> ## Documentation Index
> Fetch the complete documentation index at: https://docs.capx.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Mainnet Node Setup Guide

The document is crafted to assist the operator setup the mainnet attestor nodes, i.e setup, configuration, and troubleshooting of the Capx Cloud Network. It is recommended that each section be reviewed carefully to ensure that the operator environment is configured correctly.

## Setup Guidance

<Tabs>
  <Tab title="Operator Checklist">
    <p>Complete each item in the checklist to ensure your node is properly configured. The checklist verifies all prerequisites are met before registration.</p>

    <a href="https://capx-ai.github.io/capxcloud-operator-checklist/">
      Access CapxCloud Operator Checklist →
    </a>
  </Tab>

  <Tab title="Registration Instructions">
    <p>Once your environment is ready and all checklist items are passed, follow the detailed registration instructions to join the Mainnet.</p>

    <a href="../register/mainnet">
      Detailed steps to register your node on the Mainnet network →
    </a>
  </Tab>
</Tabs>

***

## Wallet Configuration: Ledger/Safe vs. EOA

The appropriate environment file should be selected based on the wallet type being used.

<Tabs>
  <Tab title="Ledger/Safe Wallet">
    Two key parameters should be configured:

    * **`PRIVATE_KEY_ATTESTER` (Consensus Key):**

      This parameter holds the private key that is used for consensus-related operations. It is designated as the Consensus Key and is responsible for signing messages and attestations that participate in the consensus process.

    * **`OPERATOR_ADDRESS` (Controller Key Address):**

      This parameter holds the wallet address associated with the controller key. It is used to manage administrative functions and operator configurations. The separation of these keys helps enhance security by ensuring that the key used for consensus operations is distinct from the one controlling operator privileges.

    For further details on key roles and separation, please refer to the official documentation: [Othentic CLI Private Key Management](https://docs.othentic.xyz/main/avs-framework/othentic-cli/private-key-management#key-roles-and-separation)

    ```jsx theme={null}
    ##########################################################################################
    # Fill in your attestor's private key, and the RPC endpoints
    ##########################################################################################
    OPERATOR_ADDRESS=
    PRIVATE_KEY_ATTESTER=
    L1_RPC=https://eth-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD
    L2_RPC=https://arb-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD

    ##########################################################################################
    # Uncomment the below line to enable debug mode
    ##########################################################################################
    # DEBUG=*

    ##########################################################################################
    # Leave the following as they are
    ##########################################################################################
    OTHENTIC_REGISTRY_ADDRESS=0x7e39183cDa5AF65E6A18aF8C3bf0c523127f83bF
    AVS_GOVERNANCE_ADDRESS=0xad12e74847d6d1487a6a3a6b75d1f509f3f627e8
    ATTESTATION_CENTER_ADDRESS=0x5103Aa9a96EB3FC4C3A700e14135E0ff3739b12c
    IPFS_HOST=https://gateway.pinata.cloud/ipfs/
    OTHENTIC_BOOTSTRAP_ID=12D3KooWEaL5pGLey8qcEmapuAFZPNbgnDSULnSbbmbcTfbVLMTN
    OTHENTIC_BOOTSTRAP_SEED=49c6b501ba41f40d4bdbbe35cb0aaa7d304850ab199cca97dc9f7f016d47a9fb
    OTHENTIC_BOOTSTRAP_HOST=mainnet.aggregator.services.capx.ai
    L1_CHAIN=1
    L2_CHAIN=42161
    L1_CHAIN_CLI_CODE=mainnet
    L2_CHAIN_CLI_CODE=arbitrum-one
    ```
  </Tab>

  <Tab title="EOA Wallet">
    One Key parameters should be configured:

    * **`PRIVATE_KEY_ATTESTER` (Private Key):**

      This parameter holds the private key that is used for registering the operator.

