Continue and Complete — Operator Checklist
Last Updated: 2026-02-08
Completion run: NEXT_STEPS_COMPLETION_RUN_20260208.md
Run all automated next steps: bash scripts/run-all-next-steps.sh → report in docs/04-configuration/verification-evidence/NEXT_STEPS_RUN_*.md
Purpose: Single run-order checklist for all remaining work after Dev/Codespaces (items 1–6) are done.
Full detail: NEXT_STEPS_ALL.md | REMAINING_ITEMS_DOTENV_AND_ACTIONS.md
Status overview
| Items |
Status |
| 1–6 (Fourth NPMplus, SSH keys, Gitea, rsync, push, verification) |
DONE |
| 7 Bridge (real) |
Run from LAN; fix if reverted (LINK, pause, params). See NEXT_STEPS_COMPLETION_RUN_20260208.md |
| 8 Security (SSH key-only + UFW 8006) |
Applied 2026-02-08 (hosts may need sudo in PATH / UFW or iptables) |
| 9 2506–2508 JWT / identity |
Manual: nginx + tokens per container |
| 10 Explorer SSL |
Manual: NPMplus UI |
| 11 NPMplus cert 134 |
Manual: NPMplus UI |
| 12 Wave 2 & 3 |
Per WAVE2_WAVE3_OPERATOR_CHECKLIST.md |
| 13 Smart contracts (deploy + verify) |
Run from LAN (RPC 192.168.11.211, Blockscout .140 reachable). Deploy timed out from workspace; verify ran but Blockscout unreachable. |
Run in order when ready
Do these when credentials and network are in place. Secrets: PRIVATE_KEY and same-wallet LINK live in smom-dbis-138/.env (bridge + contract deploy).
| # |
What |
Command (from repo root unless noted) |
| 7 |
Bridge real run |
bash scripts/bridge/run-send-cross-chain.sh 0.01 |
| 8 |
Security on Proxmox hosts |
bash scripts/security/run-security-on-proxmox-hosts.sh --apply (after SSH key login works to .10, .11, .12) |
| 13a |
Deploy contracts (Chain 138) |
cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh |
| 13b |
WETH bridge (if needed) |
GAS_PRICE=1000000000 ./scripts/deploy-and-configure-weth9-bridge-chain138.sh then set CCIPWETH9_BRIDGE_CHAIN138 in smom-dbis-138/.env |
| 13c |
Verify contracts (Blockscout) |
source smom-dbis-138/.env 2>/dev/null && ./scripts/verify/run-contract-verification-with-proxy.sh |
Manual / UI steps (no single script)
| # |
What |
Where |
| 9 |
2506–2508 JWT and identity (2506→Luis, 2507/2508→Putu) |
CHAIN138_JWT_AUTH_REQUIREMENTS.md, scripts/generate-jwt-token-for-container.sh |
| 10 |
Explorer SSL (no cert warning) |
NPMplus https://192.168.11.167:81 → SSL → Let's Encrypt explorer.d-bis.org → assign to proxy, Force SSL |
| 11 |
NPMplus cert 134 (cross-all.defi-oracle.io) |
NPMplus → SSL Certificates → re-request or re-save cert |
| 12 |
Wave 2 & 3 (monitoring, Grafana, VLANs, CCIP Ops/Admin, DBIS, etc.) |
WAVE2_WAVE3_OPERATOR_CHECKLIST.md |
Push all projects to Gitea + as4-411 in Phoenix (Sankofa Marketplace)
as4-411 is initialized as a git repo at ~/projects/as4-411 and is intended as a deployable LogicApps-like solution for the Sankofa Marketplace. Add it to Phoenix (Sankofa) as a submodule, then push all projects from ~/projects to Gitea.
| Step |
Command (from proxmox repo root) |
| 1. Push all projects to Gitea |
GITEA_TOKEN=xxx bash scripts/dev-vm/push-all-projects-to-gitea.sh |
| 2. Add as4-411 as submodule in Sankofa |
bash scripts/dev-vm/add-as4-411-submodule-to-sankofa.sh |
| 3. Commit submodule in Sankofa |
cd ~/projects/Sankofa && git add .gitmodules marketplace/as4-411 && git commit -m "Add as4-411 as marketplace submodule (LogicApps-like deployable)" |
Dry-run (no token): bash scripts/dev-vm/push-all-projects-to-gitea.sh --dry-run — lists 22 repos under ~/projects (including as4-411).
Projects dir: Set PROJECTS_DIR=/path to use a different parent directory.
Note: loc_az_hci is fixed (initial commit pushed). js can still fail with HTTP 413 until Gitea server limit is raised — see GITEA_LARGE_PUSH_HTTP_413.md.
Quick checks (safe to run anytime)
| Check |
Command |
| Bridge dry-run |
bash scripts/bridge/run-send-cross-chain.sh 0.01 --dry-run |
| Security dry-run |
bash scripts/security/run-security-on-proxmox-hosts.sh (no --apply) |
| NPMplus backup |
bash scripts/verify/backup-npmplus.sh (NPM_PASSWORD in .env) |
| Push-all dry-run |
bash scripts/dev-vm/push-all-projects-to-gitea.sh --dry-run |
References
bea1903ac9