Files

defiQUG bea1903ac9

Deploy to Phoenix / deploy (push) Has been cancelled

Details

Sync all local changes: docs, config, scripts, submodule refs, verification evidence

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-21 15:46:06 -08:00

19 KiB

Raw Blame History

Master TODO — Fully Expanded (Everything Conceivable and Possible)

Last Updated: 2026-02-13
Purpose: Single exhaustive checklist of every task, recommendation, placeholder, and operational item across the repo. Use for prioritization, tracking, and ensuring nothing is missed.

When you complete an item: Update the corresponding source doc per BLITZKRIEG_SOURCE_DOCUMENT_INDEX.

1. Blitzkrieg Execution Trail (Steps 0–19)

#	Task	Status
0	Environment freeze + canonical authority; run `./scripts/validation/validate-config-files.sh`; lock env; F-1–F-4	[ ]
1	Lock canonical registry; document required env in token-aggregation README; freeze naming/symbols	[x]
2	Emit `dbis-138.tokenlist.json` deterministically; schema + hash lock	[x]
3	Emit `all-mainnet.tokenlist.json` deterministically	[x]
4	GRU M1 validation (cUSDC, cUSDT); run `check-contracts-on-chain-138.sh`; BridgeVault wiring	[ ]
5	GRU M1 CCIP enablement; validate routes 1↔138, 137↔138; fund LINK	[ ]
6	ISO-4217 eMoney (all c, w) in canonical; CCIP propagation	[ ]
7	W-Tokens + AlltraAdapter: setBridgeFee after deploy; document in PLACEHOLDERS_AND_TBD	[x]
8	Canonical → dual list sync; schema/lint; no testnet in prod list	[ ]
9	Token Aggregation API deployment; versioned endpoint	[ ]
10	Wallet ingestion: Ledger (1–3), Trust (4–5), Snap (6), Consensys (24), CoinGecko (25); LiFi/Stargate/Hop	[ ]
11	Blockscout verification: run `run-contract-verification-with-proxy.sh`; verify Multicall vs Oracle at 0x99b35...	[ ]
12	Bridge hardening: use only 0x971c...; CCIP + BridgeVault + AlltraAdapter full sync	[ ]
13	CI/CD: verification in pipeline; deployment automation script; .env per environment	[x]
14	Monitoring + alerting: bridge events, registry drift; R17–R18	[ ]
15	Security: R4–R7; deprecated bridge; secrets; restrict RPC_CORE_1; S-1–S-9	[ ]
16	Dry-run full march: `run-completable-tasks-from-anywhere.sh`; gas + nonce; R19–R20, R23	[x]
17	Optional: Tezos/Etherlink relay + DON (after Step 16)	[ ]
18	Optional: DODO / EnhancedSwapRouter (after Step 16)	[ ]
19	Optional: same as 18 (trail)	[ ]

2. Recommendations R1–R23

ID	Task	Status
R1	Verify every contract on Blockscout; use run-contract-verification-with-proxy.sh	[ ]
R2	Single source of truth: CONTRACT_ADDRESSES_REFERENCE, SMART_CONTRACTS_INVENTORY_ALL_CHAINS; reconcile .env	[ ]
R3	On-chain confirmation: run check-contracts-on-chain-138.sh; fix MISSING/EMPTY	[ ]
R4	Deprecated bridge: use only 0x971c...; set CCIPWETH9_BRIDGE_CHAIN138	[x]
R5	Secrets: no .env/keys in repo; MASTER_SECRETS_INVENTORY; rotate exposed	[ ]
R6	API keys .env.example placeholders	[x]
R7	Restrict deployer key and RPC_CORE_1 access	[ ]
R8	RPC deploy Chain 138: 192.168.11.211:8545 or rpc-core.d-bis.org	[ ]
R9	Gas: GAS_PRICE=1000000000 for Chain 138 deploys	[x]
R10	Order: 01_DeployCore then 02_DeployBridges; MerchantSettlementRegistry before WithdrawalEscrow	[ ]
R11	Nonce discipline; DEPLOYMENT_STRATEGY_EVALUATION	[ ]
R12	Runbooks in sync: CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_FIX_RUNBOOK, BLOCKSCOUT_FORGE_VERIFICATION_EVALUATION	[x]
R13	Per-chain addresses in CONTRACT_ADDRESSES_REFERENCE / SMART_CONTRACTS_INVENTORY_ALL_CHAINS	[ ]
R14	Verification in pipeline after deploy when Blockscout reachable from CI	[x]
R15	Deployment automation: single script check env → deploy → verify → update config	[x]
R16	Config by environment: .env.development/staging/production or JSON per chain	[ ]
R17	Event monitoring: bridge/oracle events	[ ]
R18	Explorer health: Blockscout VMID 5000, /api reachable	[ ]
R19	Test before deploy: forge test smom-dbis-138, alltra-lifi-settlement; integration tests	[x]
R20	NatSpec on public contract functions	[x]
R21	Sankofa/The Order: when deployed add NPMplus proxy; RPC_ENDPOINTS_MASTER, SANKOFA_CUTOVER_PLAN TBDs	[ ]
R22	Network placeholders: blocks #2–#6 in NETWORK_ARCHITECTURE when assigned	[ ]
R23	Scripts: progress indicators; --dry-run where missing; extend config validation	[x]

