d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2a6d3cfc7f765252f92066b511c898e957ebc546
proxmox/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md
defiQUG b3a8fe4496
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: sync all changes to Gitea 
- Config, docs, scripts, and backup manifests
- Submodule refs unchanged (m = modified content in submodules)

Made-with: Cursor
2026-03-02 11:37:34 -08:00

86 lines
5.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Recommendations and operator checklist (R1R24)
**Purpose:** Single checklist for all recommendations from [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 2. Use when deploying, verifying, or operating.
**Related:** [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) | [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) | [MASTER_SECRETS_INVENTORY](../04-configuration/MASTER_SECRETS_INVENTORY.md) | [COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) (full plan: required / optional / recommended).
---
## Verification and source of truth (R1R3)
| # | Action | When |
|---|--------|------|
| R1 | Verify every deployed contract on Blockscout (Forge Verification Proxy or BLOCKSCOUT_VERIFICATION_GUIDE) | After each deployment when Blockscout is reachable |
| R2 | Keep [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md) updated; reconcile duplicate .env entries | When new contracts are deployed or deprecated |
| R3 | Run `./scripts/verify/check-contracts-on-chain-138.sh [RPC]`; fix any MISSING/EMPTY | Periodically or after deploy |
## Security and secrets (R4R7)
| # | Action | When |
|---|--------|------|
| R4 | **Do not use** CCIPWETH9Bridge at `0x89dd...`; use only `0x971c...` and set `CCIPWETH9_BRIDGE_CHAIN138` in env | Always; see runbook § Deprecated bridge |
| R5 | Never commit .env or private keys; use MASTER_SECRETS_INVENTORY; rotate any exposed keys | Always |
| R6 | API keys in .env.example — Done (placeholders) | — |
| R7 | Restrict deployer key and RPC admin access (RPC_URL_138) to operators who need them | Access review |
## Deployment (R8R11)
| # | Action | When |
|---|--------|------|
| R8 | Set RPC_URL_138 (Core); run from LAN/VPN if 192.168.11.x not reachable | Before deploy |
| R9 | Use GAS_PRICE=1000000000 (or current min) on Chain 138; see CONTRACT_DEPLOYMENT_RUNBOOK | Every forge script/create on 138 |
| R10 | Phased core: 01_DeployCore first, set env, then 02_DeployBridges; alltra-lifi: MerchantSettlementRegistry before WithdrawalEscrow | Deploy order |
| R11 | If tx stuck, manage nonce; see DEPLOYMENT_STRATEGY_EVALUATION | Troubleshooting |
## Documentation and runbooks (R12R13)
| # | Action | When |
|---|--------|------|
| R12 | Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, BLOCKSCOUT_FIX_RUNBOOK in sync with scripts and Blockscout URL | After script or URL changes |
| R13 | When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc; update [ADDRESS_MATRIX_AND_STATUS](../11-references/ADDRESS_MATRIX_AND_STATUS.md) | Per-chain deploy |
## Automation and CI/CD (R14R16)
| # | Action | When |
|---|--------|------|
| R14 | Run run-contract-verification-with-proxy.sh after deployments when Blockscout reachable from CI | CI after deploy |
| R15 | Consider single script: check env → deploy → verify → update config (COMPREHENSIVE_RECOMMENDATIONS § Infrastructure) | Automation |
| R16 | Use .env.development / .env.staging / .env.production or JSON configs per chain | Config hygiene |
## Monitoring and operations (R17R18)
| # | Action | When |
|---|--------|------|
| R17 | Monitor critical bridge/oracle events (TransferInitiated, TransferCompleted, price updates); see COMPREHENSIVE_RECOMMENDATIONS § Monitoring | Ongoing |
| R18 | Ensure Blockscout (VMID 5000) is up and /api reachable; see EXPLORER_API_ACCESS, BLOCKSCOUT_FIX_RUNBOOK | Health checks |
## Testing and quality (R19R20)
| # | Action | When |
|---|--------|------|
| R19 | Run `forge test` in smom-dbis-138 and alltra-lifi-settlement before deploying; run integration tests where available | Pre-deploy |
| R20 | NatSpec on public contract functions (verification and tooling) | Code quality |
## Configuration and DNS (R21R22)
| # | Action | When |
|---|--------|------|
| R21 | When The Order is deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs | Sankofa/The Order go-live |
| R22 | Document or configure blocks #2#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER (or mark reserved); see NETWORK_PLACEHOLDERS_DECISION | When decided |
## Quick wins (R23)
| # | Action | When |
|---|--------|------|
| R23 | Scripts: add progress indicators; add --dry-run where missing; extend config validation (IMPLEMENTATION_CHECKLIST). **Done:** `run-completable-tasks-from-anywhere.sh` has Step 1/44/4; `validate-config-files.sh`, `run-e2e-flow-tasks-full-parallel.sh`, `run-all-operator-tasks-from-lan.sh` support `--dry-run`. | Script updates |
## Token mapping (R24)
| # | Action | When |
|---|--------|------|
| R24 | Keep config/token-mapping.json as single source of truth for 138↔Mainnet; when adding tokens update token-mapping.json and optionally CHAIN138_TOKEN_ADDRESSES; see TOKEN_MAPPING_AND_MAINNET_ADDRESSES | Adding tokens |
---
**Key commands:** See [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 3.
Reference in New Issue View Git Blame Copy Permalink