proxmox/docs/dbis-rail/DBIS_RAIL_AND_PROJECT_COMPLETION_MASTER_V1.md

DBIS Rail and Project Completion Master — Status and Full Task List v1

Purpose: Single reference for (1) current project and deployment status and (2) the complete list of tasks to reach audit-ready DBIS Rail and full project completion — including all optional items.

Companion: Audit Readiness Results v1, Deployment Order of Operations, Complete Required/Optional/Recommended Index.

Implementation coordination: Align all implementations with Implementation Coordination with Transcript 540ae663. That transcript completed PMM/DEX (pools, DODOPMMProvider), 10 compliant fiat tokens on Chain 138, GRU registration for all 12 c*, UniversalAssetRegistry upgrade, cWUSDT/cWUSDC on 9 chains, and related scripts/docs. The coordination doc maps which tasks below are already done or partial.

---

Part 1 — Current Status

1.1 Chain 138 deployments (existing)

Category	Status	Notes
Core / genesis	Deployed	WETH9, WETH10, Multicall pre-deployed.
Core contracts	Deployed	UniversalAssetRegistry, GovernanceController, UniversalCCIPBridge, BridgeOrchestrator, CREATE2Factory, MirrorRegistry, AlltraAdapter.
CCIP	Deployed	CCIP Router, Sender, CCIPWETH9Bridge, CCIPWETH10Bridge; relay path to mainnet.
Compliance and tokens	Deployed	ComplianceRegistry, TokenFactory, DebtRegistry, PolicyManager; cUSDT, cUSDC, plus cEURC, cEURT, cGBPC, cGBPT, cAUDC, cJPYC, cCHFC, cCADC, cXAUC, cXAUT (10 extra via DeployCompliantFiatTokens). c* have owner mint (DBIS Rail requires router-only mint).
Bridges and vault	Deployed	Bridge Vault, Lockbox138, ReserveSystem, ReserveTokenIntegration; RegulatedEntityRegistry, VaultFactory, Ledger, Liquidation, XAU Oracle.
Channels	Deployed	PaymentChannelManager, GenericStateChannelManager, AddressMapper, MirrorManager.
PMM / DEX	Deployed	DODOPMMIntegration, DODOPMMProvider; TransactionMirror; three PMM pools (cUSDT/cUSDC, cUSDT/USDT, cUSDC/USDC).
Registry	Deployed	ChainRegistry; UniversalAssetRegistry upgraded (registerGRUCompliantAsset); all 12 c* registered as GRU via RegisterGRUCompliantTokens.
Other	Deployed	MultiSig, Oracle Aggregator/Proxy, CCIPReceiver, Voting; MerchantSettlementRegistry, WithdrawalEscrow (alltra-lifi-settlement).
Not deployed	Pending	EnhancedSwapRouter; full trustless stack (InboxETH, BondManager, etc.) on mainnet; DBIS Rail contracts (RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController).

Source: CONTRACT_ADDRESSES_REFERENCE, GALATIC_SUMMARY.

1.2 DBIS Rail status

Layer	Status	Notes
Documentation	Complete	Spec, Rulebook, Threat Model, Regulator Brief, Audit Readiness Checklist, Results, Control Mapping.
Contracts (code)	Not implemented	No DBIS_RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController in repo.
Mint path	Gap	GRU/c* on 138 use owner mint (CompliantFiatToken, CompliantUSDT, CompliantUSDC). Rail requires router-only mint.
Signer / ISO Gateway	Documented only	Quorum (3-of-5, COMPLIANCE), EIP-712, accountingRef, isoHash defined in Spec/Rulebook; no on-chain signer registry or router.
Validator layer	Partial	QBFT documented; key segregation, multi-entity, monitoring, incident runbook to be confirmed in ops.

1.3 Project-wide (non–DBIS Rail)

Area	Status	Notes
Deployment order	Phase 0–3 applicable	Prerequisites, core, TransactionMirror + PMM pools, provider + liquidity; Phase 4–6 optional.
Verification	Ongoing	check-contracts-on-chain-138.sh; Blockscout verify; address docs.
Operator / Wave 0–3	Partially done	NPMplus, backup, sendCrossChain, validation scripts; full Wave 2/3 and recommendations per index.
Optional deployments	Not done	EnhancedSwapRouter, trustless stack mainnet, CCIP other chains, cW* edge pools (Phase 4–5).
Recommendations	Many open	R1–R24; ~139 items in ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST; optional VLAN, HA, MetaMask/explorer.