    ```jsx theme={null}
    ##########################################################################################
    # Fill in your attestor's private key, and the RPC endpoints
    ##########################################################################################
    PRIVATE_KEY_ATTESTER=
    L1_RPC=https://eth-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD
    L2_RPC=https://arb-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD


    ##########################################################################################
    # OPTIONAL : Only Add this parameter if following Key Role separation. 
    ##########################################################################################
    OPERATOR_ADDRESS=

    ##########################################################################################
    # Uncomment the below line to enable debug mode
    ##########################################################################################
    # DEBUG=*

    ##########################################################################################
    # Leave the following as they are
    ##########################################################################################
    OTHENTIC_REGISTRY_ADDRESS=0x7e39183cDa5AF65E6A18aF8C3bf0c523127f83bF
    AVS_GOVERNANCE_ADDRESS=0xad12e74847d6d1487a6a3a6b75d1f509f3f627e8
    ATTESTATION_CENTER_ADDRESS=0x5103Aa9a96EB3FC4C3A700e14135E0ff3739b12c
    IPFS_HOST=https://gateway.pinata.cloud/ipfs/
    OTHENTIC_BOOTSTRAP_ID=12D3KooWEaL5pGLey8qcEmapuAFZPNbgnDSULnSbbmbcTfbVLMTN
    OTHENTIC_BOOTSTRAP_SEED=49c6b501ba41f40d4bdbbe35cb0aaa7d304850ab199cca97dc9f7f016d47a9fb
    OTHENTIC_BOOTSTRAP_HOST=mainnet.aggregator.services.capx.ai
    L1_CHAIN=1
    L2_CHAIN=42161
    L1_CHAIN_CLI_CODE=mainnet
    L2_CHAIN_CLI_CODE=arbitrum-one
    ```
  </Tab>
</Tabs>

***

## Operator ( Attestor Node ) Setup

<Warning>
  This is an early development release (v0.1.1) intended for testing and network growth. Operators should be aware that future updates may include breaking changes as the network evolves.
</Warning>

### Key Features

* Basic P2P attestation node implementation
* Network discovery and peer connection
* Integration with Symbiotic protocol security layer
* Attestation service foundations
* Minimal operator configuration requirements

## Docker Images

### Attester P2P Node (Mainnet)

```
Image: capxcloud/attester-p2p-node:0.1.1
SHA256: 1e97d06b37e985f8bdbeef02b215ce1ea6bb9b52f5ae5be6b322a6b6bb696a65
```

### Validation Service (Mainnet)

```bash theme={null}
Image: capxcloud/validation-service:0.1.1
SHA256: 693d4f1028ddb273ed127e40041511f25a2489bf623133aa60e9c8bb1a696c81
```

