proxmox/docs/00-meta/REMAINING_TASKS_BREAKDOWN_MISSING_INFO.md

Remaining Tasks — Breakdown and Missing Information

Purpose: For each remaining task, this doc states what is needed, what is missing, and where to get it or what to create so you can start completing everything.

Source: STILL_NOT_DONE_EXECUTION_CHECKLIST.md, OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md, REMAINING_WORK_DETAILED_STEPS.md, OPERATOR_READY_CHECKLIST.md.

---

How to use this doc

• Needed = inputs/access required to run the task.
• Missing = what you don’t have yet (or is TBD).
• Where to get / What to do = concrete action to obtain the missing piece or create it.

---

1. Operator / LAN — Wave 0 and runbooks

W0-1: NPMplus RPC fix (405)

	Detail
Needed	Host on LAN (192.168.11.x); script exists: scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh.
Missing	1) Physical/VPN access to 192.168.11.x. 2) NPM_PASSWORD (and optionally NPM_URL, NPM_EMAIL) in root .env so the script can call NPMplus API.
Where to get	LAN: Use a machine on the same network as NPMplus (e.g. office, VPN, or jump host). NPM_PASSWORD: From whoever manages NPMplus (default admin password or reset via container). If you have it but it’s hardcoded in a script, move it to .env only; see MASTER_SECRETS_INVENTORY.md.
Doc	REMAINING_WORK_DETAILED_STEPS.md § W0-1.

W0-2: sendCrossChain (real)

	Detail
Needed	PRIVATE_KEY in .env (wallet with gas + LINK for fees); bridge 0xcacfd227A040002e49e2e01626363071324f820a; recipient address.
Missing	1) A wallet private key you control. 2) LINK approved for the bridge fee (if the bridge charges LINK). 3) Optional: recipient address (script may have default).
Where to get	PRIVATE_KEY: Create or use an existing funded wallet; set in root or smom-dbis-138/.env. LINK: On Chain 138, approve LINK for the bridge contract (amount depends on fee). Recipient: Any valid address on the destination chain.
Doc	REMAINING_WORK_DETAILED_STEPS.md § W0-2; OPERATOR_READY_CHECKLIST.md §8.

W0-3: NPMplus backup

	Detail
Needed	NPM_PASSWORD in .env; host that can reach NPMplus API (LAN).
Missing	Same as W0-1: LAN access and NPM_PASSWORD.
Where to get	Same as W0-1. Script: scripts/verify/backup-npmplus.sh or scripts/run-wave0-from-lan.sh (no --skip-backup).

Blockscout verification

	Detail
Needed	Blockscout reachable (e.g. from LAN or via proxy); smom-dbis-138/.env with keys if verification uses Etherscan/Blockscout API.
Missing	1) Network path to Blockscout (or proxy). 2) Any API key/token if Blockscout requires it for verification.
Where to get	Run from LAN: source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh. Retry one contract: --only ContractName. If Blockscout is only on 192.168.11.x, run from a host that can reach that IP.

Fix E2E 502s

	Detail
Needed	SSH from your machine to Proxmox hosts (r630-01, r630-02, ml110); optional: NPM_PASSWORD for NPMplus proxy update step.
Missing	1) SSH access (key or password) to root@192.168.11.11, .12, and ml110. 2) Which backends are actually down (can discover by running the script with --dry-run or diagnose-only).
Where to get	SSH: Use same credentials as for Proxmox management. Discovery: Run ./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e (or first diagnose-and-fix-502s-via-ssh.sh --diagnose-only). Runbook: 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md.

Run all operator tasks

	Detail
Needed	LAN; .env with NPM_PASSWORD and optionally PRIVATE_KEY; SSH to Proxmox.
Missing	Same as above: LAN, NPM_PASSWORD, SSH, and (for deploy) PRIVATE_KEY.
Where to get	./scripts/run-all-operator-tasks-from-lan.sh --dry-run to print steps; then run without --dry-run, optionally --deploy or --create-vms.

Gnosis, Celo, Wemix CCIP bridges

	Detail
Needed	Per chain: RPC URL, CCIP Router address, LINK token address, WETH9/WETH10 addresses, deployer private key with native gas (xDAI, CELO, WEMIX).
Missing	1) CCIP Router + LINK + WETH9/WETH10 for each chain — from Chainlink CCIP supported networks. 2) Deployer wallets funded with native gas on Gnosis, Celo, Wemix. 3) After deploy: bridge addresses for Step 2/3 (add destinations, fund LINK).
Where to get	Addresses: CCIP directory + chain docs (e.g. Gnosis/Celo/Wemix WETH contracts). Gas: Send xDAI/CELO/WEMIX to deployer. Steps: CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md Step 1–4.

