# P0 Implementation

Implemented: full Laravel 12 application entrypoints/configuration; MySQL/Redis/Horizon runtime; deterministic Docker builds; self-hosted TRON FullNode plus isolated signer adapter; executable factories and Pest bootstrap; AWS KMS envelope encryption; verified email and active merchant enforcement; Brick Math decimal conversion; real Google2FA verification and payout step-up sessions; fail-closed manual risk screening; and a transactional outbox.

## Required runtime dependencies
Run `composer update` once in a networked build environment and commit the resulting `composer.lock`. This execution environment cannot access Packagist, so dependency resolution cannot be truthfully generated here. CI must reject a missing or changed lock file.

## Provider boundary
`BLOCKCHAIN_DRIVER=self_hosted_tron` expects a privately operated TRON node and a separately deployed signing service. Laravel never receives private keys. The signer must enforce its own idempotency database, policy limits, mTLS/network ACLs, and audited key custody.

## Verification
Use `docker compose up -d mysql redis`, then run `composer install`, `php artisan migrate:fresh --seed`, and `php artisan test`.