---

Part 2 — Full Task List (Required and Optional)

Every task below is to be completed; optional items are explicitly marked so prioritization (required first, then optional) is clear.

---

A. DBIS Rail — Required (audit readiness)

#	Task	Evidence / reference
A1	Implement and deploy DBIS Rail contracts (RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController) per Technical Spec v1.	Spec §2.1, §6; Audit Results § Gap remediation.
A2	Lock GRU/c* mint on Chain 138 to SettlementRouter only: revoke or remove owner mint for rail tokens; grant mint only to DBIS_GRU_MintController with Router as sole caller.	Audit Results §1; CompliantFiatToken.sol, CompliantUSDT, CompliantUSDC.
A3	Add unit and integration tests: direct mint revert, EIP-712 and replay, quorum/category, pause, caps.	Audit Results §2, §5; Checklist §1, §2, §5.
A4	Document signer key management (HSM or equivalent, key rotation) in operational runbook.	Audit Results §3; Checklist §3.
A5	Add accountingRef test vector (and optionally isoHash) per Rulebook; document canonical bundle schema in ops.	Audit Results §4; Rulebook §3.2, §4.4.
A6	Confirm validator layer: key segregation, multi-entity or separation of duties, monitoring, incident runbook.	Audit Results §6; Checklist §6.
A7	Run emergency control drills after rail deployment (router pause, mint controller pause, participant suspension, signer revocation, corridor suspension); record results.	Audit Results §7; Checklist §7; Rulebook §7.
A8	Schedule Threat Model review (e.g. within 12 months) and document review date.	Audit Results §8; Threat Model §6.
A9	When rail contracts are deployed: confirm Spec version matches deployment; add Deployed section or changelog.	Audit Results §8; Checklist §8.

---

B. DBIS Rail — Optional (v1.5+ and institutional hardening)

#	Task	Evidence / reference
B1	Implement signer effective-from and revoked-at block semantics (v1.5+); router rejects signatures outside effective window.	Rulebook §6.2; Threat Model §3.A.
B2	Implement idempotency extension: allow resubmission of same messageId with duplicate-accepted event (or keep revert as default).	Spec §9; Rulebook.
B3	Add periodic Merkle root of SettlementRecorded events for external proof exports / proof-of-reserves-style attestations.	Threat Model §3.C (recommendation); Spec.
B4	Implement on-chain validator governance (rotation + emergency pause) or document operational governance and timelock path.	Spec §0, §3.2; Regulator Brief §2; Threat Model §3.E.
B5	Publish DBIS Rail — Public Overview (2–3 page PDF) for business development and counterparties.	Prior conversation: optional, high signal.
B6	Expand control mapping to full SOC 2 / ISO 27001–style matrix (control ID, control objective, evidence, owner).	Control Mapping v1; Checklist.
B7	Commission independent code audit of DBIS Rail contracts after deployment.	Audit Results; institutional readiness.

---

C. Project deployment — Required (Chain 138 and verification)

#	Task	Evidence / reference
C1	Ensure Phase 0 prerequisites: RPC 2101 writable, deployer funded, .env correct, POOL_MANAGER_ROLE, no stuck txs, forge build, test all contracts before deploy.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 0. Partial: preflight, run-before-deploy-checks, test-all-contracts exist (coordination).
C2	Complete Phase 2 if not done: TransactionMirror, all three PMM pools, register c* as GRU; set addresses in .env.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 2. Done per coordination.
C3	Complete Phase 3: DODOPMMProvider deploy and pool registration; token-aggregation env; optional liquidity and MCP allowlist.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 3. Done per coordination.
C4	Run on-chain verification: ./scripts/verify/check-contracts-on-chain-138.sh; target 59/59 when applicable (check-contracts-on-chain-138.sh).	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 6.1.
C5	Run Blockscout verification: ./scripts/verify/run-contract-verification-with-proxy.sh; update CONTRACT_ADDRESSES_REFERENCE and LIQUIDITY_POOLS_MASTER_MAP.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 6.2–6.3; R1–R3.
C6	Reconcile Multicall vs Oracle Aggregator at 0x99b3511a2d315a497c8112c1fdd8d508d4b1e506 on explorer and document in CONTRACT_ADDRESSES_REFERENCE.	CONTRACT_ADDRESSES_REFERENCE note.

