d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/00-meta/REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md
defiQUG 2a6d3cfc7f
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
Update submodule references and improve CI workflow 
- Update submodule references for explorer-monorepo and smom-dbis-138 to latest commits.
- Modify CI workflow to include shellcheck installation and enforce error severity for script checks.
- Update contract addresses in configuration and documentation to reflect the new canonical addresses for CCIPWETH9Bridge and CCIP Router.
- Revise integration test documentation to align with updated contract addresses and deployment statuses.

Made-with: Cursor
2026-03-24 22:50:52 -07:00

16 KiB
Raw Permalink Blame History

Remaining Tasks — Breakdown and Missing Information

Purpose: For each remaining task, this doc states what is needed, what is missing, and where to get it or what to create so you can start completing everything.

Source: STILL_NOT_DONE_EXECUTION_CHECKLIST.md, OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md, REMAINING_WORK_DETAILED_STEPS.md, OPERATOR_READY_CHECKLIST.md.

How to use this doc

  • Needed = inputs/access required to run the task.
  • Missing = what you dont have yet (or is TBD).
  • Where to get / What to do = concrete action to obtain the missing piece or create it.

1. Operator / LAN — Wave 0 and runbooks

W0-1: NPMplus RPC fix (405)

Detail
Needed Host on LAN (192.168.11.x); script exists: scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh.
Missing 1) Physical/VPN access to 192.168.11.x. 2) NPM_PASSWORD (and optionally NPM_URL, NPM_EMAIL) in root .env so the script can call NPMplus API.
Where to get LAN: Use a machine on the same network as NPMplus (e.g. office, VPN, or jump host). NPM_PASSWORD: From whoever manages NPMplus (default admin password or reset via container). If you have it but its hardcoded in a script, move it to .env only; see MASTER_SECRETS_INVENTORY.md.
Doc REMAINING_WORK_DETAILED_STEPS.md § W0-1.

W0-2: sendCrossChain (real)

Detail
Needed PRIVATE_KEY in .env (wallet with gas + LINK for fees); bridge 0xcacfd227A040002e49e2e01626363071324f820a; recipient address.
Missing 1) A wallet private key you control. 2) LINK approved for the bridge fee (if the bridge charges LINK). 3) Optional: recipient address (script may have default).
Where to get PRIVATE_KEY: Create or use an existing funded wallet; set in root or smom-dbis-138/.env. LINK: On Chain 138, approve LINK for the bridge contract (amount depends on fee). Recipient: Any valid address on the destination chain.
Doc REMAINING_WORK_DETAILED_STEPS.md § W0-2; OPERATOR_READY_CHECKLIST.md §8.

W0-3: NPMplus backup

Detail
Needed NPM_PASSWORD in .env; host that can reach NPMplus API (LAN).
Missing Same as W0-1: LAN access and NPM_PASSWORD.
Where to get Same as W0-1. Script: scripts/verify/backup-npmplus.sh or scripts/run-wave0-from-lan.sh (no --skip-backup).

Blockscout verification

Detail
Needed Blockscout reachable (e.g. from LAN or via proxy); smom-dbis-138/.env with keys if verification uses Etherscan/Blockscout API.
Missing 1) Network path to Blockscout (or proxy). 2) Any API key/token if Blockscout requires it for verification.
Where to get Run from LAN: source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh. Retry one contract: --only ContractName. If Blockscout is only on 192.168.11.x, run from a host that can reach that IP.

Fix E2E 502s

Detail
Needed SSH from your machine to Proxmox hosts (r630-01, r630-02, ml110); optional: NPM_PASSWORD for NPMplus proxy update step.
Missing 1) SSH access (key or password) to root@192.168.11.11, .12, and ml110. 2) Which backends are actually down (can discover by running the script with --dry-run or diagnose-only).
Where to get SSH: Use same credentials as for Proxmox management. Discovery: Run ./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e (or first diagnose-and-fix-502s-via-ssh.sh --diagnose-only). Runbook: 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md.

Run all operator tasks

Detail
Needed LAN; .env with NPM_PASSWORD and optionally PRIVATE_KEY; SSH to Proxmox.
Missing Same as above: LAN, NPM_PASSWORD, SSH, and (for deploy) PRIVATE_KEY.
Where to get ./scripts/run-all-operator-tasks-from-lan.sh --dry-run to print steps; then run without --dry-run, optionally --deploy or --create-vms.

Gnosis, Celo, Wemix CCIP bridges

Detail
Needed Per chain: RPC URL, CCIP Router address, LINK token address, WETH9/WETH10 addresses, deployer private key with native gas (xDAI, CELO, WEMIX).
Missing 1) CCIP Router + LINK + WETH9/WETH10 for each chain — from Chainlink CCIP supported networks. 2) Deployer wallets funded with native gas on Gnosis, Celo, Wemix. 3) After deploy: bridge addresses for Step 2/3 (add destinations, fund LINK).
Where to get Addresses: CCIP directory + chain docs (e.g. Gnosis/Celo/Wemix WETH contracts). Gas: Send xDAI/CELO/WEMIX to deployer. Steps: CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md Step 14.

