Mainnet Production Blocker Register

This register is intentionally conservative. It separates repository readiness from real-funds mainnet approval.

Current decision:

• `blocked-external-steps`

Current claim boundary:

• PrivateDAO is devnet-proven, internally hardened, and reviewer-ready.
• PrivateDAO is not cleared for real-funds mainnet production until the blockers below are closed with evidence.

Canonical machine-readable source:

• `docs/mainnet-blockers.json`

Open Blockers

| Blocker | Category | Severity | Status | Required Before | | --- | --- | --- | --- | --- | | `external-audit-completion` | security | critical | pending-external | mainnet-real-funds | | `upgrade-authority-multisig` | custody | critical | pending-external | mainnet-real-funds | | `production-monitoring-alerts` | operations | high | pending-external | mainnet-real-funds | | `real-device-wallet-runtime` | runtime | high | pending-runtime-captures | mainnet-real-funds | | `magicblock-refhe-source-receipts` | privacy-settlement | high | pending-integration | mainnet-real-funds | | `mainnet-cutover-ceremony` | release | high | pending-external | mainnet-real-funds |

Closure Standard

Each blocker can only move to `complete` when the evidence is recorded in repository-linked artifacts or a named external audit or operations packet.

Minimum closure evidence:

• `external-audit-completion`: external audit report, finding disposition, and deployed candidate version binding.
• `upgrade-authority-multisig`: multisig or governance-owned authority path, signer policy, and rotation rehearsal record.
• `production-monitoring-alerts`: alert destinations, runtime monitors, incident owners, and tested failure signals.
• `real-device-wallet-runtime`: wallet/device/browser captures for the supported production matrix.
• `magicblock-refhe-source-receipts`: source-verifiable settlement receipt path or documented threshold-attested residual trust model.
• `mainnet-cutover-ceremony`: final deployment hash, authority state, monitoring links, audit result, and go/no-go record.

Evidence Index

• `external-audit-completion`: `docs/audit-handoff.md`, `docs/external-audit-engagement.md`, `docs/zk-external-audit-scope.md`, `docs/mainnet-readiness.generated.md`, `docs/launch-trust-packet.generated.md`
• `upgrade-authority-multisig`: `docs/authority-hardening.md`, `docs/authority-transfer-runbook.md`, `docs/production-custody-ceremony.md`, `docs/multisig-setup-intake.json`, `docs/multisig-setup-intake.md`, `docs/launch-ops-checklist.json`, `docs/launch-ops-checklist.md`, `docs/mainnet-cutover-runbook.md`, `docs/launch-trust-packet.generated.md`
• `production-monitoring-alerts`: `docs/launch-ops-checklist.json`, `docs/launch-ops-checklist.md`, `docs/monitoring-alert-rules.json`, `docs/monitoring-alert-rules.md`, `docs/monitoring-alerts.md`, `docs/production-operations.md`, `docs/incident-response.md`
• `real-device-wallet-runtime`: `docs/runtime/real-device.md`, `docs/runtime/real-device.generated.md`, `docs/wallet-e2e-test-plan.md`, `docs/launch-ops-checklist.json`, `docs/launch-ops-checklist.md`, `docs/launch-trust-packet.generated.md`
• `magicblock-refhe-source-receipts`: `docs/magicblock/runtime-evidence.md`, `docs/refhe-security-model.md`, `docs/canonical-verifier-boundary-decision.md`
• `mainnet-cutover-ceremony`: `docs/release-ceremony.md`, `docs/release-drill.generated.md`, `docs/launch-ops-checklist.json`, `docs/launch-ops-checklist.md`, `docs/mainnet-cutover-runbook.md`

Verification

Run:

npm run verify:mainnet-blockers

The verifier does not fail because blockers are open. It fails if the blockers are missing, vague, inconsistent with the honest mainnet boundary, or missing evidence pointers.