Document View
Docs HubDownload MD

mainnet-go-no-go.md

Source language: EN

ARES Mainnet Go/No-Go Checklist

Status date: March 5, 2026

Current stage: Testnet-live infrastructure with security-closure batch applied (Base Sepolia)

Purpose

This checklist defines the hard launch gates for Base mainnet.

Any unchecked Critical Gate means No-Go.

Rationale: avoid “feature-complete” bias and ship only when governance + security + ops are verifiably ready.

---

Gate 1: Governance Authority (Critical)

  • [ ] Timelock + Governor deployed and verified.
  • [ ] Conservative governance profile deployed (proposalThreshold=1,000,000 ARES, quorum=6%, timelock>=48h).
  • [ ] Core/admin contracts delegated to Timelock (DEFAULT_ADMIN_ROLE + GOVERNANCE_ROLE where applicable).
  • [ ] Token admin delegated to Timelock.
  • [ ] Timelock proposer/canceller set to Governor.
  • [ ] Bootstrap deployer privileges revoked according to launch policy.
  • [ ] Governance state report generated and archived.

Evidence:

  • deploy/contracts/governance.base-sepolia.json
  • deploy/contracts/verify-governance-state.mjs output
  • Sepolia hard-handoff proof: docs/demo/governance-state-sepolia-revoke-check.json

Rationale: mainnet control must be exercised by governance executor (Timelock), not deployer EOA.

---

Gate 2: Security Readiness (Critical)

  • [x] External audit completed.
  • [x] High/Critical findings fully remediated in code snapshot.
  • [x] Foundry tests pass (forge test) including adapter + dispute + ARI correction coverage.
  • [x] Fuzz/invariant pass on key modules (Registry/Ledger/Engine/Dispute).
  • [x] API auth replay protections validated (nonce TTL + single-use).
  • [ ] Dispute v2 cutover rehearsal completed (new dispute + new validation adapter + old-claim continuity).
  • [ ] Webhook auth migration completed (dual -> sender HMAC ready -> hmac enforced).

Evidence:

  • /Users/busecimen/reports/audit_20260305_051253_ares_overall_external.md
  • Security closure commits on codex/security-closure-ext-001-004:

- ebf5d24 (AresDispute settlement/liveness fixes)

- 50f6373 (webhook HMAC + dependency patch)

- c8f7131 (CI critical advisory gate + rollout docs)

  • CI green test logs

Rationale: mainnet risk is dominated by authority and economic attack surface.

---

Gate 3: Operations & Reliability (Critical)

  • [ ] Production runbooks finalized (incident, rollback, key compromise).
  • [ ] Monitoring + alerting active (API, explorer, chain RPC, DB).
  • [ ] Backup/restore drill completed.
  • [ ] Rate limiting + abuse controls validated in production config.

Evidence:

  • Runbook docs
  • Alert test screenshots/logs

Rationale: launch risk includes operational failures, not only contract bugs.

---

Gate 4: Data Plane Integrity (Critical)

  • [ ] Subgraph and API data paths consistent for leaderboard, score, actions, disputes.
  • [ ] Explorer shows live and historical data from canonical pipeline.
  • [ ] Demo/test data separated from production policies.
  • [ ] Dispute response semantics expose NO_QUORUM vs REJECTED separation for consumers.

Evidence:

  • /api/v1/health, /api/v1/leaderboard, /api/v1/actions checks
  • Explorer smoke output

Rationale: trust protocol must present consistent data across all integration surfaces.

---

Gate 5: Token/TGE Finalization (Pre-launch Critical)

  • [ ] Mainnet supply + distribution policy frozen.
  • [ ] Single-vault launch topology frozen and evidenced.
  • [ ] Vesting/distributor contracts finalized (if used).
  • [ ] Governance-approved fee policy (burn/treasury/validator split) confirmed.
  • [ ] Public docs synchronized with on-chain parameters.

Rationale: prevent launch with ambiguous token economics.

---

Pre-Base-Batches (Application) Scope

For Base Batches application window (before March 9, 2026), target:

  • Go for testnet-live proof.
  • No-Go for mainnet launch until Gates 1–5 are fully complete.

Rationale: strongest application posture is proven testnet traction + credible gated path to mainnet.

---

Current Snapshot (Mar 5, 2026)

  • Testnet infra: Live
  • Contracts on Base Sepolia: Live
  • Governance layer on Base Sepolia: Timelock + Governor deployed and verified
  • Handoff mode currently applied: Hard handoff complete (deployer roles revoked; strict --require-deployer-revoked verification passing)
  • Governance smoke test: Proposal created on-chain (proof archived in private operational records)
  • Demo dataset: 40 agents / 500 actions / 20 disputes
  • External audit (round-1): Completed
  • Security findings EXT-001/002/003/004: Implemented in current code snapshot
  • Webhook auth mode target: dual -> hmac migration still open
  • Production recovery project: Redacted (managed via GCP_PROJECT_ID in ops runbooks)
  • Production recovery VM: ares-vm-01
  • DNS/SSL cutover: Complete
  • Legacy compromised projects: Deleted
  • Monitoring/alerting: Configured (notification email verification pending)
  • Secret rotation: Completed on production host
  • Accepted mainnet governance target: Conservative (1M threshold / 6% quorum / 48h timelock)
  • Accepted mainnet dispute window target: 14 days
  • Mainnet declaration: No-Go (pending dispute-v2 live cutover evidence, HMAC-only webhook enforcement, final authority freeze, token finality execution proofs, and launch signoff)