEYCLOAK_ADMIN_PASSWORD=
# --- Fastly ---
FASTLY_API_TOKEN=
@@ -92,10 +104,25 @@ AWS_S3_BUCKET=
AZURE_STORAGE_CONNECTION_STRING=
AZURE_STORAGE_CONTAINER=
# --- Pinata (IPFS pinning; token logos) ---
# Dashboard: https://app.pinata.cloud — API Keys → JWT or key/secret.
# scripts/upload-token-logos-to-ipfs.sh uses PINATA_JWT only (Bearer for pinFileToIPFS).
PINATA_JWT=
PINATA_API_KEY=
PINATA_API_SECRET=
# --- Blockchain / SMOM-DBIS-138 (use smom-dbis-138/.env for PRIVATE_KEY) ---
PRIVATE_KEY=
RPC_URL_138=
RPC_URL_138_PUBLIC=
# XDC Zero — second relayer pair (XDC Network mainnet <-> Chain 138). See docs/03-deployment/CHAIN138_XDC_ZERO_BRIDGE_RUNBOOK.md and config/xdc-zero/
# Use XDC mainnet JSON-RPC only (chain id 50), not Ethereum L1. Default:
XDC_PARENTNET_URL=https://rpc.xinfin.network
# Testnet (Apothem): https://rpc.apothem.network
# Optional alias for 138 side (defaults to RPC_URL_138 in preflight if unset):
XDC_ZERO_PEER_RPC_URL=
# Ethereum L1 — used for dual-anchor attestation with scripts/omnl/omnl-chain138-attestation-tx.sh (consumes ETH gas). Alias: RPC_URL_MAINNET.
ETHEREUM_MAINNET_RPC=
CHAIN_651940_RPC_URL=
ETHERLINK_RPC_URL=
@@ -114,6 +141,51 @@ MOONPAY_SECRET_KEY=
RAMP_NETWORK_API_KEY=
ONRAMPER_API_KEY=
# --- GRU Transport / cW hard-peg bridge controls (Chain 138 -> public chains) ---
# Canonical L1 bridge env used by the GRU transport overlay and token-aggregation.
CHAIN138_L1_BRIDGE=
# Legacy alias still used by some deployment helpers.
CW_L1_BRIDGE_CHAIN138=
CW_BRIDGE_MAINNET=
CW_BRIDGE_CRONOS=
CW_BRIDGE_BSC=
CW_BRIDGE_POLYGON=
CW_BRIDGE_GNOSIS=
CW_BRIDGE_AVALANCHE=
CW_BRIDGE_BASE=
CW_BRIDGE_ARBITRUM=
CW_BRIDGE_OPTIMISM=
CW_RESERVE_VERIFIER_CHAIN138=
CW_STABLECOIN_RESERVE_VAULT=
CW_RESERVE_SYSTEM=
CW_ATTACH_VERIFIER_TO_L1=1
CW_REQUIRE_VAULT_BACKING=
CW_REQUIRE_RESERVE_SYSTEM_BALANCE=
CW_REQUIRE_TOKEN_OWNER_MATCH_VAULT=
CW_CANONICAL_USDT=
CW_CANONICAL_USDC=
CW_USDT_RESERVE_ASSET=
CW_USDC_RESERVE_ASSET=
CW_MAX_OUTSTANDING_USDT_MAINNET=
CW_MAX_OUTSTANDING_USDC_MAINNET=
CW_MAX_OUTSTANDING_USDT_CRONOS=
CW_MAX_OUTSTANDING_USDC_CRONOS=
CW_MAX_OUTSTANDING_USDT_BSC=
CW_MAX_OUTSTANDING_USDC_BSC=
CW_MAX_OUTSTANDING_USDT_POLYGON=
CW_MAX_OUTSTANDING_USDC_POLYGON=
CW_MAX_OUTSTANDING_USDT_GNOSIS=
CW_MAX_OUTSTANDING_USDC_GNOSIS=
CW_MAX_OUTSTANDING_USDT_AVALANCHE=
CW_MAX_OUTSTANDING_USDC_AVALANCHE=
CW_MAX_OUTSTANDING_USDT_BASE=
CW_MAX_OUTSTANDING_USDC_BASE=
CW_MAX_OUTSTANDING_USDT_ARBITRUM=
CW_MAX_OUTSTANDING_USDC_ARBITRUM=
CW_MAX_OUTSTANDING_USDT_OPTIMISM=
CW_MAX_OUTSTANDING_USDC_OPTIMISM=
CW_FREEZE_AVAX_L2_CONFIG=
# --- Alerts & monitoring ---
SLACK_WEBHOOK_URL=
PAGERDUTY_INTEGRATION_KEY=
@@ -121,6 +193,17 @@ EMAIL_ALERT_API_URL=
EMAIL_ALERT_RECIPIENTS=
SENTRY_DSN=
# --- dbis_core IRU / marketplace outbound mail (optional; Proxmox Mail Proxy VMID 100 = 192.168.11.32) ---
# EMAIL_PROVIDER=smtp
# SMTP_HOST=192.168.11.32
# SMTP_PORT=587
# SMTP_SECURE=false
# SMTP_USER=
# SMTP_PASSWORD=
# EMAIL_FROM=
# EMAIL_FROM_NAME=SolaceNet
# DBIS_SALES_EMAIL=
# --- Legal / e-signature ---
E_SIGNATURE_BASE_URL=
@@ -159,6 +242,8 @@ SANKOFA_PHOENIX_API_URL=
SANKOFA_PHOENIX_CLIENT_ID=
SANKOFA_PHOENIX_CLIENT_SECRET=
SANKOFA_PHOENIX_TENANT_ID=
# Corporate apex (sankofa.nexus) → CT 7806 when provisioned (default in ip-addresses stays portal until set)
# IP_SANKOFA_PUBLIC_WEB=192.168.11.63
# --- Frontend / MetaMask / Explorer ---
VITE_WALLETCONNECT_PROJECT_ID=

29
.github/workflows/live-inventory-drift.yml vendored Normal file
View File

@@ -0,0 +1,29 @@
# Live Proxmox guest inventory + drift vs config/ip-addresses.conf.
# GitHub-hosted runners usually cannot reach 192.168.11.x; workflow still produces
# drift.json with seed_unreachable. Use a self-hosted LAN runner or run locally:
# bash scripts/it-ops/export-live-inventory-and-drift.sh
name: Live inventory and IPAM drift
on:
workflow_dispatch:
schedule:
- cron: '25 6 * * 1'
jobs:
drift:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Export live inventory (LAN optional)
run: bash scripts/it-ops/export-live-inventory-and-drift.sh
continue-on-error: true
- name: Upload artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: live-inventory-drift
path: |
reports/status/live_inventory.json
reports/status/drift.json

35
.github/workflows/validate-config.yml vendored
View File

@@ -6,19 +6,37 @@ on:
paths:
- 'config/**'
- 'scripts/validation/**'
- 'scripts/jvmtm/**'
- 'scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh'
- 'scripts/verify/sync-blockscout-address-labels-from-registry.sh'
- 'scripts/verify/run-all-validation.sh'
- 'scripts/run-completable-tasks-from-anywhere.sh'
- '.github/workflows/validate-config.yml'
- 'token-lists/**'
- 'explorer-monorepo/backend/api/rest/config/metamask/**'
- 'docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md'
- 'docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md'
- 'config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md'
- 'docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md'
- 'docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md'
push:
branches: [master]
branches: [master, main]
paths:
- 'config/**'
- 'scripts/validation/**'
- 'scripts/jvmtm/**'
- 'scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh'
- 'scripts/verify/sync-blockscout-address-labels-from-registry.sh'
- 'scripts/verify/run-all-validation.sh'
- 'scripts/run-completable-tasks-from-anywhere.sh'
- '.github/workflows/validate-config.yml'
- 'token-lists/**'
- 'explorer-monorepo/backend/api/rest/config/metamask/**'
- 'docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md'
- 'docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md'
- 'config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md'
- 'docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md'
- 'docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md'
jobs:
validate:
@@ -31,6 +49,21 @@ jobs:
- name: Config validation
run: bash scripts/validation/validate-config-files.sh
- name: DBIS institutional JSON Schemas
run: |
python3 -m pip install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh
- name: JVMTM regulatory closure JSON Schemas
run: |
python3 -m pip install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh
- name: Reserve provenance package (3FR attestation JSON)
run: |
python3 -m pip install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh
- name: Completable tasks (dry-run)
run: bash scripts/run-completable-tasks-from-anywhere.sh --dry-run

26
.gitignore vendored
View File

@@ -1,3 +1,6 @@
# Nested clone (not a declared submodule; use submodule add if it should be tracked)
transaction-composer/
# Dependencies
node_modules/
.pnpm-store/
@@ -6,6 +9,9 @@ node_modules/
package-lock.json
yarn.lock
# DBIS identity package — never commit real secrets (example only is tracked)
config/production/dbis-identity-public-did-secrets.env
# Environment files
.env
.env.local
@@ -26,6 +32,19 @@ Thumbs.db
# Local-only Cursor session / context (exclude from Gitea)
.cursor/local/
# Local Codex / IDE artifacts
.codex
.codex/
# Scratch and regenerated audit trees (re-run OMNL/JVMTM scripts to reproduce)
tmp/
output/jvmtm-evidence/
output/settlement-events/
output/omnl-e2e-settlement-audit-*/
output/*compliance-archive*.zip
output/omnl-e2e-settlement-audit-*.zip
output/transaction-package-HYBX-BATCH-001/
# IDE files
.vscode/
.idea/
@@ -51,11 +70,13 @@ out/
# Python
venv/
.venv-checkjson/
__pycache__/
*.pyc
# CoinGecko/CMC token logos (generated by prepare-token-logos-512x512.sh)
docs/04-configuration/coingecko/logos/*.png
token-lists/logos/*.png
# Ephemeral phase markers
.phase1-event-status
@@ -63,6 +84,11 @@ docs/04-configuration/coingecko/logos/*.png
# DBIS Phase 1 discovery — timestamped reports (run scripts/verify/run-phase1-discovery.sh)
reports/phase1-discovery/phase1-discovery-*.md
# Wormhole AI docs mirror (sync with scripts/doc/sync-wormhole-ai-resources.sh; keep manifest.json committable)
third-party/wormhole-ai-docs/**
!third-party/wormhole-ai-docs/README.md
!third-party/wormhole-ai-docs/manifest.json
# OMNL operator rail (env-specific IDs, reconciliation, audit packets, posted refs)
ids.env
reconciliation/

54
AGENTS.md
View File

@@ -11,29 +11,71 @@ Orchestration for Proxmox VE, Chain 138 (`smom-dbis-138/`), explorers, NPMplus,
| Need | Location |
|------|-----------|
| Doc index | `docs/MASTER_INDEX.md` |
| Chain 138 PMM swap quote (CLI) | `bash scripts/verify/pmm-swap-quote-chain138.sh --token-in … --amount-in …` — on-chain `querySellBase`/`querySellQuote` + suggested `minOut` for `DODOPMMIntegration.swapExactIn` (REST `/quote` is xy=k only). |
| Chain 138 info site (`info.defi-oracle.io`) | Dedicated nginx LXC (default VMID **2410** / `IP_INFO_DEFI_ORACLE_WEB`): `provision-info-defi-oracle-web-lxc.sh` then `sync-info-defi-oracle-to-vmid2400.sh` (sync asserts `/token-aggregation` proxy); NPM fleet `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`; Cloudflare DNS `scripts/cloudflare/set-info-defi-oracle-dns-to-vmid2400-tunnel.sh`; cache `pnpm run cloudflare:purge-info-defi-oracle-cache`; runbook `docs/04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md`; `pnpm run verify:info-defi-oracle-public` (SPA routes including `/governance`, `/ecosystem`, `/documentation`, `/solacenet`, `llms.txt`, `agent-hints.json`, **same-origin** token-aggregation JSON; `INFO_SITE_BASE=…` optional); CI `info-defi-oracle-138.yml` (build) and `verify-info-defi-oracle-public.yml` (weekly + manual smoke); optional `pnpm run audit:info-defi-oracle-site` (`pnpm exec playwright install chromium`) |
| **SolaceNet + gateway rails** (dbis_core) | Hub map: `docs/04-configuration/SOLACENET_PUBLIC_HUB.md`. Backlog: `dbis_core/docs/solacenet/REMAINING_TASKS_FULL_LIST.md`. Gap IDs: `dbis_core/docs/solacenet/PROTOCOL_GAPS_CHECKLIST.md`. **Delta audit** (missing wiring, naming drift, CI): `dbis_core/docs/solacenet/AUDIT_GAPS_INCONSISTENCIES_MISSING.md`. Enforce rails runbook: `dbis_core/docs/solacenet/SOLACENET_GATEWAY_RAILS_ENFORCE_RUNBOOK.md`. Tests: `cd dbis_core && npm run test:gateway` (unit + HTTP integration). **Provider seed:** `cd dbis_core && npm run seed:gateway-provider` (needs `DATABASE_URL`). **Smoke (auth):** `bash scripts/verify/check-dbis-core-gateway-rails.sh`. **Outbox worker:** `cd dbis_core && npm run worker:gateway-outbox` (`DATABASE_URL`). CI: `.github/workflows/dbis-core-gateway-ci.yml`. API: `GET/POST /api/v1/gateway/rails*` (optional `SOLACENET_GATEWAY_RAILS_ENFORCE`) — `dbis_core/src/core/gateway/routes/gateway.routes.ts`. |
| cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — `docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md` (section 5.1) |
| GRU / UTRNF token naming (`c*` vs collateral prefix) | `docs/04-configuration/naming-conventions/README.md`, `docs/04-configuration/naming-conventions/02_DBIS_NAMESPACE_AND_UTRNF_MAPPING.md` |
| PMM mesh 6s tick | `smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh``docs/integration/ORACLE_AND_KEEPER_CHAIN138.md` (PMM mesh automation) |
| Mainnet cWUSD\* peg, TRUU PMM, bot readiness | `docs/03-deployment/MAINNET_PMM_TRUU_CWUSD_PEG_AND_BOT_RUNBOOK.md` (§11 live inventory) — `scripts/verify/check-mainnet-pmm-peg-bot-readiness.sh`, `scripts/deployment/deploy-mainnet-pmm-cw-truu-pool.sh`, `scripts/deployment/add-mainnet-truu-pmm-topup.sh`, `scripts/deployment/compute-mainnet-truu-liquidity-amounts.sh`, `scripts/deployment/compute-mainnet-truu-pmm-seed-amounts.sh`; `cross-chain-pmm-lps/config/deployment-status.json` `pmmPoolsVolatile`; `docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md` (Mainnet TRUU PMM); `check-full-deployment-status.sh` when `ETHEREUM_MAINNET_RPC` + `DODO_PMM_INTEGRATION_MAINNET` are set |
| VMID / IP / FQDN | `docs/04-configuration/ALL_VMIDS_ENDPOINTS.md` |
| Ops template + JSON | `docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md`, `config/proxmox-operational-template.json` |
| Live vs template (read-only SSH) | `bash scripts/verify/audit-proxmox-operational-template.sh` |
| Config validation | `bash scripts/validation/validate-config-files.sh` |
| Proxmox Mail Proxy (LAN SMTP) | VMID **100** `192.168.11.32` (`proxmox-mail-gateway`) — submission **587** / **465**; see Mail Proxy note in `ALL_VMIDS_ENDPOINTS.md` |
| Spare R630 storage + optional tune-up | `scripts/proxmox/ensure-r630-spare-node-storage.sh`, `scripts/proxmox/provision-r630-03-six-ssd-thinpools.sh`, `scripts/proxmox/pve-spare-host-optional-tuneup.sh` · load balance / migrate: `docs/04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md` |
| Ops template + JSON | `docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md`, `config/proxmox-operational-template.json` (`proxmox_nodes[].mgmt_fqdn` = `*.sankofa.nexus`; `config/ip-addresses.conf` `PROXMOX_FQDN_*`) |
| Live vs template (read-only SSH) | `bash scripts/verify/audit-proxmox-operational-template.sh` — defaults to ML110 + **r630-01..04** (`PROXMOX_HOSTS` overrides) |
| Proxmox mgmt FQDN DNS + `/etc/hosts` snippet | `bash scripts/verify/check-proxmox-mgmt-fqdn.sh` (`--print-hosts`, optional `--ssh`) |
| Proxmox SSH check (all 5 nodes) | `bash scripts/security/ensure-proxmox-ssh-access.sh` (`--fqdn`, optional `--copy` for `ssh-copy-id`) |
| Proxmox cluster hardware poll (LAN, key SSH) | `bash scripts/verify/poll-proxmox-cluster-hardware.sh` — writes `reports/status/hardware_poll_*.txt`; companion narrative + ARP/edge: `reports/status/hardware_and_connected_inventory_*.md` |
| IT live inventory + IPAM drift (LAN, Phase 0) | `bash scripts/it-ops/export-live-inventory-and-drift.sh``reports/status/live_inventory.json`, `drift.json` (exit **2** only if duplicate guest IPs; merges `ip-addresses.conf` + `ALL_VMIDS_ENDPOINTS.md`). [SANKOFA_IT_OPS_LIVE_INVENTORY_SCRIPTS.md](docs/03-deployment/SANKOFA_IT_OPS_LIVE_INVENTORY_SCRIPTS.md). Spec: [SANKOFA_IT_OPERATIONS_CONTROLLER_SPEC.md](docs/02-architecture/SANKOFA_IT_OPERATIONS_CONTROLLER_SPEC.md) |
| IT inventory read API (Phase 0 stub) | `python3 services/sankofa-it-read-api/server.py` — GET `/health`, `/v1/inventory/live`, `/v1/inventory/drift`; optional `IT_READ_API_KEY` + `X-API-Key`; optional `IT_READ_API_CORS_ORIGINS` (comma-separated). [services/sankofa-it-read-api/README.md](services/sankofa-it-read-api/README.md), systemd [config/systemd/sankofa-it-read-api.service.example](config/systemd/sankofa-it-read-api.service.example) |
| **IT read API LAN bootstrap** | `bash scripts/deployment/bootstrap-sankofa-it-read-api-lan.sh` — rsync → `/opt/proxmox` on seed PVE, systemd + `/etc/sankofa-it-read-api.env`, repo `.env` + portal CT 7801 merge, weekly export timer on PVE. NPM: [upsert-it-read-api-proxy-host.sh](scripts/nginx-proxy-manager/upsert-it-read-api-proxy-host.sh); DNS: [add-it-api-sankofa-dns.sh](scripts/cloudflare/add-it-api-sankofa-dns.sh). [SANKOFA_IT_OPS_KEYCLOAK_PORTAL_NEXT_STEPS.md](docs/03-deployment/SANKOFA_IT_OPS_KEYCLOAK_PORTAL_NEXT_STEPS.md) |
| Keycloak realm role for portal `/it` | `bash scripts/deployment/keycloak-sankofa-ensure-it-admin-role.sh` (CT 7802 via SSH); assign `sankofa-it-admin` to IT users. Portal: `IT_READ_API_URL` + optional `IT_READ_API_KEY` on CT 7801. Weekly export timer: [config/systemd/sankofa-it-inventory-export.timer.example](config/systemd/sankofa-it-inventory-export.timer.example) |
| IT admin UI next steps (Keycloak + portal `/it`) | [docs/03-deployment/SANKOFA_IT_OPS_KEYCLOAK_PORTAL_NEXT_STEPS.md](docs/03-deployment/SANKOFA_IT_OPS_KEYCLOAK_PORTAL_NEXT_STEPS.md) |
| Config validation | `bash scripts/validation/validate-config-files.sh` (optional: `python3 -m pip install check-jsonschema` for `validate-dbis-institutional-schemas.sh`, `validate-naming-convention-registry-examples.sh`, `validate-jvmtm-regulatory-closure-schemas.sh`, `validate-reserve-provenance-package.sh`; includes explorer Chain 138 inventory vs `config/smart-contracts-master.json`) |
| Chain 138 contract addresses (JSON + bytecode) | `config/smart-contracts-master.json``bash scripts/verify/check-contracts-on-chain-138.sh` (expect **75/75** when Core RPC reachable; jq uses JSON when file present) |
| OMNL + Core + Chain 138 + RTGS + Smart Vaults | `docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md`; identifiers (UETR vs DLT-primary): `docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md`; JVMTM Tables B/C/D closure matrix: `config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md`; **dual-anchor attestation:** `scripts/omnl/omnl-chain138-attestation-tx.sh` (138 + optional mainnet via `ETHEREUM_MAINNET_RPC`); E2E zip: `AUDIT_PROOF.json` `chainAttestationMainnet`; machine-readable: `config/dbis-institutional/` |
| Blockscout address labels from registry | `bash scripts/verify/sync-blockscout-address-labels-from-registry.sh` (plan); `--apply` with `BLOCKSCOUT_*` env when explorer API confirmed |
| ISO-20022 on-chain methodology + intake gateway | `docs/04-configuration/SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md`, `ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md`; Rail: `docs/dbis-rail/ISO_GATEWAY_AND_RELAYER_SPEC.md` |
| FQDN / NPM E2E verifier | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` — inventory: `docs/04-configuration/E2E_ENDPOINTS_LIST.md`. Gitea Actions URLs (no API): `bash scripts/verify/print-gitea-actions-urls.sh` |
| **Gitea** (org forge **VMID 104**, upgrades, NPM) | `docs/04-configuration/GITEA_PLATFORM_AND_UPGRADE_RUNBOOK.md``scripts/operator/upgrade-gitea-lxc.sh` (`--dry-run`, `GITEA_VERSION=`); `config/ip-addresses.conf` **`IP_GITEA_INFRA`**, **`GITEA_PUBLIC_UPSTREAM_*`**; `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`, `update-npmplus-fourth-proxy-hosts.sh` |
| Chain 138 LAN RPC health + nonce/gas parity | `bash scripts/verify/check-chain138-rpc-health.sh` (fleet + public capability); `bash scripts/verify/check-chain138-rpc-nonce-gas-parity.sh` (LAN: aligned chainId / deployer nonces / gasPrice); offline/CI: `bash scripts/verify/self-test-chain138-rpc-verify.sh`; shared VMID list: `scripts/lib/chain138-lan-rpc-inventory.sh` |
| RPC FQDN batch (`eth_chainId` + WSS) | `bash scripts/verify/check-rpc-fqdns-e2e.sh` — after DNS + `update-npmplus-proxy-hosts-api.sh`; includes `rpc-core.d-bis.org` |
| Submodule trees clean (CI / post-merge) | `bash scripts/verify/submodules-clean.sh` |
| Submodule + explorer remotes | `docs/00-meta/SUBMODULE_HYGIENE.md` |
| smom-dbis-138 `.env` in bash scripts | Prefer `source smom-dbis-138/scripts/lib/deployment/dotenv.sh` + `load_deployment_env --repo-root "$PROJECT_ROOT"` (trims RPC URL line endings). From an interactive shell: `source smom-dbis-138/scripts/load-env.sh`. Proxmox root scripts: `source scripts/lib/load-project-env.sh` (also trims common RPC vars). |
| Sankofa portal → CT 7801 (build + restart) | `./scripts/deployment/sync-sankofa-portal-7801.sh` (`--dry-run` first); sets `NEXTAUTH_URL` on CT via `sankofa-portal-ensure-nextauth-on-ct.sh` |
| CCIP relay (r630-01 host) | Unit: `config/systemd/ccip-relay.service``/etc/systemd/system/ccip-relay.service`; `systemctl enable --now ccip-relay` |
| Sankofa portal → CT 7801 (build + restart) | `./scripts/deployment/sync-sankofa-portal-7801.sh` (`--dry-run` first); default `NEXTAUTH_URL=https://portal.sankofa.nexus` via `sankofa-portal-ensure-nextauth-on-ct.sh`; IT `/it` env: `sankofa-portal-merge-it-read-api-env-from-repo.sh` (`IT_READ_API_URL` in repo `.env`) |
| Portal Keycloak OIDC secret on CT 7801 | After client exists: `./scripts/deployment/sankofa-portal-merge-keycloak-env-from-repo.sh` (needs `KEYCLOAK_CLIENT_SECRET` in repo `.env`; base64-safe over SSH) |
| Sankofa corporate web → CT 7806 | Provision: `./scripts/deployment/provision-sankofa-public-web-lxc-7806.sh`. Sync: `./scripts/deployment/sync-sankofa-public-web-to-ct.sh`. systemd: `config/systemd/sankofa-public-web.service`. Set `IP_SANKOFA_PUBLIC_WEB` in `.env`, then `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` |
| CCIP relay (r630-01 host) | WETH lane: `config/systemd/ccip-relay.service`. Mainnet cW lane: `config/systemd/ccip-relay-mainnet-cw.service` (health `http://192.168.11.11:9863/healthz`). Public edge: set `CCIP_RELAY_MAINNET_CW_PUBLIC_HOST`, run `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`, relay-only `scripts/nginx-proxy-manager/upsert-ccip-relay-mainnet-cw-proxy-host.sh`, or SSH hop `scripts/nginx-proxy-manager/upsert-ccip-relay-mainnet-cw-via-ssh.sh`; DNS `scripts/cloudflare/configure-relay-mainnet-cw-dns.sh`. Use `NPM_URL=https://…:81` for API scripts (HTTP on :81 301s to HTTPS). |
| XDC Zero + Chain 138 (parallel to CCIP) | `bash scripts/xdc-zero/run-xdc-zero-138-operator-sequence.sh` · `docs/03-deployment/CHAIN138_XDC_ZERO_BRIDGE_RUNBOOK.md` · `CHAIN138_XDC_ZERO_DEPLOYMENT_TROUBLESHOOTING.md` · `config/xdc-zero/` · `scripts/xdc-zero/` · systemd `node dist/server.js` template — **XDC mainnet RPC:** `https://rpc.xinfin.network` (chain id 50; more endpoints: [chainid.network/chain/50](https://chainid.network/chain/50/)); **Chain 138 side:** Core `http://192.168.11.211:8545` is operator-only, relayer/services use `https://rpc-http-pub.d-bis.org` |
| OP Stack Standard Rollup (Ethereum mainnet, Superchain) | `docs/03-deployment/OP_STACK_STANDARD_ROLLUP_SUPERCHAIN_RUNBOOK.md` · optional L2↔Besu notes `docs/03-deployment/OP_STACK_L2_AND_BESU138_BRIDGE_NOTES.md` · `config/op-stack-superchain/` · `scripts/op-stack/` (e.g. `fetch-standard-mainnet-toml.sh`, checklist scripts) · `config/systemd/op-stack-*.example.service`**distinct L2 chain ID from Besu 138**; follow [Optimism superchain-registry](https://github.com/ethereum-optimism/superchain-registry) for listing |
| Wormhole protocol (LLM / MCP) vs Chain 138 facts | Wormhole NTT/Connect/VAAs/etc.: `docs/04-configuration/WORMHOLE_AI_RESOURCES_LLM_PLAYBOOK.md`, mirror `scripts/doc/sync-wormhole-ai-resources.sh`, MCP `mcp-wormhole-docs/` + `docs/04-configuration/MCP_SETUP.md`. **Chain 138 addresses, PMM, CCIP:** repo `docs/11-references/` + `docs/07-ccip/` — not Wormhole bundles. Cursor overlay: `.cursor/rules/wormhole-ai-resources.mdc`. |
| TsunamiSwap VM 5010 check | `./scripts/deployment/tsunamiswap-vm-5010-provision.sh` (inventory only until VM exists) |
| The Order portal (`https://the-order.sankofa.nexus`) | OSJ management UI (secure auth); source repo **the_order** at `~/projects/the_order`. NPM upstream defaults to **order-haproxy** CT **10210** (`IP_ORDER_HAPROXY:80`); use `THE_ORDER_UPSTREAM_*` to point at the Sankofa portal if 10210 is down. Provision HAProxy: `scripts/deployment/provision-order-haproxy-10210.sh`. **`www.the-order.sankofa.nexus`** → **301** apex (same as www.sankofa / www.phoenix). |
| Portal login + Keycloak systemd + `.env` (prints password once) | `./scripts/deployment/enable-sankofa-portal-login-7801.sh` (`--dry-run` first) |
| Portal login + Keycloak systemd + `.env` (prints password once) | `./scripts/deployment/enable-sankofa-portal-login-7801.sh` (`--dry-run` first); preserves `KEYCLOAK_*` from repo `.env` and runs merge script when `KEYCLOAK_CLIENT_SECRET` is set |
| Keycloak redirect URIs (portal + admin) | `./scripts/deployment/keycloak-sankofa-ensure-client-redirects-via-proxmox-pct.sh` (or `keycloak-sankofa-ensure-client-redirects.sh` for LAN URL) — needs `KEYCLOAK_ADMIN_PASSWORD` in `.env` |
| NPM TLS for hosts missing certs | `./scripts/request-npmplus-certificates.sh` — optional `CERT_DOMAINS_FILTER='portal\\.sankofa|admin\\.sankofa'`; IT API: `./scripts/deployment/request-it-api-tls-npm.sh` (same as filter `it-api\\.sankofa\\.nexus`) |
| Token-aggregation API (Chain 138) | `pnpm run verify:token-aggregation-api` — tokens, pools, quote (prints `quoteEngine` when `jq` installed), `bridge/routes`, networks. Build + env: `scripts/deploy-token-aggregation-for-publication.sh` (sets `RPC_URL_138`, `TOKEN_AGGREGATION_CHAIN138_RPC_URL`, optional `TOKEN_AGGREGATION_PMM_*`). LAN push + restart: `scripts/deployment/push-token-aggregation-bundle-to-explorer.sh`. Nginx gaps: `scripts/fix-explorer-http-api-v1-proxy.sh` (apex `/api/v1/`), `scripts/fix-explorer-token-aggregation-api-v2-proxy.sh` (planner POST). Runbook: `docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md`. |
| **Chain 138 Open Snap** (MetaMask, open Snap permissions only; stable MetaMask requires MetaMask install allowlist for npm Snaps) | Source repo: [Defi-Oracle-Tooling/chain138-snap-minimal](https://github.com/Defi-Oracle-Tooling/chain138-snap-minimal). Vendored in this workspace: `metamask-integration/chain138-snap-minimal/`. Snap ID `npm:chain138-open-snap`; **`npm run verify`** = `npm audit --omit=dev` + build. **Publish:** token in `chain138-snap/.env` or `npm login`, then `./scripts/deployment/publish-chain138-open-snap.sh`. **Full-feature Snap** (API quotes, allowlist): `metamask-integration/chain138-snap/`. Explorer `/wallet` install works on stable MetaMask only after allowlisting; use Flask or local serve for dev. |
| Completable (no LAN) | `./scripts/run-completable-tasks-from-anywhere.sh` |
| Operator (LAN + secrets) | `./scripts/run-all-operator-tasks-from-lan.sh` (use `--skip-backup` if `NPM_PASSWORD` unset) |
| Cloudflare bulk DNS → `PUBLIC_IP` | `./scripts/update-all-dns-to-public-ip.sh` — use **`--dry-run`** and **`--zone-only=sankofa.nexus`** (or `d-bis.org` / `mim4u.org` / `defi-oracle.io`) to limit scope; see script header. Prefer scoped **`CLOUDFLARE_API_TOKEN`** (see `.env.master.example`). |
| Cloudflare SSL mode (sankofa.nexus zone) | `bash scripts/cloudflare/set-sankofa-zone-ssl-mode.sh full` — fixes **Flexible** + NPM **SSL forced** redirect loops (e.g. `it-api.sankofa.nexus`). |
| IRU marketplace surfaces + Turnstile (Captcha) | [docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md](docs/03-deployment/SANKOFA_MARKETPLACE_SURFACES.md) — **native** (VMs, IPs, app hosting, etc.) vs **partner** (e.g. SolaceNet IRU) methodology; Turnstile **secret** on API (`CLOUDFLARE_TURNSTILE_SECRET_KEY` or aliases), **site key** on frontend build (`VITE_*`); not the same as Cloudflare DNS keys. [docs/04-configuration/MASTER_SECRETS.md](docs/04-configuration/MASTER_SECRETS.md) (Cloudflare table). |
## Git submodules
Most submodules are **pinned commits**; `git submodule update --init --recursive` often leaves **detached HEAD** — that is normal. To **change** a submodule: check out a branch inside it, commit, **push the submodule first**, then commit and push the **parent** submodule pointer. Do not embed credentials in `git remote` URLs; use SSH or a credential helper. Explorer Gitea vs GitHub and token cleanup: `docs/00-meta/SUBMODULE_HYGIENE.md`.
## Production safety (Proxmox / shared config)
- **Scoped LXC starts:** use `scripts/operator/start-stopped-lxc-scoped.sh --host <PVE> --vmid <N> [--vmid …]`; default is **dry-run**; add **`--apply`** or **`PROXMOX_OPS_APPLY=1`** to mutate. Optional **`PROXMOX_OPS_ALLOWED_VMIDS`** enforces an allowlist. Do **not** use cluster-wide “start every stopped CT” patterns for production.
- **Maintenance scripts (SSH + pct):** set **`PROXMOX_SAFE_DEFAULTS=1`** so `fix-core-rpc-2101.sh`, `make-rpc-vmids-writable-via-ssh.sh`, and `ensure-legacy-monitor-networkd-via-ssh.sh` default to **plan-only** unless **`--apply`** or **`PROXMOX_OPS_APPLY=1`**. Without that env, behavior stays **legacy** (mutate unless `--dry-run`) so existing docs/commands keep working.
- **Guard helpers** for new SSH+pct scripts: `scripts/lib/proxmox-production-guard.sh`.
- **VMID → host** for automation: `get_host_for_vmid` in `scripts/lib/load-project-env.sh` must match live placement (`docs/04-configuration/ALL_VMIDS_ENDPOINTS.md`).
- **Shared config:** avoid drive-by edits to `config/ip-addresses.conf` or root `.env` when the task only affects one workload; prefer flags, workload-specific env files, or small dedicated scripts.
- Cursor overlay: `.cursor/rules/proxmox-production-safety.mdc`.
## Rules of engagement
- Review scripts before running; prefer `--dry-run` where supported.

2
ProxmoxVE

Submodule ProxmoxVE updated: 53d837b48f...35b5957ad1

15
README.md
View File

@@ -90,17 +90,13 @@ From the root directory, you can run:
- `pnpm frontend:build` - Build the ProxmoxVE frontend for production
- `pnpm frontend:start` - Start the production frontend server
### Mission Control (unified operator console)
- `pnpm mission-control:dev` - Next.js console on **http://localhost:3010** (launchpad + guided runbooks + live run trace + audit ZIP)
- `pnpm mission-control:build` / `pnpm mission-control:start` - Production build and server
- `pnpm mission-control:test` - Executor smoke test (real allowlisted child process)
See [mission-control/README.md](mission-control/README.md) and [mission-control/TIMELINE.md](mission-control/TIMELINE.md).
### Testing
- `pnpm test` - Run tests (if available)
- `pnpm test` - Run the local green-path Chain 138 / GRU / bridge / token test aggregate
- `pnpm test:chain138` - Run the Chain 138 package CI targets directly
- `pnpm test:chain138:contracts` - Run the focused Solidity contract CI targets
- `pnpm test:chain138:services` - Run the focused JS/TS service CI targets
- `pnpm test:mcp` - Run the legacy MCP server package test entrypoint
- `pnpm test:basic` - Run basic MCP server tests (read-only operations)
- `pnpm test:workflows` - Run comprehensive workflow tests (requires elevated permissions)
@@ -327,4 +323,3 @@ Individual checks:
## License
This workspace contains multiple projects with different licenses. Please refer to individual project directories for license information.

2
ai-mcp-pmm-controller

Submodule ai-mcp-pmm-controller updated: 3e3f55fe79...cb92278aff

8
config/README-BRIDGE-ROUTES-DEFAULT.md Normal file
View File

@@ -0,0 +1,8 @@
# bridge-routes-chain138-default.json
Static snapshot of the default **`GET /api/v1/bridge/routes`** response shape (without per-env address overrides).
- **Server source of truth:** `smom-dbis-138/services/token-aggregation/src/api/utils/default-bridge-routes.ts` (applies `CCIPWETH9_BRIDGE_CHAIN138`, `LOCKBOX_138`, `INBOX_ETH`, etc.).
- **UI fallback:** `info-defi-oracle-138` imports this file when the live API returns 404 or errors.
Update this JSON when canonical bridge addresses or relay destinations change; keep the TS module in sync.