LINK support on Mainnet relay

	Detail
Needed	Code/contract change (extend CCIPRelayBridge for LINK or deploy LINK receiver); deploy; set relaySupported: true for LINK in config/token-mapping.json; restart relay on r630-01.
Missing	1) Decision: Option A (extend bridge) vs Option B (separate LINK receiver). 2) Mainnet deployer key and gas. 3) Access to relay host (r630-01) to restart service.
Where to get	Spec: RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md. Contract: smom-dbis-138/contracts/relay/CCIPRelayBridge.sol. Relay path: /opt/smom-dbis-138/services/relay (restart from LAN/SSH).

Wemix token verification

	Detail
Needed	Correct WETH, USDT, USDC contract addresses on Wemix; update config/token-mapping-multichain.json and WEMIX_TOKEN_VERIFICATION.md if different.
Missing	Confirmation that addresses in config match scan.wemix.com/tokens.
Where to get	Open scan.wemix.com/tokens; look up WETH, USDT, USDC; compare to repo config; edit JSON + doc; run ./scripts/validation/validate-config-files.sh.

Phase 2–4 deployment

	Detail
Needed	Prometheus/Grafana/Loki/Alertmanager configs; VLAN design (UDM Pro + Proxmox); Phase 4 tenant list; SSH to Proxmox; optional CCIP NAT pools (ER605 Blocks #2–4).
Missing	1) Phase 2: Which host(s) run monitoring stack; Alertmanager routes (email/Slack/PagerDuty). 2) Phase 3: NAT pool IPs/ranges for ER605 if not already set. 3) Phase 4: UDM Pro VLAN IDs (200–203 doc’d); which containers map to which tenant.
Where to get	Configs: smom-dbis-138/monitoring/, scripts/monitoring/; OPERATIONAL_RUNBOOKS.md; WAVE2_WAVE3_OPERATOR_CHECKLIST.md. Phase 4 steps: bash scripts/deployment/phase4-sovereign-tenants.sh --show-steps. VLANs: NETWORK_ARCHITECTURE.md §3–5; UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.md.

Proxmox/security (1–9)

	Detail
Needed	Root/SSH to Proxmox hosts; list of allowed IPs/CIDRs for API 8006; validator VMIDs and paths; backup destination.
Missing	1) CIDR for 8006: Which IPs may access Proxmox API (e.g. 192.168.11.0/24 or admin VPN). 2) Validator key paths on each host (e.g. /var/lib/besu on VMIDs 1000–1004). 3) Backup store for configs and encrypted validator keys.
Where to get	Checklist: OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md §1. Scripts: scripts/security/secure-env-permissions.sh, scripts/security/setup-ssh-key-auth.sh, scripts/security/firewall-proxmox-8006.sh, scripts/secure-validator-keys.sh. Backup: scripts/backup/automated-backup.sh; decide where to store outputs (off-host, encrypted).

---

2. Sankofa cutover (missing TBDs)

	Detail
Needed	For each Sankofa domain: target VMID, target IP, target port, service type.
Missing	the-order.sankofa.nexus: VMID, IP, port, service type still TBD in SANKOFA_CUTOVER_PLAN.md. Other four domains have values (e.g. 7801/192.168.11.51/3000 for sankofa.nexus).
Where to get	Deploy The Order portal; assign VMID and IP; document in SANKOFA_CUTOVER_PLAN.md table; then run cutover steps (replace proxy backends in NPMplus).

---

3. dbis_core TypeScript (~1186 errors)

	Detail
Needed	npx prisma generate succeeding in dbis_core/; then systematic edits per DBIS_CORE_TS_FIXES_DETAILED_LIST.md.
Missing	1) Prisma generate: Currently fails with “path argument must be of type string. Received undefined” (possible Prisma + large schema). Fix: try Prisma 5.22+ or ensure DATABASE_URL in dbis_core/.env; or run from a clean cd dbis_core && npm install and retry. 2) Bulk fixes: Prioritized list exists; need to apply Priority 1–4 by module (imports, return statements, JsonValue, Prisma types, etc.).
Where to get	Prisma: Set DATABASE_URL in dbis_core/.env (e.g. postgresql://user:pass@host:5432/dbis_core); try npx prisma generate again; if still failing, try upgrading Prisma. Fixes: DBIS_CORE_TS_FIXES_DETAILED_LIST.md; sample return fixes already applied in market-admin, peg-admin, bridge-admin routes. Verify: pnpm exec tsc --noEmit in dbis_core.

---

4. Security audits and bridge integrations

	Detail
Needed	Assignee/owner for smom audits (VLT-024, ISO-024) and bridge items (BRG-VLT, BRG-ISO); no repo automation.
Missing	Decision on who runs or commissions the audits; backlog/roadmap slot.
Where to get	Track in smom backlog; see TODO_TASK_LIST_MASTER.md §5.

---

5. External / third-party

Ledger

	Detail
Needed	Tally form submitted; Ledger’s response and agreement/integration steps.
Missing	Ledger’s reply and next steps (form already submitted per ADD_CHAIN138_TO_LEDGER_LIVE.md).
Where to get	Wait for Ledger; follow any link/instructions they send.

