# Dotenv & Markdown Audit — Required Info, Gaps, and Recommendations

**Last Updated:** 2026-03-06  
**Purpose:** Single audit of (1) required information in dotenv and markdown files, (2) next steps completed in this run, (3) gaps found, (4) additional recommendations.

**Sources:** DOTENV_FILES_REFERENCE.md, ENV_EXAMPLE_CONTENT.md, REMAINING_ITEMS_DOTENV_AND_ACTIONS.md, OPERATOR_CREDENTIALS_CHECKLIST.md, PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md, NEXT_STEPS_LIST.md, EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY.md, .env.master.example, smom-dbis-138/env.additions.example.

---

## 1. Required information — dotenv

### 1.1 Repo root `.env` (from .env.master.example / DOTENV_FILES_REFERENCE)

| Variable / group | Required for | Notes |
|------------------|--------------|--------|
| **NPM_*** (NPM_URL, NPM_EMAIL, NPM_PASSWORD) | NPMplus backup, 502 fix, operator scripts | Operator scripts load via load-project-env.sh |
| **PROXMOX_*** | Proxmox API, VM/CT creation | ML110, R630-01, R630-02 hosts |
| **RPC_URL_138** | Chain 138 scripts when run from root | Prefer `http://192.168.11.211:8545` for deploy |
| **CLOUDFLARE_*** | Tunnels, DNS | Optional for many flows |
| **GITEA_TOKEN** | push-to-gitea, gitea-create-orgs-and-repos | When using Gitea automation |
| **COINGECKO_API_KEY**, **ETHERSCAN_API_KEY** | Token aggregation, verification | Optional; improves price/verify |

### 1.2 smom-dbis-138 `.env` (single source for deploy, relay, token-aggregation, frontend)

| Variable / group | Required for | Notes |
|------------------|--------------|--------|
| **PRIVATE_KEY** | Deploy, bridge send, forge script | 64-char hex; same wallet holds LINK for CCIP fees |
| **RPC_URL_138** | Deploy, verify, on-chain checks | Use IP:port for deploy: `http://192.168.11.211:8545` |
| **ETH_MAINNET_RPC_URL** / **ETHEREUM_MAINNET_RPC** | Mainnet verify, CCIP, relay | Infura/Alchemy |
| **CCIPWETH9_BRIDGE_CHAIN138**, **CCIPWETH10_BRIDGE_CHAIN138** | Bridge scripts, token-aggregation, routing | Canonical: WETH9 `0xcacfd227A040002e49e2e01626363071324f820a`; WETH10 `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` |
| **CHAIN_138_DODO_PMM_INTEGRATION** | Token-aggregation indexer, quotes | `0x79cdbaFBaA0FdF9F55D26F360F54cddE5c743F7D` |
| **CUSDT_ADDRESS_138**, **CUSDC_ADDRESS_138** | Scripts, token-aggregation | Canonical in EXPLORER_TOKEN_LIST_CROSSCHECK §5 |
| **DATABASE_URL** | Token-aggregation DB, migrations | When using PostgreSQL (e.g. VMID 5000) |
| **CRONOS_RPC**, **CELO_RPC**, **WEMIX_RPC**, **GNOSIS_RPC** | complete-config-ready-chains, deployer-gas | Celo: CELO_RPC; Wemix: WEMIX_RPC; etc. |
| **CCIPWETH9_BRIDGE_CELO**, **CCIPWETH10_BRIDGE_CELO**, etc. | complete-config-ready-chains (inbound) | Set after deploying bridges on each chain |
| **BRIDGE_REGISTRY_ADDRESS** | QuoteService, POST /api/bridge/quote | Deploy BridgeRegistry then set |
| **LINK_TOKEN** / **CCIP_FEE_TOKEN** | CCIP fees | Deployer must hold LINK and approve bridge |

