d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e6c9a2e6f99c1fa57986e475fafeab624da5ce82
proxmox/docs/00-meta/ALL_RECOMMENDATIONS_HIGH_PRIORITY.md
defiQUG f0fb00987a docs(stage3): MASTER_PLAN/TODO + NOT_IMPLEMENTED — R21 complete 
- MASTER_PLAN gaps + §3.1 table rows for the-order / cutover
- MASTER_TODO_EXPANDED: R21 [x]; Config/DNS GAPS tasks [x]
- NOT_IMPLEMENTED: Sankofa/Order row = routing done, scope note
- HIGH_PRIORITY R21–R24 line; BLITZKRIEG R21–R22 blurb

Made-with: Cursor
2026-03-27 15:41:47 -07:00

137 lines
5.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# All Recommendations — High-Priority Only
**Purpose:** Filtered view of high-priority and critical items from the canonical list.
**Canonical source:** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md) (~139 items, 20 sections).
---
## 1. Proxmox / Validated Set (High) — Items 111
| # | Recommendation | Notes |
|---|----------------|------|
| 1 | Secure .env file permissions | `chmod 600 ~/.env` |
| 2 | Secure validator key permissions | chmod 600, chown besu |
| 3 | SSH key-based authentication (disable password) | |
| 4 | Firewall rules for Proxmox API (port 8006) | Restrict to specific IPs |
| 5 | Network segmentation (VLANs) | VLAN enablement phase |
| 6 | Basic metrics collection (Prometheus, Besu 9545) | |
| 7 | Health check monitoring + alerting | |
| 8 | Automated backup script + encrypted validator keys | |
| 9 | Backup configuration files + version control | |
| 10 | Integration tests for deployment scripts | |
| 11 | Runbooks (add/remove validator, upgrade Besu, key rotation, recovery, consensus) | |
---
## 2. Code quality & scripts (High) — Items 3637
| # | Recommendation | Priority |
|---|----------------|----------|
| 36 | Script shebang: standardize on `#!/usr/bin/env bash` | Medium |
| 37 | Error handling: standardize on `set -euo pipefail` + traps | **High** |
---
## 3. Documentation (High) — Items 68, 70
| # | Recommendation | Priority |
|---|----------------|----------|
| 68 | Quick reference cards (network, VMID, commands, troubleshooting) | High |
| 70 | Configuration templates (ER605, Proxmox, Cloudflare, Besu) | High |
---
## 4. Security — Items 4852
| # | Recommendation | Priority |
|---|----------------|----------|
| 48 | Secret management audit (no hardcoded secrets, rotation, CI scanning) | High |
| 49 | Input validation in all scripts | High |
| 50 | Security scanning automation (CI, container image scanning) | High |
| 51 | Access control review (RBAC, least privilege) | Medium |
| 52 | Configuration validation (JSON/YAML schema, pre-deploy) | High |
---
## 5. Configuration, testing & DX (High) — Item 67
| # | Recommendation | Priority |
|---|----------------|----------|
| 67 | Backup & recovery review and testing | High |
---
## 6. Infrastructure & deployment (High) — Items 7981
| # | Recommendation | Notes |
|---|----------------|------|
| 79 | Besu RPC — 25062508 destroyed 2026-02-08; replaced by new VMID structure; RPC 25002505 only. See MISSING_CONTAINERS_LIST.md | Done (doc) |
| 80 | Hyperledger (Firefly, Cacti, Fabric, Indy) containers | High/Medium |
| 81 | Blockscout (5000) container | High |
---
## 7. Codebase & placeholders (Critical/High) — Items 8286
| # | Recommendation | Priority |
|---|----------------|----------|
| 82 | Security audits (VLT-024, ISO-024) | **Critical** |
| 83 | Bridge integrations (BRG-VLT, BRG-ISO) | High |
| 84 | CCIP AMB full implementation | High |
| 85 | dbis_core TypeScript/Prisma fixes (~1186 errors) | High |
| 86 | IRU remaining tasks | High |
---
## 8. RPC translator — Items 128129
| # | Recommendation | Priority |
|---|----------------|----------|
| 128 | Client-side retry logic (exponential backoff, 502) | High |
| 129 | Set up monitoring/alerting | High |
---
## 9. Orchestration portal (P0) — Item 131
| # | Recommendation | Priority |
|---|----------------|----------|
| 131 | P0: Auth, state, real-time, error handling, security headers, validation, testing, CI/CD | Must have |
---
## 10. dbis_core (Critical)
| Recommendation | Priority |
|----------------|----------|
| HSM Integration | Critical |
| Zero-Trust Authentication | Critical |
| Database Backups | Critical |
| Post-Quantum Cryptography Migration | Critical |
| Data Retention Policies | Critical |
**Source:** [dbis_core/docs/RECOMMENDATIONS.md](../../dbis_core/docs/RECOMMENDATIONS.md)
---
## 11. Operator checklist (R1R24)
Full operator actions: **[RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md)** and **[OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md](OPERATOR_AND_EXTERNAL_COMPLETION_CHECKLIST.md)**.
| # | Action |
|---|--------|
| R1R3 | Verify contracts on Blockscout; keep CONTRACT_ADDRESSES_REFERENCE and ADDRESS_MATRIX_AND_STATUS updated; run check-contracts-on-chain-138.sh |
| R4R7 | Use 0x971c... CCIPWETH9Bridge only; no .env/keys in repo; restrict deployer/RPC access |
| R8R11 | RPC_URL_138; GAS_PRICE on 138; phased deploy; nonce/tx stuck runbooks |
| R12R16 | Keep runbooks in sync; document addresses per chain; run verification after deploy; env per env |
| R17R20 | Monitor bridges; Blockscout up; forge test pre-deploy; NatSpec |
| R21R24 | **R21 done 2026-03** (Order NPM/10210); R22 blocks #2#6; R23 script UX/validation; R24 token-mapping.json |
---
## Where to read more
- **Full list (all priorities):** [ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md](ALL_RECOMMENDATIONS_AND_IMPROVEMENTS_LIST.md)
- **Operator-only checklist:** [ALL_RECOMMENDATIONS_OPERATOR_ONLY.md](ALL_RECOMMENDATIONS_OPERATOR_ONLY.md)
- **Implementation checkboxes:** [10-best-practices/IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)
Reference in New Issue View Git Blame Copy Permalink