b3a8fe4496
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- Config, docs, scripts, and backup manifests - Submodule refs unchanged (m = modified content in submodules) Made-with: Cursor
10 KiB
10 KiB
Full Maximum Parallel Execution Order
Last Updated: 2026-02-05
Purpose: Order all remaining tasks into waves so that within each wave, every item can run in parallel. Run in full maximum parallel mode: execute all items in Wave 0 concurrently (where different owners), then all in Wave 1, then Wave 2, then Wave 3. No artificial sequencing within a wave.
Sources: TODO_TASK_LIST_MASTER.md, REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md, PARALLEL_TASK_STRUCTURE.md, ALL_IMPROVEMENTS_AND_GAPS_INDEX.md. Single plan (required/optional/recommended): COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md.
Run log: FULL_PARALLEL_RUN_LOG.md (archived) — record of what was executed by wave (2026-02-05).
Wave 1 status: WAVE1_COMPLETION_SUMMARY.md. Wave 2/3 checklist: WAVE2_WAVE3_OPERATOR_CHECKLIST.md.
Full remaining list (all items by wave): REMAINING_ITEMS_FULL_PARALLEL_LIST.md.
Execution model
- Wave 0 — Gate/creds: do once or when creds available; can run in parallel with each other if different owners.
- Wave 1 — No shared state: security, monitoring config, backup, docs, codebase, quick wins, implementation checklist items that need no running infra. Run all in parallel.
- Wave 2 — Infra/deploy that can parallelize by host or by component: monitoring stack deploy, VLAN work, Phase 3/4 script expansion, optional deploy tasks. Run all in parallel (by host or by task).
- Wave 3 — Depends on Wave 2 outputs: CCIP Fleet deploy (after Ops/Admin and NAT), Phase 4 tenant isolation (after VLANs). Run all in parallel where no internal deps.
- Ongoing — Daily/weekly maintenance; not sequenced.
Real dependencies (must respect):
- CCIP commit/execute/RMN nodes require CCIP Ops/Admin and NAT pools (Wave 3 after Wave 2).
- NPMplus backup requires NPM_PASSWORD (Wave 0 or Wave 1).
- sendCrossChain (real) requires PRIVATE_KEY and LINK approved (Wave 0).
- Firewall/SSH changes: coordinate to avoid lockout (Wave 1, but test before disabling password).
Wave 0 — Gates / credentials (run in parallel where different owners)
| ID | Task | Blocker / note |
|---|---|---|
| W0-1 | Apply NPMplus RPC fix (405) | Run from host on LAN: bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh |
| W0-2 | Execute sendCrossChain (real) | PRIVATE_KEY, LINK approved for fee token; remove --dry-run from run-send-cross-chain.sh |
| W0-3 | NPMplus backup (export/config) | NPM_PASSWORD in .env; run existing backup script |
Wave 1 — Full parallel (no shared state)
Security
| ID | Task |
|---|---|
| W1-1 | SSH key-based auth; disable password auth (coordinate to avoid lockout) |
| W1-2 | Firewall: restrict Proxmox API 8006 to specific IPs |
| W1-3 | smom: Security audits VLT-024, ISO-024 |
| W1-4 | smom: Bridge integrations BRG-VLT, BRG-ISO |
Monitoring (config / design)
| ID | Task |
|---|---|
| W1-5 | Prometheus scrape config (Besu 9545, targets); alert rules |
| W1-6 | Grafana dashboards (JSON); Alertmanager config |
| W1-7 | Loki/Alertmanager config files (no deploy yet) |
Backup
| ID | Task |