### 1.3 Markdown docs that specify required env

| Doc | Key requirement |
|-----|------------------|
| OPERATOR_CREDENTIALS_CHECKLIST | PRIVATE_KEY, RPC_URL_138, NPM_PASSWORD, LAN; per-task table |
| REMAINING_ITEMS_DOTENV_AND_ACTIONS | GITEA_TOKEN; PRIVATE_KEY + RPC + CCIP/LINK in smom-dbis-138/.env |
| CONFIG_READY_CHAINS_COMPLETION_RUNBOOK | CCIPWETH9/10 per chain; CHAIN138_SELECTOR; PRIVATE_KEY |
| DEPLOYER_GAS_AUTO_ROUTE_RUNBOOK | deployer-gas-routes.json; Protocolink/manual per chain |
| ENV_EXAMPLE_CONTENT | Full list RPCs, API keys, C* addresses, bridge addresses |

---

## 2. Required information — markdown (next steps, checklists)

### 2.1 Next-step docs and their “required info”

| Doc | Required info / gates |
|-----|------------------------|
| **NEXT_STEPS_LIST** | B.1/B.2: CRO, WEMIX; B.3: LINK/gas; A2: CHAIN_138_DODO_PMM_INTEGRATION; C3: BRIDGE_REGISTRY_ADDRESS |
| **EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY** | Prereqs 1.1–1.4; Phase A–C; SBS.1: BRIDGE_REGISTRY_ADDRESS; Phase B: per-chain RPC + gas |
| **TODOS_CONSOLIDATED** | 0a/0b/0c: RPC_URL_138, PRIVATE_KEY; V4: Wemix/Cronos/Celo bridge env; V5: LINK |
| **OPERATOR_READY_CHECKLIST** | NPM_PASSWORD (backup); RPC_URL_138 (verify); PRIVATE_KEY (deploy); per-chain RPC for config-ready |
| **STILL_NOT_DONE_EXECUTION_CHECKLIST** | Same as above; external/third-party items (Ledger, CMC, etc.) |

### 2.2 Docs that reference .env but do not list every variable

- MASTER_INDEX, ADDITIONAL_PATHS_AND_EXTENSIONS, PHASE_C runbook, FUNDING_AND_DEPLOYMENT_CHECKLIST — refer to DOTENV_FILES_REFERENCE or env.additions.example for full lists.

---

## 3. Run completed (2026-03-06)

| Task | Result |
|------|--------|
| **validate-config-files.sh** | ✅ Passed |
| **run-completable-tasks-from-anywhere.sh** | ✅ Passed (config, on-chain 59/59, validation --skip-genesis, reconcile output printed) |
| **check-pmm-pool-balances-chain138.sh** | ✅ Pool 1: 2M cUSDT / 2M cUSDC; Pools 2–3 empty (expected) |
| **deployer-gas-auto-route.sh --dry-run** | ✅ Ran; 6 chains need gas (1, 56, 10, 42161, 8453, 25); Celo/Wemix/651940/42793 “no RPC configured” if RPC not in env |

---

## 4. Gaps found

### 4.1 Address / config consistency

| Gap | Location | Recommendation |
|-----|----------|----------------|
| **CCIPWETH10 on Chain 138** | CONTRACT_ADDRESSES_REFERENCE.md: `0xe0E93247376aa097dB308B92e6Ba36bA015535D0`. Older bootstrap defaults may still mention `0xF5a87528cEb72312979DB0C51509489caF940721`, but the active routing registry and env-backed defaults now use `0xe0E932...`. | Keep `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` as the canonical WETH10 bridge and update any remaining legacy bootstrap references if they resurface. |
| **CCIPWETH9 on Chain 138** | Docs mention both `0x971cD9...` and `0xcacfd227...`. On-chain check and routing-registry use `0xcacfd227...`. | Treat `0xcacfd227A040002e49e2e01626363071324f820a` as canonical for “working” WETH9 bridge; document the other in CONTRACT_ADDRESSES_REFERENCE as alternate/deploy if applicable. |