## Docker Compose file

```docker theme={null}
name: capxcloud-attestation-system

services:
  attester-p2p-node:
    image: capxcloud/attester-p2p-node:0.1.1
    container_name: capxcloud-attester-p2p-node
    restart: unless-stopped
    command: ["/usr/local/bin/start-attester.sh"]
    ports:
      - "7070:7070" # Attester metrics port
      - "9876:9876" # Attester P2P port - If you want map it to a different local port than 9876 (e.g. 9878:9876), uncomment the ANNOUNCED_ADDRESSES section and set the OPERATOR_MAPPED_PORT to the desired port
    env_file:
      - path: .env
        required: true
    environment:
      - OTHENTIC_BOOTSTRAP_HOST=${OTHENTIC_BOOTSTRAP_HOST}
      - PRIVATE_KEY=${PRIVATE_KEY_ATTESTER}
      - TASK_PERFORMER=0x0000000000000000000000000000000000000000
      - OTHENTIC_BOOTSTRAP_ID=${OTHENTIC_BOOTSTRAP_ID}
      - L1_CHAIN_CLI_CODE=${L1_CHAIN_CLI_CODE}
      - L2_CHAIN_CLI_CODE=${L2_CHAIN_CLI_CODE}
      - L1_RPC=${L1_RPC}
      - L2_RPC=${L2_RPC}
      - VALIDATION_SERVICE_IP=10.1.0.42
      # # ANNOUNCED_ADDRESSES section: Uncomment to enable announced addresses
      # - ENABLE_ANNOUNCED_ADDRESSES=true
      # - OPERATOR_PUBLIC_IP=127.0.0.1 # Replace with your public IP
      # - OPERATOR_MAPPED_PORT=9878 # Replace with the desired port
      # - OPERATOR_NODE_ID=your-node-id # Replace with your node ID (You can get it by running the command: othentic-cli node get-id --node-type attester)
    networks:
      p2p:
        ipv4_address: 10.1.0.2
    depends_on:
      validation-service:
        condition: service_healthy
    deploy:
      resources:
        limits:
          cpus: "1"
          memory: 1G
        reservations:
          cpus: "0.25"
          memory: 512M
    healthcheck:
      test: ["CMD", "/usr/local/bin/health-check.sh"]
      interval: 30s
      timeout: 10s
      retries: 1
      start_period: 60s
      start_interval: 30s
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "7"
        compress: "true"

  validation-service:
    image: capxcloud/validation-service:0.1.1
    container_name: capxcloud-validation-service
    env_file:
      - .env
    networks:
      p2p:
        ipv4_address: 10.1.0.42
    restart: unless-stopped
    deploy:
      resources:
        limits:
          cpus: "1"
          memory: 1G
        reservations:
          cpus: "0.25"
          memory: 512M
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:4002/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "7"
        compress: "true"

networks:
  p2p:
    driver: bridge
    ipam:
      config:
        - subnet: 10.1.0.0/16
          gateway: 10.1.0.1
```

### Instructions for Running the Setup

1. **Prerequisites:**
   * It is expected that Docker and Docker Compose are installed.
   * Ensure that the required environment variables are configured either in a `.env` file or in your shell environment.
   * **Important: Configure network access for P2P communication**
     * You must ensure ports 7070 (metrics) and 9876 (P2P communication) are open for inbound traffic in your firewall/router.
     * Without proper port forwarding, the attestation node will be unable to communicate with the network.
     * If you're behind NAT or want to use different port mappings, see the configuration note below.
2. **Port Configuration Note:**
   * **Default setup:** The system expects ports 7070 and 9876 to be directly accessible from the internet.
   * **Custom port mapping:** If you need to map the P2P port to a different external port:
     * Uncomment the `ANNOUNCED_ADDRESSES` section in the docker-compose file
     * Set `OPERATOR_PUBLIC_IP` to your actual public IP address
     * Set `OPERATOR_MAPPED_PORT` to your desired external port (e.g., 9878)
     * Update `OPERATOR_NODE_ID` with your node ID
     * Update your router/firewall to forward the chosen external port to port 9876 on your host
3. **Deploying the Services:**
   * Navigate to the directory containing the Docker Compose file.

   * Execute the following command to start the services in detached mode:

     ```bash theme={null}
     docker-compose up -d
     ```

   * The services will be initiated in the background.
4. **Monitoring Logs:**
   * To monitor the logs for all services in real time, it is advised to use:

     ```bash theme={null}
     docker-compose logs -f
     ```

   * This command will stream the logs continuously, allowing for live troubleshooting.
5. **Managing the Deployment:**
   * To stop the services, the following command can be used:

     ```bash theme={null}
     docker-compose down
     ```

   * If an update of the images is needed, it is recommended to run:

     ```bash theme={null}
     docker-compose pull && docker-compose up -d
     ```
6. **Verify Connectivity:**
   * After deployment, verify your node is properly connected to the network by checking:
     * Metrics endpoint: [http://localhost:7070/metrics](http://localhost:7070/metrics)
     * Service logs for successful P2P connections: `docker logs capxcloud-attester-p2p-node`