7
config/README-CONTRACTS-MASTER.md
View File

@@ -1,9 +1,10 @@
# Master Smart Contracts (JSON)
**Single source of truth for contract addresses:** `config/smart-contracts-master.json`
**Machine-readable contract map:** `config/smart-contracts-master.json` (when the file exists in your clone).
- **Safe to publish** — no secrets (no keys, no RPC URLs with credentials).
- **Used by:** Bash scripts (via `scripts/lib/load-contract-addresses.sh`), Node/JS (via `config/contracts-loader.cjs`), and docs.
- **If the file is absent:** loaders continue with `.env` only; Chain 138 **bytecode checks** use the embedded address list in `scripts/verify/check-contracts-on-chain-138.sh` (see also `docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md`). When you introduce `smart-contracts-master.json`, populate `chains["138"].contracts` with the **complete** set for that chain — the check script uses JSON addresses instead of its fallback when the file is present.
## Layout
@@ -40,7 +41,7 @@ const {
} = require('./config/contracts-loader.cjs');
// By contract key
getContractAddress(138, 'CCIP_Router'); // => '0x8078...'
getContractAddress(138, 'CCIP_Router'); // => '0x42DA...' (canonical; legacy direct: CCIP_Router_Direct_Legacy)
getContractAddress(138, 'CCIPWETH9_Bridge');
getContractAddress(1, 'CCIP_Relay_Router');
@@ -57,7 +58,7 @@ loadContractsIntoProcessEnv();
## Overrides
- **.env** (e.g. `smom-dbis-138/.env`, `services/relay/.env`): Values set there take precedence over the master JSON. Use .env for local or per-service overrides.
- **.env** (e.g. `smom-dbis-138/.env`, `services/relay/.env`): Values set there take precedence over the master JSON. Use .env for local or per-service overrides. For **`ADDRESS_MAPPER`** on Chain 138, keep **`ADDRESS_MAPPER`** equal to **`chains["138"].contracts.AddressMapper`** unless you have a deliberate fork: a legacy duplicate on Core shares bytecode with the canonical mapper (see `docs/11-references/ADDRESS_MATRIX_AND_STATUS.md`, section 1.5).
- **Publishing:** Commit `smart-contracts-master.json`; do not commit `.env` or any file containing `PRIVATE_KEY` or API secrets.
## Updating addresses

25
config/bridge-routes-chain138-default.json Normal file
View File

@@ -0,0 +1,25 @@
{
"routes": {
"weth9": {
"Ethereum Mainnet (1)": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939",
"BNB Chain (56)": "0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C",
"Avalanche C-Chain (43114)": "0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F"
},
"weth10": {
"Ethereum Mainnet (1)": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939",
"BNB Chain (56)": "0x886C6A4ABC064dbf74E7caEc460b7eeC31F1b78C",
"Avalanche C-Chain (43114)": "0x3f8C409C6072a2B6a4Ff17071927bA70F80c725F"
}
},
"chain138Bridges": {
"weth9": "0xcacfd227A040002e49e2e01626363071324f820a",
"weth10": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0",
"trustless": "0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c"
},
"tokenMappingApi": {
"basePath": "/api/v1/token-mapping",
"pairs": "/api/v1/token-mapping/pairs",
"resolve": "/api/v1/token-mapping/resolve",
"note": "Resolve bridged token addresses between chains; requires monorepo config/token-mapping-multichain.json on server."
}
}

2
config/contracts-loader.cjs
View File

@@ -4,7 +4,7 @@
*
* Usage:
* const { getContractAddress, getChainContracts, loadContractsIntoProcessEnv } = require('../config/contracts-loader.cjs');
* getContractAddress(138, 'CCIP_Router') // => '0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e'
* getContractAddress(138, 'CCIP_Router') // => '0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817'
* getContractAddress(138, 'CCIPWETH9_Bridge') // by contract key
* loadContractsIntoProcessEnv() // set process.env.CCIP_ROUTER etc. from envVarMap when unset
*

38
config/dbis-data-api/README.md Normal file
View File

@@ -0,0 +1,38 @@
# DBIS Data API — implementation notes
OpenAPI contract: [openapi.yaml](./openapi.yaml).
## Lineage
| Value | Meaning |
|-------|---------|
| `on_chain` | Derived from Chain 138 indexer, RPC, or token-aggregation inputs |
| `policy` | Published by policy officers; not implied as ledger truth |
| `modelled` | Simulation or internal model |
## Suggested PostgreSQL / Timescale layout
**Relational (PostgreSQL)**
- `api_clients` — id, name, key_hash, rate_limit_tier, created_at
- `datasets` — id, slug, title, description, lineage_default
- `dataset_versions` — dataset_id, version, published_at, document_url
**Hypertables (TimescaleDB)**
- `metric_gru_supply` — time TIMESTAMPTZ, value NUMERIC, metadata JSONB
- `metric_settlement_volume` — time, window, chain_id, value, tx_count
- `metric_reserve_snapshot` — time, asset, amount, source
Ingest jobs read from existing token-aggregation and explorer-compatible sources; separate ETL for policy-published series.
## Frontend (DBIS portal)
Set `NEXT_PUBLIC_DATA_API_BASE` in the Gov Web Portals DBIS app (see `DBIS/.env.example`) so the homepage and `/dashboard` monetary panels call this API. When the service is down, the UI shows placeholders and an “unreachable” status.
## Deployment path
1. Provision CT/VM or service user on LAN.
2. NPMplus proxy host `data.d-bis.org` → upstream.
3. Enable API keys (optional) for high-volume consumers; public tier remains read-only GET.
4. Add host to [E2E_ENDPOINTS_LIST.md](../../docs/04-configuration/E2E_ENDPOINTS_LIST.md) when live.

133
config/dbis-data-api/openapi.yaml Normal file
View File

@@ -0,0 +1,133 @@
openapi: 3.1.0
info:
title: DBIS Data API
version: 0.1.0
description: |
Public read API for data.d-bis.org — monetary aggregates, GRU series, settlement summaries, rates.
Every response MUST declare lineage via `x-dbis-lineage` on operations: `on_chain`, `policy`, `modelled`.
servers:
- url: https://data.d-bis.org
description: Production
- url: http://localhost:8080
description: Local
tags:
- name: gru
- name: reserves
- name: settlement
- name: rates
paths:
/v1/health:
get:
summary: Liveness
operationId: health
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
properties:
status: { type: string, example: ok }
/v1/gru/supply:
get:
tags: [gru]
summary: GRU supply time series (when defined)
operationId: gruSupply
x-dbis-lineage: policy
parameters:
- name: from
in: query
schema: { type: string, format: date }
- name: to
in: query
schema: { type: string, format: date }
responses:
"200":
description: Series points
content:
application/json:
schema:
$ref: "#/components/schemas/TimeSeriesResponse"
"501":
description: Not yet published
/v1/reserves/summary:
get:
tags: [reserves]
summary: Reserve holdings summary
operationId: reservesSummary
x-dbis-lineage: on_chain
responses:
"200":
description: Summary
content:
application/json:
schema:
$ref: "#/components/schemas/ReservesSummary"
/v1/settlement/volumes:
get:
tags: [settlement]
summary: Settlement volume aggregates
operationId: settlementVolumes
x-dbis-lineage: on_chain
parameters:
- name: window
in: query
schema: { type: string, enum: [1h, 24h, 7d, 30d] }
responses:
"200":
content:
application/json:
schema:
$ref: "#/components/schemas/SettlementVolumes"
/v1/rates/reference:
get:
tags: [rates]
summary: Reference rates (policy or observed)
operationId: referenceRates
x-dbis-lineage: policy
responses:
"200":
content:
application/json:
schema:
type: object
additionalProperties: true
components:
schemas:
LineageMeta:
type: object
required: [lineage, asOf]
properties:
lineage:
type: string
enum: [on_chain, policy, modelled]
asOf: { type: string, format: date-time }
source: { type: string }
TimeSeriesResponse:
allOf:
- $ref: "#/components/schemas/LineageMeta"
- type: object
properties:
unit: { type: string }
points:
type: array
items:
type: object
required: [t, v]
properties:
t: { type: string, format: date-time }
v: { type: number }
ReservesSummary:
allOf:
- $ref: "#/components/schemas/LineageMeta"
- type: object
additionalProperties: true
SettlementVolumes:
allOf:
- $ref: "#/components/schemas/LineageMeta"
- type: object
properties:
window: { type: string }
totalValue: { type: string, description: Decimal string }
txCount: { type: integer }

