CTO Tactical Scope · Ground-Truth Verified
Stable Testnet Deployment
Antilles identity-trust stack — Shyft core + RMT reputation + ERC-8004 agent identity → Stable testnet (chainId 2201, USDT0 gas)
▲ CONDITIONAL-GO → BUILD
✕ NO-GO → ON-CHAIN DEPLOY
2026-06-24 · repo @ stable-testnet-deploy-prep · verified vs source
One sentence: we want to put the Shyft-based identity & reputation contracts onto Stable testnet so agents can register an identity, cite each other, and earn a tier-capped reputation score — funded by faucet, no real money. Today the deploy path runs on MOCK contracts only. The real contracts, the real attestation layer, and the deploy script that wires them together do not exist yet. This board is exactly what's built, what's missing, and the order to close it.
01
Two work-streams (this is the "fork" — and it isn't really one)
My earlier message conflated these. They are not an either/or. The Gate is a short process checkpoint; the Engineering is the actual ~16–21h of contract work. The Gate must clear first only because our own process requires a signed cross-model review before code is built.
Engineering The contracts & scripts
The real work: restore real Shyft core, add the agent-identity registry, make reputation tier-safe, self-deploy a real attestation service, and write the one-command deploy script. This is what actually unblocks a live deploy.
SCOPE: S1–S6 + EAS + tier hardening · ~16–21h dev + faucet wait
Governance Gate The review checkpoint
Forge requires a cross-model panel (Grok + Codex + Gemini) to sign off, tracked through a state machine, before code is built. This sprint's earlier sign-offs lacked cryptographic proof, so it was quarantined. The signing system shipped — so it can now be re-cleared legitimately. ~1 lap.
SCOPE: re-run signed panels · SEED→PLAN→DESIGN→BUILD · ~1 hour
Decision for the CTO: there's no real choice to debate — clear the Gate (cheap, ~1hr), then do the Engineering. The only true external blocker is operator faucet funding for the deployer wallet. Everything else is execution.
02
What's there vs. what's missing
Every row below was checked against the live antilles-v2 repo today — not from memory. Green = exists & works. Red = file/contract does not exist yet.
BUILT & WORKING 7 items
Stable network config S2
Hardhat stable_testnet network — chainId 2201, USDT0 gas (0-tip), deployer from MetaMask seed.
hardhat.config.ts:17,21,202 · staged (uncommitted)
Base RMT contracts
ShyftGatedResolver, ReputationEngine, PageRankOracle, CitationCounters all compile & test (base versions — not yet tier-aware).
contracts/contracts/RMT/*.sol
RMT S33 intelligence (off-chain)
PageRank α0.85, SybilDetector (93.7%), AttestorDiversity, graduated KYC tiers — validated. Off-chain in oracle/; not part of this deploy.
origin/rmt-core-convergence-2026-05-17
Mock-Shyft deploy template
deploy-rmt-unified.js — full localhost deploy against MOCK Shyft. Reusable sequence template for the real script.
scripts/deploy-rmt-unified.js
Env + secrets scaffold
.env.rmt.example Stable section; .deployments/ gitignored; no key committed.
.env.rmt.example · .gitignore
Operator + harness docs
Operator runbook, deployment dossier, fast-deploy harness design proposal.
docs/operator-runbook · STABLE_DEPLOYMENT_DOSSIER · deploy-stable-testnet.PROPOSAL.md
Public review pages (CF)
4 review dashboards live, no password — audit plan, trust framework, RMT schematic, roadmap.
antilles-stable-review.pages.dev
MISSING — must be built 7 items
Real Shyft core S1 FOUNDATION
Only mocks exist (MockTrustAnchorManager, MockTrustAnchorStorage, MockShyftCacheGraph). Must restore the real TrustAnchorManager / Storage / CacheGraph / Conduit / Administrable + Antilles/* from git 710536b.
restore: git checkout 710536b -- <path> · dual-pragma 0.7.x+0.8.x compile
ERC-8004 agent registry S3
No file exists. New minimal registry: registerAgent, ownerOf, agentCard, transferAgent — gives each agent an on-chain identity.