LINK support on Mainnet relay

Detail
Needed Code/contract change (extend CCIPRelayBridge for LINK or deploy LINK receiver); deploy; set relaySupported: true for LINK in config/token-mapping.json; restart relay on r630-01.
Missing 1) Decision: Option A (extend bridge) vs Option B (separate LINK receiver). 2) Mainnet deployer key and gas. 3) Access to relay host (r630-01) to restart service.
Where to get Spec: RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md. Contract: smom-dbis-138/contracts/relay/CCIPRelayBridge.sol. Relay path: /opt/smom-dbis-138/services/relay (restart from LAN/SSH).

Wemix token verification

Detail
Needed Correct WETH, USDT, USDC contract addresses on Wemix; update config/token-mapping-multichain.json and WEMIX_TOKEN_VERIFICATION.md if different.
Missing Confirmation that addresses in config match scan.wemix.com/tokens.
Where to get Open scan.wemix.com/tokens; look up WETH, USDT, USDC; compare to repo config; edit JSON + doc; run ./scripts/validation/validate-config-files.sh.

Phase 24 deployment

Detail
Needed Prometheus/Grafana/Loki/Alertmanager configs; VLAN design (UDM Pro + Proxmox); Phase 4 tenant list; SSH to Proxmox; optional CCIP NAT pools (ER605 Blocks #24).
Missing 1) Phase 2: Which host(s) run monitoring stack; Alertmanager routes (email/Slack/PagerDuty). 2) Phase 3: NAT pool IPs/ranges for ER605 if not already set. 3) Phase 4: UDM Pro VLAN IDs (200203 docd); which containers map to which tenant.
Where to get Configs: smom-dbis-138/monitoring/, scripts/monitoring/; OPERATIONAL_RUNBOOKS.md; WAVE2_WAVE3_OPERATOR_CHECKLIST.md. Phase 4 steps: bash scripts/deployment/phase4-sovereign-tenants.sh --show-steps. VLANs: NETWORK_ARCHITECTURE.md §35; UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.md.

Proxmox/security (19)

Detail
Needed Root/SSH to Proxmox hosts; list of allowed IPs/CIDRs for API 8006; validator VMIDs and paths; backup destination.
Missing 1) CIDR for 8006: Which IPs may access Proxmox API (e.g. 192.168.11.0/24 or admin VPN). 2) Validator key paths on each host (e.g. /var/lib/besu on VMIDs 10001004). 3) Backup store for configs and encrypted validator keys.
Where to get Checklist: OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md §1. Scripts: scripts/security/secure-env-permissions.sh, scripts/security/setup-ssh-key-auth.sh, scripts/security/firewall-proxmox-8006.sh, scripts/secure-validator-keys.sh. Backup: scripts/backup/automated-backup.sh; decide where to store outputs (off-host, encrypted).

2. Sankofa cutover (missing TBDs)

Detail
Needed For each Sankofa domain: target VMID, target IP, target port, service type.
Missing the-order.sankofa.nexus: VMID, IP, port, service type still TBD in SANKOFA_CUTOVER_PLAN.md. Other four domains have values (e.g. 7801/192.168.11.51/3000 for sankofa.nexus).
Where to get Deploy The Order portal; assign VMID and IP; document in SANKOFA_CUTOVER_PLAN.md table; then run cutover steps (replace proxy backends in NPMplus).

3. dbis_core TypeScript (~1186 errors)

Detail
Needed npx prisma generate succeeding in dbis_core/; then systematic edits per DBIS_CORE_TS_FIXES_DETAILED_LIST.md.
Missing 1) Prisma generate: Currently fails with “path argument must be of type string. Received undefined” (possible Prisma + large schema). Fix: try Prisma 5.22+ or ensure DATABASE_URL in dbis_core/.env; or run from a clean cd dbis_core && npm install and retry. 2) Bulk fixes: Prioritized list exists; need to apply Priority 14 by module (imports, return statements, JsonValue, Prisma types, etc.).
Where to get Prisma: Set DATABASE_URL in dbis_core/.env (e.g. postgresql://user:pass@host:5432/dbis_core); try npx prisma generate again; if still failing, try upgrading Prisma. Fixes: DBIS_CORE_TS_FIXES_DETAILED_LIST.md; sample return fixes already applied in market-admin, peg-admin, bridge-admin routes. Verify: pnpm exec tsc --noEmit in dbis_core.

4. Security audits and bridge integrations

Detail
Needed Assignee/owner for smom audits (VLT-024, ISO-024) and bridge items (BRG-VLT, BRG-ISO); no repo automation.
Missing Decision on who runs or commissions the audits; backlog/roadmap slot.
Where to get Track in smom backlog; see TODO_TASK_LIST_MASTER.md §5.

5. External / third-party

Ledger

Detail
Needed Tally form submitted; Ledgers response and agreement/integration steps.
Missing Ledgers reply and next steps (form already submitted per ADD_CHAIN138_TO_LEDGER_LIVE.md).
Where to get Wait for Ledger; follow any link/instructions they send.