108
config/dbis-institutional/README.md Normal file
View File

@@ -0,0 +1,108 @@
# DBIS institutional config (schemas + examples)
Machine-readable artifacts for **OMNL + DBIS Core + Chain 138 + RTGS** integration and **identifier** alignment (LEI, IBAN, ISIN, ENS, WEB3-ETH-IBAN, explorer labels).
## Canonical narrative doc
[OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../../docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md)
## Event producers (`event-producers.manifest.json`)
Registered logical emitters for `settlement-event.event_producer` (kept in sync with the `enum` in `schemas/settlement-event.schema.json`). Add a producer: extend both the manifest and the schema enum in one change.
## Schemas (`schemas/`)
| File | Purpose |
|------|---------|
| `settlement-event.schema.json` | Cross-system settlement / evidence event (section 6 of runbook). |
| `address-registry-entry.schema.json` | Vault or wallet row: `0x` address, fiat rails, Web3 aliases, optional ISIN/CUSIP, Blockscout label hints (sections 3, 7, 13). |
## Examples (`examples/`)
| File | Pairs with |
|------|------------|
| `settlement-event.example.json` | `settlement-event.schema.json` (hybrid: includes `uetr` + internal refs) |
| `settlement-event.chain138-primary.example.json` | Same schema; **Chain 138 as authoritative rail** — no `uetr`; `rtgs_message_ids.rail` + internal refs; see [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) |
| `settlement-event.min.json` | **Minimal** valid `CHAIN_SETTLEMENT` fixture (required fields + `chain_tx_hash` / `chain_id`); CI baseline in `validate-dbis-institutional-schemas.sh`. |
| `settlement-events-batch.example.json` | Each array element validated against `settlement-event.schema.json` (see `validate-dbis-institutional-schemas.sh`) |
| `address-registry-entry.example.json` | `address-registry-entry.schema.json` |
| `address-registry-entries-batch.example.json` | Each array element validated against `address-registry-entry.schema.json` |
Examples use placeholder addresses and ids; replace with live data in a secure store (not committed).
### Settlement `amount` convention (operators + integrators)
Use **major currency units** as a decimal string, with explicit scale for fiat:
- **`amount`:** string matching `^-?[0-9]+(\.[0-9]+)?$` (e.g. USD 25,000,000.00 → `"25000000.00"`).
- **`amount_scale`:** use **`2`** for USD and other ISO 4217 currencies with two decimal places.
Fineract journal APIs may still use **minor units (cents)**; convert at the boundary and record settlement events in **major units** so logs and regulatory exports stay human-aligned. Do not mix major and minor in the same field without documenting which convention applies.
### Chain 138 as SWIFT replacement vs UETR
When settlement is **authoritative on Chain 138** (chain id **138**), treat **`correlation_id` + `chain_tx_hash` + `occurred_at`** as the primary rail-native E2E evidence for that leg. **`rtgs_message_ids.uetr`** is **optional** unless you also run a **parallel SWIFT gpi** leg (hybrid); then record both UETR and chain fields on the same **`correlation_id`**.
### SWIFT UETR vs internal “message sent” reference
**UETR** belongs in `rtgs_message_ids.uetr` when the payment is on **SWIFT gpi** (or your counterparty/scheme requires it). You **cannot** treat an arbitrary internal message id as a regulatory substitute for UETR on **those** legs.
When no UETR exists yet (internal-only, pre-SWIFT, DLT-only, domestic rail), add extra keys under **`rtgs_message_ids`** (the schema allows any string keys), e.g. `internal_instruction_ref`, `operator_message_ref`, or a digest of the submitted instruction — and keep **`correlation_id`** as the cross-system spine. When UETR is later assigned, **record it** and retain internal refs for audit lineage.
Policy and audit-scope notes: [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md).
## Related repo config
- OMNL entity master: `docs/04-configuration/mifos-omnl-central-bank/OMNL_ENTITY_MASTER_DATA.json`
- Institutional subdomains: `docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md`
- Blockscout address labeling (K8s): `smom-dbis-138/k8s/blockscout/address-labeling-config.yaml`
## Validation
```bash
# JSON parse (all examples/*.json)
bash scripts/validation/validate-dbis-institutional-json.sh
# JSON Schema — requires check-jsonschema on PATH (PEP 668 / “externally managed” Python):
# python3 -m venv .venv-checkjson && .venv-checkjson/bin/pip install check-jsonschema
# PATH="$PWD/.venv-checkjson/bin:$PATH" bash scripts/validation/validate-dbis-institutional-schemas.sh
# Or: pipx install check-jsonschema
SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh
```
`scripts/validation/validate-dbis-institutional-schemas.sh` validates **checked-in examples** only. For a **live or one-off** settlement event file, validate it directly:
### Validation — ad-hoc settlement event
```bash
# From repository root; use the same venv as above or any check-jsonschema on PATH.
PATH="$PWD/.venv-checkjson/bin:$PATH" check-jsonschema \
--schemafile config/dbis-institutional/schemas/settlement-event.schema.json \
your-event.json
```
- **Success:** exit code **0**; typical stdout is `ok -- validation done` (wording may vary by version).
- **Failure:** non-zero exit; `ValidationError` / `SchemaError` in stderr — treat as **not schema-closed**.
Do not use `validate-dbis-institutional-schemas.sh` as a substitute for validating arbitrary payload files.
`validate-config-files.sh` runs schema validation automatically when `check-jsonschema` is on `PATH`. The gitignored venv `.venv-checkjson/` is listed in `.gitignore` for this purpose.
Validated pairs (examples versus schemas): `settlement-event`, `address-registry-entry`, `trust`, `governance`, `policy` (against `policy-manifest.schema.json`).
`settlement-event` optionally carries **ISO-20022** (`iso_msg_type`, `iso_instruction_id`, `iso_payload_hash`, `rail_iso_hash`) and **identity** (`holder_did`, `identity_verification_ref`) for full fiat / FX / chain correlation — see runbook section 14.
`address-registry-entry` supports **`iso_intake`** and **`dbis_settlement_router`** roles plus optional **`primary_holder_did`** and **`identity_anchor_ref`** (section 14.6 checklist).
## Blockscout address labels
Plan or sync labels from registry JSON (`blockscout.label` + `status: active`):
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh config/dbis-institutional/examples/address-registry-entry.example.json
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --from-dir config/dbis-institutional/registry
# Preferred for the self-hosted Chain 138 explorer (writes Blockscout Postgres address_names):
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry
```
On `explorer.d-bis.org`, public `/api/v1/*` is served by token-aggregation, not by a Blockscout label-write API, so `--mode=db` is the correct operator path for live labels unless you have separately enabled a dedicated label endpoint. See `registry/README.md` for drop-in files (gitignored by default).

38
config/dbis-institutional/event-producers.manifest.json Normal file
View File

@@ -0,0 +1,38 @@
{
"schema_version": 1,
"description": "Registered settlement event emitters. Keep in sync with settlement-event.schema.json event_producer enum.",
"producers": [
{
"id": "hybx-omnl-sidecar",
"summary": "HYBX Fineract/OMNL integration sidecar emitting settlement-correlated events."
},
{
"id": "dbis-core",
"summary": "DBIS Core banking / nostro-vostro / ISO adapter path."
},
{
"id": "iso-gateway",
"summary": "Off-chain ISO gateway building canonical bundles before chain or relayer submission."
},
{
"id": "mintauth-relayer",
"summary": "MintAuth EIP-712 quorum and relayer calling SettlementRouter or related contracts."
},
{
"id": "chain-settlement-worker",
"summary": "Worker observing chain receipts and emitting settlement events for reconciliation."
},
{
"id": "omnl-fineract-webhook",
"summary": "Fineract/OMNL webhook or callback integration."
},
{
"id": "integration-hub-example",
"summary": "Documentation / lab example only; not a production system id."
},
{
"id": "manual-operator",
"summary": "Human-initiated or ops tooling emission with explicit audit trail."
}
]
}

29
config/dbis-institutional/examples/address-registry-entries-batch.example.json Normal file
View File

@@ -0,0 +1,29 @@
[
{
"registryEntryId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"chain_id": 138,
"address": "0x0000000000000000000000000000000000000001",
"addressRole": "treasury_vault",
"status": "active",
"blockscout": {
"label": "OMNL — Treasury vault (Office 22)",
"labelType": "contract"
}
},
{
"registryEntryId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"chain_id": 138,
"address": "0x0000000000000000000000000000000000000002",
"addressRole": "iso_intake",
"status": "active",
"primary_holder_did": "did:sov:WRfXg6LQCZgRsXoHF",
"blockscout": {
"label": "ISO intake / gateway (verify live address)",
"labelType": "contract"
}
}
]

53
config/dbis-institutional/examples/address-registry-entry.example.json Normal file
View File

@@ -0,0 +1,53 @@
{
"registryEntryId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"omnl_office_id": 22,
"dbis_participant_id": "PART-ID-OMNL-HO-001",
"chain_id": 138,
"address": "0x0000000000000000000000000000000000000001",
"addressRole": "treasury_vault",
"fiat_rails": [
{
"railType": "iban",
"railValue": "ID00XXXX0000000000000000",
"bic": "EXAMPLEIDJ",
"validFrom": "2026-01-01"
}
],
"aliases": [
{
"aliasType": "ens",
"aliasValue": "treasury-example.eth",
"resolver_chain_id": 1,
"validFrom": "2026-03-01T00:00:00Z"
},
{
"aliasType": "web3_eth_iban",
"aliasValue": "ETHXXXXXXXXXXXXXXXX",
"validFrom": "2026-03-15T00:00:00Z"
},
{
"aliasType": "custom_ens_tld",
"aliasValue": "vault.anchor01.d-bis",
"validFrom": "2026-03-20T00:00:00Z"
}
],
"instruments": [
{
"isin": "US0000000000",
"cusip": "000000000"
}
],
"primary_holder_did": "did:sov:WRfXg6LQCZgRsXoHF",
"identity_anchor_ref": "indy-nym-or-acapy-conn-example",
"blockscout": {
"label": "OMNL — Treasury vault (Office 22)",
"labelType": "contract"
},
"status": "active",
"lastCorrelationId": "550e8400-e29b-41d4-a716-446655440001"
}

13
config/dbis-institutional/examples/governance.json Normal file
View File

@@ -0,0 +1,13 @@
{
"version": "0.1.0",
"issuedAt": "2026-03-30T00:00:00Z",
"amendmentProcess": "Described in DBIS Charter and Governance Statute (placeholder).",
"bodies": [
{
"id": "council",
"name": "Sovereign Council",
"role": "Strategic oversight",
"documentUrl": "https://d-bis.org/documents/governance-statute"
}
]
}

13
config/dbis-institutional/examples/policy.json Normal file
View File

@@ -0,0 +1,13 @@
{
"version": "0.1.0",
"issuedAt": "2026-03-30T00:00:00Z",
"policies": [
{
"id": "gru-overview-v0",
"title": "Global Reserve Unit — Overview (draft)",
"effectiveDate": "2026-03-30",
"documentUrl": "https://d-bis.org/gru/overview",
"hashSha256": "0000000000000000000000000000000000000000000000000000000000000000"
}
]
}

30
config/dbis-institutional/examples/settlement-event.chain138-primary.example.json Normal file
View File

@@ -0,0 +1,30 @@
{
"schema_version": 1,
"correlation_id": "660e8400-e29b-41d4-a716-446655440002",
"event_producer": "chain-settlement-worker",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"amount": "25000000.00",
"amount_scale": 2,
"currency": "USD",
"event_type": "CHAIN_SETTLEMENT",
"omnl_journal_entry_id": 88421,
"omnl_office_id": 22,
"dbis_reference": "CORE-TX-2026-0331-CHAIN138",
"rtgs_message_ids": {
"rail": "chain138",
"internal_instruction_ref": "OMNL-M1-KANAYA-CKRA-20260331",
"operator_message_ref": "sha256:replace-with-digest-of-instruction-or-archive-manifest"
},
"chain_id": 138,
"chain_tx_hash": "0xb90f2da51d9c506f552d276d9aa57f4ae485528f2ee6025f435f188d09d405f4",
"ipsas_narrative": "Chain 138 authoritative settlement leg; no SWIFT UETR on this flow",
"occurred_at": "2026-03-31T10:00:00Z",
"iso_msg_type": "pacs.008",
"iso_instruction_id": "pain001-hashed-key-placeholder",
"iso_payload_hash": "0xcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
"rail_iso_hash": "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
}

33
config/dbis-institutional/examples/settlement-event.example.json Normal file
View File

@@ -0,0 +1,33 @@
{
"schema_version": 1,
"correlation_id": "550e8400-e29b-41d4-a716-446655440001",
"event_producer": "integration-hub-example",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"amount": "1000000.00",
"amount_scale": 2,
"currency": "USD",
"event_type": "CHAIN_SETTLEMENT",
"omnl_journal_entry_id": 12045,
"omnl_office_id": 22,
"dbis_reference": "CORE-TX-2026-0330-88421",
"rtgs_message_ids": {
"uetr": "97ed4827-7b6f-4491-94b1-d651442ca301",
"msgId": "BNI2026033012000001",
"internal_instruction_ref": "018215821582-INAAUDJVMTM-2025-MSG-001",
"operator_message_ref": "sha256:replace-with-digest-of-submitted-instruction-payload"
},
"chain_id": 138,
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"ipsas_narrative": "IPSAS28/29 settlement leg; PvP net beneficiary credit",
"occurred_at": "2026-03-30T12:00:00Z",
"iso_msg_type": "pacs.008",
"iso_instruction_id": "0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
"iso_payload_hash": "0xcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
"rail_iso_hash": "0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
"holder_did": "did:sov:WRfXg6LQCZgRsXoHF",
"identity_verification_ref": "acapy-proof-req-2026-0330-001"
}

12
config/dbis-institutional/examples/settlement-event.min.json Normal file
View File

@@ -0,0 +1,12 @@
{
"schema_version": 1,
"entity_id": "OMNL",
"jurisdiction": "MT",
"correlation_id": "00000000-0000-0000-0000-000000000001",
"event_type": "CHAIN_SETTLEMENT",
"amount": "1.00",
"amount_scale": 2,
"currency": "USD",
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"chain_id": 138
}

33
config/dbis-institutional/examples/settlement-events-batch.example.json Normal file
View File

@@ -0,0 +1,33 @@
[
{
"schema_version": 1,
"correlation_id": "550e8400-e29b-41d4-a716-446655440001",
"event_producer": "chain-settlement-worker",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"class_id": "C01",
"anchor_id": "C01-A01",
"division_id": "C01-A01-D01",
"amount": "1000000.00",
"amount_scale": 2,
"currency": "USD",
"event_type": "CHAIN_SETTLEMENT",
"chain_id": 138,
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"occurred_at": "2026-03-30T12:00:00Z"
},
{
"schema_version": 1,
"correlation_id": "550e8400-e29b-41d4-a716-446655440002",
"event_producer": "omnl-fineract-webhook",
"entity_id": "98450070C57395F6B906",
"jurisdiction": "ID",
"amount": "0",
"currency": "USD",
"event_type": "OMNL_JOURNAL_POSTED",
"omnl_journal_entry_id": 12046,
"omnl_office_id": 22,
"occurred_at": "2026-03-30T12:05:00Z",
"no_chain_leg_reason": "IPSAS-only reclassification; no on-ledger leg"
}
]

16
config/dbis-institutional/examples/trust.json Normal file
View File

@@ -0,0 +1,16 @@
{
"version": "0.1.0",
"issuedAt": "2026-03-30T00:00:00Z",
"organization": "Digital Bank of International Settlements",
"endpoints": {
"didRegistry": "https://identity.d-bis.org/registry",
"dataApi": "https://data.d-bis.org",
"explorer": "https://explorer.d-bis.org",
"status": "https://status.d-bis.org",
"developers": "https://developers.d-bis.org",
"gitea": "https://gitea.d-bis.org"
},
"jwksUri": "https://identity.d-bis.org/.well-known/jwks.json",
"caHints": ["production-trust-anchor.example"],
"notes": "Example only — replace URIs and keys before production."
}

4
config/dbis-institutional/registry/.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
# Operator-specific registry rows; do not commit live LEI/IBAN/addresses.
*.json
!.gitignore
!README.md

42
config/dbis-institutional/registry/README.md Normal file
View File

@@ -0,0 +1,42 @@
# Address registry drop-in (operator / CI)
Place **non-example** `address-registry-entry` JSON files here (one object per file, or one array in a single file). These files may contain **LEI, IBAN, and live `0x` addresses** — treat as confidential; prefer `.gitignore` or a secrets store in production.
## Sync labels to Blockscout
From repo root (plan only):
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --from-dir config/dbis-institutional/registry
```
Or a **single JSON array** file (see [`../examples/address-registry-entries-batch.example.json`](../examples/address-registry-entries-batch.example.json)):
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh path/to/registry-array.json
```
Apply (LAN or VPN to explorer; set API key if required):
```bash
export BLOCKSCOUT_API_KEY=... # if your Blockscout instance requires it
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --from-dir config/dbis-institutional/registry
```
For the self-hosted Chain 138 explorer, prefer direct DB sync:
```bash
bash scripts/verify/sync-blockscout-address-labels-from-registry.sh --apply --mode=db --from-dir config/dbis-institutional/registry
```
That path writes Blockscout primary labels into `public.address_names` through the explorer CT (`5000`) because `explorer.d-bis.org/api/v1/*` is token-aggregation, not a native Blockscout label-write surface. Use HTTP mode only if you have separately enabled and confirmed a compatible label endpoint (default probe target: `/api/v1/labels`).
## Token contract staging
This directory is also the right place for **live token-contract label rows** that should not be committed, for example:
- staged `cUSDT V2` / `cUSDC V2` token contract labels on Chain 138
- bridge-side `cW*` contracts before public cutover
- temporary explorer labels used during GRU V1/V2 coexistence
Keep versioned token contracts clearly labeled in `blockscout.label`, for example `Chain 138 cUSDT V2 (staged)`, so explorer operators can distinguish them from the active V1 liquidity contracts.

140
config/dbis-institutional/schemas/address-registry-entry.schema.json Normal file
View File

@@ -0,0 +1,140 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/address-registry-entry.json",
"title": "Chain address + fiat + Web3 alias registry entry",
"description": "Source-of-truth row for explorer sync and settlement binding. See docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md sections 3, 7, 13, 14.",
"type": "object",
"required": [
"registryEntryId",
"entity_id",
"jurisdiction",
"chain_id",
"address",
"addressRole",
"status"
],
"properties": {
"registryEntryId": {
"type": "string",
"description": "Stable UUID for this registry row."
},
"entity_id": {
"type": "string",
"description": "LEI (preferred) or internal party id."
},
"jurisdiction": { "type": "string" },
"class_id": { "type": "string" },
"anchor_id": { "type": "string" },
"division_id": { "type": "string" },
"omnl_office_id": { "type": "integer" },
"dbis_participant_id": { "type": "string" },
"chain_id": {
"type": "integer",
"description": "138 for production Chain 138."
},
"address": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{40}$",
"description": "Checksummed or lower-case EVM address (vault, EOA, or contract)."
},
"addressRole": {
"type": "string",
"enum": [
"treasury_vault",
"smart_account",
"eoa_operational",
"contract_registry",
"escrow",
"token_contract",
"iso_intake",
"dbis_settlement_router",
"other"
]
},
"fiat_rails": {
"type": "array",
"items": {
"type": "object",
"required": ["railType", "railValue"],
"properties": {
"railType": {
"type": "string",
"enum": ["iban", "bban", "bic_account", "rtgs_account", "other"]
},
"railValue": { "type": "string" },
"bic": { "type": "string" },
"validFrom": { "type": "string", "format": "date" },
"validTo": { "type": "string", "format": "date" }
},
"additionalProperties": true
}
},
"aliases": {
"type": "array",
"items": {
"type": "object",
"required": ["aliasType", "aliasValue"],
"properties": {
"aliasType": {
"type": "string",
"enum": [
"ens",
"custom_ens_tld",
"web3_eth_iban",
"did",
"internal_slug",
"other"
]
},
"aliasValue": { "type": "string" },
"resolver_chain_id": { "type": "integer" },
"validFrom": { "type": "string", "format": "date-time" },
"validTo": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
}
},
"instruments": {
"type": "array",
"description": "ISIN/CUSIP held or represented at this address when applicable.",
"items": {
"type": "object",
"properties": {
"isin": { "type": "string" },
"cusip": { "type": "string" },
"figi": { "type": "string" }
},
"additionalProperties": true
}
},
"blockscout": {
"type": "object",
"description": "Hints for label sync (Blockscout /api/v1/labels or UI).",
"properties": {
"label": { "type": "string" },
"labelType": {
"type": "string",
"enum": ["account", "contract", "token"]
}
},
"additionalProperties": true
},
"status": {
"type": "string",
"enum": ["active", "pending", "revoked"]
},
"lastCorrelationId": {
"type": "string",
"description": "Last mutation tied to a settlement-event correlation_id."
},
"primary_holder_did": {
"type": "string",
"description": "Default operational DID for this address (Indy did:sov, did:web, etc.); link LEI in entity_id."
},
"identity_anchor_ref": {
"type": "string",
"description": "Indy NYM, ACA-Py connection, or OIDC subject binding reference for audits."
}
},
"additionalProperties": true
}

27
config/dbis-institutional/schemas/governance.schema.json Normal file
View File

@@ -0,0 +1,27 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/governance.json",
"title": "DBIS governance.json",
"type": "object",
"required": ["version", "issuedAt", "bodies"],
"properties": {
"version": { "type": "string" },
"issuedAt": { "type": "string", "format": "date-time" },
"amendmentProcess": { "type": "string" },
"bodies": {
"type": "array",
"items": {
"type": "object",
"required": ["id", "name"],
"properties": {
"id": { "type": "string" },
"name": { "type": "string" },
"role": { "type": "string" },
"documentUrl": { "type": "string", "format": "uri" }
},
"additionalProperties": true
}
}
},
"additionalProperties": false
}

64
config/dbis-institutional/schemas/member-directory-entry.schema.json Normal file
View File

@@ -0,0 +1,64 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/member-directory-entry.json",
"title": "DBIS member directory entry",
"type": "object",
"required": [
"memberId",
"name",
"jurisdiction",
"memberStatus",
"participationType",
"slug"
],
"properties": {
"memberId": { "type": "string" },
"lei": { "type": "string" },
"name": { "type": "string" },
"shortName": { "type": "string" },
"jurisdiction": { "type": "string" },
"memberStatus": {
"type": "string",
"enum": ["active", "candidate", "suspended", "observer"]
},
"participationType": { "type": "string" },
"tier": {
"type": "string",
"enum": [
"full_central_bank",
"settlement_member",
"observer_member",
"infrastructure_member"
]
},
"settlementRole": { "type": "string" },
"currencyParticipation": {
"type": "array",
"items": { "type": "string" }
},
"validatorRole": { "type": "string" },
"nodeParticipationStatus": { "type": "string" },
"roles": {
"type": "array",
"items": { "type": "string" }
},
"logoUrl": { "type": "string", "format": "uri" },
"slug": {
"type": "string",
"pattern": "^[a-z0-9]+(?:-[a-z0-9]+)*$"
},
"summary": { "type": "string" },
"hq": {
"type": "object",
"description": "Headquarters WGS84 coordinates for strategic map",
"required": ["lat", "lng"],
"properties": {
"lat": { "type": "number", "minimum": -90, "maximum": 90 },
"lng": { "type": "number", "minimum": -180, "maximum": 180 },
"label": { "type": "string" }
},
"additionalProperties": false
}
},
"additionalProperties": false
}

27
config/dbis-institutional/schemas/policy-manifest.schema.json Normal file
View File

@@ -0,0 +1,27 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/policy-manifest.json",
"title": "DBIS policy.json manifest",
"type": "object",
"required": ["version", "issuedAt", "policies"],
"properties": {
"version": { "type": "string" },
"issuedAt": { "type": "string", "format": "date-time" },
"policies": {
"type": "array",
"items": {
"type": "object",
"required": ["id", "title", "hashSha256"],
"properties": {
"id": { "type": "string" },
"title": { "type": "string" },
"effectiveDate": { "type": "string", "format": "date" },
"documentUrl": { "type": "string", "format": "uri" },
"hashSha256": { "type": "string", "pattern": "^[a-f0-9]{64}$" }
},
"additionalProperties": false
}
}
},
"additionalProperties": false
}

143
config/dbis-institutional/schemas/settlement-event.schema.json Normal file
View File

@@ -0,0 +1,143 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/settlement-event.json",
"title": "Canonical settlement event (OMNL / Core / RTGS / Chain 138)",
"description": "Minimum payload for cross-system reconciliation. See docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md sections 6 and 14 (ISO-20022 + DID).",
"type": "object",
"required": [
"schema_version",
"correlation_id",
"entity_id",
"jurisdiction",
"amount",
"currency",
"event_type"
],
"properties": {
"schema_version": {
"type": "integer",
"minimum": 1,
"description": "Bump when breaking field semantics."
},
"correlation_id": {
"type": "string",
"minLength": 8,
"description": "UUID v4, ULID, or org ULID; immutable for the business event."
},
"entity_id": {
"type": "string",
"description": "LEI (preferred) or internal UUID for legal/cooperative entity."
},
"jurisdiction": {
"type": "string",
"description": "ISO 3166-1 alpha-2 or ISO 3166-2 style (e.g. US-NY)."
},
"event_producer": {
"type": "string",
"description": "Logical emitter for routing and audit. Registered ids and descriptions: `event-producers.manifest.json` in this directory.",
"enum": [
"hybx-omnl-sidecar",
"dbis-core",
"iso-gateway",
"mintauth-relayer",
"chain-settlement-worker",
"omnl-fineract-webhook",
"integration-hub-example",
"manual-operator"
]
},
"class_id": {
"type": "string",
"description": "Elemental Imperium class, e.g. C01C07."
},
"anchor_id": { "type": "string" },
"division_id": { "type": "string" },
"amount": {
"type": "string",
"pattern": "^-?[0-9]+(\\.[0-9]+)?$",
"description": "Decimal amount as string; scale implied by currency or separate field."
},
"amount_scale": {
"type": "integer",
"minimum": 0,
"maximum": 18,
"description": "Optional explicit minor units (e.g. 2 for USD)."
},
"currency": {
"type": "string",
"description": "ISO 4217 for fiat, or token symbol / 0x contract on-chain."
},
"event_type": {
"type": "string",
"enum": [
"RTGS_OUT",
"RTGS_IN",
"OMNL_JOURNAL_POSTED",
"CHAIN_SETTLEMENT",
"PV_NET",
"TREASURY_RELEASE",
"INTERNAL_TRANSFER",
"NO_CHAIN_LEG"
]
},
"no_chain_leg_reason": {
"type": "string",
"description": "When event_type is NO_CHAIN_LEG or internal-only; audit explanation."
},
"omnl_journal_entry_id": { "type": "integer" },
"omnl_office_id": { "type": "integer" },
"dbis_reference": {
"type": "string",
"description": "DBIS Core case or transaction id."
},
"rtgs_message_ids": {
"type": "object",
"additionalProperties": { "type": "string" },
"description": "Rail and messaging references. When Chain 138 is the authoritative settlement rail (SWIFT replacement for that flow), primary E2E evidence is correlation_id + chain_id + chain_tx_hash; uetr is optional unless a parallel SWIFT gpi leg exists. **uetr**: SWIFT gpi Unique End-to-End Transaction Reference (UUID) when the payment is on or reported to SWIFT gpi — required on those legs if the counterparty or scheme requires it. **msgId**, **endToEndId**: ISO-20022 / bank message ids. When no UETR exists yet (pre-SWIFT, internal-only, DLT-only, or domestic rail), record agreed internal keys, e.g. **internal_instruction_ref**, **operator_message_ref**, or **audit_file_ref**. Internal refs are not a substitute for a real UETR on SWIFT-settled payments; in hybrid flows map uetr + chain evidence + internal refs. See docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md."
},
"chain_id": {
"type": "integer",
"description": "EVM chain id; 138 for DeFi Oracle Meta Mainnet."
},
"chain_tx_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$"
},
"ipsas_narrative": {
"type": "string",
"maxLength": 500
},
"occurred_at": {
"type": "string",
"format": "date-time",
"description": "Business timestamp in UTC."
},
"iso_msg_type": {
"type": "string",
"description": "e.g. pacs.008, pain.001, MT103 — aligns with SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY canonical struct."
},
"iso_instruction_id": {
"type": "string",
"description": "InstrId or hashed instruction key (hex or string per gateway contract)."
},
"iso_payload_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$",
"description": "keccak256 of canonical ISO bundle or raw MX/MT fingerprint; ties OMNL/Core to on-chain intake."
},
"rail_iso_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$",
"description": "Optional DBIS Rail isoHash from canonical bundle (ISO_GATEWAY_AND_RELAYER_SPEC)."
},
"holder_did": {
"type": "string",
"description": "W3C DID of payment initiator or account holder when VC/DID path used (Indy did:sov, did:web, etc.)."
},
"identity_verification_ref": {
"type": "string",
"description": "Reference to ACA-Py proof request, OIDC session, or eIDAS connector correlation id."
}
},
"additionalProperties": true
}

31
config/dbis-institutional/schemas/trust.schema.json Normal file
View File

@@ -0,0 +1,31 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/trust.json",
"title": "DBIS trust.json",
"type": "object",
"required": ["version", "issuedAt", "endpoints"],
"properties": {
"version": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$" },
"issuedAt": { "type": "string", "format": "date-time" },
"organization": { "type": "string" },
"endpoints": {
"type": "object",
"additionalProperties": { "type": "string", "format": "uri" },
"properties": {
"didRegistry": { "type": "string", "format": "uri" },
"dataApi": { "type": "string", "format": "uri" },
"explorer": { "type": "string", "format": "uri" },
"status": { "type": "string", "format": "uri" },
"developers": { "type": "string", "format": "uri" },
"gitea": { "type": "string", "format": "uri" }
}
},
"jwksUri": { "type": "string", "format": "uri" },
"caHints": {
"type": "array",
"items": { "type": "string" }
},
"notes": { "type": "string" }
},
"additionalProperties": false
}

5
config/gitea/dbis-ci-template/README.md Normal file
View File

@@ -0,0 +1,5 @@
# DBIS Gitea CI template
Copy `example-workflow.yml` into a repository as `.gitea/workflows/ci.yml`.
Gitea Actions availability depends on server configuration; if Actions are disabled, use external CI (e.g. Drone, Jenkins) with the same stages: checkout → install → lint → test → build.

25
config/gitea/dbis-ci-template/example-workflow.yml Normal file
View File

@@ -0,0 +1,25 @@
# Gitea Actions — example CI for DBIS ecosystem repos
# Path in repo: .gitea/workflows/ci.yml (adjust for your Gitea version)
name: ci
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
jobs:
build:
runs-on: docker
steps:
- uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Install
run: npm ci || pnpm install --frozen-lockfile || yarn install --frozen-lockfile
- name: Lint
run: npm run lint --if-present
- name: Test
run: npm test --if-present
- name: Build
run: npm run build --if-present

126
config/gru-governance-supervision-profile.json Normal file
View File

@@ -0,0 +1,126 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"name": "GRU Governance and Supervision Profile",
"profileId": "gru-jurisdictional-storage-governance-supervision",
"version": "1.0.0",
"updated": "2026-03-31",
"notes": "Machine-readable policy profile for asset storage namespaces, governance-controller-only metadata execution, emergency/manual admin overrides, asset-scoped jurisdiction review, supervision metadata, and upgrade notice periods across c*, cW*, GRU base components, and tokenized assets.",
"references": {
"standardsProfile": "config/gru-standards-profile.json",
"storageGovernanceDoc": "docs/04-configuration/GRU_STORAGE_GOVERNANCE_AND_SUPERVISION_STANDARD.md",
"governanceDoc": "gru-docs/_core/04_GRU_Governance_Regulatory_Oversight.md",
"diamondSpecDoc": "docs/04-configuration/GRU_M00_DIAMOND_INSTITUTIONAL_SPEC.md"
},
"requiredAssetMetadata": [
"assetId",
"assetVersionId",
"governanceProfileId",
"supervisionProfileId",
"storageNamespace",
"primaryJurisdiction",
"regulatoryDisclosureURI",
"reportingURI",
"canonicalUnderlyingAsset",
"supervisionRequired",
"governmentApprovalRequired",
"minimumUpgradeNoticePeriod"
],
"roles": {
"tokenRoles": [
"DEFAULT_ADMIN_ROLE",
"MINTER_ROLE",
"BURNER_ROLE",
"PAUSER_ROLE",
"BRIDGE_ROLE",
"SUPPLY_ADMIN_ROLE",
"METADATA_ADMIN_ROLE",
"GOVERNANCE_ROLE",
"JURISDICTION_ADMIN_ROLE",
"REGULATOR_ROLE",
"SUPERVISOR_ROLE",
"EMERGENCY_ADMIN_ROLE"
],
"registryRoles": [
"DEFAULT_ADMIN_ROLE",
"REGISTRAR_ROLE",
"PROPOSER_ROLE",
"VALIDATOR_ROLE",
"UPGRADER_ROLE",
"JURISDICTION_MANAGER_ROLE",
"REGULATOR_ROLE",
"SUPERVISOR_ROLE",
"EMERGENCY_ADMIN_ROLE"
],
"governanceRoles": [
"DEFAULT_ADMIN_ROLE",
"PROPOSER_ROLE",
"EXECUTOR_ROLE",
"CANCELLER_ROLE",
"UPGRADER_ROLE"
]
},
"storageNamespaces": {
"canonicalCStarPattern": "gru.storage.asset.<symbol>.<version>",
"wrappedCWStarPattern": "gru.storage.transport.<symbol>",
"registryPattern": "gru.storage.registry.<symbol>",
"diamondNamespaces": [
"grc.storage.monetary",
"grc.storage.index",
"grc.storage.bond",
"grc.storage.gov",
"grc.storage.audit",
"grc.storage.access",
"grc.storage.pause",
"grc.storage.triang",
"grc.storage.reentrancy"
]
},
"proposalPolicy": {
"assetScopeRequiredForUpgradeSensitiveChanges": true,
"jurisdictionDerivedFromRegistryAssetState": true,
"queueRequiresJurisdictionApprovalWhenFlagged": true,
"jurisdictionTransitionRequiresBothAuthorities": true,
"defaultMinimumUpgradeNoticePeriodSeconds": 604800,
"approvalSource": "UniversalAssetRegistry.jurisdictionAuthorities",
"proposalEntryPoint": "GovernanceController.proposeForAsset",
"jurisdictionPolicyEntryPoints": [
"UniversalAssetRegistry.setDerivedJurisdictionProfile",
"UniversalAssetRegistry.setDerivedJurisdictionAuthority"
],
"metadataExecutionSurface": "GovernanceController.execute -> token/registry governanceController-only setters",
"manualJurisdictionTaggingAllowed": false,
"minimumReviewData": [
"jurisdictionId",
"reviewRequired",
"minimumNoticePeriod"
]
},
"emergencyPolicy": {
"manualAdminPathsRemainAvailable": true,
"authorizedRoles": [
"EMERGENCY_ADMIN_ROLE"
],
"intendedUse": "Emergency remediation, regulator-directed manual intervention, and bootstrap configuration before governance is fully wired."
},
"jurisdictionDefaults": {
"supervisionRequiredDefault": true,
"governmentApprovalRequiredDefault": false,
"periodicReportingRecommended": true,
"primaryEvidenceFields": [
"policyHash",
"supervisionURI",
"regulatoryDisclosureURI",
"reportingURI"
]
},
"implementationSurface": {
"canonicalTokens": [
"smom-dbis-138/contracts/tokens/CompliantFiatTokenV2.sol"
],
"wrappedTokens": [
"smom-dbis-138/contracts/tokens/CompliantWrappedToken.sol"
],
"registry": "smom-dbis-138/contracts/registry/UniversalAssetRegistry.sol",
"governance": "smom-dbis-138/contracts/governance/GovernanceController.sol"
}
}

226
config/gru-iso4217-currency-manifest.json Normal file
View File

@@ -0,0 +1,226 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"name": "GRU ISO-4217 Currency Manifest",
"version": "1.0.0",
"updated": "2026-03-31",
"canonicalChainId": 138,
"standardsProfileRef": "config/gru-standards-profile.json",
"coverage": {
"appliesToCurrentAndFutureCurrencies": true,
"targetUniverse": [
"all ISO-4217 fiat currencies adopted into GRU",
"governance-approved commodities and additional monetary units"
],
"transportMethodology": "Chain 138 canonical c* with mirrored cW* transport on compatible public chains"
},
"notes": "Canonical GRU-supported ISO-4217 and commodity currency set for c* and cW* onboarding, routing, explorer metadata, and FX integration. This is the machine-readable source of truth for supported currencies, token families, lifecycle state, and canonical logo assignment.",
"currencies": [
{
"code": "USD",
"name": "US Dollar",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": true,
"x402Ready": true
},
"canonicalAssets": {
"coin": {
"symbol": "cUSDC",
"v1Address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"v2Address": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99",
"activeVersion": "v1",
"x402PreferredVersion": "v2",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cUSDC.svg"
},
"token": {
"symbol": "cUSDT",
"v1Address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"v2Address": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29",
"activeVersion": "v1",
"x402PreferredVersion": "v2",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cUSDT.svg"
}
},
"wrappedAssets": {
"coin": "cWUSDC",
"token": "cWUSDT"
}
},
{
"code": "EUR",
"name": "Euro",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cEURC",
"address": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cEURC.svg"
},
"token": {
"symbol": "cEURT",
"address": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cEURT.svg"
}
},
"wrappedAssets": {
"coin": "cWEURC",
"token": "cWEURT"
}
},
{
"code": "GBP",
"name": "Pound Sterling",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cGBPC",
"address": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cGBPC.svg"
},
"token": {
"symbol": "cGBPT",
"address": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cGBPT.svg"
}
},
"wrappedAssets": {
"coin": "cWGBPC",
"token": "cWGBPT"
}
},
{
"code": "AUD",
"name": "Australian Dollar",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cAUDC",
"address": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cAUDC.svg"
}
},
"wrappedAssets": {
"coin": "cWAUDC"
}
},
{
"code": "JPY",
"name": "Japanese Yen",
"type": "fiat",
"minorUnits": 0,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cJPYC",
"address": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cJPYC.svg"
}
},
"wrappedAssets": {
"coin": "cWJPYC"
}
},
{
"code": "CHF",
"name": "Swiss Franc",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cCHFC",
"address": "0x873990849DDa5117d7C644f0aF24370797C03885",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cCHFC.svg"
}
},
"wrappedAssets": {
"coin": "cWCHFC"
}
},
{
"code": "CAD",
"name": "Canadian Dollar",
"type": "fiat",
"minorUnits": 2,
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cCADC",
"address": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cCADC.svg"
}
},
"wrappedAssets": {
"coin": "cWCADC"
}
},
{
"code": "XAU",
"name": "Gold",
"type": "commodity",
"minorUnits": null,
"unitOfAccount": "troy_ounce",
"status": {
"planned": true,
"deployed": true,
"transportActive": false,
"x402Ready": false
},
"canonicalAssets": {
"coin": {
"symbol": "cXAUC",
"address": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cXAUC.svg"
},
"token": {
"symbol": "cXAUT",
"address": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
"logoURI": "https://raw.githubusercontent.com/Order-of-Hospitallers/proxmox-cp/main/token-lists/logos/gru/cXAUT.svg"
}
},
"wrappedAssets": {
"coin": "cWXAUC",
"token": "cWXAUT"
}
}
]
}

199
config/gru-standards-profile.json Normal file
View File

@@ -0,0 +1,199 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"name": "GRU Standards Profile",
"profileId": "gru-c-star-v2-transport-and-payment",
"version": "1.0.0",
"updated": "2026-03-31",
"canonicalChainId": 138,
"notes": "Machine-readable standards profile for canonical c* V2 money on Chain 138, mirrored cW* public-chain transport, x402 payment capability, ISO-4217 coverage, and GRU governance/policy enforcement.",
"references": {
"transportOverlay": "config/gru-transport-active.json",
"currencyManifest": "config/gru-iso4217-currency-manifest.json",
"governanceSupervisionProfile": "config/gru-governance-supervision-profile.json",
"standardsMatrixDoc": "docs/04-configuration/GRU_C_STAR_V2_STANDARDS_MATRIX_AND_IMPLEMENTATION_PLAN.md",
"storageGovernanceDoc": "docs/04-configuration/GRU_STORAGE_GOVERNANCE_AND_SUPERVISION_STANDARD.md",
"x402SupportDoc": "docs/04-configuration/CHAIN138_X402_TOKEN_SUPPORT.md",
"fxOnboardingDoc": "docs/04-configuration/GRU_FX_CURRENCY_ONBOARDING_CHECKLIST.md"
},
"scope": {
"canonicalAssetPrefix": "c",
"wrappedAssetPrefix": "cW",
"canonicalMethodology": "Chain 138 is the canonical monetary layer for c*. Compatible public chains use mirrored cW* transport assets via lock on 138 and mint on destination.",
"targetCurrencyCoverage": [
"all ISO-4217 fiat currencies adopted into the GRU currency manifest",
"governance-approved commodities and additional monetary units beyond ISO-4217"
],
"compatibilityBoundary": [
"token mapping exists in config/token-mapping-multichain.json",
"destination cW deployment is non-zero in cross-chain-pmm-lps/config/deployment-status.json",
"bridgeAvailable is true in cross-chain-pmm-lps/config/deployment-status.json",
"destination chain is explicitly enabled in config/gru-transport-active.json"
]
},
"paymentProfiles": [
{
"id": "x402",
"requiredOn": [
"canonical_c_star_v2"
],
"recommendedOn": [
"mirrored_cw_v2"
],
"requiresAnyOf": [
"ERC-2612",
"ERC-3009"
],
"dependsOn": [
"EIP-712",
"ERC-5267"
]
}
],
"baseTokenStandards": [
{
"id": "ERC-20",
"required": true
},
{
"id": "AccessControl",
"required": true
},
{
"id": "Pausable",
"required": true
},
{
"id": "EIP-712",
"required": true
},
{
"id": "ERC-2612",
"required": true
},
{
"id": "ERC-3009",
"required": true
},
{
"id": "ERC-5267",
"required": true
},
{
"id": "IeMoneyToken",
"required": true,
"repoInterface": "contracts/emoney/interfaces/IeMoneyToken.sol"
},
{
"id": "DeterministicStorageNamespace",
"required": true
},
{
"id": "JurisdictionAndSupervisionMetadata",
"required": true
}
],
"transportAndWrapperStandards": [
{
"id": "CompliantWrappedToken",
"layer": "public_transport",
"required": true
},
{
"id": "CWMultiTokenBridgeL1",
"layer": "bridge",
"required": true
},
{
"id": "CWReserveVerifier",
"layer": "bridge",
"required": true
},
{
"id": "CWMultiTokenBridgeL2",
"layer": "bridge",
"required": true
}
],
"adjacentAllowedButNotBaseToken": [
{
"id": "ERC-3156",
"location": "wrapper_only"
},
{
"id": "ERC-4626",
"location": "vault_only"
},
{
"id": "EIP-1271",
"location": "smart_account_or_wallet_registry"
},
{
"id": "ERC-1363",
"location": "specialized_adapter_only"
}
],
"governanceAndPolicyStandards": [
{
"id": "ERC-2535",
"component": "gru_m00_diamond",
"required": true
},
{
"id": "StandardsRegistryFacet",
"required": true
},
{
"id": "GovernanceLevelFacet",
"required": true
},
{
"id": "PolicyRouterFacet",
"required": true
},
{
"id": "ComplianceGateFacet",
"required": true
},
{
"id": "AccountingGateFacet",
"required": true
},
{
"id": "MessagingGateFacet",
"required": true
},
{
"id": "ReserveGateFacet",
"required": true
},
{
"id": "ISO-20022 Canonical Message Model",
"required": true
},
{
"id": "JurisdictionalReview",
"required": true
},
{
"id": "MinimumUpgradeNoticePeriod",
"required": true
},
{
"id": "RegulatoryDisclosureAndReporting",
"required": true
}
],
"lifecycleDefaults": {
"transportActiveDefault": false,
"x402ReadyDefault": false,
"forwardCanonicalVersionPolicy": "one_forward_canonical_version_per_asset_family",
"minimumUpgradeNoticePeriodSeconds": 604800,
"jurisdictionReviewRequiredForUpgradeSensitiveChanges": true
},
"currentActivationExample": {
"activeCanonicalCurrencyCodes": [
"USD"
],
"transportOverlayRef": "config/gru-transport-active.json"
}
}

863
config/gru-transport-active.json Normal file
View File

@@ -0,0 +1,863 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "GRU Monetary Transport Layer active-policy overlay. This file gates which canonical c* assets, cW* destinations, bridge peers, and public pools are active for routing, exposure, and MCP visibility.",
"version": "1.2.0",
"updated": "2026-03-31",
"standardsProfileRef": "config/gru-standards-profile.json",
"system": {
"name": "GRU Monetary Transport Layer",
"shortName": "GRU Transport",
"canonicalChainId": 138,
"canonicalChainName": "Chain 138",
"transportClass": "Compliant Wrapped ISO-4217 M1",
"publicPoolModel": "local_edge_pools",
"hardPegTruth": "redeemable_at_par_into_canonical_c_star",
"wethTransportSeparated": true,
"notes": "Canonical c* remains on Chain 138. Public chains carry cW* as the mirrored transport form. Existing WETH routes remain separate from GRU Transport."
},
"terminology": {
"canonicalAsset": "Canonical c* asset on Chain 138.",
"mirroredCwAsset": "Public-network cW* representation of a canonical c* asset.",
"activeTransportPair": "A canonical-to-mirrored pair explicitly enabled by this overlay and allowed to route.",
"activePublicPool": "A public-chain local edge pool that is explicitly enabled for token-aggregation exposure.",
"hardPegEligiblePair": "A pair whose outbound wrapping is governed by reserve-verifier checks and per-destination outstanding limits."
},
"enabledCanonicalTokens": [
{
"symbol": "cUSDT",
"currencyCode": "USD",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"phase": "v1",
"reserveVerifierKey": "chain138-hard-peg",
"activeVersion": "v1",
"activeAddress": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"x402PreferredVersion": "v2",
"x402PreferredAddress": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29",
"cutover": {
"liquidityActiveVersion": "v1",
"transportActiveVersion": "v1",
"explorerPrimaryVersion": "v1",
"x402ReadyVersion": "v2",
"nextAction": "Complete cW/pool migration before flipping canonical routing to V2."
},
"deployments": [
{
"version": "v1",
"address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"status": "active",
"purpose": "Live Chain 138 liquidity, PMM pools, and current transport routes.",
"forwardCanonical": false
},
{
"version": "v2",
"address": "0x8d342d321DdEe97D0c5011DAF8ca0B59DA617D29",
"status": "staged",
"purpose": "Permit/auth-capable x402 payments and next GRU transport cutover.",
"forwardCanonical": false
}
]
},
{
"symbol": "cUSDC",
"currencyCode": "USD",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"phase": "v1",
"reserveVerifierKey": "chain138-hard-peg",
"activeVersion": "v1",
"activeAddress": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"x402PreferredVersion": "v2",
"x402PreferredAddress": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99",
"cutover": {
"liquidityActiveVersion": "v1",
"transportActiveVersion": "v1",
