refactor: update dependencies and remove unused code

- Added new dependencies: `adler2`, `crc32fast`, `flate2`, `miniz_oxide`, and `libredox`.
- Updated existing dependencies: `tokio-rustls` to version 0.26.4 and `filetime` to version 0.2.27.
- Removed the `backup.rs` file as it is no longer needed.
- Introduced tests for configuration and credential management.
- Enhanced the `identity` module to generate W3C compliant DID documents.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-12 00:19:30 +00:00
parent 2a867b32a8
commit 6fee6befed
347 changed files with 18703 additions and 46785 deletions

11
.claude/memory/MEMORY.md Normal file
View File

@@ -0,0 +1,11 @@
# Archipelago Project Memory Index
- [pending-features.md](pending-features.md) — Feature requests: kiosk mode, sideloading, Nostr login, etc.
- [second-server.md](second-server.md) — Second dev server (archipelago-2 via Tailscale)
- [third-server.md](third-server.md) — Third dev server (archipelago-3 via Tailscale)
- [deploy-automation.md](deploy-automation.md) — Deploy script automation TODOs
- [claude-proxy-setup.md](claude-proxy-setup.md) — Claude proxy OAuth setup details
- [project-plan.md](project-plan.md) — Overall project plan status
- [iso-build-session-2026-03-10.md](iso-build-session-2026-03-10.md) — ISO build session notes
- [unbundled-iso.md](unbundled-iso.md) — Unbundled ISO approach notes
- [web-only-apps.md](web-only-apps.md) — Web-only apps (L484 category) and iframe compatibility

View File

@@ -0,0 +1,9 @@
---
name: claude-proxy-oauth-primary-only
description: Only the primary server (192.168.1.228) uses OAuth proxy for Claude. Second server uses standard API key.
type: feedback
---
- Only the primary dev server (192.168.1.228) uses the Claude Max OAuth proxy for AIUI
- The second dev server and any other deployments should use a standard Anthropic API key (`ANTHROPIC_API_KEY` env var)
- Do not replicate the OAuth proxy setup to other servers

View File

@@ -0,0 +1,18 @@
---
name: deploy-automation-todos
description: Items to incorporate into the deploy script for automated setup — Claude API key, AIUI nginx config, swap
type: project
---
## Deploy Script Automation TODOs
These items should be added to `scripts/deploy-to-target.sh` so new server deploys are self-contained:
1. **Claude API key setup**: After deploying the proxy, auto-configure `/opt/archipelago/claude-proxy/.env.local` with the `ANTHROPIC_API_KEY`. On non-primary servers, use the standard API key (not OAuth). The key is: `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`
2. **AIUI nginx location block**: Ensure nginx config includes a proper `/aiui/` location block so static JS/CSS files are served with correct MIME types. Without this, AIUI fails to load modules.
3. **Swap space**: Deploy script should check for swap and create 4GB if missing (`fallocate -l 4G /swapfile && mkswap && swapon + fstab entry`).
4. **Primary server (192.168.1.228)**: 4GB swap configured on 2026-03-11.
5. **Second server (archipelago-2)**: 4GB swap configured on 2026-03-11.

View File

@@ -0,0 +1,26 @@
---
name: pending-ui-features
description: Feature requests — completed and pending items for the next deployment cycle
type: project
---
## Completed (2026-03-11)
1. **IndieHub in iframe** — Restored. Removed forced new-tab check in `mustOpenInNewTab()`.
2. **App uninstall fix** — Backend now logs errors and returns structured response instead of silently swallowing.
3. **Login music stops after auth** — Added `stopAllAudio()` + router afterEach guard.
4. **Container scanner dev_mode gate removed** — Scanner runs always now.
5. **BotFights app** — Added as web-only app with SVG icon. Opens in new tab (X-Frame-Options blocks iframe).
6. **L484 web apps** — Added 6 web-only apps: NWNN, 484 Kitchen, Call the Operator, Arch Presentation, Syntropy Institute, T-0. L484 category in marketplace.
7. **Kiosk mode**`/kiosk` route added, `setup-kiosk.sh` installs systemd service, systemd units in image-recipe/configs/. No full-screen iframe overlay — uses standard appLauncher.
8. **AIUI first-install fix** — nginx `try_files` changed to `=404`, Chat.vue probes AIUI availability before loading iframe.
9. **Web-only apps in My Apps** — Injected synthetic PackageDataEntry objects in Apps.vue. Web-only apps sorted first (alphabetically before container apps). No uninstall/start/stop buttons. Launch uses appLauncher with correct URLs.
## Pending
1. **Nostr NIP-07 login for containers** — Sign into container apps using onboarding Nostr keys. Not started.
2. **App sideloading** — Settings page to load apps via Docker/OCI image URL. Not started.
3. **Encrypted Nostr peer handshake (NIP-04/NIP-44)** — Exchange Tor onion addresses via encrypted DMs instead of public relay events. Not started. Currently onion addresses are published in plaintext on relays.
4. **Third server deploy** — archipelago-3.tail2b6225.ts.net needs SSH key setup and first deploy.
5. **Kiosk auto-start on servers** — setup-kiosk.sh exists but needs to be run on each server that has a display attached. Not confirmed running on .228.
6. **Deploy to .198** — Secondary server not yet deployed with latest changes.

