Phase 1 Gap Analysis – Consensus Network Foundation
Updated: 2025-10-11
This audit reviews the Phase 1 kickoff checklist to confirm whether the
consensus network foundation is complete. Items already checked off in the checklist are considered finished. The tables below
summarise every outstanding deliverable, current evidence, and the next action so contributors can continue execution without
re-scoping work.
1. Repository & Environment Preparation
| Task |
Evidence |
Gap / Next Action |
Mirror upstream stellar-core and horizon repositories into the DATU organisation. |
No mirror repositories referenced in the infrastructure README or scripts. |
Infrastructure team to create private mirrors and document the canonical Git remotes in infrastructure/stellar-fork/README.md. |
| Capture HSM integration notes and confirm signing client compatibility. |
No references to HSM tooling inside scripts/ or the compose configuration. |
Security engineering to attach vendor integration notes under infrastructure/stellar-fork/config/ and prototype signing against the quickstart container. |
2. Network Parameter Definition
All subtasks complete.
3. Local Fork Configuration
| Task |
Evidence |
Gap / Next Action |
| Add a Docker Compose profile for secondary validator containers. |
docker-compose.yml now ships a validators profile plus helper scripts that launch Tier 1/2 containers with dedicated state volumes. |
Complete. Use ./scripts/stellar-fork/start.sh --with-validators to rehearse quorum behaviour locally. |
4. Validator Key Management
| Task |
Evidence |
Gap / Next Action |
| Generate validator keypairs inside the HSM and attach metadata. |
docs/operations/ledger-security-register.md catalogues slot assignments and SHA-256 digests for every validator keypair. |
Complete. Keep the register updated when custodians rotate hardware or keys. |
| Verify HSM-backed signing works with the quickstart container. |
scripts/stellar-fork/hsm-smoketest.sh mounts exported credentials and runs stellar-core --c "info", but results have not been recorded. |
Run the smoke test against each validator slot and document outcomes plus any required compose overrides. |
| Draft a rotation playbook for compromised or ageing keys. |
docs/operations/key-rotation-playbook.md captures trigger criteria, execution steps, and post-event controls. |
Complete. Keep the playbook updated as validators onboard. |
5. CI/CD Enablement
| Task |
Evidence |
Gap / Next Action |
| Daily Docker image build & health check workflow. |
No GitHub Actions workflow under .github/workflows/. |
Platform engineering to add a workflow that rebuilds the fork container and runs smoke tests using the compose stack. |
| Soroban contract build/test jobs integrated into CI. |
Repository lacks automation scripts for Soroban pipelines. |
Contract tooling team to define scripts/ci/ helpers and wire them into the workflow above. |
| Artifact retention policies documented. |
docs/operations/artifact-retention-policy.md documents retention windows, owners, and enforcement controls. |
Complete. Review every 6 months or after regulatory updates. |
6. Observability & Operations
| Task |
Evidence |
Gap / Next Action |
| Attach Prometheus/Grafana exporters. |
No observability containers or configuration present. |
SREs to add exporters to the compose stack and document scrape targets. |
| Configure alert thresholds for ledger stalls/quorum failure/Soroban errors. |
No alerting runbook or tooling references. |
Define alert policies and integration path to on-call tooling; document thresholds in a new operations guide. |
| Draft an operational readiness checklist. |
No checklist in repository. |
Operations lead to create readiness checklist and cross-reference mobilization dependencies. |
7. Coordination with Phase 0 Mobilization
All subtasks complete.
8. Initial Testnet Deployment Readiness
| Task |
Evidence |
Gap / Next Action |
| Provision remote history archive buckets and validate retention. |
Configuration references S3 URLs and a new template (infrastructure/stellar-fork/config/history-archives.md) captures provisioning status, but no buckets are marked complete. |
DevOps to provision buckets, test catchup, and update the template with validation evidence. |
| Draft validator onboarding packet. |
docs/onboarding/validator-onboarding-packet.md now consolidates contacts, environment setup, compliance, and go-live checklist. |
Complete. Circulate to incoming operators and version changes via PR. |
- Exercise the new HSM smoke test across Tier 0 and Tier 1 validators, capturing outputs in the history archive template.
- Automate smoke tests against the validators profile to baseline quorum behaviour before introducing remote archives.
- Schedule a focused session with security, compliance, and DevOps to assign owners for the CI/CD and observability gaps noted above.
Progress against these gaps should be reflected both in the checklist and the running project progress log after each update.