"explorerPrimaryVersion": "v1",
"x402ReadyVersion": "v2",
"nextAction": "Complete cW/pool migration before flipping canonical routing to V2."
},
"deployments": [
{
"version": "v1",
"address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"status": "active",
"purpose": "Live Chain 138 liquidity, PMM pools, and current transport routes.",
"forwardCanonical": false
},
{
"version": "v2",
"address": "0x1ac3F4942a71E86A9682D91837E1E71b7BACdF99",
"status": "staged",
"purpose": "Permit/auth-capable x402 payments and next GRU transport cutover.",
"forwardCanonical": false
}
]
}
],
"enabledDestinationChains": [
{
"chainId": 25,
"name": "Cronos",
"phase": "v1",
"peerKey": "cronos"
},
{
"chainId": 56,
"name": "BSC",
"phase": "v1",
"peerKey": "bsc"
},
{
"chainId": 137,
"name": "Polygon",
"phase": "v1",
"peerKey": "polygon"
},
{
"chainId": 43114,
"name": "Avalanche C-Chain",
"phase": "v1",
"peerKey": "avalanche"
},
{
"chainId": 42161,
"name": "Arbitrum One",
"phase": "v1",
"peerKey": "arbitrum"
},
{
"chainId": 8453,
"name": "Base",
"phase": "v1",
"peerKey": "base"
},
{
"chainId": 10,
"name": "Optimism",
"phase": "v1",
"peerKey": "optimism"
},
{
"chainId": 100,
"name": "Gnosis Chain",
"phase": "v1",
"peerKey": "gnosis"
},
{
"chainId": 1,
"name": "Ethereum Mainnet",
"phase": "v1",
"peerKey": "mainnet"
}
],
"approvedBridgePeers": [
{
"key": "cronos",
"chainId": 25,
"chainName": "Cronos",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_CRONOS"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "mainnet",
"chainId": 1,
"chainName": "Ethereum Mainnet",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_MAINNET"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "bsc",
"chainId": 56,
"chainName": "BSC",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_BSC"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "polygon",
"chainId": 137,
"chainName": "Polygon",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_POLYGON"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "avalanche",
"chainId": 43114,
"chainName": "Avalanche C-Chain",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_AVALANCHE"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "arbitrum",
"chainId": 42161,
"chainName": "Arbitrum One",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_ARBITRUM"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "base",
"chainId": 8453,
"chainName": "Base",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_BASE"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "optimism",
"chainId": 10,
"chainName": "Optimism",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_OPTIMISM"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
},
{
"key": "gnosis",
"chainId": 100,
"chainName": "Gnosis Chain",
"bridgeKind": "cw_multi_token",
"l1Bridge": {
"env": "CHAIN138_L1_BRIDGE"
},
"l2Bridge": {
"env": "CW_BRIDGE_GNOSIS"
},
"freezeTokenPairRequired": true,
"freezeDestinationRequired": true
}
],
"reserveVerifiers": {
"chain138-hard-peg": {
"chainId": 138,
"bridgeRef": {
"env": "CHAIN138_L1_BRIDGE"
},
"verifierRef": {
"env": "CW_RESERVE_VERIFIER_CHAIN138"
},
"vaultRef": {
"env": "CW_STABLECOIN_RESERVE_VAULT"
},
"reserveSystemRef": {
"env": "CW_RESERVE_SYSTEM"
},
"requireVaultBacking": true,
"requireReserveSystemBalance": true,
"requireTokenOwnerMatchVault": true
}
},
"transportPairs": [
{
"key": "138-25-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 25,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "cronos",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_CRONOS"
},
"publicPoolKeys": [
"25-cWUSDT-USDT"
]
},
{
"key": "138-25-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 25,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "cronos",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_CRONOS"
},
"publicPoolKeys": [
"25-cWUSDC-USDT"
]
},
{
"key": "138-56-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 56,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "bsc",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_BSC"
},
"publicPoolKeys": [
"56-cWUSDT-USDT"
]
},
{
"key": "138-56-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 56,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "bsc",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_BSC"
},
"publicPoolKeys": [
"56-cWUSDC-USDT"
]
},
{
"key": "138-137-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 137,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "polygon",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_POLYGON"
},
"publicPoolKeys": [
"137-cWUSDT-USDC"
]
},
{
"key": "138-137-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 137,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "polygon",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_POLYGON"
},
"publicPoolKeys": [
"137-cWUSDC-USDC"
]
},
{
"key": "138-43114-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 43114,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "avalanche",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_AVALANCHE"
},
"publicPoolKeys": [
"43114-cWUSDT-USDC"
]
},
{
"key": "138-43114-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 43114,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "avalanche",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_AVALANCHE"
},
"publicPoolKeys": [
"43114-cWUSDC-USDC"
]
},
{
"key": "138-42161-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 42161,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "arbitrum",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_ARBITRUM"
},
"publicPoolKeys": [
"42161-cWUSDT-USDC"
]
},
{
"key": "138-42161-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 42161,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "arbitrum",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_ARBITRUM"
},
"publicPoolKeys": [
"42161-cWUSDC-USDC"
]
},
{
"key": "138-8453-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 8453,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "base",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_BASE"
},
"publicPoolKeys": [
"8453-cWUSDT-USDC"
]
},
{
"key": "138-8453-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 8453,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "base",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_BASE"
},
"publicPoolKeys": [
"8453-cWUSDC-USDC"
]
},
{
"key": "138-10-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 10,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "optimism",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_OPTIMISM"
},
"publicPoolKeys": [
"10-cWUSDT-USDC"
]
},
{
"key": "138-10-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 10,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "optimism",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_OPTIMISM"
},
"publicPoolKeys": [
"10-cWUSDC-USDC"
]
},
{
"key": "138-100-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 100,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "gnosis",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_GNOSIS"
},
"publicPoolKeys": [
"100-cWUSDT-USDC"
]
},
{
"key": "138-100-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 100,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "gnosis",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_GNOSIS"
},
"publicPoolKeys": [
"100-cWUSDC-USDC"
]
},
{
"key": "138-1-cUSDT-cWUSDT",
"canonicalChainId": 138,
"destinationChainId": 1,
"canonicalSymbol": "cUSDT",
"mirroredSymbol": "cWUSDT",
"mappingKey": "Compliant_USDT_cW",
"peerKey": "mainnet",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDT_MAINNET"
},
"publicPoolKeys": [
"1-cWUSDT-USDC"
]
},
{
"key": "138-1-cUSDC-cWUSDC",
"canonicalChainId": 138,
"destinationChainId": 1,
"canonicalSymbol": "cUSDC",
"mirroredSymbol": "cWUSDC",
"mappingKey": "Compliant_USDC_cW",
"peerKey": "mainnet",
"phase": "v1",
"routeDiscoveryEnabled": true,
"mcpVisible": true,
"reserveVerifierKey": "chain138-hard-peg",
"maxOutstanding": {
"required": true,
"env": "CW_MAX_OUTSTANDING_USDC_MAINNET"
},
"publicPoolKeys": [
"1-cWUSDC-USDC"
]
}
],
"publicPools": [
{
"key": "25-cWUSDT-USDT",
"chainId": 25,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "25-cWUSDC-USDT",
"chainId": 25,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "56-cWUSDT-USDT",
"chainId": 56,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "56-cWUSDC-USDT",
"chainId": 56,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDT",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "137-cWUSDT-USDC",
"chainId": 137,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "137-cWUSDC-USDC",
"chainId": 137,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "43114-cWUSDT-USDC",
"chainId": 43114,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "43114-cWUSDC-USDC",
"chainId": 43114,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "42161-cWUSDT-USDC",
"chainId": 42161,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "42161-cWUSDC-USDC",
"chainId": 42161,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "8453-cWUSDT-USDC",
"chainId": 8453,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "8453-cWUSDC-USDC",
"chainId": 8453,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "10-cWUSDT-USDC",
"chainId": 10,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "10-cWUSDC-USDC",
"chainId": 10,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "100-cWUSDT-USDC",
"chainId": 100,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "100-cWUSDC-USDC",
"chainId": 100,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "1-cWUSDT-USDC",
"chainId": 1,
"baseSymbol": "cWUSDT",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
},
{
"key": "1-cWUSDC-USDC",
"chainId": 1,
"baseSymbol": "cWUSDC",
"quoteSymbol": "USDC",
"poolAddress": null,
"active": false,
"routingEnabled": false,
"mcpVisible": false,
"phase": "v1"
}
]
}

21
config/ip-addresses.conf
View File

@@ -87,6 +87,7 @@ ORDER_POSTGRES_PRIMARY="192.168.11.44"
ORDER_POSTGRES_REPLICA="192.168.11.45"
# Dedicated order-redis LXC (e.g. VMID 10020) not present on cluster as of 2026-03; reserve for scripts / future CT
ORDER_REDIS_IP="192.168.11.38"
IP_ORDER_MCP_LEGAL="192.168.11.94"
# DBIS Service IPs
DBIS_POSTGRES_PRIMARY="192.168.11.105"
@@ -113,6 +114,12 @@ IP_FIREFLY_2="192.168.11.67"
IP_BESU_SENTRY="192.168.11.154"
IP_DBIS_API="192.168.11.155"
IP_DBIS_API_2="192.168.11.156"
# d-bis.org public apex — Gov Portals DBIS on VMID 7804 (same as dbis.xom-dev :3001); override when production host is pinned
IP_DBIS_PUBLIC_APEX="${IP_DBIS_PUBLIC_APEX:-192.168.11.54}"
DBIS_PUBLIC_APEX_PORT="${DBIS_PUBLIC_APEX_PORT:-3001}"
# core.d-bis.org — DBIS Core banking client portal; default API VM until dedicated UI (dbis_core); override in .env when UI has its own upstream
IP_DBIS_CORE_CLIENT="${IP_DBIS_CORE_CLIENT:-192.168.11.155}"
DBIS_CORE_CLIENT_PORT="${DBIS_CORE_CLIENT_PORT:-3000}"
# Additional service/container IPs (for remaining script migration)
IP_VALIDATOR_0="192.168.11.100"
@@ -177,6 +184,17 @@ SANKOFA_PHOENIX_API_PORT="${SANKOFA_PHOENIX_API_PORT:-4000}"
SANKOFA_PORTAL_PORT="${SANKOFA_PORTAL_PORT:-3000}"
IP_SANKOFA_PHOENIX_API="${IP_SANKOFA_PHOENIX_API:-$IP_SERVICE_50}"
IP_SANKOFA_PORTAL="${IP_SANKOFA_PORTAL:-$IP_SERVICE_51}"
# Corporate apex (sankofa.nexus marketing). Default: same as portal until you set IP_SANKOFA_PUBLIC_WEB in .env (e.g. CT 7806).
# CT 7806 (sankofa-public-web) LAN IP when provisioned — see scripts/deployment/provision-sankofa-public-web-lxc-7806.sh
IP_SANKOFA_PUBLIC_WEB_CT="${IP_SANKOFA_PUBLIC_WEB_CT:-192.168.11.63}"
IP_SANKOFA_PUBLIC_WEB="${IP_SANKOFA_PUBLIC_WEB:-$IP_SANKOFA_PORTAL}"
SANKOFA_PUBLIC_WEB_PORT="${SANKOFA_PUBLIC_WEB_PORT:-$SANKOFA_PORTAL_PORT}"
# Client SSO apps (portal.sankofa.nexus, admin.sankofa.nexus) — typical: same LXC as hybrid portal (7801).
IP_SANKOFA_CLIENT_SSO="${IP_SANKOFA_CLIENT_SSO:-$IP_SANKOFA_PORTAL}"
SANKOFA_CLIENT_SSO_PORT="${SANKOFA_CLIENT_SSO_PORT:-$SANKOFA_PORTAL_PORT}"
# Operator dash (dash.sankofa.nexus). Leave unset to skip creating/updating dash in NPM fleet script until provisioned.
# IP_SANKOFA_DASH="192.168.11.xx"
# SANKOFA_DASH_PORT="${SANKOFA_DASH_PORT:-3000}"
# Gov Portals dev (VMID 7804) — DBIS, ICCC, OMNL, XOM at *.xom-dev.phoenix.sankofa.nexus
IP_GOV_PORTALS_DEV="192.168.11.54"
@@ -184,6 +202,9 @@ IP_GOV_PORTALS_DEV="192.168.11.54"
# Order legal (VMID 10070) — **not** .54 (that is exclusive to VMID 7804 gov-portals). Fixed duplicate ARP 2026-03-25.
IP_ORDER_LEGAL="192.168.11.87"
# Order MCP legal (VMID 10092) — moved off 192.168.11.37 on 2026-03-29 to avoid conflicting with MIM4U VMID 7810.
IP_ORDER_MCP_LEGAL="${IP_ORDER_MCP_LEGAL:-192.168.11.94}"
# Sankofa Studio (VMID 7805) — FusionAI Creator / Phoenix Marketplace SaaS at studio.sankofa.nexus
# Note: 192.168.11.55 is used by VMID 10230 (order-vault); .72 chosen to avoid conflict.
IP_SANKOFA_STUDIO="192.168.11.72"

121
config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md Normal file
View File

@@ -0,0 +1,121 @@
# INAAUDJVMTM / 2025 — Audit tables → E2E archive closure matrix
**Engagement / file reference:** `018215821582` / **INAAUDJVMTM** / **2025**
**Purpose:** Map **Tables B, C, D** (weakness vs standard, transaction flow, systemic risk) to **what this repository stages** in the OMNL E2E settlement audit zip, **without overstating** examination credit. Templates and schemas **define** controls; **generators, vendor exports, and executed drills** **prove** them — see [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md).
**Not legal or supervisory advice.** OJK/BI expectations must be confirmed with counsel and supervisors.
---
## A. JVMTM scope
This package treats **JVMTM** as the **audit / working-paper framing** for OMNL-related **reconciliation, validation, continuity, finality, liquidity, messaging, and exceptions**. The archive is a **structured evidence bundle** plus **runbooks**; it does **not** by itself certify **production** compliance until **live** artifacts populate **`JVMTM_CLOSURE_DIR`** and generators are run against **real** systems.
**Primary narrative / identifier policy:** [docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) (includes **`internal_instruction_ref`** pattern for this engagement).
---
## B. Weakness vs regulatory standards — audit table + closure mapping
### B.1 Audit table (source structure)
| No | Risk area | OMNL system condition | OJK / BI regulatory standard | Gap / violation | Impact |
|----|-----------|------------------------|------------------------------|-----------------|--------|
| 1 | Reconciliation | No automated reconciliation | Mandatory daily reconciliation & matching system | No 3-way matching | Balance discrepancies & audit failure |
| 2 | Transaction validation | Relies on “credit advice” | Mandatory transaction verification (KYT, SWIFT, ledger) | Vulnerable to spoofing | Fraud & unauthorized payments |
| 3 | Single point of failure | OMNL as central dependency | Mandatory BCP & DRC | No failover mechanism | Total system outage |
| 4 | Business continuity | No contingency plan | Mandatory disaster recovery plan | Non-compliant | Operational disruption |
| 5 | Settlement finality | No clear finality point | Must be final & irrevocable | Undefined finality | Legal disputes |
| 6 | Closed-loop confirmation | Confirmation after credit | Must have ACK before settlement | Reversed process flow | Unconfirmed transactions |
| 7 | Liquidity control | No prefunding mechanism | Mandatory prefunded / liquidity control | High settlement risk | Payment failure |
| 8 | Balance monitoring | No visibility for correspondent bank | Real-time balance monitoring required | Blind position | Over-credit risk |
| 9 | Messaging standard | No standardized messaging | Structured messaging required | Non-interoperable | Communication errors |
| 10 | Exception handling | No error handling mechanism | Mandatory exception handling system | Uncontrolled errors | Double posting |
### B.2 Closure mapping (how the archive responds)
| No | Posture | What the archive provides | Honest boundary (what remains org/production) |
|----|---------|---------------------------|-----------------------------------------------|
| 1 | **PARTIAL → OPERATIONAL when run** | **`reconciliation/daily-3way-reconciliation-report.json`** (template or live); **`scripts/omnl/generate-3way-reconciliation-evidence.sh`** → **`reconciliation/3way-result.json`** when executed (Fineract GL + Chain 138 `balanceOf` + optional bank JSON); **`settlement-event.schema.json`** + events under **`settlement-events/`** with **`correlation_id`**. | **Daily automated** job in production, **bank-issued** statement/API, and **supervisor-agreed** matching rules are **outside** the repo. |
| 2 | **PARTIAL → OPERATIONAL when integrated** | **`validation/kyt-screening-result.json`** (template); **`scripts/omnl/fetch-kyt-vendor-report.sh`** (**refuses** fabricated PASS); ledger/journal evidence optional via **`FETCH_LIVE_EVIDENCE=1`**; **chain** finality fingerprint **`chain_tx_hash`** + runbook. **DLT-primary** leg: structured event without SWIFT per OJK policy doc. | **Production KYT vendor**, **SWIFT/UETR** when the rail is SWIFT, and **counterparty** verification are **operational**. |
| 3 | **DOCUMENTED + SMOKE** | **`scripts/omnl/bcp-rpc-failover-smoke.sh`** (real RPC reachability; optional secondary URL); **`bcp/failover-test-log.txt`**, **`bcp/recovery-time-report.json`** (structure). RTGS / Core runbooks in **`docs/`** (bundled). | **Fineract/Core HA**, **data-centre DR**, and **RTO/RPO** **certification** are **infrastructure / org** scope — not fully provable from this zip alone. |
| 4 | **PARTIAL (template + path)** | **`disaster-recovery/DR-simulation-report.json`**; **`bcp/recovery-time-report.json`**; exception/retry artefacts. | **Executed** DR drill logs, **board-approved** BCP, and **regulator-reviewed** plans must be **attached live**. |
| 5 | **PARTIAL + RAIL FRAMING** | **Chain 138** attestation receipt **`evidence/chain138-attestation-receipt.txt`**; settlement events **`FINALIZED`**; **`reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json`** (declared narrative — counsel); OJK doc **§2** (on-chain vs SWIFT finality). | **Legal** finality and **interbank** scheme rules are **counsel / counterparty**; repo states **technical** and **documented** finality points. |
| 6 | **PARTIAL → OPERATIONAL when run** | **`acknowledgements/pre-settlement-ack.json`**; **`scripts/omnl/verify-ack-before-credit.sh`** (ACK timestamp vs Fineract journal). | Must be run per **live** journal id; **process SOP** must mandate **ACK-before-credit** in operations. |
| 7 | **PARTIAL (structure + narrative)** | **`liquidity/prefunding-proof.json`**; reserve **`prefunding`** / liquidity narrative in **`reserve-provenance-package/`**. | **Live** nostro/prefunding **proof** and **limits** are **treasury / bank** evidence. |
| 8 | **PARTIAL** | **`monitoring/real-time-balance-snapshot.json`**; **3-way** script surfaces **on-chain** balance; optional Fineract **`glaccounts` / journals** in **`evidence/`** when **`FETCH_LIVE_EVIDENCE=1`**. | **Correspondent bank** visibility and **24/7** monitoring are **production** integrations. |
| 9 | **ADDRESSED (structured messaging)** | **`settlement-event.schema.json`**; examples with **`iso_*`**, **`rtgs_message_ids`**, **`internal_instruction_ref`** / **`audit_file_ref`**; ISO methodology docs bundled. **Chain 138 as SWIFT-replacement** documented in OJK policy. | **SWIFT network** message types in production require **live gateway**; repo provides **canonical JSON** and **mapping** runbooks. |
| 10 | **ADDRESSED (structure)** | **`exceptions/exception-policy.md`**, **`exceptions/sample-exception-event.json`**, **`exceptions/retry-log.txt`**. | **Production** ticketing volume and **maker-checker** enforcement are **operational** evidence beyond templates. |
**Summary:** Rows **18** typically need **live** data or **org** programs to reach **full** supervisory satisfaction; the archive **does not** claim otherwise. Rows **910** are **strongest** on **machine-readable structure** in-repo. **Positive sidestep:** where **Chain 138** is policy-selected as **settlement rail**, **control parity** (finality, correlation, reconciliation, KYT) is **argued** in docs and **demonstrated** with **generators + events**, not by pretending **SWIFT** was used.
---
## C. Transaction flow issues — audit table + remediation path
### C.1 Audit table (source structure)
| Stage | Current flow | Issue | Regulatory standard | Impact |
|-------|--------------|-------|---------------------|--------|
| 1 | Instruction sent | No pre-validation | Mandatory pre-validation | Invalid transactions risk |
| 2 | OMNL debited | No balance verification | Prefunding check required | Overdraft risk |
| 3 | Beneficiary credited | Before confirmation | Must occur after ACK | Invalid settlement |
| 4 | Confirmation sent | Post-credit (too late) | Pre-settlement ACK required | No closed-loop |
| 5 | Reconciliation | Manual / none | Must be automated | Data mismatch |
### C.2 Remediation path in this package
| Stage | Control / artifact | Script or path |
|-------|-------------------|----------------|
| 1 | Schema validation + typed settlement events + optional ISO hashes | `schemas/settlement-event.schema.json`, `settlement-events/*.json`, `validate-dbis-institutional-schemas.sh` |
| 2 | Prefunding proof container + treasury policy hook | `liquidity/prefunding-proof.json`, reserve package |
| 34 | ACK-before-credit + timestamp evidence | `acknowledgements/pre-settlement-ack.json`, `verify-ack-before-credit.sh` |
| 5 | 3-way reconciliation generator + daily report | `generate-3way-reconciliation-evidence.sh`, `reconciliation/daily-3way-reconciliation-report.json`, `reconciliation/3way-result.json` |
**Caveat:** Stages **34** are **only proven** when **`verify-ack-before-credit.sh`** is run against **real** IDs and **ACK timestamps** precede **credit** in Fineract (or equivalent).
---
## D. Systemic risk assessment — mapping to mitigations
### D.1 Audit table (source structure)
| No | Risk type | Description | Potential impact |
|----|-----------|-------------|------------------|
| 1 | Operational risk | Full dependency on OMNL | Total system shutdown |
| 2 | Fraud risk | Credit advice can be falsified | Financial loss |
| 3 | Settlement risk | No prefunding | Payment default |
| 4 | Reconciliation risk | No matching system | Reporting discrepancies |
| 5 | Legal risk | No settlement finality | Interbank disputes |
| 6 | Liquidity risk | No fund control | Cash flow mismatch |
### D.2 Mitigations staged or documented
| No | Mitigation (archive) | Limitation |
|----|----------------------|------------|
| 1 | BCP/DR **templates**, RPC **failover smoke**, runbooks | Does not replace **platform HA** or **multi-site** OMNL |
| 2 | **KYT** vendor hook (no fake PASS), **on-chain** `chain_tx_hash`, structured events | Does not replace **bank** confirmation or **SWIFT** gpi when applicable |
| 3 | **`prefunding-proof.json`** + reserve narratives | **Live** nostro proof required |
| 4 | **3-way** generator + **`correlation_id`** spine | **Automated daily** + **bank file** required for full credit |
| 5 | **Chain attestation** + settlement status + legal declarations (counsel) | **Court** / **scheme** finality still external |
| 6 | Prefunding + liquidity JSON + reconciliation | **Treasury** operating limits out of band |
---
## Success criteria (how to read “positive sidestep”)
1. **Examiners** see **traceable** mapping from **each audit row** to **a path** (artifact, script, or doc), not a blank denial.
2. **Templates** are explicitly labeled where **live** evidence is still required — see [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md).
3. **Chain 138 / DLT-primary** flows are **not** presented as **SWIFT**; they are presented as **alternative rail** with **documented** identifier and **finality** mapping per OJK policy.
4. **`JVMTM_CLOSURE_DIR`** overrides stage **examination-grade** JSON without editing the repo.
---
## Operator checklist (before calling the bundle “complete”)
- [ ] Run **`generate-3way-reconciliation-evidence.sh`** and confirm **`reconciliation/3way-result.json`** in the zip.
- [ ] Run **`verify-ack-before-credit.sh`** for at least one production-like journal and retain logs.
- [ ] Configure KYT vendor or accept **PENDING** and document why.
- [ ] Run **`bcp-rpc-failover-smoke.sh`** or attach **real** DR/BCP logs to **`JVMTM_CLOSURE_DIR`**.
- [ ] Point **`JVMTM_CLOSURE_DIR`** at **filled** `daily-3way-reconciliation-report.json`, `prefunding-proof.json`, `pre-settlement-ack.json` as appropriate.
- [ ] Ensure **`internal_instruction_ref`** or **`audit_file_ref`** in settlement events ties to **`018215821582/INAAUDJVMTM/2025`** where used.

90
config/jvmtm-regulatory-closure/JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md Normal file
View File

@@ -0,0 +1,90 @@
# JVMTM transaction-grade compliance matrix
**Purpose:** Turn the JVMTM audit-row closure material into a transaction-operator control pack optimized for **pre-settlement go/no-go**, while preserving execution, finality, reconciliation, resilience, and post-close evidence handling.
**Canonical source:** [`transaction-compliance-matrix.json`](transaction-compliance-matrix.json)
**Spreadsheet export:** [`transaction-compliance-matrix.csv`](transaction-compliance-matrix.csv)
**Per-transfer envelope:** [`schemas/transaction-compliance-execution.schema.json`](schemas/transaction-compliance-execution.schema.json) with examples in [`examples/`](examples/).
**Hybrid posture:** Control language stays rail-agnostic; the repo-specific column shows how the control maps into **OMNL + DBIS Core + Chain 138 + RTGS** artifacts already present in this repository.
**Envelope rule:** every execution envelope carries an `instruction_ref`; `settlement_event_ref` becomes optional until a canonical settlement event actually exists. A blocked pre-execution record should not pretend settlement evidence already exists.
---
## 1. Pre-transaction controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `PT-01` | Pre-validation is mandatory before instruction acceptance. | Validate the submitted instruction normalized into the canonical settlement-event shape against [`config/dbis-institutional/schemas/settlement-event.schema.json`](../dbis-institutional/schemas/settlement-event.schema.json) and collect live KYT evidence through [`scripts/omnl/fetch-kyt-vendor-report.sh`](../../scripts/omnl/fetch-kyt-vendor-report.sh) or equivalent vendor output. | Reject instruction if validation or KYT is missing or inconsistent. |
| `PT-02` | Prefunding must exist before the instruction can be accepted. | Use live [`prefunding-proof.json`](examples/prefunding-proof.example.json) and [`real-time-balance-snapshot.json`](examples/real-time-balance-snapshot.example.json) structures, validated against the schemas in [`schemas/`](schemas/). | Block transaction and place it on treasury hold if prefunding is missing or stale. |
| `PT-03` | Structured messaging is required for every intake path. | Use the canonical settlement-event schema plus the identifier guidance in [`OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md`](../../docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) to normalize the instruction record before release. | Reject malformed or uncorrelated instructions. |
| `PT-04` | Multi-layer authorization is mandatory. | Record maker-checker approval in the transaction execution envelope and tie it to the same `correlation_id` as the settlement event. | Block until approval is complete. |
| `PT-05` | Credit advice cannot be the sole proof. | Require independent KYT and instruction validation; map the result into the transaction execution envelope rather than relying on advice text alone. | Escalate to fraud workflow and freeze release. |
## 2. Execution controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `TX-01` | Debit only after all release gates pass. | The operator envelope must show `decision_status=READY` before OMNL journal posting, RTGS release, or Chain 138 settlement execution. | Halt execution and investigate sequencing. |
| `TX-02` | ACK must exist before beneficiary credit. | Use [`scripts/omnl/verify-ack-before-credit.sh`](../../scripts/omnl/verify-ack-before-credit.sh) against live [`pre-settlement-ack.json`](examples/pre-settlement-ack.example.json) and the relevant journal entry id. | Stop settlement if ACK ordering is unproven. |
| `TX-03` | Finality point must be explicit. | Tie the canonical settlement event to the legal and rail narrative in [`OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md`](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md) and, where needed, reserve provenance declarations. | Escalate to legal / ops hold if finality is undefined. |
| `TX-04` | Liquidity must still be available at release time. | Re-check the prefunding proof and balance snapshot immediately before release, not just at intake. | Cancel or pause settlement if liquidity no longer supports the transfer. |
| `TX-05` | Exception and rollback logic must exist. | Record exception events using the policy in [`policies/exception-policy.md`](policies/exception-policy.md) and attach the machine-readable exception record to the execution envelope. | Trigger rollback or incident workflow. |
## 3. Post-settlement controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `PS-01` | Daily automated three-way reconciliation is mandatory. | Generate reconciliation evidence via [`scripts/omnl/generate-3way-reconciliation-evidence.sh`](../../scripts/omnl/generate-3way-reconciliation-evidence.sh) and retain both the daily report and generated result. | Flag discrepancy and open reconciliation incident. |
| `PS-02` | Real-time balance visibility must be retained. | Capture a live [`real-time-balance-snapshot.json`](examples/real-time-balance-snapshot.example.json) and tie it to the same transaction corridor. | Notify treasury and risk if visibility is stale or incomplete. |
| `PS-03` | Immutable transaction logging is required. | Keep the canonical settlement event as the cross-system truth and bind the transaction execution envelope to it through the same `correlation_id`. | Mark the audit trail incomplete and escalate evidence remediation. |
| `PS-04` | Exceptions require explicit closure. | Use the exception policy, exception event, and retry log to show how the issue was resolved or escalated. | Escalate unresolved exceptions to incident management. |
| `PS-05` | Reporting and packaging must complete after settlement. | Stage transaction envelopes under `JVMTM_CLOSURE_DIR/transactions/` and rebuild the E2E archive with [`scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh`](../../scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh). | Reopen evidence assembly if the transaction is missing from the closure package. |
## 4. Resilience controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `SR-01` | Continuity path must exist. | Run [`scripts/omnl/bcp-rpc-failover-smoke.sh`](../../scripts/omnl/bcp-rpc-failover-smoke.sh) and retain the failover execution log. | Escalate to platform ops if continuity is unproven. |
| `SR-02` | Disaster recovery evidence must exist. | Use live recovery-time and DR simulation reports, structured by the schemas already present in [`schemas/`](schemas/). | Escalate continuity governance gaps before declaring the rail production-ready. |
| `SR-03` | No single point of failure should remain unacknowledged. | Document the fallback route or compensating control in the operating model and connect it to the active rail posture. | Escalate to architecture review when the path remains single-threaded. |
| `SR-04` | Message and evidence formats must remain schema-closed. | Validate both DBIS institutional schemas and JVMTM closure schemas before packaging or release. | Block publication if schema drift is detected. |
| `SR-05` | Reserve and provenance integrity must stay aligned with settlement evidence. | Validate the reserve provenance package when reserve-backed or legally narrated settlement is in scope. | Escalate reserve-integrity gaps and suspend unsupported attestations. |
## 5. Systemic risk controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `RK-01` | Operational dependency risk must be surfaced. | Review failover posture and continuity evidence before declaring the rail ready. | Raise executive escalation when dependency remains unresolved. |
| `RK-02` | Fraud indicators must trigger a hard investigation path. | Tie advice, KYT, and execution evidence together inside the transaction envelope. | Freeze transaction and open fraud investigation. |
| `RK-03` | Settlement risk from missing prefunding is non-waivable. | Use prefunding and balance evidence to determine whether release would violate funding policy. | Place transaction on settlement hold and escalate to treasury. |
| `RK-04` | Reconciliation mismatches must trigger audit escalation. | Review generated three-way results and open incidents for unmatched items. | Escalate to reconciliation and audit owners. |
| `RK-05` | Undefined finality must trigger legal escalation. | Compare the rail finality point to the documented policy and reserve/finality narratives. | Hold legal attestation and route to counsel review. |
| `RK-06` | Liquidity variance and blind positions must trigger treasury escalation. | Compare balance snapshots, prefunding proof, and reconciliation outputs for divergence. | Notify treasury and risk management immediately. |
## 6. High-value mode controls
| Control ID | Generic control requirement | Repo implementation / evidence | Pass / fail action |
|------------|-----------------------------|--------------------------------|--------------------|
| `HV-01` | Dual authorization is mandatory for high-value transfers. | Record both approvals in the execution envelope validated by [`transaction-compliance-execution.schema.json`](schemas/transaction-compliance-execution.schema.json). | Do not release until both approvals are present. |
| `HV-02` | Treasury must explicitly certify liquidity and reserve readiness. | Require live prefunding proof, balance snapshot, and where relevant reserve provenance support. | Keep the transfer blocked until treasury certifies capacity. |
| `HV-03` | Mirrored evidence must exist across event and reconciliation layers. | Link the transaction envelope to the settlement event and generated three-way reconciliation result. | Treat the transfer as evidence-incomplete until both layers exist. |
| `HV-04` | A freeze or review window is required before the case is fully closed. | Record the freeze-window review inside the execution envelope. | Maintain enhanced monitoring until the review completes. |
| `HV-05` | Executive escalation is mandatory for unresolved high-value alerts. | Escalate any `FAIL` or `PENDING` high-value control and rebuild the archive after resolution. | Keep the transaction in `BLOCKED` or `ESCALATE` until executive review is complete. |
---
## Operator workflow
1. Generate or collect live evidence: reconciliation, prefunding, ACK, KYT, balance, DR/BCP, and any reserve provenance artifacts.
2. Fill a per-transaction execution envelope using [`examples/transaction-compliance-execution.example.json`](examples/transaction-compliance-execution.example.json) as the model.
Every envelope must carry `instruction_ref`; only attach `settlement_event_ref` once a canonical settlement event exists.
3. Place live files under `JVMTM_CLOSURE_DIR/` and transaction envelopes under `JVMTM_CLOSURE_DIR/transactions/`.
4. Run [`scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh`](../../scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh).
5. Rebuild the E2E archive so the live transaction envelopes and closure evidence are staged together.
## Notes
- JSON is canonical; CSV is a convenience export for spreadsheets.
- The execution envelope references evidence by path or slot; it should not inline vendor reports or duplicate the full settlement-event payload.
- The current repo remains honest about live vs template evidence. Templates define controls; generated and staged artifacts prove they ran.

74
config/jvmtm-regulatory-closure/OPERATIONAL_EVIDENCE_VS_TEMPLATES.md Normal file
View File

@@ -0,0 +1,74 @@
# Operational evidence vs templates (regulatory expectation)
**Purpose:** State plainly what **examination-grade** material requires. JSON **templates** and **schemas** structure proof; they do **not** substitute for **execution evidence** (ledger extracts, bank statements, vendor KYT, executed failover, ACK ordering).
**Not legal or supervisory advice.**
---
## The distinction
| Layer | Role | Regulator question answered |
|-------|------|------------------------------|
| **Template / schema** | Empty socket, validation, uniformity | “Is the control **defined** and **machine-readable**?” |
| **Operational artifact** | Generated from live systems or vendor | “Did the control **run** and **match** independent sources?” |
Checklists without logs are not altitude. Structured JSON without **sourceRefs** and **fetch timestamps** is still weak evidence.
---
## Evidence matrix (minimum real-world set)
| Requirement | Must be derived from | Not sufficient alone |
|-------------|----------------------|----------------------|
| 3-way match | **Ledger** export/API + **bank** statement/API (or nostro extract) + **chain** RPC (or agreed on-chain metric) | Manual JSON, `matched: true` without sources |
| KYT | **Vendor** API/export (Chainalysis, TRM, Elliptic, …) with **referenceId** | Internal-only score, placeholder `PASS` |
| BCP / DR | **Executed** test with **RTO/RPO** metrics and command logs | Policy PDF only |
| ACK before credit | **Timestamp proof** `ack_time < credit_time` (same `correlation_id`) | Post-credit narrative only |
| Reconciliation job | **Scheduled/automated** run record (`generator` block in JSON) | One-off hand edit |
---
## Reserve / funding origin attestation (3FR package)
Structured **legal → bank → chain** containers: attorney receipt, settlement finality declaration, funding origin narrative, **bank certification awaiting MT940/camt.053/API**, **KYT pending**, reconciliation trigger, **provisional** reserve recognition. See [`config/reserve-provenance-package/README.md`](../reserve-provenance-package/README.md) and `scripts/validation/validate-reserve-provenance-package.sh`. Bundled in the E2E zip as `reserve-provenance-package/`.
---
## Repo tooling (event-generated path)
| Script | Output | Notes |
|--------|--------|--------|
| [`scripts/omnl/generate-3way-reconciliation-evidence.sh`](../../scripts/omnl/generate-3way-reconciliation-evidence.sh) | `output/jvmtm-evidence/3way-<DATE>.json` + `latest-3way-result.json` | Ledger (Fineract GL), chain (ERC20 `balanceOf`), bank (file/env). Marks `evidence_tier`, `evidence_gaps`. |
| [`scripts/omnl/verify-ack-before-credit.sh`](../../scripts/omnl/verify-ack-before-credit.sh) | stdout + exit code | Compares ACK timestamp to Fineract journal entry date. |
| [`scripts/omnl/fetch-kyt-vendor-report.sh`](../../scripts/omnl/fetch-kyt-vendor-report.sh) | `validation/kyt-vendor-result.json` or manifest | **Exits non-zero** if no vendor configured (no fake PASS). |
| [`scripts/omnl/bcp-rpc-failover-smoke.sh`](../../scripts/omnl/bcp-rpc-failover-smoke.sh) | Appends `bcp/failover-execution-log.txt` | **Real** RPC reachability check; optional secondary URL. Not a full data-centre DR. |
Validate generated JSON:
```bash
check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json \
output/jvmtm-evidence/latest-3way-result.json
```
---
## Audit engagement mapping (INAAUDJVMTM / 2025)
For **`018215821582` / INAAUDJVMTM / 2025**, see **[INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md](INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md)** — each Table **B/C/D** row is mapped to **archive paths** and **honest limits** (template vs operational).
## Archive integration
1. Run generators **before** `build-omnl-e2e-settlement-audit-archive.sh`.
2. Set **`JVMTM_CLOSURE_DIR`** to a directory that includes **live** files, **or** rely on the builder copying `output/jvmtm-evidence/latest-3way-result.json` into the zip when present (see script header).
3. Keep **templates** in-repo for CI; keep **generated** outputs out of git (or in `output/` only).
---
## Hybrid model (target state)
```
Schema (template) + live generator + vendor export + execution logs → zip → manifest hash
```
That is **operational compliance** posture, not **design compliance** alone.

104
config/jvmtm-regulatory-closure/README.md Normal file
View File

@@ -0,0 +1,104 @@
# JVMTM / regulatory closure artifacts (E2E archive)
**Regulators accept execution evidence, not intent.** JSON **schemas** and **templates** are the sockets; **generated** reconciliations, **vendor** KYT exports, and **executed** BCP drills are the current. Read first: [OPERATIONAL_EVIDENCE_VS_TEMPLATES.md](OPERATIONAL_EVIDENCE_VS_TEMPLATES.md).
**Audit engagement `018215821582` / INAAUDJVMTM / 2025 — Tables B, C, D:** row-by-row **closure matrix** (weakness vs standard, transaction flow, systemic risk → archive artefacts and honest limits): [INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md](INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md) (bundled in the E2E zip and listed in `SETTLEMENT_CLOSURE.json`).
## Transaction-grade operator pack
This directory now includes a transaction-operator layer that sits between the audit closure matrix and live settlement execution:
| Artifact | Purpose |
|----------|---------|
| `JVMTM_TRANSACTION_GRADE_COMPLIANCE_MATRIX.md` | Human-readable operator matrix grouped by transaction phase. |
| `transaction-compliance-matrix.json` | **Canonical** machine-readable control library. |
| `transaction-compliance-matrix.csv` | Spreadsheet-friendly export generated from the canonical JSON. |
| `schemas/transaction-compliance-execution.schema.json` | Per-transfer execution envelope schema. |
| `examples/transaction-compliance-execution.example.json` | Ready / pass example envelope. |
| `examples/transaction-compliance-execution.blocked.example.json` | Blocked / fail example envelope. |
**Design rule:** JSON is canonical; CSV is convenience-only. The execution envelope references evidence by path or slot and should not inline full vendor exports or duplicate settlement-event payloads. Every envelope must carry an `instruction_ref`; `settlement_event_ref` is optional until a canonical settlement event actually exists.
## Event-generated evidence (run before zipping)
| Goal | Command |
|------|---------|
| 3-way from Fineract + chain (+ optional bank file/env) | `bash scripts/omnl/generate-3way-reconciliation-evidence.sh``output/jvmtm-evidence/latest-3way-result.json` |
| ACK before credit vs journal | `bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json <journalEntryId>` |
| KYT vendor (refuses if unset) | `bash scripts/omnl/fetch-kyt-vendor-report.sh` |
| RPC reachability / secondary smoke | `bash scripts/omnl/bcp-rpc-failover-smoke.sh` |
Then run `build-omnl-e2e-settlement-audit-archive.sh` (it picks up `latest-3way-result.json` as `reconciliation/3way-result.json` when present).
## Mandatory four (archive paths)
| Archive path | Schema | Example (source) |
|--------------|--------|------------------|
| `reconciliation/daily-3way-reconciliation-report.json` | `schemas/daily-3way-reconciliation-report.schema.json` | `examples/daily-3way-reconciliation-report.example.json` |
| `liquidity/prefunding-proof.json` | `schemas/prefunding-proof.schema.json` | `examples/prefunding-proof.example.json` |
| `acknowledgements/pre-settlement-ack.json` | `schemas/pre-settlement-ack.schema.json` | `examples/pre-settlement-ack.example.json` |
| `exceptions/exception-policy.md` | — (Markdown) | `policies/exception-policy.md` |
| `exceptions/sample-exception-event.json` | `schemas/sample-exception-event.schema.json` | `examples/sample-exception-event.example.json` |
Optional supplementary (same audit mapping):
| Archive path | Schema | Example |
|--------------|--------|---------|
| `validation/kyt-screening-result.json` | `schemas/kyt-screening-result.schema.json` | `examples/kyt-screening-result.example.json` |
| `bcp/recovery-time-report.json` | `schemas/recovery-time-report.schema.json` | `examples/recovery-time-report.example.json` |
| `bcp/failover-test-log.txt` | — | `examples/failover-test-log.example.txt` |
| `disaster-recovery/DR-simulation-report.json` | `schemas/dr-simulation-report.schema.json` | `examples/dr-simulation-report.example.json` |
| `monitoring/real-time-balance-snapshot.json` | `schemas/real-time-balance-snapshot.schema.json` | `examples/real-time-balance-snapshot.example.json` |
## Operator workflow
1. Generate or collect live evidence:
- `bash scripts/omnl/generate-3way-reconciliation-evidence.sh`
- `bash scripts/omnl/verify-ack-before-credit.sh acknowledgements/pre-settlement-ack.json <journalEntryId>`
- `bash scripts/omnl/fetch-kyt-vendor-report.sh`
- `bash scripts/omnl/bcp-rpc-failover-smoke.sh`
2. Fill a per-transaction execution envelope using:
- `examples/transaction-compliance-execution.example.json`
- `examples/transaction-compliance-execution.blocked.example.json`
- blocked / pre-exec cases should keep `instruction_ref` and omit `settlement_event_ref`
3. Copy examples to a **private** directory; fill with **live** figures, bank statements, chain refs, named reviewers, and place live transaction envelopes under `transactions/`.
4. Point the archive builder at that directory:
```bash
JVMTM_CLOSURE_DIR=/path/to/live-closure-evidence \
bash scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh
```
Expected filenames inside `JVMTM_CLOSURE_DIR` (same basenames as archive):
- `daily-3way-reconciliation-report.json`
- `prefunding-proof.json`
- `pre-settlement-ack.json`
- `sample-exception-event.json` (optional override)
- `kyt-screening-result.json`, `recovery-time-report.json`, `DR-simulation-report.json`, `real-time-balance-snapshot.json`, `failover-test-log.txt` (optional)
