Current public truth
- Cloudflare Pages serves https://omniperp.trade/ and https://www.omniperp.trade/.
- feed.omniperp.trade is the Cloudflare Worker edge quote/status surface, not the deployed Rust control-plane engine.
- Wallet trading remains fail-closed until the v1 program is deployed, genesis.json exists, and Pages is redeployed with that genesis.
- Mainnet-beta is not ready and must not be marketed as production trading.
Manual external tasks
- devnet-wallet-funding: Fund deploy wallet HEQf3LZ552J6qJmHqmcj1o41jghANyQGG3Cq9s2hfk7K with enough devnet SOL, then rerun scripts/deploy-devnet.sh. manual_blocker
- engine-hosting: Host the real Rust engine/control plane with Postgres, keeper, indexer, Pyth poster status file, funded keys, and route feed.omniperp.trade to it. manual_blocker
- cloudflare-token-rotation: Rotate Cloudflare tokens in the dashboard or API-token admin surface, update secret stores, validate, then revoke old tokens. manual_blocker
- legal-compliance-approval: Obtain counsel approval for jurisdiction, product disclosures, sanctions/geo policy, marketing claims, terms, and privacy before mainnet. manual_blocker_for_mainnet
- external-audit: Schedule and complete external protocol/engine/web/ops audit; remediate critical/high findings before production custody/trading. manual_blocker_for_mainnet
- bug-bounty: Launch a scoped bug bounty or coordinated disclosure policy with safe harbor before mainnet public launch. manual_blocker_for_mainnet
Checks
| State | ID | Check | Detail |
|---|---|---|---|
| pass | file:PLAN.md | Build plan exists | PLAN.md is present. |
| pass | file:ORCHESTRATION.md | Active orchestration notes exist | ORCHESTRATION.md is present. |
| pass | file:INFRA.md | Infrastructure runbook exists | INFRA.md is present. |
| pass | file:.env.example | Non-secret env template exists | .env.example is present. |
| pass | file:.github/workflows/ci.yml | Safe CI workflow exists | .github/workflows/ci.yml is present. |
| pass | file:scripts/deploy-devnet.sh | Devnet deploy guard script exists | scripts/deploy-devnet.sh is present. |
| pass | file:scripts/devnet-setup.mjs | Devnet genesis guard script exists | scripts/devnet-setup.mjs is present. |
| pass | file:scripts/deploy-pages.mjs | Pages deploy guard script exists | scripts/deploy-pages.mjs is present. |
| pass | file:docker-compose.yml | Local compose config exists | docker-compose.yml is present. |
| pass | file:engine/Dockerfile | Engine container config exists | engine/Dockerfile is present. |
| pass | file:engine/fly.toml | Engine Fly config exists | engine/fly.toml is present. |
| pass | file:workers/feed/wrangler.toml | Feed Worker config exists | workers/feed/wrangler.toml is present. |
| pass | secrets:gitignore | Secret-bearing filenames are gitignored | Expected local env/keypair ignore patterns are present. |
| pass | env:template-names | Env/config names are documented without values | Required non-secret variable names are present in .env.example. |
| blocker | devnet:genesis-json | Devnet genesis artifact is present | genesis.json is missing, so the public terminal must remain fail-closed for wallet trading. Next: Fund the devnet deploy wallet, run scripts/deploy-devnet.sh, then redeploy Pages with the generated genesis.json. |
| blocker | devnet:wallet-funding | Devnet deploy wallet funding is externally pending | Devnet deploy wallet balance is 0 SOL, below MIN_SOL=6. Next: Fund the exact deploy wallet, then rerun bash scripts/deploy-devnet.sh. Do not switch authority wallets silently. |
| warn | cloudflare:token-rotation | Cloudflare token rotation remains an operator action | This repo cannot safely create or revoke Cloudflare API tokens. Rotation requires dashboard/API-token authority and must not print token values. Next: An account owner/admin must create least-privilege replacement tokens, update secret stores, validate, revoke old tokens, and record scope/time privately. |
| warn | mainnet:governance | Mainnet multisig/governance authority is not live from repo state | Mainnet must not use a single deploy key. Multisig address, signing threshold, and >=24h timelock reference are required before any mainnet launch claim. Next: Create an auditor-reviewed multisig/timelock, transfer admin/oracle/resolution authorities where applicable, and record only public addresses/non-secret refs. |
| warn | legal:approval | Legal/compliance approval reference is pending | Production/mainnet launch requires counsel-approved jurisdiction, product, disclosure, sanctions/geo, and marketing claims review. Next: Get counsel approval and record a non-secret approval/ticket reference; do not commit privileged legal advice. |
| warn | audit:external | External security audit report is pending | Mainnet custody/trading requires a completed external audit, remediation of critical/high findings, and release sign-off. Next: Schedule protocol, engine, web, and ops audit scope; publish or privately archive the report and remediation matrix before launch. |
| warn | bounty:launch | Bug bounty launch reference is pending | Mainnet launch needs a scoped bug bounty or coordinated disclosure policy with safe harbor and severity/reward terms. Next: Open the bounty program or publish the disclosure policy before production custody/trading. |
| warn | monitoring:alert-hook | Pager/alert webhook hook is configurable | No OMNI_ALERT_WEBHOOK_URL is configured. The checker will generate status artifacts but will not notify a pager/chat system. Next: Set OMNI_ALERT_WEBHOOK_URL in the operator environment or hosting secret store; set OMNI_ALERT_POST=1 only when ready to send sanitized alerts. |
| pass | monitoring:status-url | Public status dashboard URL is configured | runbooks/status artifacts exist and are staged to https://omniperp.trade/status/. |
| blocker | engine:core-control-plane | Canonical Rust engine is hosted and execution-ready | feed.omniperp.trade is not backed by an execution-ready Rust control-plane engine; the edge Worker may answer HTTP but wallet trading must remain blocked. Next: Host the Rust engine with Postgres, keeper/indexer, Pyth poster status, funded keys, and route feed.omniperp.trade to that engine before user trading. |
Public endpoint probes
| State | URL | Detail |
|---|---|---|
| pass | https://omniperp.trade/ | HTTP 200 |
| pass | https://omniperp.trade/terminal/ | HTTP 200 |
| pass | https://omniperp.trade/portfolio/ | HTTP 200 |
| pass | https://omniperp.trade/points/ | HTTP 200 |
| pass | https://omniperp.trade/status/ | HTTP 200 |
| pass | https://omniperp.trade/status/launch-status.json | HTTP 200 |
| pass | https://feed.omniperp.trade/health | HTTP 200; ok=false; core_engine.ready=false |
| pass | https://feed.omniperp.trade/liquidity/status | HTTP 200; enabled=true; dry_run=true; adapters=2 |
| pass | https://feed.omniperp.trade/markets | HTTP 200; markets=0 |