3. Remaining Components — Tasks 1–30

3.1 Wallets (1–7)

#	Task	Status
1	Ledger: await Tally form response; sign agreement; integration steps	[ ]
2	Ledger: if PR/code review requested — push from LedgerLive, share	[ ]
3	Ledger: Step 8 manual test plan once 138 in Ledger Live	[ ]
4	Trust Wallet: PR to trustwallet/wallet-core; codegen + derivation tests	[ ]
5	Trust Wallet optional: submit Chain 138 logos via assets.trustwallet.com	[ ]
6	Chain 138 Snap: full E2E (Playwright + MetaMask Flask) when needed	[ ]
7	app-ethereum README: BOLOS_SDK note for contributors	[x]

3.2 Ledger when confirmed (8–17)

#	Task	Status
8	Ledger CAL tokens integration after chain added	[ ]
9	Ledger Swap (optional) if supported on 138	[ ]
10	Ledger Staking (optional) if 138 has staking	[ ]
11	Ledger Clear Signing plugin (optional) for CCIP/bridge	[ ]
12	Ledger i18n: add Chain 138 error keys	[ ]
13	Ledger live-common: add defi_oracle_meta_mainnet	[ ]
14	Ledger wallet-api: add 138 to allowed chainIds if needed	[ ]
15	Ledger app-ethereum icon if requested	[ ]
16	Ledger E2E/integration tests in ledger-live monorepo	[ ]
17	Confirm with Ledger: config shape, extend vs new family, pubKey vs publicKey	[ ]

3.3 Contracts and operator (18–23)

#	Task	Status
18	Blockscout source verification from LAN: run-contract-verification-with-proxy.sh	[ ]
19	Verify Multicall vs Oracle at 0x99b3511a2d315a497c8112c1fdd8d508d4b1e506; document result	[ ]
20	Periodic on-chain check when new contracts deployed	[ ]
21	Optional: deploy trustless bridge from script/bridge/trustless/	[ ]
22	Optional: mainnet/multichain deploy; document addresses per chain	[ ]
23	Optional: PaymentChannelManager / GenericStateChannelManager when needed	[ ]

3.4 MetaMask / listings (24–25)

#	Task	Status
24	Consensys outreach for native Swaps/Bridge for Chain 138	[ ]
25	CoinGecko (and optionally CMC) submission for Chain 138 and tokens	[ ]

3.5 Completable now (26–30)

#	Task	Status
26	Run run-completable-tasks-from-anywhere.sh	[x]
27	Config validation (validate-config-files.sh)	[x]
28	Tests: smom-dbis-138 forge test; alltra-lifi-settlement forge test + e2e	[ ]
29	Placeholders: AlltraAdapter fee, canonical env, quote FABRIC_CHAIN_ID, etc.	[ ]
30	API keys: sign up per API_KEYS_REQUIRED; add to .env	[ ]