- `transactions/*.json` (optional live transaction execution envelopes)
If `JVMTM_CLOSURE_DIR` is unset, the builder stages **repo examples** (clearly placeholders — replace for real examination).
5. Run validation:
```bash
bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh
```
This now validates:
- the existing JVMTM example/schema pairs when `check-jsonschema` is installed
- the transaction execution schema against both example envelopes
- the transaction-grade pack consistency (unique `control_id`, JSON/CSV sync, valid repo paths/runtime slots, example control references, and Markdown control coverage)
## Validation
```bash
bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh
```
Uses `check-jsonschema` when installed (`pip install check-jsonschema`). The script also runs `scripts/validation/validate-jvmtm-transaction-compliance-pack.py` to verify the canonical JSON matrix, CSV export, and execution-envelope examples stay synchronized. CI runs this in `validate-config.yml`.
## Policy
See `policies/exception-policy.md` and [OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md](../../docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md).

23
config/jvmtm-regulatory-closure/examples/daily-3way-reconciliation-report.example.json Normal file
View File

@@ -0,0 +1,23 @@
{
"schema_version": 1,
"report_id": "3WAY-20260331-102B-CLOSURE",
"as_of": "2026-03-31",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"currency": "USD",
"lines": [
{
"label": "102B interoffice notional (office 21→22)",
"ledger_major": "102000000000.00",
"bank_major": "N/A_TEMPLATE_REPLACE_WITH_NOSTRO_STATEMENT_LINE",
"chain_major": "0",
"matched": true,
"notes": "Chain leg attestation-only for this closure; replace bank_major with actual nostro/correspondent figure when applicable."
}
],
"prepared_by": "REPLACE_OPERATOR_ID",
"reviewed_by": "REPLACE_CHECKER_ID",
"bank_statement_ref": "REPLACE_BANK_STMT_ARCHIVE_ID",
"chain_tx_hashes": [
"0xb90f2da51d9c506f552d276d9aa57f4ae485528f2ee6025f435f188d09d405f4"
]
}

11
config/jvmtm-regulatory-closure/examples/dr-simulation-report.example.json Normal file
View File

@@ -0,0 +1,11 @@
{
"schema_version": 1,
"simulation_id": "DR-SIM-2026-Q1-TEMPLATE",
"executed_at": "2026-03-20T14:00:00Z",
"scenario": "Primary RPC loss; secondary RPC cut-in",
"rto_minutes": 45,
"rpo_minutes": 15,
"passed": false,
"participants": ["REPLACE_INFRA_LEAD", "REPLACE_DBA"],
"summary": "Template: set passed=true and real timings after executed drill; attach command logs."
}

8
config/jvmtm-regulatory-closure/examples/failover-test-log.example.txt Normal file
View File

@@ -0,0 +1,8 @@
JVMTM BCP placeholder — replace with real failover test log
-------------------------------------------------------------
Test ID: BCP-RPC-2026-Q1-TEMPLATE
Start (UTC): REPLACE
End (UTC): REPLACE
Steps: (1) induce failure (2) observe alert (3) validate RTO (4) sign-off
Operator: REPLACE
Result: NOT_EXECUTED_TEMPLATE

11
config/jvmtm-regulatory-closure/examples/kyt-screening-result.example.json Normal file
View File

@@ -0,0 +1,11 @@
{
"schema_version": 1,
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"tx_id": "internal-omnl-102b-chunked",
"provider_ref": "REPLACE_KYT_VENDOR_RUN_ID",
"screened_at": "2026-03-31T07:30:00Z",
"sanctions_checked": true,
"risk_score": 0,
"result": "PASS",
"notes": "Template: attach vendor attestation or export hash for examination."
}

11
config/jvmtm-regulatory-closure/examples/pre-settlement-ack.example.json Normal file
View File

@@ -0,0 +1,11 @@
{
"schema_version": 1,
"tx_ref": "OMNL-102B-CHUNKED-20260331",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"status": "ACKED",
"timestamp": "2026-03-31T07:45:00Z",
"ack_source": "beneficiary_office_22_ops",
"ack_channel": "internal_maker_checker_payload",
"beneficiary_ref": "office_id:22_PT_CAKRA",
"notes": "Template: replace with signed SWIFT/ISO ACK or institution-approved equivalent before regulatory submission."
}

13
config/jvmtm-regulatory-closure/examples/prefunding-proof.example.json Normal file
View File

@@ -0,0 +1,13 @@
{
"schema_version": 1,
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"checked_at": "2026-03-31T08:00:00Z",
"currency": "USD",
"account_or_office_ref": "office:21_GL:2100",
"available_balance_before_major": "500000000000.00",
"required_amount_major": "102000000000.00",
"approved": true,
"approver_ref": "REPLACE_TREASURY_APPROVER",
"liquidity_source": "internal_omnl_gl",
"evidence_ref": "REPLACE_TICKET_OR_LIMIT_CHECK_ID"
}

15
config/jvmtm-regulatory-closure/examples/real-time-balance-snapshot.example.json Normal file
View File

@@ -0,0 +1,15 @@
{
"schema_version": 1,
"snapshot_at": "2026-03-31T08:05:00Z",
"source": "Fineract trial balance export (template)",
"balances": [
{
"office_id": 21,
"account_ref": "GL-2100",
"gl_code": "2100",
"amount_major": "0.00",
"template_note": "Replace with live trial balance extract for examination.",
"currency": "USD"
}
]
}

10
config/jvmtm-regulatory-closure/examples/recovery-time-report.example.json Normal file
View File

@@ -0,0 +1,10 @@
{
"schema_version": 1,
"test_id": "BCP-RPC-2026-Q1-TEMPLATE",
"executed_at": "2026-03-15T10:00:00Z",
"component": "Chain 138 core RPC failover",
"rto_minutes_target": 60,
"rto_minutes_observed": 0,
"passed": false,
"evidence_ref": "REPLACE_DRILL_LOG_ARCHIVE_ID"
}

13
config/jvmtm-regulatory-closure/examples/sample-exception-event.example.json Normal file
View File

@@ -0,0 +1,13 @@
{
"schema_version": 1,
"exception_id": "EXC-20260331-PLACEHOLDER-001",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"severity": "LOW",
"category": "CHAIN",
"detected_at": "2026-03-31T09:15:00Z",
"resolution_status": "RESOLVED",
"narrative": "Template: RPC timeout on first cast send; succeeded on retry with same nonce policy.",
"retry_count": 1,
"ticket_ref": "REPLACE_SERVICE_DESK_ID",
"resolved_at": "2026-03-31T09:18:00Z"
}

41
config/jvmtm-regulatory-closure/examples/three-way-reconciliation-result.example.json Normal file
View File

@@ -0,0 +1,41 @@
{
"schema_version": 1,
"report_id": "3WAY-GEN-20260331-EXAMPLE",
"as_of": "2026-03-31",
"correlation_id": "1a62dd79-dca7-4bbf-b7f7-3d73e1f5912d",
"currency": "USD",
"evidence_tier": "GENERATED_PARTIAL",
"evidence_gaps": ["example_only_not_live_run"],
"ledger": {
"value_major": "1000.00",
"source": "fineract:/glaccounts",
"fetched_at": "2026-03-31T12:00:00Z",
"gl_code": "2100",
"office_id": 21,
"gl_account_id": 0,
"raw_field": "organizationRunningBalance"
},
"bank": null,
"chain": {
"value_major": "999.50",
"source": "cast:erc20_balanceOf",
"fetched_at": "2026-03-31T12:00:01Z",
"rpc_url_host": "192.168.11.211",
"chain_id": 138,
"token_address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"holder_address": "0x4A666F96fC8764181194447A7dFdb7d471b301C8",
"decimals": 6
},
"variance": {
"ledger_vs_bank_major": "n/a",
"ledger_vs_chain_major": "0.50",
"bank_vs_chain_major": "n/a"
},
"matched": false,
"generated_at": "2026-03-31T12:00:02Z",
"generator": {
"script": "scripts/omnl/generate-3way-reconciliation-evidence.sh",
"argv": ["--example-shape"],
"host": "replaced-at-runtime"
}
}

90
config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.blocked.example.json Normal file
View File

@@ -0,0 +1,90 @@
{
"schema_version": 1,
"matrix_version": "2026-03-31",
"transaction_id": "TX-2026-0331-BLOCKED-001",
"correlation_id": "550e8400-e29b-41d4-a716-446655440099",
"rail_mode": "chain138-primary",
"amount": "250000000.00",
"currency": "USD",
"decision_status": "BLOCKED",
"decision_reason": "Instruction blocked because prefunding failed and pre-settlement ACK has not been verified.",
"validated_at": "2026-03-31T17:20:00Z",
"approved_by": "maker-checker:ops-hold",
"instruction_ref": {
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-BLOCKED-001"
},
"dbis_reference": "CORE-TX-2026-0331-0099",
"control_results": [
{
"control_id": "PT-01",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:15:00Z",
"validator_ref": "compliance-gate:instruction-precheck",
"evidence_refs": [
{
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-BLOCKED-001"
}
],
"notes": "Instruction shape is valid, but this alone does not clear funds movement."
},
{
"control_id": "PT-02",
"status": "FAIL",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:16:00Z",
"validator_ref": "treasury:prefunding-check",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.prefunding-proof"
}
],
"notes": "approved=false; available balance below required amount."
},
{
"control_id": "PT-05",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:17:00Z",
"validator_ref": "compliance:kyt-and-fraud",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.kyt-result"
}
],
"notes": "KYT result present; transaction still cannot proceed without prefunding."
},
{
"control_id": "TX-02",
"status": "PENDING",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:18:00Z",
"validator_ref": "ops:ack-before-credit",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.pre-settlement-ack"
}
],
"notes": "ACK exists only as pending intake; no verified ack_before_credit proof yet."
},
{
"control_id": "RK-03",
"status": "FAIL",
"blocking": "ESCALATE",
"validated_at": "2026-03-31T17:19:00Z",
"validator_ref": "risk:settlement-hold",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.prefunding-proof"
}
],
"notes": "Settlement risk escalated because release would breach prefunding policy."
}
]
}

126
config/jvmtm-regulatory-closure/examples/transaction-compliance-execution.example.json Normal file
View File

@@ -0,0 +1,126 @@
{
"schema_version": 1,
"matrix_version": "2026-03-31",
"transaction_id": "TX-2026-0331-READY-001",
"correlation_id": "550e8400-e29b-41d4-a716-446655440001",
"rail_mode": "hybrid",
"amount": "1000000.00",
"currency": "USD",
"decision_status": "READY",
"decision_reason": "Pre-settlement gate cleared: validation, prefunding, ACK ordering, and settlement event linkage are present.",
"validated_at": "2026-03-31T17:10:00Z",
"approved_by": "maker-checker:treasury-ops",
"instruction_ref": {
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-READY-001"
},
"settlement_event_ref": {
"artifact_type": "repo-path",
"ref": "config/dbis-institutional/examples/settlement-event.example.json"
},
"dbis_reference": "CORE-TX-2026-0331-0001",
"omnl_journal_entry_id": 12045,
"rtgs_message_ids": {
"uetr": "97ed4827-7b6f-4491-94b1-d651442ca301",
"internal_instruction_ref": "018215821582-INAAUDJVMTM-2025-MSG-001"
},
"chain_tx_hash": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"control_results": [
{
"control_id": "PT-01",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:00:00Z",
"validator_ref": "compliance-gate:instruction-precheck",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.kyt-result"
},
{
"artifact_type": "external-ref",
"ref": "instruction://hybx-ops/TX-2026-0331-READY-001"
}
],
"notes": "KYT and canonical settlement event validation completed."
},
{
"control_id": "PT-02",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:01:00Z",
"validator_ref": "treasury:prefunding-check",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.prefunding-proof"
},
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.balance-snapshot"
}
],
"notes": "Available balance exceeds required amount prior to release."
},
{
"control_id": "PT-04",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:02:00Z",
"validator_ref": "maker-checker:authorization",
"evidence_refs": [
{
"artifact_type": "external-ref",
"ref": "authz-token://ops/dual-signature/TX-2026-0331-READY-001"
}
],
"notes": "Dual authorization verified."
},
{
"control_id": "PT-05",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:03:00Z",
"validator_ref": "compliance:kyt-and-fraud",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.kyt-result"
}
],
"notes": "Credit advice supported by independent KYT and ledger evidence."
},
{
"control_id": "TX-02",
"status": "PASS",
"blocking": "HARD_STOP",
"validated_at": "2026-03-31T17:05:00Z",
"validator_ref": "ops:ack-before-credit",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.pre-settlement-ack"
}
],
"notes": "ACK timestamp verified before credit settlement."
},
{
"control_id": "PS-01",
"status": "PASS",
"blocking": "POST_EVENT",
"validated_at": "2026-03-31T17:08:00Z",
"validator_ref": "reconciliation:daily-3way",
"evidence_refs": [
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.daily-3way-report"
},
{
"artifact_type": "runtime-slot",
"ref": "jvmtm.live.3way-result"
}
],
"notes": "Same correlation_id tied to daily reconciliation output."
}
]
}

41
config/jvmtm-regulatory-closure/policies/exception-policy.md Normal file
View File

@@ -0,0 +1,41 @@
# Exception handling policy (JVMTM / regulatory closure)
**Purpose:** Define how payment and settlement exceptions are detected, classified, escalated, and resolved so audit can trace **non-happy-path** events alongside `sample-exception-event.json`.
## Scope
- OMNL / Fineract journal and reversal flows
- Chain 138 attestation and settlement-event emission
- Prefunding, ACK, and 3-way reconciliation mismatches
## Classification
| Category | Examples | Initial action |
|----------|----------|----------------|
| `VALIDATION` | Schema / amount / currency mismatch | Block submit; return to operator |
| `PREFUNDING` | Insufficient available balance vs required | No debit; notify treasury |
| `ACK_TIMEOUT` | Beneficiary ACK not received within SLA | Hold credit; escalate |
| `CHAIN` | RPC failure, tx dropped, reorg risk | Retry with idempotency key; do not double-post |
| `RECONCILIATION` | Ledger vs bank vs chain variance | Freeze related `correlation_id`; open investigation |
## Roles
- **Operator:** first-line detection, logging, retry within policy.
- **Checker / approver:** material amounts per institution SOP.
- **Compliance:** KYT / sanctions holds.
- **Legal / risk:** material disputes and regulatory reporting triggers (outside this file).
## Evidence
Each exception MUST record:
1. Stable **`exception_id`** and link to **`correlation_id`** when known.
2. **`detected_at`** (UTC) and **`resolution_status`** lifecycle (`OPEN`, `IN_PROGRESS`, `RESOLVED`, `ESCALATED`).
3. Retain **`retry_log`** or ticket reference (append-only) until closure.
## Settlement interaction
- Do not mark **`SETTLEMENT_CLOSURE`** final for a `correlation_id` while a related exception remains **`OPEN`** or **`IN_PROGRESS`** without documented waiver.
- Resolved exceptions: emit a follow-up **settlement event** or append to audit manifest with resolution reference.
**Not legal advice.** Align with counsel and supervisor rules.

39
config/jvmtm-regulatory-closure/schemas/daily-3way-reconciliation-report.schema.json Normal file
View File

@@ -0,0 +1,39 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/daily-3way-reconciliation-report.json",
"title": "Daily 3-way reconciliation report (ledger / bank / chain)",
"type": "object",
"required": ["schema_version", "report_id", "as_of", "correlation_id", "lines"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"report_id": { "type": "string", "minLength": 4 },
"as_of": { "type": "string", "description": "ISO 8601 date or date-time (UTC)." },
"correlation_id": { "type": "string", "minLength": 8 },
"currency": { "type": "string", "description": "ISO 4217 major unit context for amounts." },
"lines": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": ["label", "ledger_major", "bank_major", "chain_major", "matched"],
"properties": {
"label": { "type": "string" },
"ledger_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"bank_major": { "type": "string", "description": "Major units or N/A with explanation in notes." },
"chain_major": { "type": "string", "description": "On-chain notional in major units or N/A." },
"matched": { "type": "boolean" },
"notes": { "type": "string" }
},
"additionalProperties": true
}
},
"prepared_by": { "type": "string" },
"reviewed_by": { "type": "string" },
"bank_statement_ref": { "type": "string" },
"chain_tx_hashes": {
"type": "array",
"items": { "type": "string", "pattern": "^0x[a-fA-F0-9]{64}$" }
}
},
"additionalProperties": true
}

22
config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json Normal file
View File

@@ -0,0 +1,22 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/dr-simulation-report.json",
"title": "Disaster recovery simulation report",
"type": "object",
"required": ["schema_version", "simulation_id", "executed_at", "scenario", "passed"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"simulation_id": { "type": "string" },
"executed_at": { "type": "string", "format": "date-time" },
"scenario": { "type": "string" },
"rto_minutes": { "type": "number", "minimum": 0 },
"rpo_minutes": { "type": "number", "minimum": 0 },
"passed": { "type": "boolean" },
"participants": {
"type": "array",
"items": { "type": "string" }
},
"summary": { "type": "string" }
},
"additionalProperties": true
}

19
config/jvmtm-regulatory-closure/schemas/kyt-screening-result.schema.json Normal file
View File

@@ -0,0 +1,19 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/kyt-screening-result.json",
"title": "KYT / sanctions screening result",
"type": "object",
"required": ["schema_version", "correlation_id", "sanctions_checked", "result"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"correlation_id": { "type": "string", "minLength": 8 },
"tx_id": { "type": "string" },
"provider_ref": { "type": "string" },
"screened_at": { "type": "string", "format": "date-time" },
"sanctions_checked": { "type": "boolean" },
"risk_score": { "type": "number" },
"result": { "type": "string", "enum": ["PASS", "REVIEW", "FAIL"] },
"notes": { "type": "string" }
},
"additionalProperties": true
}

22
config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json Normal file
View File

@@ -0,0 +1,22 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/pre-settlement-ack.json",
"title": "Pre-settlement acknowledgement",
"type": "object",
"required": ["schema_version", "tx_ref", "status", "timestamp", "ack_source"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"tx_ref": { "type": "string", "minLength": 4, "description": "Instruction id, UETR, or correlation spine." },
"correlation_id": { "type": "string" },
"status": { "type": "string", "enum": ["ACKED", "PENDING", "REJECTED", "EXPIRED"] },
"timestamp": { "type": "string", "format": "date-time", "description": "ACK time (UTC). Regulatory ordering: must be strictly before credit_settled_at when both set." },
"ack_timestamp": { "type": "string", "format": "date-time", "description": "Optional duplicate of timestamp for clarity in audits." },
"credit_settled_at": { "type": "string", "format": "date-time", "description": "When funds were credited / journal posted (UTC)." },
"fineract_journal_entry_id": { "type": "integer", "description": "Use with scripts/omnl/verify-ack-before-credit.sh to prove ack before credit." },
"ack_before_credit_verified": { "type": "boolean", "description": "Set true only after automated or checker verification (ack < credit)." },
"ack_channel": { "type": "string", "description": "e.g. SWIFT, API, signed PDF." },
"beneficiary_ref": { "type": "string" },
"notes": { "type": "string" }
},
"additionalProperties": true
}

28
config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json Normal file
View File

@@ -0,0 +1,28 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/prefunding-proof.json",
"title": "Prefunding proof (available vs required)",
"type": "object",
"required": [
"schema_version",
"correlation_id",
"checked_at",
"available_balance_before_major",
"required_amount_major",
"approved"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"correlation_id": { "type": "string", "minLength": 8 },
"checked_at": { "type": "string", "format": "date-time" },
"currency": { "type": "string" },
"account_or_office_ref": { "type": "string" },
"available_balance_before_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"required_amount_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"approved": { "type": "boolean" },
"approver_ref": { "type": "string" },
"liquidity_source": { "type": "string", "description": "e.g. nostro, omnibus, on-chain pool." },
"evidence_ref": { "type": "string", "description": "Internal ticket or statement id." }
},
"additionalProperties": true
}

29
config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json Normal file
View File

@@ -0,0 +1,29 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/real-time-balance-snapshot.json",
"title": "Real-time balance snapshot",
"type": "object",
"required": ["schema_version", "snapshot_at", "balances"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"snapshot_at": { "type": "string", "format": "date-time" },
"source": { "type": "string", "description": "e.g. Fineract trial balance export, core API." },
"balances": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": ["account_ref", "amount_major", "currency"],
"properties": {
"office_id": { "type": "integer" },
"account_ref": { "type": "string" },
"gl_code": { "type": "string" },
"amount_major": { "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
"currency": { "type": "string" }
},
"additionalProperties": true
}
}
},
"additionalProperties": true
}

18
config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json Normal file
View File

@@ -0,0 +1,18 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/recovery-time-report.json",
"title": "BCP recovery time objective report",
"type": "object",
"required": ["schema_version", "test_id", "executed_at", "rto_minutes_target", "rto_minutes_observed", "passed"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"test_id": { "type": "string" },
"executed_at": { "type": "string", "format": "date-time" },
"component": { "type": "string" },
"rto_minutes_target": { "type": "number", "minimum": 0 },
"rto_minutes_observed": { "type": "number", "minimum": 0 },
"passed": { "type": "boolean" },
"evidence_ref": { "type": "string" }
},
"additionalProperties": true
}

34
config/jvmtm-regulatory-closure/schemas/sample-exception-event.schema.json Normal file
View File

@@ -0,0 +1,34 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/sample-exception-event.json",
"title": "Exception event (sample / template)",
"type": "object",
"required": [
"schema_version",
"exception_id",
"severity",
"category",
"detected_at",
"resolution_status"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"exception_id": { "type": "string", "minLength": 4 },
"correlation_id": { "type": "string" },
"severity": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"] },
"category": {
"type": "string",
"enum": ["VALIDATION", "PREFUNDING", "ACK_TIMEOUT", "CHAIN", "RECONCILIATION", "KYT", "OTHER"]
},
"detected_at": { "type": "string", "format": "date-time" },
"resolution_status": {
"type": "string",
"enum": ["OPEN", "IN_PROGRESS", "RESOLVED", "ESCALATED"]
},
"narrative": { "type": "string" },
"retry_count": { "type": "integer", "minimum": 0 },
"ticket_ref": { "type": "string" },
"resolved_at": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
}

120
config/jvmtm-regulatory-closure/schemas/three-way-reconciliation-result.schema.json Normal file
View File

@@ -0,0 +1,120 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/three-way-reconciliation-result.json",
"title": "Three-way reconciliation result (machine-oriented)",
"description": "Generated from independent sources. evidence_tier distinguishes template-only from ledger/chain/bank-backed runs.",
"type": "object",
"required": [
"schema_version",
"report_id",
"as_of",
"correlation_id",
"evidence_tier",
"ledger",
"chain",
"matched",
"generated_at",
"generator"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"report_id": { "type": "string", "minLength": 4 },
"as_of": { "type": "string", "description": "Business date or UTC instant for reconciliation cut." },
"correlation_id": { "type": "string", "minLength": 8 },
"currency": { "type": "string" },
"evidence_tier": {
"type": "string",
"enum": [
"GENERATED_FULL",
"GENERATED_PARTIAL",
"TEMPLATE_MANUAL",
"INCOMPLETE"
]
},
"evidence_gaps": {
"type": "array",
"items": { "type": "string" },
"description": "e.g. bank_statement_not_supplied, fineract_unreachable."
},
"ledger": {
"type": "object",
"required": ["source", "fetched_at"],
"properties": {
"value_major": {
"oneOf": [
{ "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
{ "type": "null" }
]
},
"source": { "type": "string", "description": "e.g. fineract:/glaccounts" },
"fetched_at": { "type": "string", "format": "date-time" },
"gl_code": { "type": "string" },
"office_id": { "type": "integer" },
"gl_account_id": { "type": "integer" },
"raw_field": { "type": "string", "description": "Which Fineract field was read." }
},
"additionalProperties": true
},
"bank": {
"type": ["object", "null"],
"properties": {
"value_major": {
"oneOf": [
{ "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
{ "type": "null" }
]
},
"source": { "type": "string" },
"fetched_at": { "type": "string", "format": "date-time" },
"statement_ref": { "type": "string" }
},
"required": ["source", "fetched_at"],
"additionalProperties": true
},
"chain": {
"type": "object",
"required": ["source", "fetched_at"],
"properties": {
"value_major": {
"oneOf": [
{ "type": "string", "pattern": "^-?[0-9]+(\\.[0-9]+)?$" },
{ "type": "null" }
]
},
"source": { "type": "string", "description": "e.g. cast:balanceOf" },
"fetched_at": { "type": "string", "format": "date-time" },
"rpc_url_host": { "type": "string" },
"chain_id": { "type": "integer" },
"token_address": { "type": "string", "pattern": "^0x[a-fA-F0-9]{40}$" },
"holder_address": { "type": "string", "pattern": "^0x[a-fA-F0-9]{40}$" },
"decimals": { "type": "integer" }
},
"additionalProperties": true
},
"variance": {
"type": "object",
"properties": {
"ledger_vs_bank_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] },
"ledger_vs_chain_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] },
"bank_vs_chain_major": { "oneOf": [{ "type": "string" }, { "type": "null" }] }
},
"additionalProperties": true
},
"matched": { "type": "boolean" },
"generated_at": { "type": "string", "format": "date-time" },
"generator": {
"type": "object",
"required": ["script", "argv"],
"properties": {
"script": { "type": "string" },
"argv": {
"type": "array",
"items": { "type": "string" }
},
"host": { "type": "string" }
},
"additionalProperties": true
}
},
"additionalProperties": true
}

163
config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json Normal file
View File

@@ -0,0 +1,163 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/jvmtm/transaction-compliance-execution.json",
"title": "Transaction compliance execution envelope",
"description": "Per-transaction go/no-go and evidence linkage record for the JVMTM transaction-grade compliance pack.",
"type": "object",
"required": [
"schema_version",
"matrix_version",
"transaction_id",
"correlation_id",
"rail_mode",
"amount",
"currency",
"decision_status",
"decision_reason",
"validated_at",
"approved_by",
"instruction_ref",
"control_results"
],
"properties": {
"schema_version": {
"type": "integer",
"minimum": 1
},
"matrix_version": {
"type": "string",
"minLength": 4
},
"transaction_id": {
"type": "string",
"minLength": 4
},
"correlation_id": {
"type": "string",
"minLength": 8
},
"rail_mode": {
"type": "string",
"enum": ["chain138-primary", "swift", "hybrid", "internal-only"]
},
"amount": {
"type": "string",
"pattern": "^-?[0-9]+(\\.[0-9]+)?$"
},
"currency": {
"type": "string",
"minLength": 3
},
"decision_status": {
"type": "string",
"enum": ["READY", "BLOCKED", "ESCALATE"]
},
"decision_reason": {
"type": "string",
"minLength": 4
},
"validated_at": {
"type": "string",
"format": "date-time"
},
"approved_by": {
"type": "string",
"minLength": 3
},
"instruction_ref": {
"$ref": "#/$defs/evidenceRef"
},
"settlement_event_ref": {
"$ref": "#/$defs/evidenceRef"
},
"dbis_reference": {
"type": "string"
},
"omnl_journal_entry_id": {
"type": "integer"
},
"rtgs_message_ids": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"chain_tx_hash": {
"type": "string",
"pattern": "^0x[a-fA-F0-9]{64}$"
},
"control_results": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/controlResult"
}
}
},
"$defs": {
"evidenceRef": {
"type": "object",
"required": ["artifact_type", "ref"],
"properties": {
"artifact_type": {
"type": "string",
"enum": ["repo-path", "runtime-slot", "archive-path", "external-ref"]
},
"ref": {
"type": "string",
"minLength": 3
},
"sha256": {
"type": "string",
"pattern": "^[a-fA-F0-9]{64}$"
}
},
"additionalProperties": false
},
"controlResult": {
"type": "object",
"required": [
"control_id",
"status",
"blocking",
"validated_at",
"validator_ref",
"evidence_refs"
],
"properties": {
"control_id": {
"type": "string",
"pattern": "^[A-Z]{2}-[0-9]{2}$"
},
"status": {
"type": "string",
"enum": ["PASS", "FAIL", "PENDING", "WAIVED"]
},
"blocking": {
"type": "string",
"enum": ["HARD_STOP", "ESCALATE", "POST_EVENT"]
},
"validated_at": {
"type": "string",
"format": "date-time"
},
"validator_ref": {
"type": "string",
"minLength": 3
},
"evidence_refs": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/evidenceRef"
}
},
"notes": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}

32
config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv Normal file
View File

@@ -0,0 +1,32 @@
control_id,phase,domain,requirement,validation_method,blocking_level,applies_to_rail,source_audit_rows,repo_evidence_artifacts,validator_command,failure_action,high_value_override,notes
PT-01,pre-transaction,Transaction validation,"Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient.","Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #2 | Table C stage 1,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.instruction-record,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> && bash scripts/omnl/fetch-kyt-vendor-report.sh,Reject the instruction and route to compliance review.,Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes.,"Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event."
PT-02,pre-transaction,Balance verification,Prefunding must exist before instruction acceptance.,"Check available balance, required amount, approval flag, and liquidity source in the prefunding proof.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #7 | Table C stage 2 | Table D #3 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot,check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json <prefunding-proof.json>,Block the transaction and place it on treasury hold.,High-value transfers require named treasury sign-off in addition to approved=true.,The proof should show available_balance_before_major >= required_amount_major.
PT-03,pre-transaction,Messaging compliance,Structured messaging is mandatory for instruction intake and settlement preparation.,Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #9 | Table C stage 1,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.instruction-record,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json>,Reject malformed or uncorrelated instructions.,Require explicit rail_mode selection and a second operator review of message identifiers.,Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event.
PT-04,pre-transaction,Authorization,Multi-layer authorization must exist before funds move.,Verify maker-checker approval and signed instruction metadata before release.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table C stage 1,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions,"manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope",Block the instruction until authorization is complete.,Dual treasury and compliance approvals are mandatory for high-value mode.,This control is intentionally recorded in the per-transaction execution envelope.
PT-05,pre-transaction,Fraud detection,Credit advice cannot be the sole proof of legitimacy.,"Cross-check KYT, instruction metadata, and ledger intent before allowing release.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #2 | Table D #2,repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | runtime-slot:jvmtm.live.kyt-result,bash scripts/omnl/fetch-kyt-vendor-report.sh,Escalate to fraud workflow and freeze release.,High-value transfers require an explicit fraud-clear memo before release.,Treat unverified advice as insufficient even when operational pressure is high.
TX-01,execution,Settlement order,Debit only after validation and release gates have passed.,Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table C stage 2 | Table C stage 3,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions | runtime-slot:dbis.live.settlement-event,manual: verify decision_status=READY in the execution envelope before debit or release,Halt execution and investigate sequencing.,Require a named release operator separate from the validator.,The execution envelope is the operator cockpit record for this sequence.
TX-02,execution,Closed-loop confirmation,ACK is required before beneficiary credit or release.,Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #6 | Table C stage 3 | Table C stage 4,repo-path:config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json | repo-path:scripts/omnl/verify-ack-before-credit.sh | runtime-slot:jvmtm.live.pre-settlement-ack,bash scripts/omnl/verify-ack-before-credit.sh <pre-settlement-ack.json> <journalEntryId>,Stop settlement and keep the transaction blocked.,Manual ACK review remains mandatory even if the script passes.,ACK-before-credit is a non-waivable release gate.
TX-03,execution,Settlement finality,The finality point must be explicit and tied to the operating rail.,Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative.,HARD_STOP,chain138-primary | swift | hybrid,Table B #5 | Table D #5,repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:dbis.live.settlement-event | runtime-slot:reserve.live.provenance-package,manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail,Escalate to legal/ops hold and do not mark funds final.,High-value transfers require explicit counsel-aligned finality confirmation.,Technical finality and legal finality must not be conflated without documentation.
TX-04,execution,Liquidity control,Prefunded settlement must still be valid at release time.,Recheck the prefunding proof and balance snapshot immediately before execution.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #7 | Table C stage 2 | Table D #3 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot,manual: confirm prefunding proof checked_at is current for the release window,Cancel or pause settlement pending treasury refresh.,Require treasury to certify that no other release consumed the same liquidity.,"This is the release-time liquidity check, not the initial intake check."
TX-05,execution,Exception handling,Rollback or incident logic must exist for execution failures.,"Capture the exception event, retry log, and operator decision when execution deviates from policy.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table B #10,repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event,"manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries",Trigger rollback or incident workflow per exception policy.,High-value exceptions require immediate incident bridge and executive notification.,Every execution error should produce a machine-readable exception record.
PS-01,post-settlement,Reconciliation,Daily automated three-way reconciliation is mandatory.,Generate the reconciliation result and tie it back to the transaction correlation_id.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #1 | Table C stage 5 | Table D #4,repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.daily-3way-report | runtime-slot:jvmtm.live.3way-result,bash scripts/omnl/generate-3way-reconciliation-evidence.sh,"Flag discrepancy, open reconciliation incident, and hold downstream attestations.",High-value transfers require same-day review of the generated reconciliation result.,Do not substitute hand-edited matched=true JSON for generated evidence.
PS-02,post-settlement,Balance monitoring,Real-time visibility is required during and after settlement.,Capture a balance snapshot that shows the post-settlement position for the relevant account or office.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #8 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot,check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json <real-time-balance-snapshot.json>,Notify treasury and risk; do not treat the day as clean.,Require intraday refreshes before and after finality lock.,This supports over-credit and blind-position monitoring.
PS-03,post-settlement,Audit logging,Immutable transaction records must exist after funds movement.,Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #5 | Table B #9,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.transactions,check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <settlement-event.json>,Mark the audit trail incomplete and escalate for evidence remediation.,Require a second evidence reviewer before the transaction is considered fully closed.,The settlement event is the canonical cross-system record; the execution envelope is the operator overlay.
PS-04,post-settlement,Exception resolution,Every exception must have a documented resolution workflow.,Confirm the exception policy was followed and the retry log or incident closure exists.,POST_EVENT,chain138-primary | swift | hybrid | internal-only,Table B #10,repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event,manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction,Escalate unresolved exceptions to incident management.,No unresolved exception may remain open at end of day for a high-value transfer.,Close the exception in both narrative and machine-readable form.
PS-05,post-settlement,Reporting,Regulatory and supervisory reporting artifacts must be assembled after settlement.,Stage the transaction execution envelope and supporting files into the audit archive path.,POST_EVENT,chain138-primary | swift | hybrid,Table B #1 | Table B #5,repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions,manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive,Mark the package incomplete and reopen evidence assembly.,High-value transfers require same-day archive rebuild after close.,"The archive is the supervisory bundle, not the operational source of truth."
SR-01,resilience,Business continuity,A continuity path must exist so a single outage does not stop the settlement spine.,Run failover smoke or equivalent continuity check and retain the execution log.,ESCALATE,chain138-primary | swift | hybrid,Table B #3 | Table B #4 | Table D #1,repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log,bash scripts/omnl/bcp-rpc-failover-smoke.sh,Escalate to platform ops and restrict the rail if continuity is unproven.,High-value release requires same-window confirmation that the fallback path is available.,"This proves reachability and fallback posture, not full data-centre certification."
SR-02,resilience,Disaster recovery,Disaster recovery evidence must exist for the environment supporting settlement.,Review the recovery-time report and DR simulation report for the active environment.,ESCALATE,chain138-primary | swift | hybrid,Table B #4,repo-path:config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json | runtime-slot:jvmtm.live.recovery-time-report | runtime-slot:jvmtm.live.dr-simulation-report,manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment,Escalate to continuity governance and consider restricting production usage.,Do not treat DR evidence as stale for high-value transfers.,This is an environment readiness control rather than a per-transaction proof.
SR-03,resilience,Failover,No single point of failure should exist for the chosen settlement path.,"Confirm a secondary route, compensating control, or manual fallback exists before go-live.",ESCALATE,chain138-primary | swift | hybrid,Table B #3 | Table D #1,repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.failover-log,manual: document fallback route or compensating procedure for the active settlement rail,Escalate to architecture review and restrict unsupported paths.,Require named fallback ownership for high-value mode.,The control may be satisfied by procedural fallback when technical failover is not available.
SR-04,resilience,Messaging reliability,The messaging and evidence formats must remain schema-closed and interoperable.,Validate both settlement-event and JVMTM control-pack schemas before packaging or release.,ESCALATE,chain138-primary | swift | hybrid | internal-only,Table B #9,repo-path:scripts/validation/validate-dbis-institutional-schemas.sh | repo-path:scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh,SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh,Escalate schema drift and block package publication until fixed.,Run schema validation immediately before high-value package assembly.,This is the pack-level guard against format drift.
SR-05,resilience,System integrity,Reserve and provenance evidence must remain internally consistent with the settlement path.,Validate the reserve provenance package when reserve backing or finality support is in scope.,ESCALATE,chain138-primary | swift | hybrid,Table B #5 | Table B #7,repo-path:scripts/validation/validate-reserve-provenance-package.sh | runtime-slot:reserve.live.provenance-package,SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh,Escalate reserve-integrity risk and suspend unsupported attestations.,Treat provenance gaps as an immediate executive escalation for high-value mode.,Use this when the transaction depends on reserve or legal provenance narratives.
RK-01,systemic-risk,Operational risk,Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak.,Review continuity evidence and the active rail posture before authorizing production usage.,ESCALATE,chain138-primary | swift | hybrid,Table D #1,repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log,manual: review continuity posture before declaring the rail ready,Raise executive escalation when operational dependency is unresolved.,High-value mode requires explicit acknowledgement of dependency risk.,This is a governance-layer control rather than a message-level validation.
RK-02,systemic-risk,Fraud risk,Spoofed credit advice or misleading confirmations must trigger a hard investigation path.,"Tie advice, KYT, and execution evidence together; escalate if they diverge.",HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table D #2 | Table B #2,repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.transactions,"manual: compare advice, KYT result, and execution envelope references before release",Freeze the transaction and open fraud investigation.,High-value fraud signals trigger executive and legal escalation immediately.,A clean advice message does not override a failed independent check.
RK-03,systemic-risk,Settlement risk,No transaction may proceed when prefunding or reserve support is missing.,Use the prefunding proof and balance snapshot to determine whether default risk exists.,HARD_STOP,chain138-primary | swift | hybrid | internal-only,Table D #3 | Table B #7,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof,manual: treat approved=false or stale liquidity evidence as an immediate settlement hold,Place the transaction on settlement hold and escalate to treasury.,No waiver permitted in high-value mode without executive risk acceptance.,This is the governance wrapper around PT-02 and TX-04.
RK-04,systemic-risk,Reconciliation risk,Missing or mismatched records must trigger audit escalation.,Review generated three-way results and open incidents for any unmatched item.,ESCALATE,chain138-primary | swift | hybrid | internal-only,Table D #4 | Table B #1,repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.3way-result,manual: review 3way-result.json and open an audit incident on mismatch,Escalate to reconciliation and audit owners.,Review same business day for high-value transfers.,Post-settlement does not mean low-risk when mismatches remain unresolved.
RK-05,systemic-risk,Legal risk,Undefined finality or reversal posture must trigger legal escalation.,Compare the rail finality point to the declared policy and reserve/finality narratives.,ESCALATE,chain138-primary | swift | hybrid,Table D #5 | Table B #5,repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:reserve.live.provenance-package,manual: escalate when technical finality and legal narrative diverge or remain undefined,Hold legal attestation and route to counsel review.,Counsel acknowledgement is mandatory for high-value finality exceptions.,This captures the legal ambiguity risk even when the chain or rail shows technical completion.
RK-06,systemic-risk,Liquidity risk,Cash-flow mismatch or blind position indicators must trigger treasury escalation.,"Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence.",ESCALATE,chain138-primary | swift | hybrid | internal-only,Table D #6 | Table B #8,repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:jvmtm.live.prefunding-proof,"manual: escalate when liquidity evidence is stale, inconsistent, or below threshold",Notify treasury and risk management immediately.,Maintain live liquidity monitoring throughout the settlement window.,This control complements prefunding by focusing on ongoing exposure.
HV-01,high-value-mode,Dual authorization,High-value transfers require dual settlement authorization beyond baseline maker-checker.,Record dual approval identities in the execution envelope before release.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode,repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions,manual: confirm two named approvers are recorded in the execution envelope before release,Do not release the transaction until both approvals are present.,Applies automatically once amount >= 100000000.00 major units.,This is additive to PT-04.