---

D. Project deployment — Optional (Phase 4–6 and beyond)

#	Task	Evidence / reference
D1	Deploy EnhancedSwapRouter (Chain 138) when Uniswap V3 / Balancer pools exist; configure post-deploy.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.1; GALATIC_SUMMARY.
D2	Deploy trustless stack (Lockbox138 + Mainnet): InboxETH, BondManager, etc.; set INBOX_ETH, BOND_MANAGER in config.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.2; OPTIONAL_DEPLOYMENTS_START_HERE.
D3	CCIP other chains (Gnosis, Celo, Wemix): deploy WETH bridges per chain; add 138↔chain; fund LINK.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.3.
D4	LINK on Mainnet relay: add LINK support per relay runbook.	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 4.4.
D5	Phase 5 — cW* edge pools: per-chain RPC/env; deploy or bridge cW* tokens; create and fund PMM pools per pool-matrix (11 public chains).	DEPLOYMENT_ORDER_OF_OPERATIONS Phase 5. Partial: cWUSDT/cWUSDC deployed on 9 chains; mapping and runbook in place (coordination).
D6	Execute full recommendations R1–R24 and update address docs, runbooks, monitoring, testing, token mapping.	RECOMMENDATIONS_OPERATOR_CHECKLIST; Phase 6.4.
D7	Optional: run full recommendations list (~139 items) per ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST; OPERATOR_READY_CHECKLIST for copy-paste commands.	ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST; Phase 6.5.

---

E. Project operational — Optional (Wave 0–3 and infra)

#	Task	Evidence / reference
E1	Wave 0: NPMplus RPC fix (405), sendCrossChain (real), NPMplus backup when LAN/creds available.	COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX; run-wave0-from-lan.sh.
E2	Wave 1: Run validation (run-all-validation.sh, validate-config-files.sh); complete "Can Be Accomplished Now" steps.	COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX; REMAINING_WORK_DETAILED_STEPS.
E3	Wave 2 / Wave 3: Operator checklist (Proxmox, CCIP, Blockscout, maintenance, liquidity).	WAVE2_WAVE3_OPERATOR_CHECKLIST.
E4	Optional infrastructure: Phase 1 VLAN; NPMplus HA; optional containers.	OPTIONAL_RECOMMENDATIONS_INDEX; NPMPLUS_HA_SETUP_GUIDE.
E5	Optional docs/tooling: documentation consolidation; Paymaster deploy when ready.	COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.
E6	Optional MetaMask/explorer: token-aggregation, CoinGecko submission, Snap features, explorer enhancements.	COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX; COINGECKO_SUBMISSION.
E7	Still-not-done execution: operator/LAN, dbis_core TS (deferred), security-audit, external (Ledger, CoinGecko), maintenance.	STILL_NOT_DONE_EXECUTION_CHECKLIST.
E8	Schedule and install daily/weekly cron for maintenance (schedule-daily-weekly-cron.sh --install).	COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.

---

F. Identity and chain metadata — Optional

#	Task	Evidence / reference
F1	Update chain metadata so "DBIS Mainnet (Chain 138)" is the authoritative public identity (e.g. eip155-138.json, ChainList, explorer branding, token list name).	Regulator Brief; prior DBIS identity discussion.
F2	Publish Regulator Brief (or Public Overview) as standalone PDF for examiners and counterparties.	Regulator Brief v1; optional Public Overview.

---

Part 3 — Suggested execution order

1. DBIS Rail required (A1–A9): Unblocks audit readiness; A1–A2 are prerequisites for A3, A7.
2. Project deployment required (C1–C6): Ensures Chain 138 and verification are current.
3. DBIS Rail optional (B1–B7): v1.5+ and institutional hardening as capacity allows.
4. Project deployment optional (D1–D7): Phase 4–6 and full recommendations.
5. Project operational optional (E1–E8): Wave 0–3, infra, MetaMask/explorer, still-not-done.
6. Identity optional (F1–F2): Chain naming and PDF publication.

---

Document control

Field	Value
Title	DBIS Rail and Project Completion Master — Status and Full Task List v1
Version	1
Status	Active