Mainnet Checklist

Start small, scale progressively. Complete each phase before advancing.

Program IDs

All four programs use the same key on mainnet and devnet. Keep your upgrade keypairs secure.

Step 1 — Build Programs

Alpha, Neutral, and Defense are built without the devnet feature flag for mainnet.

# From repo root
cargo build-sbf --manifest-path programs/keystone-core/Cargo.toml
cargo build-sbf --manifest-path programs/keystone-alpha/Cargo.toml
cargo build-sbf --manifest-path programs/keystone-neutral/Cargo.toml
cargo build-sbf --manifest-path programs/keystone-defense/Cargo.toml

# Binaries land in:
# target/deploy/keystone_core.so
# target/deploy/keystone_alpha.so
# target/deploy/keystone_neutral.so
# target/deploy/keystone_defense.so

Devnet builds add -- --features devnet to skip Pyth ownership validation and use a mock $100 SOL price. Do not add that flag for mainnet.

Step 2 — Deploy Programs

Verify each deployed program:

Step 3 — Initialize Everything

One script handles the full initialization sequence in the correct order:

What it does (each step is idempotent — safe to re-run):

After completion, all 9 sub-fund instances accept deposits and withdrawals only through Core. Direct access is rejected with DirectDepositsDisabled (6051).

Estimated rent: ~0.2 SOL per fund state + ATAs + gate PDAs ≈ 2–2.5 SOL total.

Step 4 — Configure Neutral Fund (Manual)

These settings cannot be applied via initialize_fund or update_fund_params — they require either a custom instruction or are set at the time of first position open.

4a. Jupiter Perps pool and custody addresses

BasisFundState stores jupiter_pool, jupiter_sol_custody, and jupiter_collateral_custody. Every deploy_capital / close_position / settle_funding call validates that the accounts you pass match these on-chain keys.

Set them once after initialization (using the fund's admin keypair). This requires a one-off script or a Solana account write to the fund state. See Admin Operations for the current recommended approach.

4b. Enable Marginfi idle-capital parking (optional)

Creates a Marginfi account owned by fund_authority and sets lending_enabled = true. After this, the keeper can call park_capital when the position is closed and deploy_capital will auto-withdraw from Marginfi when redeploying.

4c. Enable reverse basis (optional)

Creates a Kamino obligation owned by fund_authority. Required before the keeper can call deploy_reverse.

4d. Enable positive-APY guards

Step 5 — Start Keepers

Deployment Phases

Phase 1: Soft Launch (Weeks 1–4)

• Programs deployed and verified on-chain

• fresh-deploy.ts complete — all 9 funds initialized, 9 CoreGates set

• Neutral: Jupiter Perps addresses configured

• Pyth oracle verified (live price, not stale)

• Low deposit caps: start at $10k–$50k per portfolio

• 3–5 trusted wallets whitelisted (via direct instruction, not CoreGate — CoreGate is already set)

• Test full deposit → rebalance → withdraw cycle on each risk profile

• Test Neutral settle_funding → deploy_capital → unwind_position → claim_withdrawal cycle

• Test Core emergency de-risk toggle

• Monitoring configured (events, TVL, NAV, health factor)

• Authority: Single admin wallet (fast iteration)

Phase 2: Beta (Weeks 5–8)

• Deposit caps raised to $100k–$500k per portfolio

• 10–20 beta users depositing via Core

• Security audit scheduled (Ottersec / Sec3 / Neodyme)

• All keeper cycles running reliably (< 1% failure rate)

• Keeper alerts configured (Slack / PagerDuty for missed settlements)

• Neutral: reverse basis cycle tested in production (small amounts)

• Defense: lending and long SOL-PERP cycles tested

• Squads multisig prepared (3-of-5 minimum)

Phase 3: Post-Audit (Week 12+)

• Audit complete — all findings resolved

• transfer_authority called on all 9 sub-funds and all 3 Core portfolios → multisig

• Deposit caps raised or removed per policy

• Public launch announced

Pre-Launch Checklist

Code

• All security fixes from audit applied

• No devnet feature flag in mainnet binary (cargo build-sbf without -- --features devnet)

• IDLs match deployed programs (target/idl/*.json synced to keystone-frontend/src/idl/)

• CoreGates confirmed active on all 9 sub-fund instances

Oracle

• Pyth mainnet SOL/USD feed ID confirmed: ef0d8b6fda2ceba41da15d4095d1da392a0d2f8ed0c6c7bc0f4cfac8c280b56d

• Oracle account H6ARHf6YXhGYeQfUzQNGk6rDNnLBQKrenN712K4AQJEG live on mainnet

Protocol Integrations

• Marginfi USDC bank verified: 2s37akK2eyBbp8DZgCm7RtsaEz8eJP3Nxd4urLHQv7yB

• Kamino USDC reserve verified: D6q6wuQSrifJKZYpR1M8R4YawnLDtDsMmWM1NbBmgJ59

• Jupiter V6 swap routing tested end-to-end

• Jupiter Perps pool / custody addresses confirmed and written to BasisFundState

Infrastructure

• Paid RPC endpoint (Helius or QuickNode) — public endpoint will rate-limit keepers

• Keeper wallet funded with SOL for ongoing tx fees (~0.001 SOL/tx)

• Jupiter referral account set up (optional — earns fee share on every swap)

• Monitoring dashboard configured

• Alert system live (TVL drop, NAV drawdown, failed settlement)

Rollback

Each program is upgradeable via its upgrade keypair. In an emergency:

See Admin Operations for pause/unpause instructions.