HV-02,high-value-mode,Treasury authorization,Treasury must explicitly certify liquidity and reserve readiness for high-value transfers.,"Review prefunding proof, balance snapshot, and reserve narrative immediately before release.",HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #7 | Table D #6,repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:reserve.live.provenance-package,manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot,Keep the transaction blocked until treasury certifies capacity.,No delegated approval path.,Use reserve provenance where the funding story matters to regulators.
HV-03,high-value-mode,Dual ledger evidence,High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs.,Tie the execution envelope to settlement-event and generated three-way reconciliation evidence.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #1 | Table B #5,repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.3way-result,manual: require linked settlement event and three-way result references before close,Treat the transaction as evidence-incomplete and keep it under review.,No archive close without both evidence layers.,This is the mirrored-ledger analogue in the current repo model.
HV-04,high-value-mode,Settlement freeze window,Apply a post-settlement freeze or review window before treating the transfer as fully closed.,Record the freeze decision and any post-finality review notes in the execution envelope.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table B #5,repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions,manual: append freeze-window review notes before marking the transfer fully closed,Maintain enhanced monitoring and do not close the case yet.,Freeze review is mandatory even when the rail is technically final.,This is a policy control layered over finality.
HV-05,high-value-mode,Executive escalation,"High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts.",Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution.,HARD_STOP,chain138-primary | swift | hybrid,Enhanced mode | Table D #1 | Table D #2 | Table D #3,repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions,manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution,Keep the transaction in BLOCKED or ESCALATE until executive review is complete.,Always on in high-value mode.,"The archive rebuild is part of the evidence closure, not a substitute for the escalation."
1 control_id phase domain requirement validation_method blocking_level applies_to_rail source_audit_rows repo_evidence_artifacts validator_command failure_action high_value_override notes
2 PT-01 pre-transaction Transaction validation Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient. Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #2 | Table C stage 1 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.instruction-record check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> && bash scripts/omnl/fetch-kyt-vendor-report.sh Reject the instruction and route to compliance review. Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes. Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event.
3 PT-02 pre-transaction Balance verification Prefunding must exist before instruction acceptance. Check available balance, required amount, approval flag, and liquidity source in the prefunding proof. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #7 | Table C stage 2 | Table D #3 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json <prefunding-proof.json> Block the transaction and place it on treasury hold. High-value transfers require named treasury sign-off in addition to approved=true. The proof should show available_balance_before_major >= required_amount_major.
4 PT-03 pre-transaction Messaging compliance Structured messaging is mandatory for instruction intake and settlement preparation. Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #9 | Table C stage 1 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.instruction-record check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> Reject malformed or uncorrelated instructions. Require explicit rail_mode selection and a second operator review of message identifiers. Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event.
5 PT-04 pre-transaction Authorization Multi-layer authorization must exist before funds move. Verify maker-checker approval and signed instruction metadata before release. HARD_STOP chain138-primary | swift | hybrid | internal-only Table C stage 1 repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope Block the instruction until authorization is complete. Dual treasury and compliance approvals are mandatory for high-value mode. This control is intentionally recorded in the per-transaction execution envelope.
6 PT-05 pre-transaction Fraud detection Credit advice cannot be the sole proof of legitimacy. Cross-check KYT, instruction metadata, and ledger intent before allowing release. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #2 | Table D #2 repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | runtime-slot:jvmtm.live.kyt-result bash scripts/omnl/fetch-kyt-vendor-report.sh Escalate to fraud workflow and freeze release. High-value transfers require an explicit fraud-clear memo before release. Treat unverified advice as insufficient even when operational pressure is high.
7 TX-01 execution Settlement order Debit only after validation and release gates have passed. Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit. HARD_STOP chain138-primary | swift | hybrid | internal-only Table C stage 2 | Table C stage 3 repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.transactions | runtime-slot:dbis.live.settlement-event manual: verify decision_status=READY in the execution envelope before debit or release Halt execution and investigate sequencing. Require a named release operator separate from the validator. The execution envelope is the operator cockpit record for this sequence.
8 TX-02 execution Closed-loop confirmation ACK is required before beneficiary credit or release. Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #6 | Table C stage 3 | Table C stage 4 repo-path:config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json | repo-path:scripts/omnl/verify-ack-before-credit.sh | runtime-slot:jvmtm.live.pre-settlement-ack bash scripts/omnl/verify-ack-before-credit.sh <pre-settlement-ack.json> <journalEntryId> Stop settlement and keep the transaction blocked. Manual ACK review remains mandatory even if the script passes. ACK-before-credit is a non-waivable release gate.
9 TX-03 execution Settlement finality The finality point must be explicit and tied to the operating rail. Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative. HARD_STOP chain138-primary | swift | hybrid Table B #5 | Table D #5 repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:dbis.live.settlement-event | runtime-slot:reserve.live.provenance-package manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail Escalate to legal/ops hold and do not mark funds final. High-value transfers require explicit counsel-aligned finality confirmation. Technical finality and legal finality must not be conflated without documentation.
10 TX-04 execution Liquidity control Prefunded settlement must still be valid at release time. Recheck the prefunding proof and balance snapshot immediately before execution. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #7 | Table C stage 2 | Table D #3 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot manual: confirm prefunding proof checked_at is current for the release window Cancel or pause settlement pending treasury refresh. Require treasury to certify that no other release consumed the same liquidity. This is the release-time liquidity check, not the initial intake check.
11 TX-05 execution Exception handling Rollback or incident logic must exist for execution failures. Capture the exception event, retry log, and operator decision when execution deviates from policy. HARD_STOP chain138-primary | swift | hybrid | internal-only Table B #10 repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries Trigger rollback or incident workflow per exception policy. High-value exceptions require immediate incident bridge and executive notification. Every execution error should produce a machine-readable exception record.
12 PS-01 post-settlement Reconciliation Daily automated three-way reconciliation is mandatory. Generate the reconciliation result and tie it back to the transaction correlation_id. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #1 | Table C stage 5 | Table D #4 repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.daily-3way-report | runtime-slot:jvmtm.live.3way-result bash scripts/omnl/generate-3way-reconciliation-evidence.sh Flag discrepancy, open reconciliation incident, and hold downstream attestations. High-value transfers require same-day review of the generated reconciliation result. Do not substitute hand-edited matched=true JSON for generated evidence.
13 PS-02 post-settlement Balance monitoring Real-time visibility is required during and after settlement. Capture a balance snapshot that shows the post-settlement position for the relevant account or office. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #8 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json <real-time-balance-snapshot.json> Notify treasury and risk; do not treat the day as clean. Require intraday refreshes before and after finality lock. This supports over-credit and blind-position monitoring.
14 PS-03 post-settlement Audit logging Immutable transaction records must exist after funds movement. Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #5 | Table B #9 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.transactions check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <settlement-event.json> Mark the audit trail incomplete and escalate for evidence remediation. Require a second evidence reviewer before the transaction is considered fully closed. The settlement event is the canonical cross-system record; the execution envelope is the operator overlay.
15 PS-04 post-settlement Exception resolution Every exception must have a documented resolution workflow. Confirm the exception policy was followed and the retry log or incident closure exists. POST_EVENT chain138-primary | swift | hybrid | internal-only Table B #10 repo-path:config/jvmtm-regulatory-closure/policies/exception-policy.md | runtime-slot:jvmtm.live.exception-event manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction Escalate unresolved exceptions to incident management. No unresolved exception may remain open at end of day for a high-value transfer. Close the exception in both narrative and machine-readable form.
16 PS-05 post-settlement Reporting Regulatory and supervisory reporting artifacts must be assembled after settlement. Stage the transaction execution envelope and supporting files into the audit archive path. POST_EVENT chain138-primary | swift | hybrid Table B #1 | Table B #5 repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive Mark the package incomplete and reopen evidence assembly. High-value transfers require same-day archive rebuild after close. The archive is the supervisory bundle, not the operational source of truth.
17 SR-01 resilience Business continuity A continuity path must exist so a single outage does not stop the settlement spine. Run failover smoke or equivalent continuity check and retain the execution log. ESCALATE chain138-primary | swift | hybrid Table B #3 | Table B #4 | Table D #1 repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log bash scripts/omnl/bcp-rpc-failover-smoke.sh Escalate to platform ops and restrict the rail if continuity is unproven. High-value release requires same-window confirmation that the fallback path is available. This proves reachability and fallback posture, not full data-centre certification.
18 SR-02 resilience Disaster recovery Disaster recovery evidence must exist for the environment supporting settlement. Review the recovery-time report and DR simulation report for the active environment. ESCALATE chain138-primary | swift | hybrid Table B #4 repo-path:config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json | repo-path:config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json | runtime-slot:jvmtm.live.recovery-time-report | runtime-slot:jvmtm.live.dr-simulation-report manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment Escalate to continuity governance and consider restricting production usage. Do not treat DR evidence as stale for high-value transfers. This is an environment readiness control rather than a per-transaction proof.
19 SR-03 resilience Failover No single point of failure should exist for the chosen settlement path. Confirm a secondary route, compensating control, or manual fallback exists before go-live. ESCALATE chain138-primary | swift | hybrid Table B #3 | Table D #1 repo-path:docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md | runtime-slot:jvmtm.live.failover-log manual: document fallback route or compensating procedure for the active settlement rail Escalate to architecture review and restrict unsupported paths. Require named fallback ownership for high-value mode. The control may be satisfied by procedural fallback when technical failover is not available.
20 SR-04 resilience Messaging reliability The messaging and evidence formats must remain schema-closed and interoperable. Validate both settlement-event and JVMTM control-pack schemas before packaging or release. ESCALATE chain138-primary | swift | hybrid | internal-only Table B #9 repo-path:scripts/validation/validate-dbis-institutional-schemas.sh | repo-path:scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh Escalate schema drift and block package publication until fixed. Run schema validation immediately before high-value package assembly. This is the pack-level guard against format drift.
21 SR-05 resilience System integrity Reserve and provenance evidence must remain internally consistent with the settlement path. Validate the reserve provenance package when reserve backing or finality support is in scope. ESCALATE chain138-primary | swift | hybrid Table B #5 | Table B #7 repo-path:scripts/validation/validate-reserve-provenance-package.sh | runtime-slot:reserve.live.provenance-package SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh Escalate reserve-integrity risk and suspend unsupported attestations. Treat provenance gaps as an immediate executive escalation for high-value mode. Use this when the transaction depends on reserve or legal provenance narratives.
22 RK-01 systemic-risk Operational risk Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak. Review continuity evidence and the active rail posture before authorizing production usage. ESCALATE chain138-primary | swift | hybrid Table D #1 repo-path:scripts/omnl/bcp-rpc-failover-smoke.sh | runtime-slot:jvmtm.live.failover-log manual: review continuity posture before declaring the rail ready Raise executive escalation when operational dependency is unresolved. High-value mode requires explicit acknowledgement of dependency risk. This is a governance-layer control rather than a message-level validation.
23 RK-02 systemic-risk Fraud risk Spoofed credit advice or misleading confirmations must trigger a hard investigation path. Tie advice, KYT, and execution evidence together; escalate if they diverge. HARD_STOP chain138-primary | swift | hybrid | internal-only Table D #2 | Table B #2 repo-path:scripts/omnl/fetch-kyt-vendor-report.sh | runtime-slot:jvmtm.live.kyt-result | runtime-slot:jvmtm.live.transactions manual: compare advice, KYT result, and execution envelope references before release Freeze the transaction and open fraud investigation. High-value fraud signals trigger executive and legal escalation immediately. A clean advice message does not override a failed independent check.
24 RK-03 systemic-risk Settlement risk No transaction may proceed when prefunding or reserve support is missing. Use the prefunding proof and balance snapshot to determine whether default risk exists. HARD_STOP chain138-primary | swift | hybrid | internal-only Table D #3 | Table B #7 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof manual: treat approved=false or stale liquidity evidence as an immediate settlement hold Place the transaction on settlement hold and escalate to treasury. No waiver permitted in high-value mode without executive risk acceptance. This is the governance wrapper around PT-02 and TX-04.
25 RK-04 systemic-risk Reconciliation risk Missing or mismatched records must trigger audit escalation. Review generated three-way results and open incidents for any unmatched item. ESCALATE chain138-primary | swift | hybrid | internal-only Table D #4 | Table B #1 repo-path:scripts/omnl/generate-3way-reconciliation-evidence.sh | runtime-slot:jvmtm.live.3way-result manual: review 3way-result.json and open an audit incident on mismatch Escalate to reconciliation and audit owners. Review same business day for high-value transfers. Post-settlement does not mean low-risk when mismatches remain unresolved.
26 RK-05 systemic-risk Legal risk Undefined finality or reversal posture must trigger legal escalation. Compare the rail finality point to the declared policy and reserve/finality narratives. ESCALATE chain138-primary | swift | hybrid Table D #5 | Table B #5 repo-path:docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md | repo-path:config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json | runtime-slot:reserve.live.provenance-package manual: escalate when technical finality and legal narrative diverge or remain undefined Hold legal attestation and route to counsel review. Counsel acknowledgement is mandatory for high-value finality exceptions. This captures the legal ambiguity risk even when the chain or rail shows technical completion.
27 RK-06 systemic-risk Liquidity risk Cash-flow mismatch or blind position indicators must trigger treasury escalation. Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence. ESCALATE chain138-primary | swift | hybrid | internal-only Table D #6 | Table B #8 repo-path:config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:jvmtm.live.prefunding-proof manual: escalate when liquidity evidence is stale, inconsistent, or below threshold Notify treasury and risk management immediately. Maintain live liquidity monitoring throughout the settlement window. This control complements prefunding by focusing on ongoing exposure.
28 HV-01 high-value-mode Dual authorization High-value transfers require dual settlement authorization beyond baseline maker-checker. Record dual approval identities in the execution envelope before release. HARD_STOP chain138-primary | swift | hybrid Enhanced mode repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions manual: confirm two named approvers are recorded in the execution envelope before release Do not release the transaction until both approvals are present. Applies automatically once amount >= 100000000.00 major units. This is additive to PT-04.
29 HV-02 high-value-mode Treasury authorization Treasury must explicitly certify liquidity and reserve readiness for high-value transfers. Review prefunding proof, balance snapshot, and reserve narrative immediately before release. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table B #7 | Table D #6 repo-path:config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json | runtime-slot:jvmtm.live.prefunding-proof | runtime-slot:jvmtm.live.balance-snapshot | runtime-slot:reserve.live.provenance-package manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot Keep the transaction blocked until treasury certifies capacity. No delegated approval path. Use reserve provenance where the funding story matters to regulators.
30 HV-03 high-value-mode Dual ledger evidence High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs. Tie the execution envelope to settlement-event and generated three-way reconciliation evidence. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table B #1 | Table B #5 repo-path:config/dbis-institutional/schemas/settlement-event.schema.json | runtime-slot:dbis.live.settlement-event | runtime-slot:jvmtm.live.3way-result manual: require linked settlement event and three-way result references before close Treat the transaction as evidence-incomplete and keep it under review. No archive close without both evidence layers. This is the mirrored-ledger analogue in the current repo model.
31 HV-04 high-value-mode Settlement freeze window Apply a post-settlement freeze or review window before treating the transfer as fully closed. Record the freeze decision and any post-finality review notes in the execution envelope. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table B #5 repo-path:config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json | runtime-slot:jvmtm.live.transactions manual: append freeze-window review notes before marking the transfer fully closed Maintain enhanced monitoring and do not close the case yet. Freeze review is mandatory even when the rail is technically final. This is a policy control layered over finality.
32 HV-05 high-value-mode Executive escalation High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts. Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution. HARD_STOP chain138-primary | swift | hybrid Enhanced mode | Table D #1 | Table D #2 | Table D #3 repo-path:scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh | runtime-slot:jvmtm.live.transactions manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution Keep the transaction in BLOCKED or ESCALATE until executive review is complete. Always on in high-value mode. The archive rebuild is part of the evidence closure, not a substitute for the escalation.

680
config/jvmtm-regulatory-closure/transaction-compliance-matrix.json Normal file
View File

@@ -0,0 +1,680 @@
{
"schema_version": 1,
"matrix_version": "2026-03-31",
"title": "JVMTM transaction-grade compliance matrix",
"canonical_format": "json",
"csv_export": "config/jvmtm-regulatory-closure/transaction-compliance-matrix.csv",
"source_baseline": [
"config/jvmtm-regulatory-closure/INAAUDJVMTM_2025_AUDIT_CLOSURE_MATRIX.md",
"config/jvmtm-regulatory-closure/README.md",
"docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md",
"config/dbis-institutional/schemas/settlement-event.schema.json"
],
"runtime_slots": [
{
"slot": "jvmtm.live.daily-3way-report",
"source": "JVMTM_CLOSURE_DIR/daily-3way-reconciliation-report.json",
"archive_path": "reconciliation/daily-3way-reconciliation-report.json",
"description": "Completed daily reconciliation report for the transaction date."
},
{
"slot": "jvmtm.live.3way-result",
"source": "output/jvmtm-evidence/latest-3way-result.json",
"archive_path": "reconciliation/3way-result.json",
"description": "Generated three-way reconciliation result produced by the repo tooling."
},
{
"slot": "jvmtm.live.prefunding-proof",
"source": "JVMTM_CLOSURE_DIR/prefunding-proof.json",
"archive_path": "liquidity/prefunding-proof.json",
"description": "Live prefunding and liquidity proof for the candidate transaction."
},
{
"slot": "jvmtm.live.pre-settlement-ack",
"source": "JVMTM_CLOSURE_DIR/pre-settlement-ack.json",
"archive_path": "acknowledgements/pre-settlement-ack.json",
"description": "Live ACK evidence used to prove ACK-before-credit ordering."
},
{
"slot": "jvmtm.live.exception-event",
"source": "JVMTM_CLOSURE_DIR/sample-exception-event.json",
"archive_path": "exceptions/sample-exception-event.json",
"description": "Exception event captured when a transaction fails or rolls back."
},
{
"slot": "jvmtm.live.kyt-result",
"source": "JVMTM_CLOSURE_DIR/kyt-screening-result.json",
"archive_path": "validation/kyt-screening-result.json",
"description": "KYT vendor output or equivalent screening result for the transaction."
},
{
"slot": "jvmtm.live.recovery-time-report",
"source": "JVMTM_CLOSURE_DIR/recovery-time-report.json",
"archive_path": "bcp/recovery-time-report.json",
"description": "Recovery-time evidence for continuity validation."
},
{
"slot": "jvmtm.live.dr-simulation-report",
"source": "JVMTM_CLOSURE_DIR/DR-simulation-report.json",
"archive_path": "disaster-recovery/DR-simulation-report.json",
"description": "Disaster recovery drill output tied to the operating environment."
},
{
"slot": "jvmtm.live.balance-snapshot",
"source": "JVMTM_CLOSURE_DIR/real-time-balance-snapshot.json",
"archive_path": "monitoring/real-time-balance-snapshot.json",
"description": "Live balance visibility snapshot for liquidity and exposure checks."
},
{
"slot": "jvmtm.live.instruction-record",
"source": "Submitted instruction payload, ISO message, API intake record, or operator reference for the candidate transaction.",
"archive_path": "not-archived-by-default",
"description": "Instruction-level reference used when a transaction is blocked before any settlement event exists."
},
{
"slot": "jvmtm.live.failover-log",
"source": "JVMTM_CLOSURE_DIR/failover-test-log.txt",
"archive_path": "bcp/failover-test-log.txt",
"description": "Failover execution log or smoke output for the relevant environment."
},
{
"slot": "jvmtm.live.transactions",
"source": "JVMTM_CLOSURE_DIR/transactions/*.json",
"archive_path": "transactions/*.json",
"description": "Live transaction compliance execution envelopes staged into the audit archive."
},
{
"slot": "dbis.live.settlement-event",
"source": "output/settlement-events/*.json or integration-hub export",
"archive_path": "settlement-events/*.json",
"description": "Canonical settlement event linked to the transaction correlation_id."
},
{
"slot": "reserve.live.provenance-package",
"source": "config/reserve-provenance-package plus live overrides",
"archive_path": "reserve-provenance-package/",
"description": "Funding-origin and reserve provenance package used for prefunding and finality review."
}
],
"controls": [
{
"control_id": "PT-01",
"phase": "pre-transaction",
"domain": "Transaction validation",
"requirement": "Perform pre-validation before instruction acceptance using schema, ledger, and KYT checks; credit advice alone is insufficient.",
"validation_method": "Validate the canonical settlement event shape, confirm identifiers, and collect KYT screening before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #2", "Table C stage 1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.instruction-record"}
],
"validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json> && bash scripts/omnl/fetch-kyt-vendor-report.sh",
"failure_action": "Reject the instruction and route to compliance review.",
"high_value_override": "Amounts >= 100000000.00 major units require manual compliance sign-off after the automated pre-check passes.",
"notes": "Use one correlation_id across DBIS Core, OMNL, RTGS, and Chain 138. For blocked pre-exec cases, the instruction record may exist without a settlement event."
},
{
"control_id": "PT-02",
"phase": "pre-transaction",
"domain": "Balance verification",
"requirement": "Prefunding must exist before instruction acceptance.",
"validation_method": "Check available balance, required amount, approval flag, and liquidity source in the prefunding proof.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #7", "Table C stage 2", "Table D #3", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}
],
"validator_command": "check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json <prefunding-proof.json>",
"failure_action": "Block the transaction and place it on treasury hold.",
"high_value_override": "High-value transfers require named treasury sign-off in addition to approved=true.",
"notes": "The proof should show available_balance_before_major >= required_amount_major."
},
{
"control_id": "PT-03",
"phase": "pre-transaction",
"domain": "Messaging compliance",
"requirement": "Structured messaging is mandatory for instruction intake and settlement preparation.",
"validation_method": "Validate canonical JSON and ensure ISO/SWIFT or DLT message identifiers are present for the chosen rail.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #9", "Table C stage 1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.instruction-record"}
],
"validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <instruction-normalized-settlement-event.json>",
"failure_action": "Reject malformed or uncorrelated instructions.",
"high_value_override": "Require explicit rail_mode selection and a second operator review of message identifiers.",
"notes": "Chain 138 primary flows may omit UETR but must keep rail-native identifiers. The normalized instruction can exist before any live settlement event."
},
{
"control_id": "PT-04",
"phase": "pre-transaction",
"domain": "Authorization",
"requirement": "Multi-layer authorization must exist before funds move.",
"validation_method": "Verify maker-checker approval and signed instruction metadata before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table C stage 1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: verify signed instruction, maker-checker approval, and approved_by entry in the execution envelope",
"failure_action": "Block the instruction until authorization is complete.",
"high_value_override": "Dual treasury and compliance approvals are mandatory for high-value mode.",
"notes": "This control is intentionally recorded in the per-transaction execution envelope."
},
{
"control_id": "PT-05",
"phase": "pre-transaction",
"domain": "Fraud detection",
"requirement": "Credit advice cannot be the sole proof of legitimacy.",
"validation_method": "Cross-check KYT, instruction metadata, and ledger intent before allowing release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #2", "Table D #2"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"},
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"}
],
"validator_command": "bash scripts/omnl/fetch-kyt-vendor-report.sh",
"failure_action": "Escalate to fraud workflow and freeze release.",
"high_value_override": "High-value transfers require an explicit fraud-clear memo before release.",
"notes": "Treat unverified advice as insufficient even when operational pressure is high."
},
{
"control_id": "TX-01",
"phase": "execution",
"domain": "Settlement order",
"requirement": "Debit only after validation and release gates have passed.",
"validation_method": "Confirm the execution envelope shows READY and the release sequence is validation -> prefunding -> ACK -> debit/credit.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table C stage 2", "Table C stage 3"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"}
],
"validator_command": "manual: verify decision_status=READY in the execution envelope before debit or release",
"failure_action": "Halt execution and investigate sequencing.",
"high_value_override": "Require a named release operator separate from the validator.",
"notes": "The execution envelope is the operator cockpit record for this sequence."
},
{
"control_id": "TX-02",
"phase": "execution",
"domain": "Closed-loop confirmation",
"requirement": "ACK is required before beneficiary credit or release.",
"validation_method": "Compare ACK timestamp to credit_settled_at and verify ack_before_credit ordering.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #6", "Table C stage 3", "Table C stage 4"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/pre-settlement-ack.schema.json"},
{"artifact_type": "repo-path", "ref": "scripts/omnl/verify-ack-before-credit.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.pre-settlement-ack"}
],
"validator_command": "bash scripts/omnl/verify-ack-before-credit.sh <pre-settlement-ack.json> <journalEntryId>",
"failure_action": "Stop settlement and keep the transaction blocked.",
"high_value_override": "Manual ACK review remains mandatory even if the script passes.",
"notes": "ACK-before-credit is a non-waivable release gate."
},
{
"control_id": "TX-03",
"phase": "execution",
"domain": "Settlement finality",
"requirement": "The finality point must be explicit and tied to the operating rail.",
"validation_method": "Confirm FINALIZED or equivalent technical finality and tie it to the documented legal narrative.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #5", "Table D #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"},
{"artifact_type": "repo-path", "ref": "config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "manual: confirm finality status on the settlement event and attach the declared finality narrative for the rail",
"failure_action": "Escalate to legal/ops hold and do not mark funds final.",
"high_value_override": "High-value transfers require explicit counsel-aligned finality confirmation.",
"notes": "Technical finality and legal finality must not be conflated without documentation."
},
{
"control_id": "TX-04",
"phase": "execution",
"domain": "Liquidity control",
"requirement": "Prefunded settlement must still be valid at release time.",
"validation_method": "Recheck the prefunding proof and balance snapshot immediately before execution.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #7", "Table C stage 2", "Table D #3", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}
],
"validator_command": "manual: confirm prefunding proof checked_at is current for the release window",
"failure_action": "Cancel or pause settlement pending treasury refresh.",
"high_value_override": "Require treasury to certify that no other release consumed the same liquidity.",
"notes": "This is the release-time liquidity check, not the initial intake check."
},
{
"control_id": "TX-05",
"phase": "execution",
"domain": "Exception handling",
"requirement": "Rollback or incident logic must exist for execution failures.",
"validation_method": "Capture the exception event, retry log, and operator decision when execution deviates from policy.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #10"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/policies/exception-policy.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.exception-event"}
],
"validator_command": "manual: write exception event and retry-log.txt whenever execution halts, reverses, or retries",
"failure_action": "Trigger rollback or incident workflow per exception policy.",
"high_value_override": "High-value exceptions require immediate incident bridge and executive notification.",
"notes": "Every execution error should produce a machine-readable exception record."
},
{
"control_id": "PS-01",
"phase": "post-settlement",
"domain": "Reconciliation",
"requirement": "Daily automated three-way reconciliation is mandatory.",
"validation_method": "Generate the reconciliation result and tie it back to the transaction correlation_id.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #1", "Table C stage 5", "Table D #4"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/generate-3way-reconciliation-evidence.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.daily-3way-report"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"}
],
"validator_command": "bash scripts/omnl/generate-3way-reconciliation-evidence.sh",
"failure_action": "Flag discrepancy, open reconciliation incident, and hold downstream attestations.",
"high_value_override": "High-value transfers require same-day review of the generated reconciliation result.",
"notes": "Do not substitute hand-edited matched=true JSON for generated evidence."
},
{
"control_id": "PS-02",
"phase": "post-settlement",
"domain": "Balance monitoring",
"requirement": "Real-time visibility is required during and after settlement.",
"validation_method": "Capture a balance snapshot that shows the post-settlement position for the relevant account or office.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #8", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"}
],
"validator_command": "check-jsonschema --schemafile config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json <real-time-balance-snapshot.json>",
"failure_action": "Notify treasury and risk; do not treat the day as clean.",
"high_value_override": "Require intraday refreshes before and after finality lock.",
"notes": "This supports over-credit and blind-position monitoring."
},
{
"control_id": "PS-03",
"phase": "post-settlement",
"domain": "Audit logging",
"requirement": "Immutable transaction records must exist after funds movement.",
"validation_method": "Record the canonical settlement event and bind the transaction envelope to it through the same correlation_id.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #5", "Table B #9"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "check-jsonschema --schemafile config/dbis-institutional/schemas/settlement-event.schema.json <settlement-event.json>",
"failure_action": "Mark the audit trail incomplete and escalate for evidence remediation.",
"high_value_override": "Require a second evidence reviewer before the transaction is considered fully closed.",
"notes": "The settlement event is the canonical cross-system record; the execution envelope is the operator overlay."
},
{
"control_id": "PS-04",
"phase": "post-settlement",
"domain": "Exception resolution",
"requirement": "Every exception must have a documented resolution workflow.",
"validation_method": "Confirm the exception policy was followed and the retry log or incident closure exists.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #10"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/policies/exception-policy.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.exception-event"}
],
"validator_command": "manual: verify exception-policy.md decision path and retry-log.txt closure for the transaction",
"failure_action": "Escalate unresolved exceptions to incident management.",
"high_value_override": "No unresolved exception may remain open at end of day for a high-value transfer.",
"notes": "Close the exception in both narrative and machine-readable form."
},
{
"control_id": "PS-05",
"phase": "post-settlement",
"domain": "Reporting",
"requirement": "Regulatory and supervisory reporting artifacts must be assembled after settlement.",
"validation_method": "Stage the transaction execution envelope and supporting files into the audit archive path.",
"blocking_level": "POST_EVENT",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #1", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: place execution envelopes under JVMTM_CLOSURE_DIR/transactions and rebuild the archive",
"failure_action": "Mark the package incomplete and reopen evidence assembly.",
"high_value_override": "High-value transfers require same-day archive rebuild after close.",
"notes": "The archive is the supervisory bundle, not the operational source of truth."
},
{
"control_id": "SR-01",
"phase": "resilience",
"domain": "Business continuity",
"requirement": "A continuity path must exist so a single outage does not stop the settlement spine.",
"validation_method": "Run failover smoke or equivalent continuity check and retain the execution log.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #3", "Table B #4", "Table D #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/bcp-rpc-failover-smoke.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"}
],
"validator_command": "bash scripts/omnl/bcp-rpc-failover-smoke.sh",
"failure_action": "Escalate to platform ops and restrict the rail if continuity is unproven.",
"high_value_override": "High-value release requires same-window confirmation that the fallback path is available.",
"notes": "This proves reachability and fallback posture, not full data-centre certification."
},
{
"control_id": "SR-02",
"phase": "resilience",
"domain": "Disaster recovery",
"requirement": "Disaster recovery evidence must exist for the environment supporting settlement.",
"validation_method": "Review the recovery-time report and DR simulation report for the active environment.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #4"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/recovery-time-report.schema.json"},
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/dr-simulation-report.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.recovery-time-report"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.dr-simulation-report"}
],
"validator_command": "manual: confirm recovery-time-report.json and DR-simulation-report.json are current for the live environment",
"failure_action": "Escalate to continuity governance and consider restricting production usage.",
"high_value_override": "Do not treat DR evidence as stale for high-value transfers.",
"notes": "This is an environment readiness control rather than a per-transaction proof."
},
{
"control_id": "SR-03",
"phase": "resilience",
"domain": "Failover",
"requirement": "No single point of failure should exist for the chosen settlement path.",
"validation_method": "Confirm a secondary route, compensating control, or manual fallback exists before go-live.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #3", "Table D #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"}
],
"validator_command": "manual: document fallback route or compensating procedure for the active settlement rail",
"failure_action": "Escalate to architecture review and restrict unsupported paths.",
"high_value_override": "Require named fallback ownership for high-value mode.",
"notes": "The control may be satisfied by procedural fallback when technical failover is not available."
},
{
"control_id": "SR-04",
"phase": "resilience",
"domain": "Messaging reliability",
"requirement": "The messaging and evidence formats must remain schema-closed and interoperable.",
"validation_method": "Validate both settlement-event and JVMTM control-pack schemas before packaging or release.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table B #9"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/validation/validate-dbis-institutional-schemas.sh"},
{"artifact_type": "repo-path", "ref": "scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh"}
],
"validator_command": "SCHEMA_STRICT=1 bash scripts/validation/validate-dbis-institutional-schemas.sh && SCHEMA_STRICT=1 bash scripts/validation/validate-jvmtm-regulatory-closure-schemas.sh",
"failure_action": "Escalate schema drift and block package publication until fixed.",
"high_value_override": "Run schema validation immediately before high-value package assembly.",
"notes": "This is the pack-level guard against format drift."
},
{
"control_id": "SR-05",
"phase": "resilience",
"domain": "System integrity",
"requirement": "Reserve and provenance evidence must remain internally consistent with the settlement path.",
"validation_method": "Validate the reserve provenance package when reserve backing or finality support is in scope.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table B #5", "Table B #7"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/validation/validate-reserve-provenance-package.sh"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "SCHEMA_STRICT=1 bash scripts/validation/validate-reserve-provenance-package.sh",
"failure_action": "Escalate reserve-integrity risk and suspend unsupported attestations.",
"high_value_override": "Treat provenance gaps as an immediate executive escalation for high-value mode.",
"notes": "Use this when the transaction depends on reserve or legal provenance narratives."
},
{
"control_id": "RK-01",
"phase": "systemic-risk",
"domain": "Operational risk",
"requirement": "Monitor dependency on OMNL or other single operational components and escalate when redundancy is weak.",
"validation_method": "Review continuity evidence and the active rail posture before authorizing production usage.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table D #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/bcp-rpc-failover-smoke.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.failover-log"}
],
"validator_command": "manual: review continuity posture before declaring the rail ready",
"failure_action": "Raise executive escalation when operational dependency is unresolved.",
"high_value_override": "High-value mode requires explicit acknowledgement of dependency risk.",
"notes": "This is a governance-layer control rather than a message-level validation."
},
{
"control_id": "RK-02",
"phase": "systemic-risk",
"domain": "Fraud risk",
"requirement": "Spoofed credit advice or misleading confirmations must trigger a hard investigation path.",
"validation_method": "Tie advice, KYT, and execution evidence together; escalate if they diverge.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #2", "Table B #2"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/fetch-kyt-vendor-report.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.kyt-result"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: compare advice, KYT result, and execution envelope references before release",
"failure_action": "Freeze the transaction and open fraud investigation.",
"high_value_override": "High-value fraud signals trigger executive and legal escalation immediately.",
"notes": "A clean advice message does not override a failed independent check."
},
{
"control_id": "RK-03",
"phase": "systemic-risk",
"domain": "Settlement risk",
"requirement": "No transaction may proceed when prefunding or reserve support is missing.",
"validation_method": "Use the prefunding proof and balance snapshot to determine whether default risk exists.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #3", "Table B #7"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"}
],
"validator_command": "manual: treat approved=false or stale liquidity evidence as an immediate settlement hold",
"failure_action": "Place the transaction on settlement hold and escalate to treasury.",
"high_value_override": "No waiver permitted in high-value mode without executive risk acceptance.",
"notes": "This is the governance wrapper around PT-02 and TX-04."
},
{
"control_id": "RK-04",
"phase": "systemic-risk",
"domain": "Reconciliation risk",
"requirement": "Missing or mismatched records must trigger audit escalation.",
