d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3e9645274a5f6e2cbc5bae1dff55d3aed0295cbf
proxmox/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md
defiQUG b3a8fe4496
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: sync all changes to Gitea 
- Config, docs, scripts, and backup manifests
- Submodule refs unchanged (m = modified content in submodules)

Made-with: Cursor
2026-03-02 11:37:34 -08:00

5.2 KiB
Raw Blame History

Recommendations and operator checklist (R1R24)

Purpose: Single checklist for all recommendations from REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS Part 2. Use when deploying, verifying, or operating.

Related: CONTRACT_DEPLOYMENT_RUNBOOK | BLOCKSCOUT_VERIFICATION_GUIDE | MASTER_SECRETS_INVENTORY | COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md (full plan: required / optional / recommended).

Verification and source of truth (R1R3)

# Action When
R1 Verify every deployed contract on Blockscout (Forge Verification Proxy or BLOCKSCOUT_VERIFICATION_GUIDE) After each deployment when Blockscout is reachable
R2 Keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated; reconcile duplicate .env entries When new contracts are deployed or deprecated
R3 Run ./scripts/verify/check-contracts-on-chain-138.sh [RPC]; fix any MISSING/EMPTY Periodically or after deploy

Security and secrets (R4R7)

# Action When
R4 Do not use CCIPWETH9Bridge at 0x89dd...; use only 0x971c... and set CCIPWETH9_BRIDGE_CHAIN138 in env Always; see runbook § Deprecated bridge
R5 Never commit .env or private keys; use MASTER_SECRETS_INVENTORY; rotate any exposed keys Always
R6 API keys in .env.example — Done (placeholders)
R7 Restrict deployer key and RPC admin access (RPC_URL_138) to operators who need them Access review

Deployment (R8R11)

# Action When
R8 Set RPC_URL_138 (Core); run from LAN/VPN if 192.168.11.x not reachable Before deploy
R9 Use GAS_PRICE=1000000000 (or current min) on Chain 138; see CONTRACT_DEPLOYMENT_RUNBOOK Every forge script/create on 138
R10 Phased core: 01_DeployCore first, set env, then 02_DeployBridges; alltra-lifi: MerchantSettlementRegistry before WithdrawalEscrow Deploy order
R11 If tx stuck, manage nonce; see DEPLOYMENT_STRATEGY_EVALUATION Troubleshooting

Documentation and runbooks (R12R13)

# Action When
R12 Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, BLOCKSCOUT_FIX_RUNBOOK in sync with scripts and Blockscout URL After script or URL changes
R13 When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc; update ADDRESS_MATRIX_AND_STATUS Per-chain deploy

Automation and CI/CD (R14R16)

# Action When
R14 Run run-contract-verification-with-proxy.sh after deployments when Blockscout reachable from CI CI after deploy
R15 Consider single script: check env → deploy → verify → update config (COMPREHENSIVE_RECOMMENDATIONS § Infrastructure) Automation
R16 Use .env.development / .env.staging / .env.production or JSON configs per chain Config hygiene

Monitoring and operations (R17R18)

# Action When
R17 Monitor critical bridge/oracle events (TransferInitiated, TransferCompleted, price updates); see COMPREHENSIVE_RECOMMENDATIONS § Monitoring Ongoing
R18 Ensure Blockscout (VMID 5000) is up and /api reachable; see EXPLORER_API_ACCESS, BLOCKSCOUT_FIX_RUNBOOK Health checks

Testing and quality (R19R20)

# Action When
R19 Run forge test in smom-dbis-138 and alltra-lifi-settlement before deploying; run integration tests where available Pre-deploy
R20 NatSpec on public contract functions (verification and tooling) Code quality

Configuration and DNS (R21R22)

# Action When
R21 When The Order is deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs Sankofa/The Order go-live
R22 Document or configure blocks #2#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER (or mark reserved); see NETWORK_PLACEHOLDERS_DECISION When decided

Quick wins (R23)

# Action When
R23 Scripts: add progress indicators; add --dry-run where missing; extend config validation (IMPLEMENTATION_CHECKLIST). Done: run-completable-tasks-from-anywhere.sh has Step 1/44/4; validate-config-files.sh, run-e2e-flow-tasks-full-parallel.sh, run-all-operator-tasks-from-lan.sh support --dry-run. Script updates

Token mapping (R24)

# Action When
R24 Keep config/token-mapping.json as single source of truth for 138↔Mainnet; when adding tokens update token-mapping.json and optionally CHAIN138_TOKEN_ADDRESSES; see TOKEN_MAPPING_AND_MAINNET_ADDRESSES Adding tokens

Key commands: See REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS Part 3.

Reference in New Issue View Git Blame Copy Permalink