Trust Wallet

	Detail
Needed	PR to trustwallet/wallet-core with Chain 138 registry entry (CoinID 10000138, etc.).
Missing	PR not yet opened; repo fork and branch; chain 138 JSON/config per Trust’s “new EVM chain” docs.
Where to get	ADD_CHAIN138_TO_TRUST_WALLET.md (steps + CoinID 10000138); clone wallet-core, add chain 138, open PR.

Consensys (MetaMask Swaps/Bridge)

	Detail
Needed	Outreach to Consensys/MetaMask for native Swaps/Bridge support for Chain 138.
Missing	Contact channel (form, email, or partner program) and a short pitch (chain live, RPC, explorer, use case).
Where to get	metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md; MetaMask/Consensys partner or developer pages.

CoinGecko / CMC

	Detail
Needed	Token Aggregation report API reachable; chain + token data; 512×512 logos; CoinGecko/CMC submission forms.
Missing	1) Report API: Service running and URL (e.g. for /api/v1/report/coingecko?chainId=138). 2) Platform support: CoinGecko/CMC may not list Chain 138/651940 until they add the chain. 3) Logos: Per-token and chain logos in required format.
Where to get	Runbook: docs/04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md; smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md. Export: curl "https://<token-aggregation-url>/api/v1/report/coingecko?chainId=138". If platforms don’t support 138 yet, keep runbook and submit when they do.

---

6. API keys (for scripts and services)

	Detail
Needed	Keys for Li.Fi, Jumper, 1inch, MoonPay, Ramp, DocuSign, Slack, PagerDuty, Etherscan, CoinGecko, CMC, etc., in root and subproject .env.
Missing	Actual key values; sign-up and approval for each service.
Where to get	reports/API_KEYS_REQUIRED.md (sign-up URLs and env var names); docs/00-meta/API_KEYS_DOTENV_STATUS.md. Copy into .env (never commit); restart services that use them.

---

7. Maintenance (cron and ongoing)

	Detail
Needed	Host where crontab can be installed (e.g. jump host or Proxmox node); scripts exist.
Missing	Decision on which host runs daily/weekly cron; one-time install.
Where to get	Cron install (once, from LAN): bash scripts/maintenance/schedule-daily-weekly-cron.sh --show then --install. NPMplus backup cron: scripts/maintenance/schedule-npmplus-backup-cron.sh --install. Checks: scripts/maintenance/daily-weekly-checks.sh daily / weekly.

---

8. Quick reference: scripts that exist

Script	Purpose
scripts/run-wave0-from-lan.sh	W0-1 + W0-3 (RPC fix + backup); run from LAN.
scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh	NPMplus RPC fix only; needs NPM_PASSWORD.
scripts/verify/backup-npmplus.sh	NPMplus backup only.
scripts/bridge/run-send-cross-chain.sh	sendCrossChain; omit --dry-run to execute.
scripts/verify/run-contract-verification-with-proxy.sh	Blockscout verification.
scripts/maintenance/address-all-remaining-502s.sh	Fix 502s (+ optional --run-besu-fix --e2e).
scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e	Full maintenance + E2E.
scripts/run-all-operator-tasks-from-lan.sh	Backup + verify ± deploy ± create-vms.
scripts/security/setup-ssh-key-auth.sh	SSH key-only auth (--dry-run then --apply).
scripts/security/firewall-proxmox-8006.sh	Restrict Proxmox API to CIDR.
scripts/secure-validator-keys.sh	chmod 600 + chown besu for validator keys.
scripts/maintenance/schedule-daily-weekly-cron.sh	Daily/weekly checks cron.

---

9. One-page “start here” order

1. Get unblocked on LAN and secrets

   • Arrange VPN or machine on 192.168.11.x.
   • Get NPM_PASSWORD (and optionally PRIVATE_KEY) into .env (never commit).

2. Wave 0

   • Run scripts/run-wave0-from-lan.sh (or RPC fix + backup separately).
   • Run sendCrossChain once if you have PRIVATE_KEY and LINK.

3. 502s and verification

   • Run address-all-remaining-502s.sh --run-besu-fix --e2e from LAN.
   • Run Blockscout verification script.

4. Fill TBDs

   • Sankofa: set the-order.sankofa.nexus target (VMID, IP, port) in SANKOFA_CUTOVER_PLAN.md.
   • CCIP: collect per-chain addresses (CCIP directory) and fund deployer wallets for Gnosis/Celo/Wemix.

5. dbis_core

   • Fix Prisma generate (DATABASE_URL, Prisma version); then apply TS fixes by priority.

6. External

   • Trust Wallet: open wallet-core PR.
   • CoinGecko/CMC: get report API URL and logos; submit when platform supports 138.
   • Consensys: send outreach using CONSENSYS_OUTREACH_PACKAGE.
   • Ledger: follow up when they respond.

7. Maintenance

   • Install cron for daily/weekly checks and NPMplus backup on chosen host.

---

Related: STILL_NOT_DONE_EXECUTION_CHECKLIST.md | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md | REMAINING_WORK_DETAILED_STEPS.md