"validation_method": "Review generated three-way results and open incidents for any unmatched item.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #4", "Table B #1"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/generate-3way-reconciliation-evidence.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"}
],
"validator_command": "manual: review 3way-result.json and open an audit incident on mismatch",
"failure_action": "Escalate to reconciliation and audit owners.",
"high_value_override": "Review same business day for high-value transfers.",
"notes": "Post-settlement does not mean low-risk when mismatches remain unresolved."
},
{
"control_id": "RK-05",
"phase": "systemic-risk",
"domain": "Legal risk",
"requirement": "Undefined finality or reversal posture must trigger legal escalation.",
"validation_method": "Compare the rail finality point to the declared policy and reserve/finality narratives.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Table D #5", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "docs/03-deployment/OJK_BI_AUDIT_JVMTM_REMEDIATION_AND_UETR_POLICY.md"},
{"artifact_type": "repo-path", "ref": "config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "manual: escalate when technical finality and legal narrative diverge or remain undefined",
"failure_action": "Hold legal attestation and route to counsel review.",
"high_value_override": "Counsel acknowledgement is mandatory for high-value finality exceptions.",
"notes": "This captures the legal ambiguity risk even when the chain or rail shows technical completion."
},
{
"control_id": "RK-06",
"phase": "systemic-risk",
"domain": "Liquidity risk",
"requirement": "Cash-flow mismatch or blind position indicators must trigger treasury escalation.",
"validation_method": "Compare balance snapshot, prefunding proof, and reconciliation outputs for divergence.",
"blocking_level": "ESCALATE",
"applies_to_rail": ["chain138-primary", "swift", "hybrid", "internal-only"],
"source_audit_rows": ["Table D #6", "Table B #8"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/real-time-balance-snapshot.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"}
],
"validator_command": "manual: escalate when liquidity evidence is stale, inconsistent, or below threshold",
"failure_action": "Notify treasury and risk management immediately.",
"high_value_override": "Maintain live liquidity monitoring throughout the settlement window.",
"notes": "This control complements prefunding by focusing on ongoing exposure."
},
{
"control_id": "HV-01",
"phase": "high-value-mode",
"domain": "Dual authorization",
"requirement": "High-value transfers require dual settlement authorization beyond baseline maker-checker.",
"validation_method": "Record dual approval identities in the execution envelope before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: confirm two named approvers are recorded in the execution envelope before release",
"failure_action": "Do not release the transaction until both approvals are present.",
"high_value_override": "Applies automatically once amount >= 100000000.00 major units.",
"notes": "This is additive to PT-04."
},
{
"control_id": "HV-02",
"phase": "high-value-mode",
"domain": "Treasury authorization",
"requirement": "Treasury must explicitly certify liquidity and reserve readiness for high-value transfers.",
"validation_method": "Review prefunding proof, balance snapshot, and reserve narrative immediately before release.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table B #7", "Table D #6"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/prefunding-proof.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.prefunding-proof"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.balance-snapshot"},
{"artifact_type": "runtime-slot", "ref": "reserve.live.provenance-package"}
],
"validator_command": "manual: treasury sign-off must reference prefunding-proof.json and the current balance snapshot",
"failure_action": "Keep the transaction blocked until treasury certifies capacity.",
"high_value_override": "No delegated approval path.",
"notes": "Use reserve provenance where the funding story matters to regulators."
},
{
"control_id": "HV-03",
"phase": "high-value-mode",
"domain": "Dual ledger evidence",
"requirement": "High-value transfers require mirrored evidence across the canonical settlement event and reconciliation outputs.",
"validation_method": "Tie the execution envelope to settlement-event and generated three-way reconciliation evidence.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table B #1", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/dbis-institutional/schemas/settlement-event.schema.json"},
{"artifact_type": "runtime-slot", "ref": "dbis.live.settlement-event"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.3way-result"}
],
"validator_command": "manual: require linked settlement event and three-way result references before close",
"failure_action": "Treat the transaction as evidence-incomplete and keep it under review.",
"high_value_override": "No archive close without both evidence layers.",
"notes": "This is the mirrored-ledger analogue in the current repo model."
},
{
"control_id": "HV-04",
"phase": "high-value-mode",
"domain": "Settlement freeze window",
"requirement": "Apply a post-settlement freeze or review window before treating the transfer as fully closed.",
"validation_method": "Record the freeze decision and any post-finality review notes in the execution envelope.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table B #5"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "config/jvmtm-regulatory-closure/schemas/transaction-compliance-execution.schema.json"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: append freeze-window review notes before marking the transfer fully closed",
"failure_action": "Maintain enhanced monitoring and do not close the case yet.",
"high_value_override": "Freeze review is mandatory even when the rail is technically final.",
"notes": "This is a policy control layered over finality."
},
{
"control_id": "HV-05",
"phase": "high-value-mode",
"domain": "Executive escalation",
"requirement": "High-value mode requires executive visibility for unresolved exceptions, fraud, or liquidity alerts.",
"validation_method": "Escalate any FAIL or PENDING high-value control to the designated executive channel and rebuild the evidence pack after resolution.",
"blocking_level": "HARD_STOP",
"applies_to_rail": ["chain138-primary", "swift", "hybrid"],
"source_audit_rows": ["Enhanced mode", "Table D #1", "Table D #2", "Table D #3"],
"repo_evidence_artifacts": [
{"artifact_type": "repo-path", "ref": "scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh"},
{"artifact_type": "runtime-slot", "ref": "jvmtm.live.transactions"}
],
"validator_command": "manual: escalate high-value exceptions to executive owners and rebuild the archive after resolution",
"failure_action": "Keep the transaction in BLOCKED or ESCALATE until executive review is complete.",
"high_value_override": "Always on in high-value mode.",
"notes": "The archive rebuild is part of the evidence closure, not a substitute for the escalation."
}
]
}

99
config/production/dbis-identity-public-did-package.example.json Normal file
View File

@@ -0,0 +1,99 @@
{
"schemaVersion": "1.0",
"programId": "dbis-rtgs-identity",
"packageStatus": "draft",
"ariesAgent": {
"adminUrl": "http://192.168.11.88:8031",
"didcommUrl": "http://192.168.11.88:8030",
"walletType": "askar-anoncreds",
"adminAuthMode": "insecure",
"adminApiKeyEnv": "ARIES_ADMIN_API_KEY"
},
"ledger": {
"type": "indy",
"targetNetwork": "dbis-local-indy-pool",
"trustScope": "sovereign-internal-first",
"poolName": "dbis-local-pool",
"genesisSource": "/opt/aries/ledger/pool_transactions_genesis",
"didMethod": "sov",
"nymWriteMode": "endorser"
},
"governance": {
"governanceVersion": "1.0",
"changeControlRef": "DBIS-ID-GOV-2026-001",
"changeControlFormat": "DBIS-ID-GOV-YYYY-NNN",
"operatorOwner": "DBIS Identity Operations Division",
"approvalOwner": "DBIS Governance Authority",
"endorserGovernanceModel": {
"type": "procedural-multisig",
"quorum": "3-of-5",
"custodians": [
"DBIS Governance Authority",
"DBIS Identity Operations Division",
"Independent Oversight Authority",
"OMNL Authority (future slot reserved)",
"ICCC Authority (future slot reserved)"
],
"singleKeyDidControl": "multisig-governance-around-single-key-did",
"currentPhase": "phase-1-procedural",
"futurePhases": [
"phase-2-hsm-custody",
"phase-3-mpc-threshold-signing"
]
},
"notes": "Governance structure frozen prior to formal endorser designation. Recommended default remains author-plus-endorser rather than a seed-only path."
},
"roles": {
"author": {
"alias": "dbis-issuer-author",
"publicDid": "<fill-me-public-did-or-leave-empty-until-created>",
"verkey": "<fill-me-verkey-or-evidence-ref>",
"connectionIdEnv": "AUTHOR_CONNECTION_ID"
},
"endorser": {
"alias": "dbis-root-endorser",
"did": "<fill-me-endorser-did>",
"connectionIdEnv": "ENDORSER_CONNECTION_ID"
}
},
"anoncreds": {
"schemas": [
{
"id": "institution-admission-v1",
"name": "InstitutionAdmission",
"version": "1.0.0",
"issuerRole": "complete-credential",
"credentialDefinitionTag": "default",
"supportRevocation": false,
"attributes": [
"institutionId",
"institutionName",
"jurisdiction",
"participantClass",
"admissionDate"
]
}
],
"verificationProfiles": [
{
"id": "smoa-basic-admission-check",
"verifierRole": "smoa",
"requestedAttributes": [
"institutionId",
"participantClass",
"jurisdiction"
]
}
]
},
"evidence": {
"outputDir": "reports/identity-completion",
"requiredArtifacts": [
"public-did.json",
"schema-publication.json",
"creddef-publication.json",
"issuance-result.json",
"verification-result.json"
]
}
}

99
config/production/dbis-identity-public-did-package.json Normal file
View File

@@ -0,0 +1,99 @@
{
"schemaVersion": "1.0",
"programId": "dbis-rtgs-identity",
"packageStatus": "awaiting-external-endorser",
"ariesAgent": {
"adminUrl": "http://192.168.11.88:8031",
"didcommUrl": "http://192.168.11.88:8030",
"walletType": "askar-anoncreds",
"adminAuthMode": "insecure",
"adminApiKeyEnv": "ARIES_ADMIN_API_KEY"
},
"ledger": {
"type": "indy",
"targetNetwork": "dbis-local-indy-pool",
"trustScope": "sovereign-internal-first",
"poolName": "dbis-local-pool",
"genesisSource": "/opt/aries/ledger/pool_transactions_genesis",
"didMethod": "sov",
"nymWriteMode": "endorser"
},
"governance": {
"governanceVersion": "1.0",
"changeControlRef": "DBIS-ID-GOV-2026-001",
"changeControlFormat": "DBIS-ID-GOV-YYYY-NNN",
"operatorOwner": "DBIS Identity Operations Division",
"approvalOwner": "DBIS Governance Authority",
"endorserGovernanceModel": {
"type": "procedural-multisig",
"quorum": "3-of-5",
"custodians": [
"DBIS Governance Authority",
"DBIS Identity Operations Division",
"Independent Oversight Authority",
"OMNL Authority (future slot reserved)",
"ICCC Authority (future slot reserved)"
],
"singleKeyDidControl": "multisig-governance-around-single-key-did",
"currentPhase": "phase-1-procedural",
"futurePhases": [
"phase-2-hsm-custody",
"phase-3-mpc-threshold-signing"
]
},
"notes": "Governance structure is pre-frozen prior to formal endorser designation. Remaining gaps are external designation, endorser DID, connection ID, and author promotion outputs."
},
"roles": {
"author": {
"alias": "dbis-issuer-author",
"publicDid": "",
"verkey": "",
"connectionIdEnv": "AUTHOR_CONNECTION_ID"
},
"endorser": {
"alias": "dbis-root-endorser",
"did": "",
"connectionIdEnv": "ENDORSER_CONNECTION_ID"
}
},
"anoncreds": {
"schemas": [
{
"id": "institution-admission-v1",
"name": "InstitutionAdmission",
"version": "1.0.0",
"issuerRole": "complete-credential",
"credentialDefinitionTag": "default",
"supportRevocation": false,
"attributes": [
"institutionId",
"institutionName",
"jurisdiction",
"participantClass",
"admissionDate"
]
}
],
"verificationProfiles": [
{
"id": "smoa-basic-admission-check",
"verifierRole": "smoa",
"requestedAttributes": [
"institutionId",
"participantClass",
"jurisdiction"
]
}
]
},
"evidence": {
"outputDir": "reports/identity-completion",
"requiredArtifacts": [
"public-did.json",
"schema-publication.json",
"creddef-publication.json",
"issuance-result.json",
"verification-result.json"
]
}
}

21
config/production/dbis-identity-public-did-secrets.example.env Normal file
View File

@@ -0,0 +1,21 @@
# Copy to:
# config/production/dbis-identity-public-did-secrets.env
#
# Keep this file out of commits when populated with real values.
ARIES_ADMIN_API_KEY="<fill-me-admin-api-key>"
# Optional author-side connection reference if a separate author connection is used.
AUTHOR_CONNECTION_ID="<fill-me-author-connection-id>"
# Required for the recommended author + endorser publication model.
ENDORSER_CONNECTION_ID="<fill-me-endorser-connection-id>"
# Optional references for governance / operator evidence.
DBIS_IDENTITY_APPROVAL_TICKET="<fill-me-ticket-id>"
DBIS_IDENTITY_APPROVER="<fill-me-approver-name>"
DBIS_IDENTITY_PUBLIC_DID="<fill-me-public-did>"
DBIS_IDENTITY_PUBLIC_DID_VERKEY="<fill-me-public-did-verkey>"
# Optional path or reference to an externally supplied NYM / endorsement payload.
DBIS_IDENTITY_NYM_TXN_REF="<fill-me-path-or-ticket-ref>"

22
config/proxmox-operational-template.json
View File

@@ -135,8 +135,9 @@
"vmid": 100,
"hostname": "proxmox-mail-gateway",
"ipv4": "192.168.11.32",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"purpose": "Proxmox Mail Proxy / LAN SMTP relay for apps (dbis_core, alerts); Postfix 25+587+465 live on CT (2026-03-30)",
"ports": [
{
"port": 25,
@@ -145,6 +146,10 @@
{
"port": 587,
"name": "submission"
},
{
"port": 465,
"name": "smtps"
}
],
"fqdns": []
@@ -153,7 +158,7 @@
"vmid": 101,
"hostname": "proxmox-datacenter-manager",
"ipv4": "192.168.11.33",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"ports": [
{
@@ -167,7 +172,7 @@
"vmid": 103,
"hostname": "omada",
"ipv4": "192.168.11.30",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"ports": [
{
@@ -181,7 +186,7 @@
"vmid": 104,
"hostname": "gitea",
"ipv4": "192.168.11.31",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "infra",
"ports": [
{
@@ -199,7 +204,7 @@
"vmid": 105,
"hostname": "nginxproxymanager",
"ipv4": "192.168.11.26",
"preferred_node": "r630-02",
"preferred_node": "r630-01",
"category": "legacy_proxy",
"ports": [
{
@@ -934,6 +939,7 @@
"ipv4": "192.168.11.155",
"preferred_node": "r630-01",
"category": "dbis",
"purpose": "Reserved for dbis_core API; live CT runs python http.server placeholder; /tmp/smtp.env.example for SMTP when Node deployed",
"ports": [
{
"port": 3000
@@ -949,6 +955,7 @@
"ipv4": "192.168.11.156",
"preferred_node": "r630-01",
"category": "dbis",
"purpose": "Same as 10150: placeholder static server until dbis_core Node API deployed",
"ports": [
{
"port": 3000
@@ -1783,11 +1790,12 @@
{
"vmid": 10092,
"hostname": "order-mcp-legal",
"ipv4": "192.168.11.37",
"ipv4": "192.168.11.94",
"preferred_node": "r630-01",
"category": "order",
"ports": [],
"fqdns": []
"fqdns": [],
"notes": "Moved off 192.168.11.37 on 2026-03-29 after ARP conflict with VMID 7810 mim-web-1. Use IP_ORDER_MCP_LEGAL in ip-addresses.conf."
},
{
"vmid": 10200,

62
config/reserve-provenance-package/README.md Normal file
View File

@@ -0,0 +1,62 @@
# Reserve provenance and settlement attestation (staged package)
**Purpose:** Structured artifacts that connect **legal / funding narrative** to **operational reconciliation** (ledger, bank export, chain) without claiming bank or KYT completion where evidence is still pending.
**Not legal advice.** Entity names, amounts, and references mirror the **3FR / Titan / FIDES** funding narrative you supplied; **counsel must review** before any regulatory submission. Replace or redact for other deals.
## Truthfulness rules (supervisory posture)
| Artifact | Declares complete? |
|----------|-------------------|
| Attorney receipt attestation | Legal **form** only — does not replace bank confirmation |
| Settlement finality declaration | **Declared** finality per your workflow — not universal legal finality |
| Funding origin chain | Structured **narrative** from documentation review |
| Bank balance certification | **AWAITING_BANK_EXPORT** until MT940 / camt.053 / API |
| KYT execution record | **PENDING** until vendor integration |
| Reconciliation trigger | **INITIATED** — run `generate-3way-reconciliation-evidence.sh` for machine output |
| Reserve recognition | **PROVISIONAL_RESERVE** — bank + KYT still pending |
| Reserve monetary linkage | **PROVISIONAL_LINKAGE_NARRATIVE** — ties MT103, composition, SIS refs, custody cite; EO/DCID = **investigative standard reference**, not government endorsement; reconcile magnitudes to originals |
| Regulatory stack (HYBX / OMNL / DBIS) | **DECLARED_ARCHITECTURE** — OMNL **LEI** (GLEIF); OMNL charter **EO + DCID standard references** (12829/12968/10450 + DCID 6/4, parallel) in docs — **not** U.S. endorsement; DBIS **SMOMOSJ**; populate `regulatoryEvidence` for HYBX registration and executed charters |
| Reserve hosting map | **PROVISIONALLY_STRUCTURED** — links reserve composition to declared entity layers; verify AUSTRAC registration before AML/CTF claims |
**Keystone (you must still obtain):** **Bank-issued** MT940, camt.053, or API export. The repo MT940 `.txt` is a **structural specimen** — not a substitute for custodian certification, signatures, or seals.
**Operator attachment (out of band):** Place the **real** MT103 hard-copy scan as `MT103_HARDCOPY.pdf` (or your naming standard) in secure storage; do not commit privileged PDFs to git unless policy allows.
**Original signatures:** When physical hard copies (or PDF scans that faithfully reproduce them) bear **original** authorized signatures, those artifacts are normally the **primary** supervisory evidence for execution and intent. The JSON and MT940 **specimens** in this repo remain **format and workflow** aids; they do not duplicate or replace custodied originals. Record **custody** (where originals live, who certified scans, optional file hashes) per your evidence policy.
## Layout (package root relative)
| Path | Role |
|------|------|
| `legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json` | Counsel receipt anchor |
| `settlement/SETTLEMENT_FINALITY_DECLARATION.json` | Instruction / receipt / credit flow declaration |
| `provenance/FUNDING_ORIGIN_CHAIN_3FR.json` | Bond → sale → transfer → allocation chain |
| `bank/JVMTM_BANK_BALANCE_JSON.json` | Certification **container** pending **bank-issued** MT940/camt.053 |
| `bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt` | **Specimen only** — MT940 layout for bank request & archival; not certified |
| `bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt` | **Specimen only** — same as above plus reserve / SIS / custody **narrative blocks** (not bank SWIFT text); use for traceability, not as issued statement |
| `bank/README_BANK_REQUEST_MT940_CAMT053.md` | Wording to request **official** MT940 or camt.053 |
| `bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json` | Example parse for `JVMTM_BANK_BALANCE_JSON` env (3-way generator); not bank-issued |
| `kyt/KYT_EXECUTION_RECORD.json` | KYT **container** pending vendor |
| `reconciliation/3WAY_RECONCILIATION_TRIGGER.json` | Links to ledger / bank file / chain records |
| `reserve/RESERVE_RECOGNITION_DECLARATION.json` | Provisional reserve classification |
| `reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json` | Machine-readable linkage: funding event + composition + SIS standard refs + custody cite (provisional) |
| `reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json` | Reserve composition + Titan custody cite mapped to HYBX / OMNL / DBIS declared roles |
| `governance/REGULATORY_STACK_DECLARATION.json` | Three-entity stack: commercial vs monetary vs sovereign risk domains; hosting relationship |
| `governance/REGULATORY_STACK_NARRATIVE.txt` | Human-readable mirror of the stack for auditors (verify against primary evidence) |
## Validation
```bash
bash scripts/validation/validate-reserve-provenance-package.sh
```
## Archive integration
`scripts/omnl/build-omnl-e2e-settlement-audit-archive.sh` copies this tree into the zip under **`reserve-provenance-package/`** (alongside `settlement-events/`, `audit-proof/`, etc.).
## Related repo tooling
- Operational 3-way: `scripts/omnl/generate-3way-reconciliation-evidence.sh` — point `JVMTM_BANK_BALANCE_JSON` at a **filled** bank JSON when MT940/API is available.
- KYT: `scripts/omnl/fetch-kyt-vendor-report.sh` — refuses to fabricate PASS.
- JVMTM templates: `config/jvmtm-regulatory-closure/`.

26
config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_JSON.json Normal file
View File

@@ -0,0 +1,26 @@
{
"schema_version": 1,
"documentType": "BankBalanceCertification",
"institution": "Titan Financial Holdings, LLC",
"accountHolder": "3FR, LLC",
"statementSource": "Pending_MT940_or_API",
"balanceSnapshot": {
"availableBalance": "UNCONFIRMED",
"ledgerBalance": "UNCONFIRMED"
},
"status": "AWAITING_BANK_EXPORT",
"mt103CrossReference": {
"reference": "MERE-71-FIDES-5463-3892-01",
"declaredCreditUsdMajor": "645000000000.00",
"receivingAccountSpecimen": "WMGT202011580",
"note": "MT103 hard copy must reconcile to bank-issued MT940/camt.053 on same reference, amount, and account."
},
"specimensInRepo": {
"mt940FormatSpecimen": "bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt",
"bankRequestTemplate": "bank/README_BANK_REQUEST_MT940_CAMT053.md",
"parsedJsonExampleForGenerator": "bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json"
},
"integration": {
"forThreeWayGenerator": "Export bank-issued statement to JSON with value_major, statement_ref, fetched_at (see .example.json), then: JVMTM_BANK_BALANCE_JSON=<path> bash scripts/omnl/generate-3way-reconciliation-evidence.sh"
}
}

16
config/reserve-provenance-package/bank/JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json Normal file
View File

@@ -0,0 +1,16 @@
{
"_comment": "EXAMPLE ONLY — replace with fields parsed from bank-ISSUED MT940 or camt.053. For generate-3way-reconciliation-evidence.sh use value_major + statement_ref + fetched_at.",
"bank": "Titan Financial Holdings, LLC",
"accountHolder": "3FR, LLC",
"accountNumber": "WMGT202011580",
"currency": "USD",
"openingBalance": "0.00",
"closingBalance": "645000000000.00",
"availableBalance": "645000000000.00",
"transactionReference": "MERE-71-FIDES-5463-3892-01",
"valueDate": "2023-12-14",
"value_major": "645000000000.00",
"statement_ref": "REPLACE_WITH_BANK_MT940_SEQUENCE_OR_CAMT_MSG_ID",
"fetched_at": "2023-12-18T00:00:00Z",
"source": "operator:parsed_from_bank_issued_MT940"
}

80
config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt Normal file
View File

@@ -0,0 +1,80 @@
================================================================================
NON-AUTHORITATIVE SPECIMEN — NOT BANK-ISSUED
================================================================================
This file is a **structural template / request specification** for SWIFT MT940
(hard-copy or digital) aligned to reference MERE-71-FIDES-5463-3892-01.
**Only the custodian bank may issue an authoritative MT940** (or camt.053).
Do not present this specimen as a certified bank statement. Officer names,
signatures, and seals must come from the bank only.
Classification: BANK STATEMENT MESSAGE — SWIFT MT940 FORMAT — SPECIMEN FOR REQUEST & ARCHIVAL LAYOUT
================================================================================
-----------------------------------------------
SWIFT MESSAGE TYPE: MT940
BANK TO CUSTOMER STATEMENT
-----------------------------------------------
:20:TRXREF-MERE-71-FIDES-5463-3892-01
:25:ACCOUNT-NO-WMGT202011580
ACCOUNT HOLDER: 3FR, LLC
BANK: TITAN FINANCIAL HOLDINGS, LLC
:28C:00001/001
:60F:C231214USD000000000000,00
OPENING BALANCE
DATE: 14 DECEMBER 2023
CURRENCY: USD
BALANCE: 0.00
:61:231214C645000000000,00NTRFNONREF
VALUE DATE: 14 DECEMBER 2023
ENTRY DATE: 14 DECEMBER 2023
CREDIT
AMOUNT: 645,000,000,000.00 USD
:86:
TRANSACTION DETAILS:
ORIGIN BANK: FIDES GESTION FINANCIERA, S.A.P.I. DE C.V.
BENEFICIARY: 3FR, LLC
REFERENCE: MERE-71-FIDES-5463-3892-01
PAYMENT TYPE: SINGLE CUSTOMER CREDIT TRANSFER
METHOD: MANUAL MT103 DELIVERY
LEGAL STATUS: IRREVOCABLE
:62F:C231214USD645000000000,00
CLOSING BALANCE
DATE: 14 DECEMBER 2023
CURRENCY: USD
BALANCE: 645,000,000,000.00
:64:C231214USD645000000000,00
AVAILABLE BALANCE
-----------------------------------------------
END OF MESSAGE
-----------------------------------------------
BANK CERTIFICATION (TO BE COMPLETED BY BANK ONLY — DO NOT FILL IN REPO COPY)
Institution:
Titan Financial Holdings, LLC
Authorized Officer:
______________________________
Title:
Bank Operations Officer
Date:
______________________________
Official Seal:
______________________________
================================================================================
END SPECIMEN
================================================================================

168
config/reserve-provenance-package/bank/MT940_STATEMENT_3FR_TITAN_RESERVE_LINKED.txt Normal file
View File

@@ -0,0 +1,168 @@
================================================================================
SPECIMEN / WORKFLOW TEMPLATE — NOT BANK-ISSUED — NOT SWIFT-VALIDATED
================================================================================
This file is a STRUCTURAL and NARRATIVE specimen for packaging, bank requests,
and archival layout. It is NOT an authoritative MT940 from Titan or any bank.
- Only the custodian bank may issue a certified MT940 (or camt.053 / API).
- Sections below labeled RESERVE / DUE DILIGENCE / CUSTODIAL are NARRATIVE
overlays for traceability to your deal file; they are NOT standard SWIFT
:86: subfields and would not appear this way on a real bank export unless
the bank explicitly formats them so.
- Executive Order and DCID citations describe an INVESTIGATIVE / DUE DILIGENCE
standard reference used in documentation — NOT a U.S. government endorsement,
regulatory clearance, or prudential approval of reserves.
- RECONCILE all magnitudes (especially custodial totals) to executed originals;
reserve summary (~1.545T USD) and a 15-digit custody line may conflict — fix
against source PDFs before any submission.
================================================================================
-----------------------------------------------
SWIFT MESSAGE TYPE: MT940 (SPECIMEN)
BANK TO CUSTOMER STATEMENT
RESERVE-LINKED BALANCE RECORD (NARRATIVE SPECIMEN ONLY)
-----------------------------------------------
:20:TRXREF-MERE-71-FIDES-5463-3892-01
:25:ACCOUNT-NO-WMGT202011580
ACCOUNT HOLDER: 3FR, LLC
BANK: TITAN FINANCIAL HOLDINGS, LLC
:28C:00001/001
-----------------------------------------------
OPENING BALANCE
-----------------------------------------------
:60F:C231214USD000000000000,00
DATE: 14 DECEMBER 2023
CURRENCY: USD
OPENING BALANCE: 0.00
-----------------------------------------------
PRIMARY CREDIT ENTRY
-----------------------------------------------
:61:231214C645000000000,00NTRFNONREF
VALUE DATE: 14 DECEMBER 2023
ENTRY DATE: 14 DECEMBER 2023
CREDIT AMOUNT:
645,000,000,000.00 USD
-----------------------------------------------
TRANSACTION DETAIL
-----------------------------------------------
:86:
ORIGINATING INSTITUTION:
FIDES GESTION FINANCIERA, S.A.P.I. DE C.V.
BENEFICIARY:
3FR, LLC
TRANSFER TYPE:
SINGLE CUSTOMER CREDIT TRANSFER
REFERENCE:
MERE-71-FIDES-5463-3892-01
METHOD:
MANUAL MT103 DELIVERY
LEGAL STATUS:
IRREVOCABLE TRANSFER
-----------------------------------------------
RESERVE STRUCTURE REFERENCE (NARRATIVE — NOT BANK SWIFT TEXT)
-----------------------------------------------
SUPPORTING RESERVE COMPONENT:
M00 RESERVE VALUE:
309,000,000,000.00 USD
M0 EXPANDED VALUE:
900,000,000,000.00 USD
RESERVE CLASSIFICATION:
GOLD-BACKED MONETARY SUPPORT (AS DESCRIBED IN DEAL DOCUMENTATION)
SUPPORT SOURCE:
CLEARWATER PREMIERE PERPETUAL MASTER, LLC
-----------------------------------------------
CLOSING BALANCE
-----------------------------------------------
:62F:C231214USD645000000000,00
DATE: 14 DECEMBER 2023
CLOSING BALANCE:
645,000,000,000.00 USD
-----------------------------------------------
AVAILABLE BALANCE
-----------------------------------------------
:64:C231214USD645000000000,00
AVAILABLE BALANCE:
645,000,000,000.00 USD
-----------------------------------------------
DUE DILIGENCE REFERENCE (NARRATIVE — NOT BANK SWIFT TEXT)
-----------------------------------------------
CLEARANCE PROVIDER:
Strategic Intelligence Service (SIS)
INVESTIGATIVE / DUE DILIGENCE STANDARD REFERENCES (NOT GOVERNMENT ENDORSEMENT):
- Executive Order 12829
- Executive Order 12968
- Executive Order 10450
- DCID 6/4
DOCUMENTATION CHARACTERIZATION (AS STATED IN DEAL FILE — VERIFY):
Funds described as verified clean and unencumbered per SIS letter
-----------------------------------------------
CUSTODIAL BALANCE CONFIRMATION (NARRATIVE — NOT BANK SWIFT TEXT)
-----------------------------------------------
REFERENCE DOCUMENT:
Titan Financial custodial balance sheet (as cited in deal file — page reference
in counsel bundle)
DECLARED TOTAL ASSET BASE (AS TRANSCRIBED FROM PAGE 5 NARRATIVE — RECONCILE):
1,545,000,000,000,000.00 USD
SPECIMEN NOTE: If reserve composition summary uses ~1.545 trillion USD, this
15-digit figure may be a transcription error — confirm against executed PDF.
-----------------------------------------------
END OF MESSAGE (SPECIMEN)
-----------------------------------------------
BANK CERTIFICATION (PLACEHOLDER ONLY — REAL BANK COMPLETES)
Institution:
Titan Financial Holdings, LLC
Authorized Officer:
______________________________
Title:
Bank Operations Officer
Date:
______________________________
Official Seal:
______________________________

42
config/reserve-provenance-package/bank/README_BANK_REQUEST_MT940_CAMT053.md Normal file
View File

@@ -0,0 +1,42 @@
# Requesting the authoritative statement (MT940 or camt.053)
Use this language when asking the **custodian bank** for the record that anchors **MT103 → ledger balance → reconciliation**.
## Request (copy/paste)
**Subject:** Official customer statement export — MT940 or ISO 20022 camt.053
**Body:**
Request: **Official MT940 Statement Export** (or **camt.053** if your core issues ISO 20022 instead of SWIFT Fin).
- **Account:** WMGT202011580 (or current account identifier)
- **Account holder:** 3FR, LLC
- **Institution:** Titan Financial Holdings, LLC (or actual booking entity)
- **Date range:** 14 December 2023 (adjust to cover value date of credit **MERE-71-FIDES-5463-3892-01**)
**Required:**
- Format: **SWIFT MT940** *or* **ISO 20022 camt.053** (banks standard)
- **Hard copy and digital** (as your policy allows)
- **Signed and certified** by an **authorized bank officer** (names, titles, seals are **bank-only** — do not fabricate in-repo specimens)
## Reconciliation alignment
The bank-issued statement must be **deterministic** with your MT103 hard copy:
| Check | Must match |
|-------|------------|
| Reference | MERE-71-FIDES-5463-3892-01 (or banks :20: / equivalent) |
| Credit amount | USD 645,000,000,000.00 (per your executed transfer) |
| Receiving account | WMGT202011580 / 3FR, LLC (per bank books) |
## After receipt
1. Archive **bank-original** PDF/XML/txt (hash if required by policy).
2. Parse closing/available balance into a JSON file consumable by `JVMTM_BANK_BALANCE_JSON` / `generate-3way-reconciliation-evidence.sh` — see `JVMTM_BANK_BALANCE_PARSED_EXAMPLE_AFTER_MT940.example.json`.
3. Update `JVMTM_BANK_BALANCE_JSON.json` certification container status from `AWAITING_BANK_EXPORT` to reflect **bank-issued** evidence (separate commit / secure store).
## Specimen on disk
`MT940_STATEMENT_3FR_TITAN_RECEIVING_ACCOUNT.txt` is a **format model** only — see file header.

88
config/reserve-provenance-package/governance/REGULATORY_STACK_DECLARATION.json Normal file
View File

@@ -0,0 +1,88 @@
{
"schema_version": 1,
"documentType": "RegulatoryStackDeclaration",
"stackStructure": [
{
"entity": "HYBX",
"classification": "Commercial Financial Services Provider",
"regulatoryStatus": {
"licenseType": [
"AUSTRAC Financial Services Provider (FSP)",
"Digital Currency Exchange (DCE)"
],
"jurisdiction": "Australia"
},
"functionalRole": [
"Liquidity Processing",
"Transaction Routing",
"Digital Asset Exchange Infrastructure"
],
"riskDomain": "Commercial"
},
{
"entity": "OMNL",
"classification": "Central Bank",
"identifiers": {
"lei": "98450070C57395F6B906",
"leiStandard": "ISO 17442"
},
"leiProvenance": "Mirrored from docs/04-configuration/mifos-omnl-central-bank/OMNL_ENTITY_MASTER_DATA.json (Head Office, clientNumber 1). Confirm current status in GLEIF before supervisory or counterparty reliance.",
"regulatoryStatus": {
"designation": "Monetary Authority",
"jurisdiction": "Central Banking Authority"
},
"functionalRole": [
"Monetary Issuance",
"Reserve Custody",
"Settlement Oversight"
],
"riskDomain": "Monetary",
"charterAcknowledgment": {
"describedInDealDocumentation": "OMNL charter acknowledged under U.S. Executive Order and DCID clearance / due-diligence standards (parallel reference lists)",
"executiveOrdersReferenced": [
"Executive Order 12829",
"Executive Order 12968",
"Executive Order 10450"
],
"dcidStandardsReferenced": ["DCID 6/4"],
"characterization": "investigative_and_due_diligence_standard_reference",
"notGovernmentEndorsementOfCharter": true,
"notSubstituteForExecutedCharter": true,
"note": "Citations describe documentation context — not U.S. government approval, validation, or prudential recognition of the charter. Attach executed charter and legal opinions out of band."
}
},
{
"entity": "DBIS",
"classification": "Sovereign Governmental Monetary Authority",
"regulatoryStatus": {
"designation": "Sovereign governmental body",
"sovereignFramework": "SMOM — OSJ",
"jurisdiction": "Sovereign governmental (under SMOMOSJ)"
},
"functionalRole": [
"Reserve Governance",
"Policy Authority",
"International Monetary Coordination"
],
"riskDomain": "Sovereign"
}
],
"hostingRelationship": {
"hostEntity": "HYBX",
"hostedEntities": ["OMNL", "DBIS"],
"hostingModel": "Regulated Infrastructure Hosting"
},
"regulatorySeparationStatement": {
"statement": "Each entity is described here under distinct declared regulatory authority and functional mandate, supporting separation of commercial, monetary, and governmental risk domains for documentation and supervisory dialogue."
},
"regulatoryEvidence": {
"hybxAustracDceRegistrationNumber": null,
"omnlLeiGleifVerificationRequired": true,
"omnlCharterOrEstablishmentReference": null,
"dbisGovernmentCharterReference": null,
"dbisSmomOsjEstablishmentReference": null,
"evidenceNote": "OMNL LEI — verify in GLEIF. OMNL charter: EO and DCID references above are contextual only; executed charter still required in primary evidence. HYBX FSP/DCE and DBIS/SMOMOSJ charter references null until primary-source artifacts attached."
},
"disclaimer": "Declared operational and jurisdictional posture for architecture documentation — not legal advice, not a regulator determination, and not substitute for verified licenses, charters, or supervisory recognition.",
"timestamp": "2023-12-18T00:00:00Z"
}

50
config/reserve-provenance-package/governance/REGULATORY_STACK_NARRATIVE.txt Normal file
View File

@@ -0,0 +1,50 @@
================================================================================
HUMAN-READABLE DECLARATION — VERIFY AGAINST LICENSES, CHARTERS, AND SUPERVISORS
================================================================================
This text mirrors governance/REGULATORY_STACK_DECLARATION.json for auditors who
read narratives first. It is not legal advice and does not assert government or
prudential approval. AUSTRAC FSP/DCE claims require verified registration
evidence; central-bank and sovereign roles require charter or establishment
documentation as applicable.
================================================================================
REGULATORY STRUCTURE DECLARATION
This financial infrastructure is described as operating across three distinct
declared entities for jurisdictional and risk-domain separation:
1. HYBX operates as a licensed Financial Services Provider (FSP) and Digital
Currency Exchange (DCE) under AUSTRAC regulatory authority (Australia).
HYBX is described as the commercial transaction infrastructure host.
2. OMNL functions as a Central Bank entity responsible for monetary issuance,
reserve management, and settlement authority functions. OMNL is identified
for interoperability using Legal Entity Identifier (LEI) ISO 17442, currently
mirrored from OMNL_ENTITY_MASTER_DATA.json — verify in GLEIF before reliance.
Deal documentation describes the OMNL charter as acknowledged under U.S.
Executive Order standards (12829, 12968, 10450) and DCID 6/4, in parallel, in
a clearance / due-diligence context; that framing is a standard reference, not
U.S. government endorsement of the charter — retain executed charter and
counsel review as primary evidence.
3. The Digital Bank of International Settlements (DBIS) is described as a
sovereign governmental monetary authority under the SMOMOSJ framework,
responsible for sovereign monetary governance and international financial
coordination. Map this description to primary establishment / charter
documentation out of band.
These three entities are intended to maintain regulatory separation across:
- Commercial Operations (HYBX)
- Monetary Authority (OMNL)
- Sovereign Policy (DBIS)
HYBX is described as providing regulated infrastructure hosting services to
OMNL and DBIS while maintaining operational segregation and compliance with
applicable financial regulations.
This structure is presented to clarify separation of commercial, monetary,
and sovereign financial risk domains in documentation. Supervisors and counsel
should map each claim to primary-source evidence (registration numbers, charters,
legal opinions) before reliance.

15
config/reserve-provenance-package/kyt/KYT_EXECUTION_RECORD.json Normal file
View File

@@ -0,0 +1,15 @@
{
"schema_version": 1,
"documentType": "KYTExecutionRecord",
"provider": "PendingVendorIntegration",
"screeningStatus": "PENDING",
"transactionReference": "MERE-71-FIDES-5463-3892-01",
"riskEvaluation": {
"sanctionsCheck": "PENDING",
"riskScore": "UNAVAILABLE"
},
"integration": {
"script": "scripts/omnl/fetch-kyt-vendor-report.sh",
"note": "Do not mark PASS without vendor-issued record; merge vendor export into this container or sibling file under validation/."
}
}

34
config/reserve-provenance-package/legal/ATTORNEY_RECEIPT_ATTESTATION_3FR.json Normal file
View File

@@ -0,0 +1,34 @@
{
"schema_version": 1,
"documentType": "AttorneyReceiptAttestation",
"attestingParty": {
"role": "Receiving Attorney",
"entity": "Titan Financial Holdings, LLC",
"jurisdiction": "Wyoming, USA"
},
"transactionReference": {
"mt103Reference": "MERE-71-FIDES-5463-3892-01",
"originInstitution": "FIDES Gestion Financiera, S.A.P.I. de C.V.",
"beneficiary": "3FR, LLC"
},
"receiptDetails": {
"attestationType": "FundsReceiptConfirmation",
"method": "Manual MT103 Deposit",
"declaredAmount": "645000000000.00 USD",
"receiptAcknowledged": true,
"attestationBasis": [
"MT103 hard copy",
"transfer confirmation records",
"supporting financial statements"
]
},
"legalDeclaration": {
"statement": "Funds referenced herein were received under authority of the receiving counsel and recorded as delivered into the beneficiary structure.",
"status": "ATTESTED"
},
"evidenceStaging": {
"counselReviewRequired": true,
"notSubstituteForBankConfirmation": true
},
"timestamp": "2023-12-18T00:00:00Z"
}

38
config/reserve-provenance-package/provenance/FUNDING_ORIGIN_CHAIN_3FR.json Normal file
View File

@@ -0,0 +1,38 @@
{
"schema_version": 1,
"documentType": "FundingOriginNarrative",
"originChain": [
{
"stage": 1,
"event": "Bond Transfer",
"entity": "Global Infrastructure Finance & Development Authority, Inc.",
"date": "2022-03-29"
},
{
"stage": 2,
"event": "Bond Sale",
"buyer": "OCHO L.B., S.A. de C.V.",
"invoice": "CPPM-23-6-001",
"date": "2023-07-10"
},
{
"stage": 3,
"event": "Funds Transfer",
"amount": "75000000000.00 USD",
"destination": "Clearwater Premiere Perpetual Master, LLC",
"date": "2023-07-11"
},
{
"stage": 4,
"event": "Security Allocation",
"amount": "17000000000.00 USD",
"destination": "Integrated Transport Security",
"date": "2023-07-11"
}
],
"sourceIntegrity": {
"status": "CHAIN_CONTINUOUS",
"verificationMethod": "Legal Documentation Review",
"note": "Structured lineage from funding package narrative; corroborate with executed instruments and bank records."
}
}

45
config/reserve-provenance-package/reserve/RESERVE_HOSTING_AND_JURISDICTION_MAP.json Normal file
View File

@@ -0,0 +1,45 @@
{
"schema_version": 1,
"documentType": "ReserveHostingAndJurisdictionMap",
"primaryReserve": {
"reserveType": "Monetary Reserve",
"monetaryComposition": {
"cashComponentUsd": "92000000000.00",
"m00ComponentUsd": "309000000000.00",
"expandedM0EquivalentUsd": "900000000000.00"
},
"custodyLayer": {
"custodian": "Titan Financial Holdings, LLC",
"reportedAssetBaseTranscribedFromCustodyNarrativeUsd": "1545000000000000.00",
"scaleReconciliationNote": "Reconcile to executed custody documents and to reserve composition summary (~1.545T USD) before supervisory use — see RESERVE_MONETARY_LINKAGE_DECLARATION.json."
}
},
"jurisdictionalControl": {
"commercialInfrastructure": {
"entity": "HYBX",
"regulatoryStatusDeclared": "AUSTRAC Licensed FSP and DCE (verify registration)",
"role": "Operational Infrastructure Provider"
},
"monetaryAuthority": {
"entity": "OMNL",
"classification": "Central Bank",
"role": "Reserve Authority",
"lei": "98450070C57395F6B906",
"leiSource": "OMNL_ENTITY_MASTER_DATA.json (Head Office); verify GLEIF",
"charterContext": "Described as acknowledged under EO 12829/12968/10450 and DCID 6/4 (parallel) in documentation — not government endorsement; see REGULATORY_STACK_DECLARATION.json"
},
"sovereignAuthority": {
"entity": "DBIS",
"classification": "Sovereign governmental body under SMOMOSJ",
"role": "Policy Governance Authority"
}
},
"operationalHierarchy": [
"DBIS — Sovereign policy layer",
"OMNL — Monetary authority layer",
"HYBX — Commercial infrastructure layer"
],
"reserveRecognitionStatus": "PROVISIONALLY_STRUCTURED",
"disclaimer": "Maps declared entities to reserve narrative only; does not establish prudential reserve recognition, custodian confirmation, or verified regulatory standing.",
"timestamp": "2023-12-18T00:00:00Z"
}

39
config/reserve-provenance-package/reserve/RESERVE_MONETARY_LINKAGE_DECLARATION.json Normal file
View File

@@ -0,0 +1,39 @@
{
"schema_version": 1,
"documentType": "ReserveMonetaryLinkageDeclaration",
"primaryFundingEvent": {
"mt103Reference": "MERE-71-FIDES-5463-3892-01",
"settlementAmountUsd": "645000000000.00",
"note": "Transfer amount as in MT103 / attorney attestation narrative; bank statement must match reference, account, and amount."
},
"reserveStructure": {
"cashComponentUsd": "92000000000.00",
"m00ComponentUsd": "309000000000.00",
"expandedM0EquivalentUsd": "900000000000.00",
"totalAssetBaseApproxUsd": "1545000000000.00",
"compositionSource": "Reserve composition summary (deal file page 1 narrative — verify against executed originals)",
"supportEntityNamedInDocumentation": "Clearwater Premiere Perpetual Master, LLC"
},
"dueDiligenceReference": {
"provider": "Strategic Intelligence Service",
"investigativeStandardsReferenced": [
"Executive Order 12829",
"Executive Order 12968",
"Executive Order 10450",
"DCID 6/4"
],
"characterization": "investigative_and_due_diligence_standard_reference",
"notGovernmentEndorsement": true,
"notRegulatoryClearance": true,
"documentationStatus": "As stated in deal file — counsel to confirm against SIS letter"
},
"custodyReference": {
"custodian": "Titan Financial Holdings, LLC",
"custodyDocument": "Titan balance sheet / custodial record as cited in deal file (e.g. page 5)",
"statedTotalAssetBaseAsTranscribedFromPage5NarrativeUsd": "1545000000000000.00",
"scaleReconciliationNote": "Page 1 narrative cites ~1.545 trillion USD total asset base; page 5 transcription may use a different magnitude — reconcile to executed PDFs before supervisory use."
},
"reserveStatus": "PROVISIONAL_LINKAGE_NARRATIVE",
"disclaimer": "Structured linkage only; does not establish prudential reserve recognition, regulatory capital, or bank-confirmed balances. Authoritative MT940/camt.053/API remains with the custodian bank.",
"timestamp": "2023-12-18T00:00:00Z"
}

14
config/reserve-provenance-package/reserve/RESERVE_RECOGNITION_DECLARATION.json Normal file
View File

@@ -0,0 +1,14 @@
{
"schema_version": 1,
"documentType": "ReserveRecognitionDeclaration",
"reserveType": "Operational Liquidity Reserve",
"fundingSource": "Bond Monetization Proceeds",
"custodyStatus": "AttorneyAcknowledged",
"reserveEligibility": {
"legalOriginVerified": true,
"bankSettlementPending": true,
"kytVerificationPending": true
},
"status": "PROVISIONAL_RESERVE",
"disclaimer": "Provisional only until bank statement and KYT vendor evidence are attached; not prudential reserve recognition for regulatory capital without supervisor-approved methodology."
}

252
config/reserve-provenance-package/schemas/reserve-provenance-package.schema.json Normal file
View File

@@ -0,0 +1,252 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://d-bis.org/schemas/reserve-provenance-package.json",
"title": "Reserve provenance package (10 attestation documents)",
"oneOf": [
{ "$ref": "#/$defs/AttorneyReceiptAttestation" },
{ "$ref": "#/$defs/SettlementFinalityDeclaration" },
{ "$ref": "#/$defs/FundingOriginNarrative" },
{ "$ref": "#/$defs/BankBalanceCertification" },
{ "$ref": "#/$defs/KYTExecutionRecord" },
{ "$ref": "#/$defs/ThreeWayReconciliationTrigger" },
{ "$ref": "#/$defs/ReserveRecognitionDeclaration" },
{ "$ref": "#/$defs/ReserveMonetaryLinkageDeclaration" },
{ "$ref": "#/$defs/RegulatoryStackDeclaration" },
{ "$ref": "#/$defs/ReserveHostingAndJurisdictionMap" }
],
"$defs": {
"AttorneyReceiptAttestation": {
"type": "object",
"required": [
"schema_version",
"documentType",
"attestingParty",
"transactionReference",
"receiptDetails",
"legalDeclaration",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "AttorneyReceiptAttestation" },
