54 lines
1.5 KiB
Markdown
54 lines
1.5 KiB
Markdown
# Chain Operations Runbook (Base, v1)
|
|
|
|
## Scope
|
|
|
|
Operational procedures for membership mint, checkout confirmation, and availability lease/renewal dependency on chain state.
|
|
|
|
## Normal Operation
|
|
|
|
1. Primary RPC healthy.
|
|
2. Confirmation endpoint verifies tx receipt and policy match.
|
|
3. Membership state transitions to `membership_active` only on valid confirmation.
|
|
4. Connected-class lease heartbeats refresh availability before expiry.
|
|
5. Sovereign-class offline renewal bundles validate signature and policy hash before state promotion.
|
|
|
|
## Degraded Scenarios
|
|
|
|
## RPC Outage
|
|
|
|
1. Mark confirmation dependency degraded.
|
|
2. Switch to secondary RPC endpoint.
|
|
3. Re-run receipt verification.
|
|
4. If uncertain, fail closed and queue retry.
|
|
|
|
## Reorg Risk
|
|
|
|
1. Apply minimum confirmation depth policy.
|
|
2. If tx dropped/reorged, revert to `pending_membership_mint`.
|
|
3. Notify via deterministic status message; do not promote state.
|
|
|
|
## Chain Congestion
|
|
|
|
1. Quote remains authoritative until expiry.
|
|
2. Expired quote requires re-quote.
|
|
3. No off-policy amount overrides.
|
|
|
|
## Safe Mode Triggers
|
|
|
|
1. Conflicting tx results across RPC providers.
|
|
2. Contract bytecode mismatch at expected address.
|
|
3. Persistent receipt retrieval failures beyond threshold.
|
|
|
|
Safe mode actions:
|
|
|
|
1. Pause new confirmations.
|
|
2. Keep purchase state blocked.
|
|
3. Emit incident evidence.
|
|
4. Prevent availability promotions when renewal evidence is uncertain.
|
|
|
|
## Recovery
|
|
|
|
1. Validate RPC consensus.
|
|
2. Reconcile pending confirms deterministically.
|
|
3. Resume confirmations after verification threshold restored.
|