|---|---|
| W1-8 | Automated backup script (validator keys, configs); NPMplus backup cron (already exists — verify/schedule) |
Phase 1 (optional)
| ID | Task |
|---|---|
| W1-9 | VLAN enablement: UDM Pro VLAN config docs; Proxmox VLAN-aware bridge design |
| W1-10 | VLAN migration plan (per-service table) |
Documentation
| ID | Task |
|---|---|
| W1-11 | Documentation consolidation (by folder: 01-, 02-, 03-, …); archive old status |
| W1-12 | Quick reference cards; decision trees; config templates (ALL_IMPROVEMENTS 68–74) |
| W1-13 | Final IP assignments; service connectivity matrix; operational runbooks |
Codebase
| ID | Task |
|---|---|
| W1-14 | dbis_core: TypeScript/Prisma fixes (by module/file — parallelize by file) |
| W1-15 | smom: EnhancedSwapRouter quoter; AlltraAdapter fee TODO |
| W1-16 | smom: IRU remaining tasks |
| W1-17 | Placeholders: canonical addresses env-only; AlltraAdapter fee; smart accounts kit; quote service Fabric chainId 999; .bak deprecation (ALL_IMPROVEMENTS 87–91) |
Quick wins & implementation checklist (high priority, no infra)
| ID | Task |
|---|---|
| W1-18 | Add progress indicators to scripts; config validation in CI/pre-deploy |
| W1-19 | Secure validator key permissions (chmod 600, chown besu) |
| W1-20 | Secret management audit; input validation in scripts; security scanning automation (ALL_IMPROVEMENTS 48–51) |
| W1-21 | Configuration validation (JSON/YAML schema); config templates; env standardization (52–54) |
MetaMask / explorer (optional, parallel)
| ID | Task |
|---|---|
| W1-22 | Token-aggregation hardening; CoinGecko submission |
| W1-23 | Chain 138 Snap: market data UI; swap quotes; bridge routes; testing & distribution |
| W1-24 | Explorer: dark mode, network selector, sync indicator |
| W1-25 | Paymaster deploy (optional); Consensys outreach |
| W1-26 | API keys: Li.Fi, Jumper, 1inch (when keys available — per integration in parallel) |
Improvements index 1–35 (Proxmox high/med/low, quick wins)
| ID | Task |
|---|---|
| W1-27 | ALL_IMPROVEMENTS 1–11 (Proxmox high: .env, validator keys, SSH, firewall, VLANs, metrics, health, backup, runbooks) — each item parallel |
| W1-28 | ALL_IMPROVEMENTS 12–20 (Proxmox medium: error handling, logging, Loki, resource/network/DB optimization, CI/CD) |
| W1-29 | ALL_IMPROVEMENTS 21–30 (Proxmox low: auto-scale, load balancing, multi-region, HSM, audit) |
| W1-30 | ALL_IMPROVEMENTS 31–35 (Quick wins: progress indicators, --dry-run, config validation, FAQ, inline comments) |
Improvements index 36–67 (code quality, docs, security, config, monitoring DX)
| ID | Task |
|---|---|
| W1-31 | ALL_IMPROVEMENTS 36–43 (script shebang, set -euo, header template, shellcheck, consolidation, lib, perf, doc gen) |
| W1-32 | ALL_IMPROVEMENTS 44–47 (doc consolidation, accuracy, inline doc, API doc) |
| W1-33 | ALL_IMPROVEMENTS 48–57 (security audit, validation, scanning, RBAC, config validation, templates, tests, CI) |
| W1-34 | ALL_IMPROVEMENTS 58–67 (logging, metrics, health, DevContainer, IDE, backup review) |
Improvements index 68–91 (docs, infra design, codebase, placeholders)
| ID | Task |
|---|---|
| W1-35 | ALL_IMPROVEMENTS 68–74 (docs: quick ref, decision trees, config templates, examples, glossary) |