"attestingParty": { "type": "object" },
"transactionReference": { "type": "object" },
"receiptDetails": { "type": "object" },
"legalDeclaration": { "type": "object" },
"evidenceStaging": { "type": "object" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"SettlementFinalityDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"transactionReference",
"finalityStatus",
"settlementType",
"confirmationFlow",
"legalEffect",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "SettlementFinalityDeclaration" },
"transactionReference": { "type": "string" },
"finalityStatus": { "type": "string" },
"settlementType": { "type": "string" },
"confirmationFlow": { "type": "object" },
"legalEffect": { "type": "object" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"FundingOriginNarrative": {
"type": "object",
"required": ["schema_version", "documentType", "originChain", "sourceIntegrity"],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "FundingOriginNarrative" },
"originChain": {
"type": "array",
"minItems": 1,
"items": { "type": "object" }
},
"sourceIntegrity": { "type": "object" }
},
"additionalProperties": true
},
"BankBalanceCertification": {
"type": "object",
"required": [
"schema_version",
"documentType",
"institution",
"accountHolder",
"statementSource",
"balanceSnapshot",
"status"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "BankBalanceCertification" },
"institution": { "type": "string" },
"accountHolder": { "type": "string" },
"statementSource": { "type": "string" },
"balanceSnapshot": { "type": "object" },
"status": { "type": "string" },
"integration": { "type": "object" }
},
"additionalProperties": true
},
"KYTExecutionRecord": {
"type": "object",
"required": [
"schema_version",
"documentType",
"provider",
"screeningStatus",
"transactionReference",
"riskEvaluation"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "KYTExecutionRecord" },
"provider": { "type": "string" },
"screeningStatus": { "type": "string" },
"transactionReference": { "type": "string" },
"riskEvaluation": { "type": "object" },
"integration": { "type": "object" }
},
"additionalProperties": true
},
"ThreeWayReconciliationTrigger": {
"type": "object",
"required": [
"schema_version",
"documentType",
"ledgerSource",
"bankSource",
"chainSource",
"executionStatus",
"reconciliationMode"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ThreeWayReconciliationTrigger" },
"ledgerSource": { "type": "string" },
"bankSource": { "type": "string" },
"chainSource": { "type": "string" },
"executionStatus": { "type": "string" },
"reconciliationMode": { "type": "string" },
"correlationHints": { "type": "object" },
"nextSteps": { "type": "array", "items": { "type": "string" } }
},
"additionalProperties": true
},
"ReserveRecognitionDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"reserveType",
"fundingSource",
"custodyStatus",
"reserveEligibility",
"status"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ReserveRecognitionDeclaration" },
"reserveType": { "type": "string" },
"fundingSource": { "type": "string" },
"custodyStatus": { "type": "string" },
"reserveEligibility": { "type": "object" },
"status": { "type": "string" },
"disclaimer": { "type": "string" }
},
"additionalProperties": true
},
"ReserveMonetaryLinkageDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"primaryFundingEvent",
"reserveStructure",
"dueDiligenceReference",
"custodyReference",
"reserveStatus",
"disclaimer",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ReserveMonetaryLinkageDeclaration" },
"primaryFundingEvent": { "type": "object" },
"reserveStructure": { "type": "object" },
"dueDiligenceReference": { "type": "object" },
"custodyReference": { "type": "object" },
"reserveStatus": { "type": "string" },
"disclaimer": { "type": "string" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"RegulatoryStackDeclaration": {
"type": "object",
"required": [
"schema_version",
"documentType",
"stackStructure",
"hostingRelationship",
"regulatorySeparationStatement",
"disclaimer",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "RegulatoryStackDeclaration" },
"stackStructure": {
"type": "array",
"minItems": 1,
"items": { "type": "object" }
},
"hostingRelationship": { "type": "object" },
"regulatorySeparationStatement": { "type": "object" },
"regulatoryEvidence": { "type": "object" },
"disclaimer": { "type": "string" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
},
"ReserveHostingAndJurisdictionMap": {
"type": "object",
"required": [
"schema_version",
"documentType",
"primaryReserve",
"jurisdictionalControl",
"operationalHierarchy",
"reserveRecognitionStatus",
"disclaimer",
"timestamp"
],
"properties": {
"schema_version": { "type": "integer", "minimum": 1 },
"documentType": { "const": "ReserveHostingAndJurisdictionMap" },
"primaryReserve": { "type": "object" },
"jurisdictionalControl": { "type": "object" },
"operationalHierarchy": {
"type": "array",
"items": { "type": "string" }
},
"reserveRecognitionStatus": { "type": "string" },
"disclaimer": { "type": "string" },
"timestamp": { "type": "string", "format": "date-time" }
},
"additionalProperties": true
}
}
}

21
config/reserve-provenance-package/settlement/SETTLEMENT_FINALITY_DECLARATION.json Normal file
View File

@@ -0,0 +1,21 @@
{
"schema_version": 1,
"documentType": "SettlementFinalityDeclaration",
"transactionReference": "MERE-71-FIDES-5463-3892-01",
"finalityStatus": "DECLARED_FINAL",
"settlementType": "SingleCustomerCreditTransfer",
"confirmationFlow": {
"instructionIssued": true,
"receiptConfirmed": true,
"creditDeclared": true
},
"legalEffect": {
"status": "Irrevocable",
"bindingAuthority": [
"Uniform Commercial Code",
"UNCITRAL Trade Law"
],
"disclaimer": "Institution-specific finality and governing law must be confirmed by counsel; this JSON records operational declaration only."
},
"timestamp": "2023-12-18T00:00:00Z"
}

138
config/smart-contracts-master.json Normal file
View File

@@ -0,0 +1,138 @@
{
"schemaVersion": 1,
"description": "Publishable Chain 138 + mainnet relay addresses. Mirrors scripts/verify/check-contracts-on-chain-138.sh (64 bytecode checks). .env overrides via load-contract-addresses.sh.",
"chains": {
"138": {
"mapper": "0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A",
"contracts": {
"WETH9": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"WETH10": "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f",
"Oracle_Aggregator": "0x99b3511a2d315a497c8112c1fdd8d508d4b1e506",
"Oracle_Proxy": "0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6",
"CCIP_Router": "0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817",
"CCIP_Router_Direct_Legacy": "0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e",
"CCIP_Sender": "0x105F8A15b819948a89153505762444Ee9f324684",
"CCIPWETH9_Bridge": "0xcacfd227A040002e49e2e01626363071324f820a",
"CCIPWETH9_Bridge_Direct_Legacy": "0x971cD9D156f193df8051E48043C476e53ECd4693",
"CCIPWETH10_Bridge": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0",
"LINK": "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03",
"cUSDT": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"cUSDC": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"TokenRegistry": "0x91Efe92229dbf7C5B38D422621300956B55870Fa",
"TokenFactory": "0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133",
"ComplianceRegistry": "0xbc54fe2b6fda157c59d59826bcfdbcc654ec9ea1",
"BridgeVault": "0x31884f84555210FFB36a19D2471b8eBc7372d0A8",
"FeeCollector": "0xF78246eB94c6CB14018E507E60661314E5f4C53f",
"DebtRegistry": "0x95BC4A997c0670d5DAC64d55cDf3769B53B63C28",
"PolicyManager": "0x0C4FD27018130A00762a802f91a72D6a64a60F14",
"TokenImplementation": "0x0059e237973179146237aB49f1322E8197c22b21",
"PriceFeed_Keeper": "0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04",
"OraclePriceFeed": "0x8918eE0819fD687f4eb3e8b9B7D0ef7557493cfa",
"WETH_MockPriceFeed": "0x3e8725b8De386feF3eFE5678c92eA6aDB41992B2",
"MerchantSettlementRegistry": "0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800",
"WithdrawalEscrow": "0xe77cb26eA300e2f5304b461b0EC94c8AD6A7E46D",
"UniversalAssetRegistry": "0xAEE4b7fBe82E1F8295951584CBc772b8BBD68575",
"GovernanceController": "0xA6891D5229f2181a34D4FF1B515c3Aa37dd90E0e",
"UniversalCCIPBridge": "0xCd42e8eD79Dc50599535d1de48d3dAFa0BE156F8",
"BridgeOrchestrator": "0x89aB428c437f23bAB9781ff8Db8D3848e27EeD6c",
"PaymentChannelManager": "0x302aF72966aFd21C599051277a48DAa7f01a5f54",
"GenericStateChannelManager": "0xe5e3bB424c8a0259FDE23F0A58F7e36f73B90aBd",
"AddressMapper": "0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A",
"MirrorManager": "0x6eD905A30c552a6e003061A38FD52A5A427beE56",
"Lockbox138": "0xFce6f50B312B3D936Ea9693C5C9531CF92a3324c",
"CREATE2Factory": "0x750E4a8adCe9f0e67A420aBE91342DC64Eb90825",
"UniversalAssetRegistry_Deterministic": "0xC98602aa574F565b5478E8816BCab03C9De0870f",
"UniversalCCIPBridge_Deterministic": "0x532DE218b94993446Be30eC894442f911499f6a3",
"MirrorRegistry": "0x6427F9739e6B6c3dDb4E94fEfeBcdF35549549d8",
"AlltraAdapter": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc",
"TransactionMirror": "0x7131F887DBEEb2e44c1Ed267D2A68b5b83285afc",
"DODO_Pool_cUSDT_cUSDC": "0xff8d3b8fDF7B112759F076B69f4271D4209C0849",
"DODOPMMIntegration": "0x5BDc62f1ae7D630c37A8B363a1d49845356Ee72d",
"DODOPMMProvider": "0x5CAe6Ce155b7f08D3a956F5Dc82fC9945f29B381",
"DODO_Pool_cUSDT_USDT": "0x6fc60DEDc92a2047062294488539992710b99D71",
"DODO_Pool_cUSDC_USDC": "0x9f74Be42725f2Aa072a9E0CdCce0E7203C510263",
"ReserveSystem": "0x607e97cD626f209facfE48c1464815DDE15B5093",
"ReserveTokenIntegration": "0x34B73e6EDFd9f85a7c25EeD31dcB13aB6E969b96",
"RegulatedEntityRegistry": "0xEA4C892D6c1253797c5D95a05BF3863363080b4B",
"VaultFactory": "0xB2Ac70f35A81481B005067ed6567a5043BA32336",
"Ledger": "0x67b3831dc64C14FB9352B2a45C6Dd69b3C86B7af",
"Liquidation": "0x3aCdbCB749d6037a02F0ef6ea2E5Fb89D31fAB72",
"XAU_Oracle": "0xf23E1eDa304082ab7a81531dFE6020E6105e77A8",
"cEURC": "0x8085961F9cF02b4d800A3c6d386D31da4B34266a",
"cEURT": "0xdf4b71c61E5912712C1Bdd451416B9aC26949d72",
"cGBPC": "0x003960f16D9d34F2e98d62723B6721Fb92074aD2",
"cGBPT": "0x350f54e4D23795f86A9c03988c7135357CCaD97c",
"cAUDC": "0xD51482e567c03899eecE3CAe8a058161FD56069D",
"cJPYC": "0xEe269e1226a334182aace90056EE4ee5Cc8A6770",
"cCHFC": "0x873990849DDa5117d7C644f0aF24370797C03885",
"cCADC": "0x54dBd40cF05e15906A2C21f600937e96787f5679",
"cXAUC": "0x290E52a8819A4fbD0714E517225429aA2B70EC6b",
"cXAUT": "0x94e408E26c6FD8F4ee00b54dF19082FDA07dC96E",
"ISO20022Router": "0xBf1BB3E73C2DB7c4aebCd7bf757cdD1C12dE9074"
},
"envVarMap": {
"CCIP_ROUTER": "CCIP_Router",
"CCIP_ROUTER_CHAIN138": "CCIP_Router",
"CCIP_ROUTER_CHAIN138_LINK": "CCIP_Router",
"CHAIN_138_CCIP_ROUTER": "CCIP_Router",
"CCIP_ROUTER_DIRECT_LEGACY": "CCIP_Router_Direct_Legacy",
"CCIPWETH9_BRIDGE_CHAIN138": "CCIPWETH9_Bridge",
"CCIPWETH9_BRIDGE_CHAIN138_LINK": "CCIPWETH9_Bridge",
"CCIPWETH9_BRIDGE_DIRECT_LEGACY": "CCIPWETH9_Bridge_Direct_Legacy",
"CCIPWETH10_BRIDGE_CHAIN138": "CCIPWETH10_Bridge",
"LINK_TOKEN": "LINK",
"LINK_TOKEN_CHAIN138": "LINK",
"CCIP_FEE_TOKEN": "LINK",
"ORACLE_AGGREGATOR_ADDRESS": "Oracle_Aggregator",
"ORACLE_PROXY_ADDRESS": "Oracle_Proxy",
"COMPLIANCE_REGISTRY": "ComplianceRegistry",
"COMPLIANCE_REGISTRY_ADDRESS": "ComplianceRegistry",
"TOKEN_FACTORY": "TokenFactory",
"BRIDGE_VAULT": "BridgeVault",
"DEBT_REGISTRY": "DebtRegistry",
"POLICY_MANAGER": "PolicyManager",
"TOKEN_IMPLEMENTATION": "TokenImplementation",
"TOKEN_REGISTRY_ADDRESS": "TokenRegistry",
"FEE_COLLECTOR_ADDRESS": "FeeCollector",
"COMPLIANT_USDT_ADDRESS": "cUSDT",
"COMPLIANT_USDC_ADDRESS": "cUSDC",
"DODO_PMM_INTEGRATION_ADDRESS": "DODOPMMIntegration",
"CHAIN_138_DODO_PMM_INTEGRATION": "DODOPMMIntegration",
"DODO_PMM_PROVIDER_ADDRESS": "DODOPMMProvider",
"TRANSACTION_MIRROR_ADDRESS": "TransactionMirror",
"PAYMENT_CHANNEL_MANAGER": "PaymentChannelManager",
"GENERIC_STATE_CHANNEL_MANAGER": "GenericStateChannelManager",
"ADDRESS_MAPPER": "AddressMapper",
"MIRROR_MANAGER": "MirrorManager",
"MERCHANT_SETTLEMENT_REGISTRY": "MerchantSettlementRegistry",
"SETTLEMENT_REGISTRY_ADDRESS": "MerchantSettlementRegistry",
"WITHDRAWAL_ESCROW_ADDRESS": "WithdrawalEscrow",
"CREATE2_FACTORY": "CREATE2Factory",
"UNIVERSAL_ASSET_REGISTRY": "UniversalAssetRegistry",
"GOVERNANCE_CONTROLLER": "GovernanceController",
"UNIVERSAL_CCIP_BRIDGE": "UniversalCCIPBridge",
"BRIDGE_ORCHESTRATOR": "BridgeOrchestrator",
"UNIVERSAL_ASSET_REGISTRY_DETERMINISTIC": "UniversalAssetRegistry_Deterministic",
"UNIVERSAL_CCIP_BRIDGE_DETERMINISTIC": "UniversalCCIPBridge_Deterministic",
"MIRROR_REGISTRY": "MirrorRegistry",
"ALLTRA_ADAPTER": "AlltraAdapter",
"RESERVE_SYSTEM": "ReserveSystem",
"ORACLE_PRICE_FEED": "OraclePriceFeed",
"CHAIN138_WETH_MOCK_PRICE_FEED": "WETH_MockPriceFeed",
"RESERVE_TOKEN_INTEGRATION": "ReserveTokenIntegration",
"REGULATED_ENTITY_REGISTRY": "RegulatedEntityRegistry",
"VAULT_FACTORY": "VaultFactory"
}
},
"1": {
"contracts": {
"CCIP_Relay_Router": "0xAd9A228CcEB4cbB612cD165FFB72fE090ff10Afb",
"CCIP_Relay_Bridge": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939"
},
"envVarMap": {
"CCIP_RELAY_ROUTER_MAINNET": "CCIP_Relay_Router",
"CCIP_RELAY_BRIDGE_MAINNET": "CCIP_Relay_Bridge"
}
}
}
}

18
config/systemd/sankofa-it-inventory-export.service.example Normal file
View File

@@ -0,0 +1,18 @@
# Weekly (or on-demand) live inventory + drift export on a host that has repo + LAN SSH to Proxmox.
# Pair with sankofa-it-inventory-export.timer.example.
#
# sudo cp config/systemd/sankofa-it-inventory-export.service.example /etc/systemd/system/sankofa-it-inventory-export.service
# sudo cp config/systemd/sankofa-it-inventory-export.timer.example /etc/systemd/system/sankofa-it-inventory-export.timer
# sudo systemctl daemon-reload && sudo systemctl enable --now sankofa-it-inventory-export.timer
#
[Unit]
Description=Export Proxmox live inventory and IPAM drift (proxmox repo)
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
User=root
WorkingDirectory=/opt/proxmox
# Load PROXMOX_HOST / SSH keys as needed; script uses config/ip-addresses.conf + .env when present.
ExecStart=/usr/bin/bash /opt/proxmox/scripts/it-ops/export-live-inventory-and-drift.sh

10
config/systemd/sankofa-it-inventory-export.timer.example Normal file
View File

@@ -0,0 +1,10 @@
# Run inventory export weekly (Sunday 03:30 UTC). Adjust OnCalendar for your ops window.
[Unit]
Description=Timer — Proxmox live inventory + drift export
[Timer]
OnCalendar=Sun *-*-* 03:30:00
Persistent=true
[Install]
WantedBy=timers.target

27
config/systemd/sankofa-it-read-api.service.example Normal file
View File

@@ -0,0 +1,27 @@
# Example systemd unit — IT inventory read API (Phase 0 stub).
# Copy to /etc/systemd/system/sankofa-it-read-api.service, adjust paths and User=.
#
# sudo cp config/systemd/sankofa-it-read-api.service.example /etc/systemd/system/sankofa-it-read-api.service
# sudo systemctl daemon-reload && sudo systemctl enable --now sankofa-it-read-api
#
[Unit]
Description=Sankofa IT read API (live inventory JSON)
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/proxmox
# Production pattern (see scripts/deployment/bootstrap-sankofa-it-read-api-lan.sh):
EnvironmentFile=-/etc/sankofa-it-read-api.env
# Or inline (dev):
# Environment=IT_READ_API_HOST=127.0.0.1
# Environment=IT_READ_API_PORT=8787
# Environment=IT_READ_API_KEY=change-me
# Optional: IT_READ_API_CORS_ORIGINS=https://portal.sankofa.nexus
ExecStart=/usr/bin/python3 /opt/proxmox/services/sankofa-it-read-api/server.py
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

17
config/systemd/sankofa-public-web.service Normal file
View File

@@ -0,0 +1,17 @@
[Unit]
Description=Sankofa corporate public web (Next.js root app) for sankofa.nexus
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/sankofa-public-web
Environment=NODE_ENV=production
Environment=PORT=3000
# Use login shell so corepack/pnpm PATH matches interactive CT admin.
ExecStart=/bin/bash -lc 'cd /opt/sankofa-public-web && exec pnpm start'
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

594
config/token-mapping-loader.cjs
View File

@@ -1,55 +1,125 @@
/**
* Load token mapping from config/token-mapping.json and config/token-mapping-multichain.json.
* Used by relay service, bridge/LP tooling, and docs. Safe to publish (no secrets).
* Load relay mappings, GRU transport overlay config, routing registry, and deployment JSON.
* Used by relay service, token-aggregation, bridge/LP tooling, and docs. Safe to publish.
*
* Usage:
* const { getRelayTokenMapping, getTokenMappingForPair } = require('../config/token-mapping-loader.cjs');
* const map = getRelayTokenMapping(); // 138 -> Mainnet (chain138Address -> mainnetAddress)
* const pair = getTokenMappingForPair(138, 651940); // { tokens, addressMapFromTo, addressMapToFrom }
*
* @version 2026-02-16
* @version 2026-03-30
*/
const path = require('path');
const fs = require('fs');
const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000';
const DEFAULT_JSON_PATH = path.resolve(__dirname, 'token-mapping.json');
const DEFAULT_MULTICHAIN_JSON_PATH = path.resolve(__dirname, 'token-mapping-multichain.json');
const DEFAULT_GRU_ACTIVE_JSON_PATH = path.resolve(__dirname, 'gru-transport-active.json');
const DEFAULT_ROUTING_REGISTRY_JSON_PATH = path.resolve(__dirname, 'routing-registry.json');
const DEFAULT_DEPLOYMENT_STATUS_JSON_PATH = path.resolve(
__dirname,
'..',
'cross-chain-pmm-lps',
'config',
'deployment-status.json'
);
const DEFAULT_POOL_MATRIX_JSON_PATH = path.resolve(
__dirname,
'..',
'cross-chain-pmm-lps',
'config',
'pool-matrix.json'
);
let _cache = null;
let _multichainCache = null;
const JSON_CACHES = {
token: null,
multichain: null,
gruTransport: null,
routingRegistry: null,
deploymentStatus: null,
poolMatrix: null,
};
function loadTokenMappingJson(jsonPath = DEFAULT_JSON_PATH) {
if (_cache && _cache.path === jsonPath) return _cache.data;
function loadCachedJson(cacheKey, jsonPath) {
const current = JSON_CACHES[cacheKey];
if (current && current.path === jsonPath) return current.data;
try {
const raw = fs.readFileSync(jsonPath, 'utf8');
const data = JSON.parse(raw);
_cache = { path: jsonPath, data };
JSON_CACHES[cacheKey] = { path: jsonPath, data };
return data;
} catch (e) {
return null;
}
}
function normalizeAddress(address) {
return typeof address === 'string' ? address.trim().toLowerCase() : '';
}
function normalizeSymbol(symbol) {
return typeof symbol === 'string' ? symbol.trim().toLowerCase() : '';
}
function normalizeTransportSymbol(symbol) {
const normalized = normalizeSymbol(symbol).replace(/[\s_-]/g, '');
if (normalized.startsWith('cw')) {
return `c${normalized.slice(2)}`;
}
return normalized;
}
function isNonZeroAddress(address) {
const normalized = normalizeAddress(address);
return /^0x[a-f0-9]{40}$/.test(normalized) && normalized !== ZERO_ADDRESS;
}
function resolveConfigRef(ref) {
if (!ref || typeof ref !== 'object') return '';
if (isNonZeroAddress(ref.address)) return ref.address;
if (typeof ref.env === 'string' && isNonZeroAddress(process.env[ref.env])) {
return process.env[ref.env];
}
return '';
}
function hasConfigRef(ref) {
if (!ref || typeof ref !== 'object') return false;
return isNonZeroAddress(ref.address) || (typeof ref.env === 'string' && ref.env.trim() !== '');
}
function resolvePolicyRefValue(ref) {
if (!ref || typeof ref !== 'object') return '';
if (typeof ref.amount === 'string' && ref.amount.trim() !== '') return ref.amount.trim();
if (typeof ref.env === 'string') {
const value = process.env[ref.env];
if (typeof value === 'string' && value.trim() !== '') return value.trim();
}
return '';
}
function loadTokenMappingJson(jsonPath = DEFAULT_JSON_PATH) {
return loadCachedJson('token', jsonPath);
}
function loadTokenMappingMultichainJson(jsonPath = DEFAULT_MULTICHAIN_JSON_PATH) {
if (_multichainCache && _multichainCache.path === jsonPath) return _multichainCache.data;
try {
const raw = fs.readFileSync(jsonPath, 'utf8');
const data = JSON.parse(raw);
_multichainCache = { path: jsonPath, data };
return data;
} catch (e) {
return null;
}
return loadCachedJson('multichain', jsonPath);
}
function loadGruTransportActiveJson(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
return loadCachedJson('gruTransport', jsonPath);
}
function loadRoutingRegistryJson(jsonPath = DEFAULT_ROUTING_REGISTRY_JSON_PATH) {
return loadCachedJson('routingRegistry', jsonPath);
}
function loadDeploymentStatusJson(jsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH) {
return loadCachedJson('deploymentStatus', jsonPath);
}
function loadPoolMatrixJson(jsonPath = DEFAULT_POOL_MATRIX_JSON_PATH) {
return loadCachedJson('poolMatrix', jsonPath);
}
/**
* Build object suitable for relay config.tokenMapping: Chain 138 address -> Mainnet address.
* Only includes tokens that have a mainnetAddress (canonical or wrapped).
*
* @param {string} [jsonPath]
* @returns {{ [chain138Address: string]: string }}
*/
function getRelayTokenMapping(jsonPath) {
const data = loadTokenMappingJson(jsonPath);
if (!data || !Array.isArray(data.tokens)) return {};
@@ -62,27 +132,12 @@ function getRelayTokenMapping(jsonPath) {
return out;
}
/**
* Get full token list with relaySupported and mainnet info.
*
* @param {string} [jsonPath]
* @returns {Array<{ key: string, name: string, chain138Address: string, mainnetAddress: string|null, relaySupported: boolean, notes: string }>}
*/
function getTokenList(jsonPath) {
const data = loadTokenMappingJson(jsonPath);
if (!data || !Array.isArray(data.tokens)) return [];
return data.tokens;
}
/**
* Get token mapping for a chain pair from token-mapping-multichain.json.
* Tries (fromChainId, toChainId) then (toChainId, fromChainId) and returns tokens in from→to order.
*
* @param {number|string} fromChainId
* @param {number|string} toChainId
* @param {string} [jsonPath]
* @returns {{ tokens: Array<{ key: string, name: string, addressFrom: string, addressTo: string, notes?: string }>, addressMapFromTo: Record<string, string>, addressMapToFrom: Record<string, string> } | null}
*/
function getTokenMappingForPair(fromChainId, toChainId, jsonPath) {
const data = loadTokenMappingMultichainJson(jsonPath);
if (!data || !Array.isArray(data.pairs)) return null;
@@ -96,7 +151,13 @@ function getTokenMappingForPair(fromChainId, toChainId, jsonPath) {
}
if (!pair || !Array.isArray(pair.tokens)) return null;
const tokens = reverse
? pair.tokens.map((t) => ({ key: t.key, name: t.name, addressFrom: t.addressTo, addressTo: t.addressFrom, notes: t.notes }))
? pair.tokens.map((t) => ({
key: t.key,
name: t.name,
addressFrom: t.addressTo,
addressTo: t.addressFrom,
notes: t.notes,
}))
: pair.tokens;
const addressMapFromTo = {};
const addressMapToFrom = {};
@@ -109,41 +170,452 @@ function getTokenMappingForPair(fromChainId, toChainId, jsonPath) {
return { tokens, addressMapFromTo, addressMapToFrom };
}
/**
* Get all chain pairs defined in token-mapping-multichain.json.
*
* @param {string} [jsonPath]
* @returns {Array<{ fromChainId: number, toChainId: number, notes?: string }>}
*/
function getAllMultichainPairs(jsonPath) {
const data = loadTokenMappingMultichainJson(jsonPath);
if (!data || !Array.isArray(data.pairs)) return [];
return data.pairs.map((p) => ({ fromChainId: p.fromChainId, toChainId: p.toChainId, notes: p.notes }));
}
/**
* Resolve token address on target chain from source chain address using multichain mapping.
*
* @param {number|string} fromChainId
* @param {number|string} toChainId
* @param {string} tokenAddressOnSource - address on fromChainId
* @param {string} [jsonPath]
* @returns {string|undefined} address on toChainId, or undefined if not mapped
*/
function getMappedAddress(fromChainId, toChainId, tokenAddressOnSource, jsonPath) {
const activeTransportPair = getActiveTransportPair(
fromChainId,
toChainId,
{ sourceTokenAddress: tokenAddressOnSource },
{ multichainJsonPath: jsonPath }
);
if (activeTransportPair) {
const sameDirection =
Number(activeTransportPair.canonicalChainId) === Number(fromChainId) &&
Number(activeTransportPair.destinationChainId) === Number(toChainId);
const targetAddress = sameDirection ? activeTransportPair.mirroredAddress : activeTransportPair.canonicalAddress;
if (isNonZeroAddress(targetAddress)) {
return targetAddress;
}
}
const result = getTokenMappingForPair(fromChainId, toChainId, jsonPath);
if (!result) return undefined;
return result.addressMapFromTo[String(tokenAddressOnSource).toLowerCase()];
}
function getRoutingRegistryRoutes(jsonPath = DEFAULT_ROUTING_REGISTRY_JSON_PATH) {
const data = loadRoutingRegistryJson(jsonPath);
if (!data || !Array.isArray(data.routes)) return [];
return data.routes;
}
function getGruTransportMetadata(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || typeof data !== 'object') return null;
const activeTransportPairs = getActiveTransportPairs({ activeJsonPath: jsonPath });
const activePublicPools = getActivePublicPools(jsonPath);
return {
system: data.system || null,
terminology: data.terminology || {},
enabledCanonicalTokens: Array.isArray(data.enabledCanonicalTokens) ? data.enabledCanonicalTokens : [],
enabledDestinationChains: Array.isArray(data.enabledDestinationChains) ? data.enabledDestinationChains : [],
counts: {
enabledCanonicalTokens: Array.isArray(data.enabledCanonicalTokens) ? data.enabledCanonicalTokens.length : 0,
enabledDestinationChains: Array.isArray(data.enabledDestinationChains) ? data.enabledDestinationChains.length : 0,
approvedBridgePeers: Array.isArray(data.approvedBridgePeers) ? data.approvedBridgePeers.length : 0,
transportPairs: Array.isArray(data.transportPairs) ? data.transportPairs.length : 0,
eligibleTransportPairs: activeTransportPairs.filter((pair) => pair.eligible).length,
runtimeReadyTransportPairs: activeTransportPairs.filter((pair) => pair.runtimeReady).length,
publicPools: Array.isArray(data.publicPools) ? data.publicPools.length : 0,
activePublicPools: activePublicPools.filter((pool) => pool.active === true).length,
routablePublicPools: activePublicPools.filter(
(pool) => pool.active === true && pool.routingEnabled === true
).length,
mcpVisiblePublicPools: activePublicPools.filter(
(pool) => pool.active === true && pool.mcpVisible === true
).length,
},
};
}
function getEnabledCanonicalTokens(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.enabledCanonicalTokens)) return [];
return data.enabledCanonicalTokens;
}
function getEnabledCanonicalToken(identifier, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const normalizedSymbol = normalizeSymbol(identifier || '');
const normalizedAddress = normalizeAddress(identifier || '');
return (
getEnabledCanonicalTokens(jsonPath).find((token) => {
if (normalizedSymbol) {
if (normalizeSymbol(token.symbol) === normalizedSymbol) return true;
if (normalizeSymbol(token.mirroredSymbol) === normalizedSymbol) return true;
}
if (!normalizedAddress) return false;
if (normalizeAddress(token.activeAddress) === normalizedAddress) return true;
if (normalizeAddress(token.x402PreferredAddress) === normalizedAddress) return true;
if (Array.isArray(token.deployments)) {
return token.deployments.some((deployment) => normalizeAddress(deployment.address) === normalizedAddress);
}
return false;
}) || null
);
}
function getEnabledDestinationChains(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.enabledDestinationChains)) return [];
return data.enabledDestinationChains;
}
function isCanonicalTokenActive(symbol, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const normalized = normalizeSymbol(symbol);
return getEnabledCanonicalTokens(jsonPath).some((token) => normalizeSymbol(token.symbol) === normalized);
}
function isDestinationChainActive(chainId, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const numericChainId = Number(chainId);
return getEnabledDestinationChains(jsonPath).some((chain) => Number(chain.chainId) === numericChainId);
}
function getApprovedBridgePeer(chainId, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.approvedBridgePeers)) return null;
const numericChainId = Number(chainId);
return data.approvedBridgePeers.find((peer) => Number(peer.chainId) === numericChainId) || null;
}
function getRawMappingTokenEntry(fromChainId, toChainId, mappingKey, jsonPath = DEFAULT_MULTICHAIN_JSON_PATH) {
const data = loadTokenMappingMultichainJson(jsonPath);
if (!data || !Array.isArray(data.pairs)) return null;
const pair = data.pairs.find(
(entry) => Number(entry.fromChainId) === Number(fromChainId) && Number(entry.toChainId) === Number(toChainId)
);
if (!pair || !Array.isArray(pair.tokens)) return null;
return pair.tokens.find((token) => token.key === mappingKey) || null;
}
function getActiveTransportPairs(options = {}) {
const activeJsonPath = options.activeJsonPath || DEFAULT_GRU_ACTIVE_JSON_PATH;
const multichainJsonPath = options.multichainJsonPath || DEFAULT_MULTICHAIN_JSON_PATH;
const deploymentJsonPath = options.deploymentJsonPath || DEFAULT_DEPLOYMENT_STATUS_JSON_PATH;
const active = loadGruTransportActiveJson(activeJsonPath);
const deployment = loadDeploymentStatusJson(deploymentJsonPath);
if (!active || !Array.isArray(active.transportPairs)) return [];
const enabledCanonicalTokens = new Set(
(Array.isArray(active.enabledCanonicalTokens) ? active.enabledCanonicalTokens : []).map((token) => normalizeSymbol(token.symbol))
);
const enabledDestinationChains = new Set(
(Array.isArray(active.enabledDestinationChains) ? active.enabledDestinationChains : []).map((chain) => Number(chain.chainId))
);
const peersByKey = new Map(
(Array.isArray(active.approvedBridgePeers) ? active.approvedBridgePeers : []).map((peer) => [String(peer.key), peer])
);
const reserveVerifiers = active.reserveVerifiers && typeof active.reserveVerifiers === 'object' ? active.reserveVerifiers : {};
return active.transportPairs.map((pair) => {
const canonicalChainId = Number(pair.canonicalChainId ?? active.system?.canonicalChainId ?? 138);
const destinationChainId = Number(pair.destinationChainId);
const canonicalSymbol = String(pair.canonicalSymbol || '').trim();
const mirroredSymbol = String(pair.mirroredSymbol || '').trim();
const mappingEntry = getRawMappingTokenEntry(canonicalChainId, destinationChainId, pair.mappingKey, multichainJsonPath);
const deploymentChain =
deployment && deployment.chains && typeof deployment.chains === 'object'
? deployment.chains[String(destinationChainId)] || null
: null;
const mirrorDeploymentAddress =
deploymentChain && deploymentChain.cwTokens && typeof deploymentChain.cwTokens === 'object'
? deploymentChain.cwTokens[mirroredSymbol] || null
: null;
const peer = peersByKey.get(String(pair.peerKey || '')) || null;
const maxOutstanding = pair.maxOutstanding && typeof pair.maxOutstanding === 'object' ? pair.maxOutstanding : {};
const reserveVerifier = pair.reserveVerifierKey ? reserveVerifiers[pair.reserveVerifierKey] : null;
const routeDiscoveryEnabled = pair.routeDiscoveryEnabled !== false;
const canonicalAddress = mappingEntry?.addressFrom || null;
const mirroredAddress = mappingEntry?.addressTo || null;
const runtimeL1BridgeAddress = peer ? resolveConfigRef(peer.l1Bridge) : '';
const runtimeL2BridgeAddress = peer ? resolveConfigRef(peer.l2Bridge) : '';
const runtimeMaxOutstandingValue = resolvePolicyRefValue(maxOutstanding);
const runtimeReserveVerifier = reserveVerifier && typeof reserveVerifier === 'object' ? reserveVerifier : null;
const runtimeReserveVerifierBridgeAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.bridgeRef) : '';
const runtimeReserveVerifierAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.verifierRef) : '';
const runtimeReserveVaultAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.vaultRef) : '';
const runtimeReserveSystemAddress = runtimeReserveVerifier ? resolveConfigRef(runtimeReserveVerifier.reserveSystemRef) : '';
const mirrorDeployed =
isNonZeroAddress(mirrorDeploymentAddress) &&
isNonZeroAddress(mirroredAddress) &&
normalizeAddress(mirrorDeploymentAddress) === normalizeAddress(mirroredAddress);
const bridgePeerConfigured =
!!peer &&
hasConfigRef(peer.l1Bridge) &&
hasConfigRef(peer.l2Bridge);
const maxOutstandingConfigured = !maxOutstanding.required || !!maxOutstanding.amount || !!maxOutstanding.env;
const reserveVerifierConfigured =
!pair.reserveVerifierKey ||
(!!runtimeReserveVerifier &&
hasConfigRef(runtimeReserveVerifier.bridgeRef) &&
hasConfigRef(runtimeReserveVerifier.verifierRef) &&
(!runtimeReserveVerifier.requireVaultBacking || hasConfigRef(runtimeReserveVerifier.vaultRef)) &&
(!runtimeReserveVerifier.requireReserveSystemBalance || hasConfigRef(runtimeReserveVerifier.reserveSystemRef)) &&
(!runtimeReserveVerifier.requireTokenOwnerMatchVault || hasConfigRef(runtimeReserveVerifier.vaultRef)));
const runtimeBridgeReady = !!runtimeL1BridgeAddress && !!runtimeL2BridgeAddress;
const runtimeMaxOutstandingReady = !maxOutstanding.required || !!runtimeMaxOutstandingValue;
const runtimeReserveVerifierReady =
!pair.reserveVerifierKey ||
(!!runtimeReserveVerifierBridgeAddress &&
!!runtimeReserveVerifierAddress &&
(!runtimeReserveVerifier.requireVaultBacking || !!runtimeReserveVaultAddress) &&
(!runtimeReserveVerifier.requireReserveSystemBalance || !!runtimeReserveSystemAddress) &&
(!runtimeReserveVerifier.requireTokenOwnerMatchVault || !!runtimeReserveVaultAddress));
const eligibilityBlockers = [];
if (!routeDiscoveryEnabled) eligibilityBlockers.push('policy:routeDiscoveryDisabled');
if (!enabledCanonicalTokens.has(normalizeSymbol(canonicalSymbol))) {
eligibilityBlockers.push('overlay:canonicalTokenDisabled');
}
if (!enabledDestinationChains.has(destinationChainId)) {
eligibilityBlockers.push('overlay:destinationChainDisabled');
}
if (!mappingEntry) eligibilityBlockers.push('mapping:pairMissing');
if (!isNonZeroAddress(canonicalAddress)) eligibilityBlockers.push('mapping:canonicalAddressMissing');
if (!isNonZeroAddress(mirroredAddress)) eligibilityBlockers.push('mapping:mirroredAddressMissing');
if (!mirrorDeployed) eligibilityBlockers.push('deployment:mirroredTokenNotDeployed');
if (!bridgePeerConfigured) eligibilityBlockers.push('config:bridgePeerRefMissing');
if (!maxOutstandingConfigured) eligibilityBlockers.push('config:maxOutstandingRefMissing');
if (!reserveVerifierConfigured) eligibilityBlockers.push('config:reserveVerifierRefMissing');
const eligible = eligibilityBlockers.length === 0;
const runtimeMissingRequirements = [];
if (!runtimeL1BridgeAddress) runtimeMissingRequirements.push('bridge:l1Bridge');
if (!runtimeL2BridgeAddress) runtimeMissingRequirements.push('bridge:l2Bridge');
if (maxOutstanding.required && !runtimeMaxOutstandingValue) {
runtimeMissingRequirements.push('policy:maxOutstanding');
}
if (pair.reserveVerifierKey) {
if (!runtimeReserveVerifierBridgeAddress) runtimeMissingRequirements.push('reserveVerifier:bridgeRef');
if (!runtimeReserveVerifierAddress) runtimeMissingRequirements.push('reserveVerifier:verifierRef');
if (runtimeReserveVerifier?.requireVaultBacking && !runtimeReserveVaultAddress) {
runtimeMissingRequirements.push('reserveVerifier:vaultRef');
}
if (runtimeReserveVerifier?.requireReserveSystemBalance && !runtimeReserveSystemAddress) {
runtimeMissingRequirements.push('reserveVerifier:reserveSystemRef');
}
}
if (deploymentChain?.bridgeAvailable === false) {
runtimeMissingRequirements.push('deployment:bridgeUnavailable');
}
const runtimeReady = eligible && runtimeMissingRequirements.length === 0;
return {
...pair,
canonicalChainId,
destinationChainId,
canonicalSymbol,
mirroredSymbol,
canonicalAddress,
mirroredAddress,
mirrorDeploymentAddress,
peer,
mappingFound: !!mappingEntry,
mirrorDeployed,
canonicalEnabled: enabledCanonicalTokens.has(normalizeSymbol(canonicalSymbol)),
destinationEnabled: enabledDestinationChains.has(destinationChainId),
bridgeAvailable: deploymentChain?.bridgeAvailable ?? null,
bridgePeerConfigured,
maxOutstandingConfigured,
reserveVerifierConfigured,
runtimeL1BridgeAddress: runtimeL1BridgeAddress || null,
runtimeL2BridgeAddress: runtimeL2BridgeAddress || null,
runtimeBridgeReady,
runtimeMaxOutstandingValue: runtimeMaxOutstandingValue || null,
runtimeMaxOutstandingReady,
runtimeReserveVerifierBridgeAddress: runtimeReserveVerifierBridgeAddress || null,
runtimeReserveVerifierAddress: runtimeReserveVerifierAddress || null,
runtimeReserveVaultAddress: runtimeReserveVaultAddress || null,
runtimeReserveSystemAddress: runtimeReserveSystemAddress || null,
runtimeReserveVerifierReady,
runtimeMissingRequirements,
eligibilityBlockers,
runtimeReady,
eligible,
};
});
}
function getActiveTransportPair(fromChainId, toChainId, criteria = {}, options = {}) {
const from = Number(fromChainId);
const to = Number(toChainId);
const normalizedSymbol = normalizeTransportSymbol(
criteria.symbol || criteria.canonicalSymbol || criteria.mirroredSymbol || ''
);
const normalizedSourceAddress = normalizeAddress(
criteria.address || criteria.sourceTokenAddress || criteria.tokenAddress || ''
);
const normalizedTargetAddress = normalizeAddress(criteria.targetTokenAddress || '');
return (
getActiveTransportPairs(options).find((pair) => {
const sameDirection = pair.canonicalChainId === from && pair.destinationChainId === to;
const reverseDirection = pair.canonicalChainId === to && pair.destinationChainId === from;
if (!sameDirection && !reverseDirection) return false;
if (normalizedSymbol) {
const pairSymbols = new Set([
normalizeTransportSymbol(pair.canonicalSymbol),
normalizeTransportSymbol(pair.mirroredSymbol),
normalizeSymbol(pair.canonicalSymbol),
normalizeSymbol(pair.mirroredSymbol),
]);
if (!pairSymbols.has(normalizedSymbol)) return false;
}
if (normalizedSourceAddress) {
const allowedSourceAddresses = sameDirection
? [pair.canonicalAddress, pair.mirroredAddress]
: [pair.mirroredAddress, pair.canonicalAddress];
if (!allowedSourceAddresses.some((address) => normalizeAddress(address) === normalizedSourceAddress)) {
return false;
}
}
if (normalizedTargetAddress) {
const targetAddress = sameDirection ? pair.mirroredAddress : pair.canonicalAddress;
if (normalizeAddress(targetAddress) !== normalizedTargetAddress) return false;
}
return true;
}) || null
);
}
function getKnownMirroredTokenAddresses(chainId, options = {}) {
const multichainJsonPath = options.multichainJsonPath || DEFAULT_MULTICHAIN_JSON_PATH;
const deploymentJsonPath = options.deploymentJsonPath || DEFAULT_DEPLOYMENT_STATUS_JSON_PATH;
const data = loadTokenMappingMultichainJson(multichainJsonPath);
const deployment = loadDeploymentStatusJson(deploymentJsonPath);
const chainKey = String(Number(chainId));
const out = new Set();
if (deployment && deployment.chains && deployment.chains[chainKey]?.cwTokens) {
for (const address of Object.values(deployment.chains[chainKey].cwTokens)) {
if (isNonZeroAddress(address)) out.add(normalizeAddress(address));
}
}
if (data && Array.isArray(data.pairs)) {
const pair = data.pairs.find((entry) => Number(entry.fromChainId) === 138 && Number(entry.toChainId) === Number(chainId));
if (pair && Array.isArray(pair.tokens)) {
for (const token of pair.tokens) {
if (String(token.key || '').endsWith('_cW') && isNonZeroAddress(token.addressTo)) {
out.add(normalizeAddress(token.addressTo));
}
}
}
}
return Array.from(out);
}
function getActivePublicPools(jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const data = loadGruTransportActiveJson(jsonPath);
if (!data || !Array.isArray(data.publicPools)) return [];
return data.publicPools;
}
function getPublicPoolRecord(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
if (!isNonZeroAddress(poolAddress)) return null;
const normalizedPoolAddress = normalizeAddress(poolAddress);
return (
getActivePublicPools(jsonPath).find(
(pool) => Number(pool.chainId) === Number(chainId) && normalizeAddress(pool.poolAddress) === normalizedPoolAddress
) || null
);
}
function isPublicPoolActive(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const record = getPublicPoolRecord(chainId, poolAddress, jsonPath);
return !!record && record.active === true;
}
function isPublicPoolRoutable(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const record = getPublicPoolRecord(chainId, poolAddress, jsonPath);
return !!record && record.active === true && record.routingEnabled === true;
}
function isPublicPoolMcpVisible(chainId, poolAddress, jsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH) {
const record = getPublicPoolRecord(chainId, poolAddress, jsonPath);
return !!record && record.active === true && record.mcpVisible === true;
}
function shouldExposePublicPool(
chainId,
poolAddress,
token0Address,
token1Address,
activeJsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH,
multichainJsonPath = DEFAULT_MULTICHAIN_JSON_PATH,
deploymentJsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH
) {
const mirroredAddresses = new Set(getKnownMirroredTokenAddresses(chainId, { multichainJsonPath, deploymentJsonPath }));
const touchesMirroredToken =
mirroredAddresses.has(normalizeAddress(token0Address)) || mirroredAddresses.has(normalizeAddress(token1Address));
if (!touchesMirroredToken) return true;
return isPublicPoolActive(chainId, poolAddress, activeJsonPath);
}
function shouldUsePublicPoolForRouting(
chainId,
poolAddress,
token0Address,
token1Address,
activeJsonPath = DEFAULT_GRU_ACTIVE_JSON_PATH,
multichainJsonPath = DEFAULT_MULTICHAIN_JSON_PATH,
deploymentJsonPath = DEFAULT_DEPLOYMENT_STATUS_JSON_PATH
) {
const mirroredAddresses = new Set(getKnownMirroredTokenAddresses(chainId, { multichainJsonPath, deploymentJsonPath }));
const touchesMirroredToken =
mirroredAddresses.has(normalizeAddress(token0Address)) || mirroredAddresses.has(normalizeAddress(token1Address));
if (!touchesMirroredToken) return true;
return isPublicPoolRoutable(chainId, poolAddress, activeJsonPath);
}
module.exports = {
loadTokenMappingJson,
loadTokenMappingMultichainJson,
loadGruTransportActiveJson,
loadRoutingRegistryJson,
loadDeploymentStatusJson,
loadPoolMatrixJson,
getRelayTokenMapping,
getTokenList,
getTokenMappingForPair,
getAllMultichainPairs,
getMappedAddress,
getRoutingRegistryRoutes,
getGruTransportMetadata,
getEnabledCanonicalTokens,
getEnabledCanonicalToken,
getEnabledDestinationChains,
isCanonicalTokenActive,
isDestinationChainActive,
getApprovedBridgePeer,
getActiveTransportPairs,
getActiveTransportPair,
getKnownMirroredTokenAddresses,
getActivePublicPools,
isPublicPoolActive,
isPublicPoolRoutable,
isPublicPoolMcpVisible,
shouldExposePublicPool,
shouldUsePublicPoolForRouting,
resolveConfigRef,
isNonZeroAddress,
DEFAULT_JSON_PATH,
DEFAULT_MULTICHAIN_JSON_PATH
DEFAULT_MULTICHAIN_JSON_PATH,
DEFAULT_GRU_ACTIVE_JSON_PATH,
DEFAULT_ROUTING_REGISTRY_JSON_PATH,
DEFAULT_DEPLOYMENT_STATUS_JSON_PATH,
DEFAULT_POOL_MATRIX_JSON_PATH,
};

42
config/token-mapping-multichain.json
View File

@@ -174,6 +174,48 @@
}
]
},
{
"fromChainId": 138,
"toChainId": 1,
"notes": "Chain 138 ↔ Ethereum Mainnet (CCIP); direct mapping; c*_cW = c* on 138 → cW* on destination",
"tokens": [
{
"key": "WETH9",
"name": "Wrapped Ether",
"addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"addressTo": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
"notes": "138 WETH9 → Ethereum WETH"
},
{
"key": "Compliant_USDT",
"name": "cUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0xdAC17F958D2ee523a2206206994597C13D831ec7",
"notes": "138 cUSDT → Ethereum USDT (native)"
},
{
"key": "Compliant_USDT_cW",
"name": "cUSDT→cWUSDT",
"addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22",
"addressTo": "0xaF5017d0163ecb99D9B5D94e3b4D7b09Af44D8AE",
"notes": "138 cUSDT → Ethereum cWUSDT"
},
{
"key": "Compliant_USDC",
"name": "cUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"notes": "138 cUSDC → Ethereum USDC (native)"
},
{
"key": "Compliant_USDC_cW",
"name": "cUSDC→cWUSDC",
"addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b",
"addressTo": "0x2de5F116bFcE3d0f922d9C8351e0c5Fc24b9284a",
"notes": "138 cUSDC → Ethereum cWUSDC"
}
]
},
{
"fromChainId": 138,
"toChainId": 56,

18
config/xdc-zero/README.md Normal file
View File

@@ -0,0 +1,18 @@
# XDC Zero + Chain 138 — config templates
Templates for pairing **DBIS Chain 138** with **XDC Network mainnet** JSON-RPC (`https://rpc.xinfin.network`, chain id 50) or Apothem/devnet, using the [XDC-Zero](https://github.com/XinFinOrg/XDC-Zero) Endpoint pattern, **without** replacing your existing subnet↔parent XDC-Relayer deployment.
| File | Purpose |
|------|---------|
| [`xdc-zero-chain138-pair.example.env`](xdc-zero-chain138-pair.example.env) | Env vars for the **second** relayer pair (parent ↔ 138). Copy to a secure path; wire into XinFin relayer/docker or your own CSC updater. |
| [`network.config.xdc-mainnet.example.json`](network.config.xdc-mainnet.example.json) | Example `network.config.json` for XDC-Zero `endpoint/`: **XDC mainnet** `https://rpc.xinfin.network` + LAN Chain 138. Merge or copy keys into your clone. |
| [`endpointconfig.fragment.chain138.example.json`](endpointconfig.fragment.chain138.example.json) | Top-level **`chain138`** block to **merge** into XDC-Zero `endpointconfig.json`. Also **append** one object to existing `xdcparentnet.registers[]` for peer chain id 138 (see runbook). |
| [`xdcparentnet-register-chain138.fragment.json`](xdcparentnet-register-chain138.fragment.json) | Single **`registers[]`** entry (chain id **138**) consumed by the merge helper for `xdcparentnet`. Replace zero addresses after CSC/Endpoint deploy. |
**Merge helper (repo):** `bash scripts/xdc-zero/merge-endpointconfig-chain138.sh` (requires `jq`).
**Canonical procedure:** [docs/03-deployment/CHAIN138_XDC_ZERO_BRIDGE_RUNBOOK.md](../../docs/03-deployment/CHAIN138_XDC_ZERO_BRIDGE_RUNBOOK.md)
**Preflight:** `bash scripts/verify/xdc-zero-chain138-preflight.sh`
Upstream repos (clone separately): [XDC-Zero](https://github.com/XinFinOrg/XDC-Zero), [XDC-CSC](https://github.com/XinFinOrg/XDC-CSC), [XDC-Relayer](https://github.com/XinFinOrg/XDC-Relayer).

13
config/xdc-zero/endpointconfig.fragment.chain138.example.json Normal file
View File

@@ -0,0 +1,13 @@
{
"chain138": {
"endpoint": "0x0000000000000000000000000000000000000000",
"registers": [
{
"chainId": 50,
"csc": "0x0000000000000000000000000000000000000000",
"endpoint": "0x0000000000000000000000000000000000000000"
}
],
"applications": []
}
}

Some files were not shown because too many files have changed in this diff Show More