4. DEX, Liquidity Pools, Cross-Chain, and TransactionMirror

Task	Status
TransactionMirror on Mainnet: confirm Etherscan verification at 0x4CF42c4F1dBa748601b8938be3E7ABD732E87cE9	[ ]
TransactionMirror on Chain 138: deploy when needed via deploy-transaction-mirror-chain138.sh or forge create	[ ]
Deploy DODOPMMIntegration when DODO integrated; set DODO env	[ ]
Implement DODOPMMProvider oracle-driven optimizePoolParameters (or document flow)	[ ]
When Uniswap V3/Balancer pools exist: set quoter/poolId; deploy EnhancedSwapRouter	[ ]
Implement alltra-lifi-settlement uniswap.service / curve.service when pools exist on 138/651940	[ ]
Deploy full trustless stack: InboxETH, BondManager, ChallengeManager, LiquidityPoolETH, SwapRouter, BridgeSwapCoordinator, MULTISIG	[ ]
Jumper API: implement when Jumper supports 138, 651940, 42793	[ ]
Quote service: set FABRIC_CHAIN_ID when Fabric live	[ ]
Restore/fix DODOPMMIntegration.t.sol from .bak when DODO integration active	[ ]

5. Tezos / Etherlink (TEZOS_CCIP_REMAINING_ITEMS)

5.1 External verification

Task	Status
Verify Etherlink in CCIP supported networks; record selector, Router, fee token	[ ]
Verify Jumper API support for 138, 651940, 42793, Tezos; document in TEZOS_JUMPER_SUPPORT_MATRIX	[ ]
Verify LiFi for Etherlink (chain 42793); set lifiSupported/ccipSupported in chains config	[ ]

5.2 Contracts and deployment

Task	Status
Run InitializeRegistry for Etherlink (42793) and Tezos L1 (1)	[ ]
Run DeployAllAdapters: TezosAdapter, EVMAdapter(42793); register in ChainRegistry	[ ]
Etherlink receiver contracts (CCIP or relay-compatible)	[ ]
Token list governance: add Etherlink/Tezos L1 tokens	[ ]
Set Etherlink finality (TEZOS_CROSS_CHAIN_FINALITY confirmation blocks)	[ ]

5.3 Off-chain services

Task	Status
Tezos L1 relay: real mint/transfer; set TEZOS_MINTER_ADDRESS, TEZOS_ORACLE_SECRET_KEY	[ ]
Etherlink custom relay if CCIP does not support Etherlink	[ ]
Etherlink relay-compatible receiver contract if custom relay	[ ]

5.4 Routing and DON

Task	Status
Rate limits/caps per destination (Tezos, Etherlink)	[ ]
Jumper API integration when supported	[ ]
Register Etherlink in DON if CCIP	[ ]
RMN policy for Tezos/Etherlink	[ ]

5.5 Monitoring and production

Task	Status
Implement Tezos/Etherlink metrics and dashboards	[ ]
Configure alerts for relay failures, backlog, LINK balance	[ ]
Enable TEZOS_BRIDGE_ENABLED / ETHERLINK_BRIDGE_ENABLED in production after sign-off	[ ]

5.6 Testing and security

Task	Status
TezosAdapter unit tests in CI	[ ]
Integration tests per TEZOS_INTEGRATION_TESTING	[ ]
Ghostnet E2E per TEZOS_E2E_RUNBOOK	[ ]
Security review of Etherlink contracts and relay before mainnet	[ ]

6. NOT_CHANGED_BY_DESIGN — Actionable Steps

Item	Task	Status
AlltraAdapter	Confirm fee; call setBridgeFee after deploy; document in PLACEHOLDERS_AND_TBD	[ ]
Smart accounts	Deploy EntryPoint, Factory, Paymaster; set env; .env.example + runbook done	[x]
EnhancedSwapRouter	Set quoter/poolId when Uniswap V3/Balancer pools exist	[ ]
DODOPMMProvider	Implement oracle-driven flow when DODO integrated	[ ]
Quote service	Set FABRIC_CHAIN_ID when Fabric live	[ ]
TezosRelayService	Real mint/transfer; set TEZOS_MINTER_ADDRESS; gate mock for production	[ ]
OMNIS backend	POST/PUT budgets, POST documents/upload, PATCH profile	[x]
CCIPLogger	Omit unless monitoring; TASK12 if needed	[x]
.bak files	BAK_FILES_DEPRECATION; listed and deprecated	[x]
dbis_core	Redis, PagerDuty, Prometheus when stack up; risk stub; deal-execution skipped	[x]