| W1-36 | ALL_IMPROVEMENTS 75–81 (Phase 1–4 design, missing containers list — design only in Wave 1) |
| W1-37 | ALL_IMPROVEMENTS 82–86 (smom audits, BRG, CCIP AMB, dbis_core, IRU — same as W1-14 to W1-17) |
| W1-38 | ALL_IMPROVEMENTS 87–91 (placeholders — same as W1-17) |
Improvements index 92–139 (MetaMask, Tezos/CCIP, Besu, RPC, orchestration, maintenance)
| ID | Task |
|---|---|
| W1-39 | ALL_IMPROVEMENTS 92–105 (MetaMask/explorer — parallel by task) |
| W1-40 | ALL_IMPROVEMENTS 106–121 (Tezos/Etherlink/CCIP — config and scripts in parallel) |
| W1-41 | ALL_IMPROVEMENTS 122–126 (Besu/blockchain) |
| W1-42 | ALL_IMPROVEMENTS 127–130 (RPC translator) |
| W1-43 | ALL_IMPROVEMENTS 131–134 (Orchestration portal) |
| W1-44 | ALL_IMPROVEMENTS 135–139 (Maintenance procedures — document/automate) |
Wave 2 — Infra / deploy (parallel by host or component)
| ID | Task | Parallelize by |
|---|---|---|
| W2-1 | Deploy monitoring stack (Prometheus, Grafana, Loki, Alertmanager) | By component or single deployer |
| W2-2 | Grafana published via Cloudflare Access; alerts configured | After stack up |
| W2-3 | VLAN enablement: apply UDM Pro VLAN config; Proxmox bridge; migrate services to VLANs | By VLAN or by host |
| W2-4 | Phase 3 CCIP: Ops/Admin (5400-5401); NAT pools; commit/execute/RMN script expansion | Ops first, then NAT, then scripts |
| W2-5 | Phase 4: Sovereign tenant VLANs; isolation; access control | By tenant or by VLAN |
| W2-6 | 2506–2508 destroyed 2026-02-08; RPC 2500–2505 only. See MISSING_CONTAINERS_LIST.md | Done (doc) |
| W2-7 | DBIS services start (10100–10151, etc.); additional Hyperledger | By host |
| W2-8 | NPMplus HA (Keepalived, secondary 10234) | Optional; single change |
Wave 3 — After Wave 2 (CCIP Fleet, tenant isolation)
| ID | Task | Depends on |
|---|---|---|
| W3-1 | CCIP Fleet full deploy: 16 commit (5410-5425), 16 execute (5440-5455), 7 RMN (5470-5476) | W2-4 (Ops/Admin, NAT) |
| W3-2 | Phase 4 tenant isolation enforcement; access control | W2-3 / W2-5 (VLANs) |
Ongoing (no wave)
| ID | Task | Frequency |
|---|---|---|
| O-1 | Monitor explorer sync | Daily |
| O-2 | Monitor RPC 2201 | Daily |
| O-3 | Config API uptime | Weekly |
How to run in full maximum parallel mode
- Gate: Complete Wave 0 (W0-1, W0-2, W0-3) as soon as creds/access allow; these can run in parallel with each other.
- Parallel Wave 1: Assign each W1-* item to an owner or automation; run all W1-* concurrently. Use PARALLEL_TASK_STRUCTURE.md cohorts A/B where they overlap.
- Parallel Wave 2: Run W2-1 through W2-8 in parallel (by host for D1–D3 style tasks, by component for stack deploy).
- Parallel Wave 3: After Wave 2 outputs exist, run W3-1 and W3-2 in parallel.
- Ongoing: Schedule O-1, O-2, O-3 (cron or runbooks).
Automation: A runner can parse this file, group by wave, and execute each wave in parallel (e.g. one job per W1-* and W2-* item).
Cross-references
- TODO_TASK_LIST_MASTER.md — Consolidated checklist
- REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md — Full review
- PARALLEL_TASK_STRUCTURE.md — Cohorts A/B/C/D (legacy; still valid for the-order, smom, dbis, OMNIS)
- ALL_IMPROVEMENTS_AND_GAPS_INDEX.md — Items 1–139 detail