View File

@@ -0,0 +1,23 @@
---
name: second-dev-server
description: Second dev server accessible via Tailscale at archipelago-2.tail2b6225.ts.net, Ryzen 7 7840U, 14GB RAM
type: project
---
- Hostname: archipelago-2.tail2b6225.ts.net (Tailscale)
- SSH: `ssh -i ~/.ssh/archipelago-deploy archipelago@archipelago-2.tail2b6225.ts.net`
- Password: ThunderDome6574839201!
- CPU: AMD Ryzen 7 7840U (faster than primary i3-8100T)
- RAM: 14GB
- Disk: 916GB NVMe
- OS: Debian 12 (Bookworm) x86_64
- Has: Podman 4.3.1, Node.js v20.20.1, Rust 1.94.0, Nginx 1.22.1
- Swap: 4GB configured
- Deploy: `ARCHIPELAGO_TARGET="archipelago@archipelago-2.tail2b6225.ts.net" ./scripts/deploy-to-target.sh --live`
- Does NOT use OAuth proxy — uses standard ANTHROPIC_API_KEY for Claude/AIUI
- First-boot containers created on 2026-03-11 (Bitcoin Knots, LND, Fedimint, PhotoPrism, Ollama, etc.)
## Pending Fixes for Next Deploy
- **AIUI MIME type error**: Nginx needs a `/aiui/` location block serving correct MIME types for JS files. Currently JS files get wrong content-type causing module load failures.
- **Self-signed cert warnings**: Expected on fresh deploy, not a bug.
- **Container connection errors in AIUI console**: Expected until all containers finish starting and syncing.

View File

@@ -0,0 +1,12 @@
---
name: third-dev-server
description: Third dev server accessible via Tailscale at archipelago-3.tail2b6225.ts.net, password ThisIsWeb54321@
type: project
---
- Hostname: archipelago-3.tail2b6225.ts.net (Tailscale)
- SSH: `sshpass -p 'ThisIsWeb54321@' ssh -o StrictHostKeyChecking=no archipelago@archipelago-3.tail2b6225.ts.net`
- Password: ThisIsWeb54321@
- Deploy: `ARCHIPELAGO_TARGET="archipelago@archipelago-3.tail2b6225.ts.net" ./scripts/deploy-to-target.sh --live`
- SSH key NOT yet installed — need to copy `~/.ssh/archipelago-deploy.pub` manually
- Added 2026-03-11

View File

@@ -0,0 +1,34 @@
---
name: web-only-apps
description: Web-only apps (no container) — L484 category, BotFights, IndieHub. Iframe compatibility, nginx proxying, My Apps injection.
type: project
---
## Web-Only Apps (added 2026-03-11)
These apps are external websites embedded via iframe — no Docker container. They show as "installed" in both the marketplace and My Apps.
### L484 Category
- **NWNN** (nwnn.l484.com) — News aggregator. No X-Frame-Options. Works in iframe directly.
- **484 Kitchen** (484.kitchen) — K484 platform. X-Frame-Options: SAMEORIGIN. Proxied via `/ext/484-kitchen/`.
- **Call the Operator** (cta.tx1138.com) — Decentralization portal. No X-Frame-Options. Works in iframe directly.
- **Arch Presentation** (present.l484.com) — Archipelago presentation. X-Frame-Options: SAMEORIGIN. Proxied via `/ext/arch-presentation/`.
- **Syntropy Institute** (syntropy.institute) — Medicine Reimagined. No X-Frame-Options. Works in iframe directly.
- **T-0** (teeminuszero.net) — Decentralization documentary. No X-Frame-Options. Works in iframe directly.
### Other Web-Only Apps
- **BotFights** (botfights.net) — X-Frame-Options: SAMEORIGIN + CSP + COEP/COOP/CORP. Proxied via `/ext/botfights/`. Nginx strips all blocking headers.
- **IndeeHub** (archipelago.indeehub.studio) — No X-Frame-Options. Works in iframe directly.
### Nginx External Proxies
Sites with X-Frame-Options get reverse-proxied through nginx at `/ext/{app-id}/`:
- `proxy_hide_header X-Frame-Options` strips upstream header
- `add_header X-Content-Type-Options "nosniff" always` prevents server-level X-Frame-Options inheritance
- BotFights also strips `Cross-Origin-Embedder-Policy`, `Cross-Origin-Opener-Policy`, `Cross-Origin-Resource-Policy`
- Proxy locations in both HTTP and HTTPS server blocks of nginx-archipelago.conf
### Frontend Implementation
- **appLauncher.ts**: `EXTERNAL_PROXY` map rewrites external URLs to proxy paths in `toEmbeddableUrl()`
- **Apps.vue**: `WEB_ONLY_APPS` constant with synthetic `PackageDataEntry` objects. Sorted first alphabetically. No uninstall/start/stop buttons.
- **Marketplace.vue**: `dockerImage: ''` + `webUrl` in `getCuratedAppList()`. L484 category.
- **Icons**: `neode-ui/public/assets/img/app-icons/{app-id}.png` (or .svg)