7. CONTRACT_NEXT_STEPS — Operator and Pending

Operator

Task	Status
Confirm 36 contracts on-chain (check-contracts-on-chain-138.sh)	[ ]
Run Blockscout verification (run-contract-verification-with-proxy.sh)	[ ]
Reconcile .env (one entry per variable)	[ ]
Verify Multicall vs Oracle at 0x99b35...	[ ]

Pending (when needed)

Task	Status
Trustless bridge deploy (script/bridge/trustless/)	[ ]
Mainnet/multichain deploy; document addresses per chain	[ ]
Vault/Reserve/Keeper deploy	[ ]
Dodo/swap deploy (script/deploy/dex/, DeployEnhancedSwapRouter)	[ ]
eMoney/smart accounts deploy	[ ]
PaymentChannelManager/GenericStateChannelManager on Mainnet or 138	[ ]

8. GAPS — Full Coverage

Security (GAPS §1)

Task	Status
API keys placeholder in all .env.example	[x]
Root/OMNIS/dbis_core/the-order: your-* only; MASTER_SECRETS_INVENTORY	[ ]

Config/DNS (GAPS §2)

Task	Status
the-order.sankofa.nexus when portal deployed; NPMplus proxy + RPC_ENDPOINTS_MASTER	[ ]
Sankofa cutover: replace TBDs in SANKOFA_CUTOVER_PLAN	[ ]
NPMplus proxy: sankofa → 7801/.51:3000, phoenix → 7800/.50:4000; only explorer → .140	[ ]
Blocks #2–#6 in NETWORK_ARCHITECTURE when assigned	[ ]

smom-dbis-138 (GAPS §3)

Task	Status
AlltraAdapter fee set and documented	[ ]
Smart accounts deploy + env	[ ]
EnhancedSwapRouter/DODOPMMProvider/Quote when pools/Fabric exist	[ ]
TezosRelayService real mint	[ ]
Canonical env documented (README + .env.example)	[x]
WETH bridges MAINNET_WETH9/10 when configuring cross-chain	[ ]

OMNIS (GAPS §5)

Task	Status
Sankofa Phoenix SDK integration or document timeline	[ ]
authController token blacklisting (implement or document)	[ ]
CI/CD and deploy: real deployment, health, migration	[ ]

the-order (GAPS §6)

Task	Status
court-efiling integration or document vendor	[ ]
e-signature integration or document provider	[ ]
document-security (watermark/redactions) implement or document	[ ]

Token aggregation (GAPS §8)

Task	Status
CoinGecko/CMC: submit 138/651940 or document	[ ]

Operational (GAPS §10)

Task	Status
NPMplus HA Keepalived/HAProxy (optional)	[ ]
UDM Pro VLAN (optional)	[ ]
Automated backups verified and scheduled	[ ]

9. ALL_REQUIREMENTS — Security and Deployment

Security (S-1–S-9)

ID	Task	Status
S-1	.env chmod 600	[x]
S-2	Validator key chmod 600, secure-validator-keys.sh	[ ]
S-3	SSH key-based auth; disable password	[ ]
S-4	Firewall: restrict Proxmox 8006 to admin CIDR	[ ]
S-5	No real API keys in .env.example	[x]
S-6	Rotate exposed keys; no private keys in docs	[ ]
S-7	smom: Security audits VLT-024, ISO-024	[ ]
S-8	smom: Bridge integrations BRG-VLT, BRG-ISO	[ ]
S-9	Network segmentation/VLANs (optional)	[ ]

Deployment (D-1–D-19+)

ID	Task	Status
D-1–D-3	Missing containers 2506–2508 (or document destroyed)	[ ]
D-4–D-6	VLAN (optional)	[ ]
D-7–D-10	Observability: Prometheus, Grafana, Loki, Alertmanager	[ ]
D-11–D-17	CCIP fleet per CCIP_DEPLOYMENT_SPEC	[ ]
D-18–D-19	Sovereign tenants VLANs 200–203	[ ]

