Files

defiQUG 7ac74f432b chore: sync docs, config schemas, scripts, and meta task alignment

- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON
- Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path)
- Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README
- Meta docs, integration gaps, live verification log, architecture updates
- CI validate-config workflow updates

Operator/LAN items, submodule working trees, and public token-aggregation edge
routes remain follow-up (see TODOS_CONSOLIDATED P1).

Made-with: Cursor

2026-03-31 22:31:39 -07:00

5.4 KiB

Raw Blame History

All Recommendations — High-Priority Only

Purpose: Filtered view of high-priority and critical items from the canonical list.
Canonical source: ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md (~139 items, 20 sections).

Execution tracking: Bulk completion is not implied by this file alone — use STILL_NOT_DONE_EXECUTION_CHECKLIST.md, TODOS_CONSOLIDATED.md, and live runs in LIVE_VERIFICATION_LOG_2026-03-30.md.

1. Proxmox / Validated Set (High) — Items 1–11

#	Recommendation	Notes
1	Secure .env file permissions	`chmod 600 ~/.env`
2	Secure validator key permissions	chmod 600, chown besu
3	SSH key-based authentication (disable password)
4	Firewall rules for Proxmox API (port 8006)	Restrict to specific IPs
5	Network segmentation (VLANs)	VLAN enablement phase
6	Basic metrics collection (Prometheus, Besu 9545)
7	Health check monitoring + alerting
8	Automated backup script + encrypted validator keys
9	Backup configuration files + version control
10	Integration tests for deployment scripts
11	Runbooks (add/remove validator, upgrade Besu, key rotation, recovery, consensus)

2. Code quality & scripts (High) — Items 36–37

#	Recommendation	Priority
36	Script shebang: standardize on `#!/usr/bin/env bash`	Medium
37	Error handling: standardize on `set -euo pipefail` + traps	High

3. Documentation (High) — Items 68, 70

#	Recommendation	Priority
68	Quick reference cards (network, VMID, commands, troubleshooting)	High
70	Configuration templates (ER605, Proxmox, Cloudflare, Besu)	High

4. Security — Items 48–52

#	Recommendation	Priority
48	Secret management audit (no hardcoded secrets, rotation, CI scanning)	High
49	Input validation in all scripts	High
50	Security scanning automation (CI, container image scanning)	High
51	Access control review (RBAC, least privilege)	Medium
52	Configuration validation (JSON/YAML schema, pre-deploy)	High

5. Configuration, testing & DX (High) — Item 67

#	Recommendation	Priority
67	Backup & recovery review and testing	High

6. Infrastructure & deployment (High) — Items 79–81

#	Recommendation	Notes
79	Besu RPC — 2506–2508 destroyed 2026-02-08; replaced by new VMID structure; RPC 2500–2505 only. See MISSING_CONTAINERS_LIST.md	Done (doc)
80	Hyperledger (Firefly, Cacti, Fabric, Indy) containers	High/Medium
81	Blockscout (5000) container	High

7. Codebase & placeholders (Critical/High) — Items 82–86

#	Recommendation	Priority
82	Security audits (VLT-024, ISO-024)	Critical
83	Bridge integrations (BRG-VLT, BRG-ISO)	High
84	CCIP AMB full implementation	High
85	dbis_core TypeScript/Prisma fixes (~1186 errors)	High
86	IRU remaining tasks	High

8. RPC translator — Items 128–129

#	Recommendation	Priority
128	Client-side retry logic (exponential backoff, 502)	High
129	Set up monitoring/alerting	High

9. Orchestration portal (P0) — Item 131

#	Recommendation	Priority
131	P0: Auth, state, real-time, error handling, security headers, validation, testing, CI/CD	Must have

10. dbis_core (Critical)

Recommendation	Priority
HSM Integration	Critical
Zero-Trust Authentication	Critical
Database Backups	Critical
Post-Quantum Cryptography Migration	Critical
Data Retention Policies	Critical

Source: dbis_core/docs/RECOMMENDATIONS.md

11. Operator checklist (R1–R24)

Full operator actions: RECOMMENDATIONS_OPERATOR_CHECKLIST.md and OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md.

#	Action
R1–R3	Verify contracts on Blockscout; keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated; run check-contracts-on-chain-138.sh
R4–R7	Use 0x971c... CCIPWETH9Bridge only; no .env/keys in repo; restrict deployer/RPC access
R8–R11	RPC_URL_138; GAS_PRICE on 138; phased deploy; nonce/tx stuck runbooks
R12–R16	Keep runbooks in sync; document addresses per chain; run verification after deploy; env per env
R17–R20	Monitor bridges; Blockscout up; forge test pre-deploy; NatSpec
R21–R24	R21 done 2026-03 (Order NPM/10210); R22 blocks #2–#6; R23 script UX/validation; R24 token-mapping.json

Where to read more

Full list (all priorities): ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md
Operator-only checklist: ALL_RECOMMENDATIONS_OPERATOR_ONLY.md
Implementation checkboxes: 10-best-practices/IMPLEMENTATION_CHECKLIST.md

5.4 KiB Raw Blame History Unescape Escape