e6bc7a6d7c
- Gitea: add validate-on-pr.yml (run-all-validation only; no deploy) - .env.master.example: document NPM_EMAIL/NPM_PASSWORD for backup-npmplus - pnpm: allowedVersions for @solana/sysvars to quiet thirdweb/x402 peer drift - AGENTS + verify README: CI pointers and .env.master.example for env - backup-npmplus: npm_lxc_ssh helper; keep prior timeout/BatchMode behavior - check-pnpm-workspace-lockfile + run-all-validation step 1b (from prior work in same commit set) Made-with: Cursor
Verification Scripts
Scripts for ingress, NPMplus, DNS, and source-of-truth verification.
Dependencies
Required tools (install before running):
| Tool | Purpose | Install |
|---|---|---|
bash |
Shell (4.0+) | Default on most systems |
curl |
API calls, HTTP | apt install curl |
jq |
JSON parsing | apt install jq |
dig |
DNS resolution | apt install dnsutils |
openssl |
SSL certificate inspection | apt install openssl |
ssh |
Remote execution | apt install openssh-client |
ss |
Port checking | apt install iproute2 |
systemctl |
Service status | System (systemd) |
sqlite3 |
Database backup | apt install sqlite3 |
Optional (recommended for automation): sshpass, rsync, screen, tmux, htop, shellcheck, parallel. See docs/11-references/APT_PACKAGES_CHECKLIST.md § Automation / jump host.
One-line install (Debian/Ubuntu): sudo apt install -y sshpass rsync dnsutils iproute2 screen tmux htop shellcheck parallel
| Tool | Purpose |
|---|---|
wscat or websocat |
WebSocket testing (manual verification) |
Scripts
backup-npmplus.sh- Full NPMplus backup (database, API exports, certificates)check-contracts-on-chain-138.sh- Check that Chain 138 deployed contracts have bytecode on-chain (cast codefor 31 addresses; requirescastand RPC access). Use[RPC_URL]or envRPC_URL_138;--dry-runlists addresses only (no RPC calls);SKIP_EXIT=1to exit 0 when RPC unreachable.snapshot-mainnet-cwusdc-usdc-preflight.sh- Read-only preflight snapshot for the MainnetcWUSDC/USDCrail. Captures public-pair drift, defended DODO reserves, treasury-manager quote availability, receiver surplus, and defended-lane quote sizing intoreports/status/.plan-mainnet-cwusdc-usdc-repeg.sh- Read-only repeg planner for the MainnetcWUSDC/USDCrail. Consumes the latest preflight snapshot, computes defended-pool reserve-gap sizing, public-pair shortfalls, operator-wallet coverage, and emits copy-paste operator commands intoreports/status/.build-cw-mesh-deployment-matrix.sh- Read-only merge ofcross-chain-pmm-lps/config/deployment-status.jsonandreports/extraction/promod-uniswap-v2-live-pair-discovery-latest.jsoninto a per-chain table (stdout markdown; optional--json-out reports/status/cw-mesh-deployment-matrix-latest.json). No RPC. Invoked fromrun-all-validation.shwhen the discovery JSON is present.reconcile-env-canonical.sh- Emit recommended .env lines for Chain 138 (canonical source of truth); use to reconcilesmom-dbis-138/.envwith CONTRACT_ADDRESSES_REFERENCE. Usage:./scripts/verify/reconcile-env-canonical.sh [--print]check-deployer-balance-blockscout-vs-rpc.sh- Compare deployer native balance from Blockscout API vs RPC (to verify index matches current chain); see EXPLORER_AND_BLOCKSCAN_REFERENCEcheck-dependencies.sh- Verify required tools (bash, curl, jq, openssl, ssh)check-pnpm-workspace-lockfile.sh- Ensures every path inpnpm-workspace.yamlhas animporterinpnpm-lock.yaml(runpnpm installat root if it fails; avoids brokenpnpm outdated -r)export-cloudflare-dns-records.sh- Export Cloudflare DNS recordsexport-npmplus-config.sh- Export NPMplus proxy hosts and certificates via APIgenerate-source-of-truth.sh- Combine verification outputs into canonical JSONrun-full-verification.sh- Run full verification suiteverify-backend-vms.sh- Verify backend VMs (status, IPs, nginx configs)verify-end-to-end-routing.sh- E2E routing verificationverify-udm-pro-port-forwarding.sh- UDM Pro port forwarding checksverify-websocket.sh- WebSocket connectivity test (requires websocat or wscat)
Task runners (no LAN vs from LAN)
- From anywhere (no LAN/creds):
../run-completable-tasks-from-anywhere.sh— runs config validation, on-chain contract check,run-all-validation.sh --skip-genesis(includes cW* mesh matrix whenreports/extraction/promod-uniswap-v2-live-pair-discovery-latest.jsonexists), and reconcile-env-canonical. On Gitea, the samerun-all-validationgate runs on push (indeploy-to-phoenixbefore deploy) and on PRs (.gitea/workflows/validate-on-pr.ymlonly, no deploy). - From LAN (NPM_PASSWORD, optional PRIVATE_KEY):
../run-operator-tasks-from-lan.sh— runs W0-1 (NPMplus RPC fix), W0-3 (NPMplus backup), O-1 (Blockscout verification); use--dry-runto print commands only. See ALL_TASKS_DETAILED_STEPS.
Environment
Set variables in .env (from .env.master.example at repo root) or export before running. docs/04-configuration/VERIFICATION_GAPS_AND_TODOS.md. NPM NPM_EMAIL + NPM_PASSWORD (see that template’s NPM / NPMplus section) are required for backup-npmplus.sh API steps.