Add backup encryption, upgrade.json timestamp docs, and admin key governance

[Copilot]

Validator staking keys were backed up as plaintext tar.gz with no integrity checks. Network upgrade timestamps had no human-readable documentation. Precompile admin addresses had no governance documentation.

Backup script (chains/backup-validator.sh)

• Encrypts backup via GPG AES-256 symmetric encryption using a passphrase file
• Generates and immediately verifies a SHA-256 checksum post-creation
• Fails fast with clear error messages if passphrase file is missing or encryption/verification fails
• Includes commented-out stubs for rclone remote upload and find -mtime retention policy

tar czf - "${TARGET_DIR}" | \
    gpg --symmetric --cipher-algo AES256 --batch \
        --passphrase-file "${PASSPHRASE_FILE}" \
        --output "${BACKUP_FILE_NAME}"
sha256sum "${BACKUP_FILE_NAME}" > "${CHECKSUM_FILE}"
sha256sum --check "${CHECKSUM_FILE}"

Upgrade timestamp documentation

New upgrade-notes.md companion files alongside each upgrade.json:

• Mainnet (2PDRxzc6.../upgrade-notes.md): 1767789000 → 2026-01-07 12:30 UTC — disable contractDeployerAllowList
• Testnet (2oo5UvYg.../upgrade-notes.md): three timestamps covering Granite activation, allow-list re-enable with new admin, and allow-list disable

Each file includes upgrade rationale, validator action steps, and a timestamp validation checklist.

Admin key governance (docs/admin-key-governance.md)

New document covering:

• Admin addresses per environment in EIP-55 checksummed format
• Recommended HSM/hardware wallet storage and multi-sig guidance
• Key rotation procedure (add new admin → verify → revoke old)
• Emergency access protocol for lost/compromised keys
• Audit trail requirements for on-chain admin changes

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature][High] Add backup encryption, upgrade.json documentation, and admin key governance docs</issue_title>
<issue_description>## Summary

Three high-priority improvement opportunities for operational security and governance:

1. Backup script needs encryption, integrity verification, and remote storage

File: chains/backup-validator.sh (lines 1-11)

The backup script creates plain tar.gz of validator staking keys with:

• No encryption (staking keys are stored in cleartext)
• No checksum/integrity verification after creation
• No rotation or retention policy
• No upload to remote/offsite storage

Suggested approach:

tar czvf - "${TARGET_DIR}" | gpg --symmetric --cipher-algo AES256 --batch --passphrase-file /path/to/passphrase > "${BACKUP_FILE_NAME}.gpg"
sha256sum "${BACKUP_FILE_NAME}.gpg" > "${BACKUP_FILE_NAME}.gpg.sha256"
# Optional: upload to cloud storage

2. Upgrade.json files use raw Unix timestamps without documentation

Files:

• avalanchego/configs/chains/2PDRxzc6jMbZSTLb3sufkVszgQc2jtDnYZGtDTAAfom1CTwPsE/upgrade.json (19 lines)
• avalanchego/configs/chains/2oo5UvYgFQikM7KBsMXFQE3RQv3xAFFc8JY2GEBNBF1tp4JaeZ/upgrade.json (10 lines)

Critical network upgrades are defined with Unix timestamps (e.g., 1767789000, 1762510500) but include no comments explaining the human-readable date, upgrade purpose, or rationale. Incorrect timestamps could cause consensus failures.

Suggested approach:

• Add companion upgrade-notes.md files with timestamp-to-date mappings
• Create a validation script to verify timestamps are sequential and logical
• Document upgrade scheduling process

3. Admin address governance documentation missing

Files:

• chains/mainnet/genesis.json (line 29: 0x8cba0477...)
• chains/testnet/genesis.json (line 27: 0x63B7076F...)
• chains/devnet/genesis.json (line 27: 0x63b7076f...)

Three environments use two admin addresses for precompile control, but there is no documentation about:

• Which wallet/key controls each address
• Key management procedures
• Who holds the keys
• Emergency access protocol

Suggested approach:

• Create an access control reference document
• Standardize to EIP-55 checksummed addresses
• Document key rotation and emergency procedures

Expected Impact

• Encrypted backups prevent key theft from compromised storage
• Documented upgrades prevent consensus failures from timestamp errors
• Admin key governance prevents lockout if key holder becomes unavailable

Generated by Health Monitor with Omni</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Feature][High] Add backup encryption, upgrade.json documentation, and admin key governance docs #131

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.