d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
proxmox/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md
defiQUG 70a6d66e4d docs(stage2): mark R21 / Sankofa cutover done across 00-meta checklists 
- REMAINING_TASKS_BREAKDOWN_MISSING_INFO §2 + step 4
- REMAINING_WORK_BREAKDOWN_AND_ANSWERS Sankofa Q&A + one-line summary
- REMAINING_COMPONENTS R21; operator-only + improvements + checklists

Made-with: Cursor
2026-03-27 15:40:45 -07:00

5.1 KiB
Raw Permalink Blame History

Recommendations and operator checklist (R1R24)

Purpose: Single checklist for all recommendations from REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS Part 2. Use when deploying, verifying, or operating.

Related: CONTRACT_DEPLOYMENT_RUNBOOK | BLOCKSCOUT_VERIFICATION_GUIDE | MASTER_SECRETS_INVENTORY | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md (full plan: required / optional / recommended).

Verification and source of truth (R1R3)

# Action When
R1 Verify every deployed contract on Blockscout (Forge Verification Proxy or BLOCKSCOUT_VERIFICATION_GUIDE) After each deployment when Blockscout is reachable
R2 Keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated; reconcile duplicate .env entries When new contracts are deployed or deprecated
R3 Run ./scripts/verify/check-contracts-on-chain-138.sh [RPC]; fix any MISSING/EMPTY Periodically or after deploy

Security and secrets (R4R7)

# Action When
R4 Do not use CCIPWETH9Bridge at 0x89dd...; use only 0x971c... and set CCIPWETH9_BRIDGE_CHAIN138 in env Always; see runbook § Deprecated bridge
R5 Never commit .env or private keys; use MASTER_SECRETS_INVENTORY; rotate any exposed keys Always
R6 API keys in .env.example — Done (placeholders)
R7 Restrict deployer key and RPC admin access (RPC_URL_138) to operators who need them Access review

Deployment (R8R11)

# Action When
R8 Set RPC_URL_138 (Core); run from LAN/VPN if 192.168.11.x not reachable Before deploy
R9 Use GAS_PRICE=1000000000 (or current min) on Chain 138; see CONTRACT_DEPLOYMENT_RUNBOOK Every forge script/create on 138
R10 Phased core: 01_DeployCore first, set env, then 02_DeployBridges; alltra-lifi: MerchantSettlementRegistry before WithdrawalEscrow Deploy order
R11 If tx stuck, manage nonce; see DEPLOYMENT_STRATEGY_EVALUATION Troubleshooting

Documentation and runbooks (R12R13)

# Action When
R12 Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, BLOCKSCOUT_FIX_RUNBOOK in sync with scripts and Blockscout URL After script or URL changes
R13 When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc; update ADDRESS_MATRIX_AND_STATUS Per-chain deploy

Automation and CI/CD (R14R16)

# Action When
R14 Run run-contract-verification-with-proxy.sh after deployments when Blockscout reachable from CI CI after deploy
R15 Consider single script: check env → deploy → verify → update config (COMPREHENSIVE_RECOMMENDATIONS § Infrastructure) Automation
R16 Use .env.development / .env.staging / .env.production or JSON configs per chain Config hygiene

Monitoring and operations (R17R18)

# Action When
R17 Monitor critical bridge/oracle events (TransferInitiated, TransferCompleted, price updates); see COMPREHENSIVE_RECOMMENDATIONS § Monitoring Ongoing
R18 Ensure Blockscout (VMID 5000) is up and /api reachable; see EXPLORER_API_ACCESS, BLOCKSCOUT_FIX_RUNBOOK Health checks

Testing and quality (R19R20)

# Action When
R19 Run forge test in smom-dbis-138 and alltra-lifi-settlement before deploying; run integration tests where available Pre-deploy
R20 NatSpec on public contract functions (verification and tooling) Code quality

Configuration and DNS (R21R22)

# Action When
R21 Done 2026-03: NPMplus + ALL_VMIDS + RPC_ENDPOINTS_MASTER + SANKOFA_CUTOVER_PLAN v1.1 Complete
R22 Document or configure blocks #2#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER (or mark reserved); see NETWORK_PLACEHOLDERS_DECISION When decided

Quick wins (R23)

# Action When
R23 Scripts: add progress indicators; add --dry-run where missing; extend config validation (IMPLEMENTATION_CHECKLIST). Done: run-completable-tasks-from-anywhere.sh has Step 1/44/4; validate-config-files.sh, run-e2e-flow-tasks-full-parallel.sh, run-all-operator-tasks-from-lan.sh support --dry-run. Script updates

Token mapping (R24)

# Action When
R24 Keep config/token-mapping.json as single source of truth for 138↔Mainnet; when adding tokens update token-mapping.json and optionally CHAIN138_TOKEN_ADDRESSES; see TOKEN_MAPPING_AND_MAINNET_ADDRESSES Adding tokens

Key commands: See REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS Part 3.

Reference in New Issue View Git Blame Copy Permalink