### 4.2 Missing or placeholder env

| Gap | Recommendation |
|-----|----------------|
| **Inbound routing-registry** | Inbound routes (dest→138) use bridge address `0x0` with a note. Populate from .env per chain (e.g. MAINNET_CCIP_WETH9_BRIDGE) when available, or document in DEPLOYMENT_DATA_SOURCES_INDEX. |
| **BRIDGE_REGISTRY_ADDRESS** | Not set; SBS and QuoteService require it. Deploy BridgeRegistry (script/bridge/interop/DeployBridgeRegistry or deploy-bridge-contracts.sh) and set in smom-dbis-138/.env. |
| **Celo/Wemix/651940/42793 RPC** | deployer-gas-auto-route reports “no RPC configured” when CELO_RPC, WEMIX_RPC, etc. are unset. Add to smom-dbis-138/.env or deployer-gas script env when using those chains. |

### 4.3 Documentation

| Gap | Recommendation |
|-----|----------------|
| **REMAINING_ITEMS_DOTENV_AND_ACTIONS** | Dated 2026-02-08; references archived CONTINUE_AND_COMPLETE. Update “Run order” to point to EXECUTION_CHECKLIST_MULTIPLE_ROUTES_AND_LIQUIDITY and NEXT_STEPS_LIST. |
| **PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST** | Dated 2026-02-05. Refresh “Required additions — operator / environment” to align with OPERATOR_READY_CHECKLIST and NEXT_STEPS_LIST (e.g. B.1/B.2/B.3, C3). |
| **Single “required secrets” list** | OPERATOR_CREDENTIALS_CHECKLIST, REMAINING_ITEMS_DOTENV_AND_ACTIONS, and DOTENV_FILES_REFERENCE overlap. Add a single “Required secrets for operator” section in OPERATOR_CREDENTIALS_CHECKLIST that links to DOTENV_FILES_REFERENCE for full lists. |

### 4.4 Blocked / external

| Gap | Notes |
|-----|--------|
| **B.1 Cronos** | Needs ~15 CRO; use acquire-cro-and-wemix-gas.sh for aggregator links. |
| **B.2 Wemix** | Needs ~0.4 WEMIX; see WEMIX_ACQUISITION_TABLED. |
| **B.3 Fund CCIP LINK** | fund-ccip-bridges-with-link.sh; blocked by LINK/gas per lane. |
| **SBS.1** | Blocked by BRIDGE_REGISTRY_ADDRESS (deploy BridgeRegistry). |

---

## 5. Additional recommendations

### 5.1 Dotenv and config

1. **Single .env.example for smom-dbis-138:** ENV_EXAMPLE_CONTENT.md is the canonical content; ensure smom-dbis-138 has a single .env.example (or symlink) that matches it and env.additions.example so operators have one place to copy.
2. **ROUTING_REGISTRY_JSON_PATH:** Document in DOTENV_FILES_REFERENCE (token-aggregation) that optional ROUTING_REGISTRY_JSON_PATH overrides path to config/routing-registry.json.
3. **LIFI_* / JUMPER_*:** Already in env.additions.example; add to ENV_EXAMPLE_CONTENT or DOTENV_FILES_REFERENCE if QuoteService is the primary bridge-quote entry point.

### 5.2 Markdown and runbooks

4. **Execution order:** In EXECUTION_CHECKLIST and NEXT_STEPS_LIST, add one-line “Blocked by” for each blocked step (e.g. B.1: “Blocked by: CRO”; SBS.1: “Blocked by: BRIDGE_REGISTRY_ADDRESS”).
5. **Reconcile script output:** Script that prints “canonical Chain 138 addresses” should take CONTRACT_ADDRESSES_REFERENCE (or a single JSON) as source of truth so CCIPWETH9/10 and others stay in sync.
6. **Deployer-gas RPC:** Document in DEPLOYER_GAS_AUTO_ROUTE_RUNBOOK that CELO_RPC, WEMIX_RPC, RPC_URL_651940, and RPC_URL_42793 (or equivalent) are read when present for balance/route display.