MISSING: contracts/Erc8004Registry.sol + IErc8004Registry.sol
Tier-safe reputation S3a·b·c SECURITY-CRITICAL
No tier logic on-chain today (setTierCap, tier classifier, tier-tagged citations all absent). Must add: tier-aware resolver, tier-tagged citation events, per-tier caps (T0=3500bp / T2=8500bp) with admin setters. Tier must be derived on-chain — never attacker-supplied.
verified absent: ShyftGatedResolver / ReputationEngine have no tier code
Canonical EAS attestation
Stable has no EAS predeploy; only MockEAS (tests) exists. Must self-deploy real MIT EAS + SchemaRegistry and read the schema UID back from the event.
only: contracts/RMT/mocks/MockEAS.sol
The deploy script S4
Design proposal only — no runnable script. Needs: real-Shyft + canonical-EAS + corrected wiring + idempotent resumable ledger + USDT0 gas overrides.
MISSING: scripts/deploy-stable-testnet.js (PROPOSAL.md exists)
Smoke test S5
No file. Registers a test agent, writes a citation, reads the capped score end-to-end. Blocked on faucet funding.
MISSING: scripts/register-test-agent.js
Corrected dependency wiring
Real cycle is PageRankOracle ↔ ReputationEngine (verified: PageRankOracle.sol:192 ↔ ReputationEngine.sol:231). The seed-brief's "ReputationEngine↔CitationCounters" wiring is fictional — setCitationCounters lives on the resolver, not the engine. Captured in design; must land in S4.
corrected in dossier + harness proposal
03
What "the recovery" is, in plain terms
"Quarantine recovery" = re-doing the process sign-off correctly. Nothing about the engineering; purely the review checkpoint.
- Why it's quarantined: earlier SEED & PLAN reviews were recorded as plain text summaries with no cryptographic proof a real model reviewed them ("synthetic reviews"). Our process flagged and froze the sprint.
- What unblocked it: the signed-evidence system (
TIER_1_SIGNED_DISPATCH_EVIDENCE) shipped. A daemon now Ed25519-signs each real model dispatch, so a review can prove it happened. VERIFIED LIVE TODAY.
- The recovery (~1 hr): re-run real Grok + Codex + Gemini reviews on the current clean code, capture the signed receipts, record them, and walk the state machine SEED → PLAN → DESIGN. That unlocks BUILD.
- What it is NOT: it is not a deploy, not engineering, and not a rubber-stamp — a real panel can return "change this," which is the point.
04
The deployment roadmap (governance recovery → … → mainnet)
Unanimous cross-model ordering: governance → identity correctness → reputation correctness → deployability → mainnet. Do not ship reputation intelligence before the identity + tier-provenance path is non-attacker-controlled.
PHASE 0
Gate Recovery
Re-run signed cross-model panels; resume the FSM.
▸ NEXT · ~1hr
PHASE 1
Identity Substrate
Restore real Shyft (S1) + self-deploy canonical EAS.
PENDING
PHASE 2
Agent Identity
Build ERC-8004 registry (S3) + bridge.
PENDING
PHASE 3
Tier-Safe Reputation
On-chain tier derivation + caps (S3a/b/c). Security-critical.
PENDING
PHASE 4
Deployability
Real deploy script (S4) + corrected wiring + smoke (S5).
PENDING
PHASE 5
Mainnet Readiness
Gnosis Safe, monitoring, external audit, fee refactor.
LATER
05
Effort, critical path & what's needed from the operator
Engineering effort
~16–21h
S1 restore (2–3h) · S3 registry (2–3h) · S3a/b/c tier (4–5h) · S4 script (6–8h) · S5 smoke (1h) · S6 docs (1h).
Hard blocker
Faucet
Operator must fund deployer 0xad2f…8611 via faucet.stable.xyz (USDT0, not ETH). S5 smoke & live deploy cannot run until then.
Operator actions
- Fund the deployer wallet (faucet).
- Approve the Gate recovery to start (Phase 0).
- Reviews/audits at each PR (your stated role).