Trust Wallet

Detail
Needed PR to trustwallet/wallet-core with Chain 138 registry entry (CoinID 10000138, etc.).
Missing PR not yet opened; repo fork and branch; chain 138 JSON/config per Trusts “new EVM chain” docs.
Where to get ADD_CHAIN138_TO_TRUST_WALLET.md (steps + CoinID 10000138); clone wallet-core, add chain 138, open PR.

Consensys (MetaMask Swaps/Bridge)

Detail
Needed Outreach to Consensys/MetaMask for native Swaps/Bridge support for Chain 138.
Missing Contact channel (form, email, or partner program) and a short pitch (chain live, RPC, explorer, use case).
Where to get metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md; MetaMask/Consensys partner or developer pages.

CoinGecko / CMC

Detail
Needed Token Aggregation report API reachable; chain + token data; 512×512 logos; CoinGecko/CMC submission forms.
Missing 1) Report API: Service running and URL (e.g. for /api/v1/report/coingecko?chainId=138). 2) Platform support: CoinGecko/CMC may not list Chain 138/651940 until they add the chain. 3) Logos: Per-token and chain logos in required format.
Where to get Runbook: docs/04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md; smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md. Export: curl "https://<token-aggregation-url>/api/v1/report/coingecko?chainId=138". If platforms dont support 138 yet, keep runbook and submit when they do.

6. API keys (for scripts and services)

Detail
Needed Keys for Li.Fi, Jumper, 1inch, MoonPay, Ramp, DocuSign, Slack, PagerDuty, Etherscan, CoinGecko, CMC, etc., in root and subproject .env.
Missing Actual key values; sign-up and approval for each service.
Where to get reports/API_KEYS_REQUIRED.md (sign-up URLs and env var names); docs/00-meta/API_KEYS_DOTENV_STATUS.md. Copy into .env (never commit); restart services that use them.

7. Maintenance (cron and ongoing)

Detail
Needed Host where crontab can be installed (e.g. jump host or Proxmox node); scripts exist.
Missing Decision on which host runs daily/weekly cron; one-time install.
Where to get Cron install (once, from LAN): bash scripts/maintenance/schedule-daily-weekly-cron.sh --show then --install. NPMplus backup cron: scripts/maintenance/schedule-npmplus-backup-cron.sh --install. Checks: scripts/maintenance/daily-weekly-checks.sh daily / weekly.

8. Quick reference: scripts that exist

Script Purpose
scripts/run-wave0-from-lan.sh W0-1 + W0-3 (RPC fix + backup); run from LAN.
scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh NPMplus RPC fix only; needs NPM_PASSWORD.
scripts/verify/backup-npmplus.sh NPMplus backup only.
scripts/bridge/run-send-cross-chain.sh sendCrossChain; omit --dry-run to execute.
scripts/verify/run-contract-verification-with-proxy.sh Blockscout verification.
scripts/maintenance/address-all-remaining-502s.sh Fix 502s (+ optional --run-besu-fix --e2e).
scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e Full maintenance + E2E.
scripts/run-all-operator-tasks-from-lan.sh Backup + verify ± deploy ± create-vms.
scripts/security/setup-ssh-key-auth.sh SSH key-only auth (--dry-run then --apply).
scripts/security/firewall-proxmox-8006.sh Restrict Proxmox API to CIDR.
scripts/secure-validator-keys.sh chmod 600 + chown besu for validator keys.
scripts/maintenance/schedule-daily-weekly-cron.sh Daily/weekly checks cron.

9. One-page “start here” order

  1. Get unblocked on LAN and secrets

    • Arrange VPN or machine on 192.168.11.x.
    • Get NPM_PASSWORD (and optionally PRIVATE_KEY) into .env (never commit).

  2. Wave 0

    • Run scripts/run-wave0-from-lan.sh (or RPC fix + backup separately).
    • Run sendCrossChain once if you have PRIVATE_KEY and LINK.

  3. 502s and verification

    • Run address-all-remaining-502s.sh --run-besu-fix --e2e from LAN.
    • Run Blockscout verification script.

  4. Fill TBDs

    • Sankofa: set the-order.sankofa.nexus target (VMID, IP, port) in SANKOFA_CUTOVER_PLAN.md.
    • CCIP: collect per-chain addresses (CCIP directory) and fund deployer wallets for Gnosis/Celo/Wemix.

  5. dbis_core

    • Fix Prisma generate (DATABASE_URL, Prisma version); then apply TS fixes by priority.

  6. External

    • Trust Wallet: open wallet-core PR.
    • CoinGecko/CMC: get report API URL and logos; submit when platform supports 138.
    • Consensys: send outreach using CONSENSYS_OUTREACH_PACKAGE.
    • Ledger: follow up when they respond.

  7. Maintenance

    • Install cron for daily/weekly checks and NPMplus backup on chosen host.

Related: STILL_NOT_DONE_EXECUTION_CHECKLIST.md | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md | REMAINING_WORK_DETAILED_STEPS.md

Reference in New Issue View Git Blame Copy Permalink