10. Supreme Command (Luftwaffe) — Operational

Task	Status
Update deployment matrix (chain table 138, 651940, 1, 137, 56, 10) for canonical, list, contracts, bridge, monitoring	[ ]
Risk scoreboard: no step risk ≥4 without mitigation	[ ]
RAG dashboard: Green/Amber/Red from hash diff, heartbeat, bytecode, API	[ ]
Reconciliation: token metadata, liquidity/routing, consumer; pre/post + 24h sweep	[ ]
Prod vs testnet: environment gating; no testnet address in prod list	[ ]
War-room: pre-march checklist, live controls, post-march verification, RED escalation protocol	[ ]

11. Absolute Air Superiority — Resilience

Task	Status
Sentinel layer: Observe/Guard/Sovereign; auto-pause on drift	[ ]
Canonical anchoring: SHA-256 on-chain (138); no list emission without anchor	[ ]
Circuit breaker: liquidity >5%, heartbeat >2 blocks, mint/burn → freeze, log, Sentinel	[ ]
Liquidity stress test: 2x volume, 30% withdrawal, one-chain down; pass before prod	[ ]
Time-to-containment: drift <30s, bridge isolation <2min, canonical freeze <1min, sweep <15min	[ ]
Formal verification roadmap: BridgeVault, AlltraAdapter, GRU M1, canonical registry	[ ]
Sovereign continuity: multi-region failover, cold-storage snapshot, read-only emergency endpoint, recovery playbook	[ ]

12. Documentation and Maintenance

Task	Status
When new token/bridge: update BLITZKRIEG §2 three-column table and §3 numbered trail	[ ]
When completing any item: update source doc per BLITZKRIEG_SOURCE_DOCUMENT_INDEX	[ ]
MASTER_INDEX and MASTER_PLAN link to BLITZKRIEG (verified)	[x]
register-all-mainnet: verify avgBlockTime and set in script	[ ]
TEZOS_USDTZ route planner: replace TBD bridge provider	[ ]

13. Proxmox / LAN / Operator (when you have secrets)

Task	Status
Run run-all-operator-tasks-from-lan.sh (validation, backup, optional --deploy, --create-vms)	[ ]
Deploy TransactionMirror Chain 138 if mirror feature needed	[ ]
Deploy phased core (01_DeployCore, 02_DeployBridges) if redeploying	[ ]
VM creation per PROXMOX_VM_CREATION_RUNBOOK when needed	[ ]
NPMplus backup: schedule and verify	[ ]

14. Optional / Enhancements

Task	Status
Paymaster deploy (DeployPaymaster.s.sol) when smart accounts needed	[ ]
dbis_core: resolve ~1186 TS errors (deferred)	[ ]
Resource/network/database optimization	[ ]
CCIPLogger deploy via Hardhat (TASK12) if monitoring required	[ ]
NPMplus HA: Keepalived or HAProxy; document failover	[ ]
UDM Pro VLAN migration; document in NETWORK_ARCHITECTURE	[ ]

15. ALL_IMPROVEMENTS_AND_GAPS_INDEX (1–139)

Work through ALL_IMPROVEMENTS_AND_GAPS_INDEX.md (ranges 1–139; parallel by cohort where no deps). See TODO_TASK_LIST_MASTER §4.

Validation and quick commands

Check	Command
Completable from anywhere	`./scripts/run-completable-tasks-from-anywhere.sh` [--dry-run]
Config validation	`./scripts/validation/validate-config-files.sh`
On-chain check (36 addresses)	`./scripts/verify/check-contracts-on-chain-138.sh [RPC]`
Blockscout verification	`source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh`
All validation	`bash scripts/verify/run-all-validation.sh [--skip-genesis]`
Full verification	`bash scripts/verify/run-full-verification.sh`
Token list schema + hash (Blitzkrieg 2–3)	`node token-lists/scripts/validate-and-hash.js`
Deploy + verify Chain 138 (R15)	`bash scripts/deployment/deploy-verify-chain138.sh [--dry-run] [--deploy] [--verify-only]`

19 KiB Raw Blame History Unescape Escape