### 5.3 Operational

7. **NPMplus backup:** Run when NPM_PASSWORD is set: `./scripts/run-all-operator-tasks-from-lan.sh` (optionally `--skip-backup` if not needed).
8. **Periodic checks:** Schedule validate-config-files.sh and check-pmm-pool-balances-chain138.sh (e.g. weekly) to catch config drift and pool balance changes.
9. **Phase C deployment-status:** When cW* or edge pools are deployed, update cross-chain-pmm-lps/config/deployment-status.json and env so QuoteService and runbooks stay accurate.

### 5.4 Code/configuration

10. **Token-aggregation registry path:** cross-chain-bridges.ts tries several paths for routing-registry.json; document in token-aggregation README that when run from monorepo root, config/ is resolved from cwd.
11. **Inbound bridge addresses:** Add a small table or JSON snippet in DEPLOYED_TOKENS_BRIDGES_LPS_AND_ROUTING_STATUS or CONTRACT_ADDRESSES_REFERENCE listing “Inbound bridge (source chain)” per chain (1, 56, 137, …) so operators know which env var fills routing-registry inbound.

---

## 6. Quick reference — where to set what

| Goal | Where to set | Doc |
|------|--------------|-----|
| Operator (LAN) tasks | Root .env: NPM_*; smom-dbis-138/.env: PRIVATE_KEY, RPC_URL_138 | OPERATOR_CREDENTIALS_CHECKLIST |
| Deploy / bridge (138) | smom-dbis-138/.env: PRIVATE_KEY, RPC_URL_138, CCIP*, LINK | ENV_EXAMPLE_CONTENT, REMAINING_ITEMS_DOTENV_AND_ACTIONS |
| Token-aggregation | smom-dbis-138/.env: CHAIN_138_DODO_PMM_INTEGRATION, RPC, DATABASE_URL | DOTENV_FILES_REFERENCE |
| Config-ready chains (Celo, Cronos, Wemix, Gnosis) | smom-dbis-138/.env: *_RPC, CCIPWETH9_BRIDGE_*, CCIPWETH10_BRIDGE_* | CONFIG_READY_CHAINS_COMPLETION_RUNBOOK |
| Bridge quote API (SBS) | smom-dbis-138/.env: BRIDGE_REGISTRY_ADDRESS | EXECUTION_CHECKLIST SBS.1, env.additions.example |
| Full env template | .env.master.example (root); smom-dbis-138/env.additions.example | MASTER_SECRETS, DOTENV_FILES_REFERENCE |

---

## 7. Summary

- **Required info:** Concentrated in root `.env` (NPM, Proxmox, RPC_URL_138) and **smom-dbis-138/.env** (PRIVATE_KEY, RPC_URL_138, CCIP bridges, DODO PMM, optional DATABASE_URL, per-chain RPC/bridges). Markdown checklists reference these; DOTENV_FILES_REFERENCE and ENV_EXAMPLE_CONTENT are the most complete.
- **Completed this run:** Config validation ✅, completable tasks ✅, PMM pool check ✅ (Pool 1 at 2M/2M), deployer-gas dry-run ✅.
- **Completed (2026-03-06):** Reconcile script CCIPWETH10 aligned; deployer-gas RPC doc; token-aggregation README registry path; DEPLOYED_TOKENS inbound env table; OPERATOR_CREDENTIALS "Required secrets" link; PLACEHOLDERS refreshed; REMAINING_ITEMS run order; smom-dbis-138 README .env source; Blocked-by in EXECUTION_CHECKLIST.
- **Gaps remaining:** Inbound routing-registry 0x0 placeholders; BRIDGE_REGISTRY_ADDRESS unset; B.1/B.2/B.3/SBS.1 blocked by CRO/WEMIX/LINK/registry.
- **Recommendations done:** reconcile aligned; deployer-gas RPC; token-aggregation path; inbound table; smom-dbis-138 .env ref; PLACEHOLDERS/OPERATOR_CREDENTIALS updated. Pending: schedule periodic validation/pool checks; deployment-status.json when Phase C deploys. (Was: Single .env.example reference, reconcile script sourcing CONTRACT_ADDRESSES_REFERENCE, “Blocked by” in checklists, deployer-gas RPC docs, periodic validation and pool checks, deployment-status.json updates for Phase C.