lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity

feat: rootless podman, session hardening, boot stability, sidebar fix

Browse Source 
Rootless podman migration (TASK-11):
- Remove sudo from all podman calls in PodmanClient + 8 backend files
- Remove sudo from all podman/docker calls in deploy script
- Restore full systemd security hardening: NoNewPrivileges,
  RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime,
  RestrictNamespaces, RestrictSUIDSGID, SystemCallFilter, ProtectSystem=strict
- Enable loginctl linger for rootless container persistence
- Remove Ollama from auto-deploy (marketplace-only)

Session & auth hardening:
- Increase MAX_CONCURRENT_SESSIONS 20→50 (prevents eviction storms)
- Debounced 401 redirect in rpc-client.ts (prevents redirect storms)

Boot stability:
- optimize-debian.sh: adds chrony, swap, removes policy-rc.d
- deploy script: pre-restart chrony + swap setup
- ISO build: chrony package, swap file creation
- BootScreen: no longer clears localStorage (prevents splash replay)
- RootRedirect: sole owner of localStorage clearing on server ready

UI fixes:
- Sidebar opacity default changed from 0→visible (fixes missing sidebar
  after page-persistence login without entrance animation)
- Console.log/error wrapped in import.meta.env.DEV guards
- Remove unused route import from RootRedirect

Beta tracking:
- CLAUDE.md: beta freeze protocol added
- MASTER_PLAN.md: TASK-11, TASK-17, phase structure
- BETA-PROGRESS.md: initial tracking doc
- Tagged v1.2.0-alpha.1 as pre-rootless baseline

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-18 13:53:27 +00:00
parent 934d120243
commit 870ff095d8
48 changed files with 2979 additions and 2196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

316
docs/BETA-PROGRESS.md Normal file
View File

@@ -0,0 +1,316 @@
# Beta Progress Tracker
> **Goal**: Flawless beta that works perfectly on every machine we install it on.
> **Freeze started**: 2026-03-18
> **Last updated**: 2026-03-18
---
## Pipeline
```
PHASE 1: Feature Testing (internal) ← WE ARE HERE
PHASE 2: User Testing (real users, controlled)
PHASE 3: Beta Live (public release)
```
**Current phase**: PHASE 1 — Feature Testing
**Gate to Phase 2**: Every feature works, all bugs fixed, security hardened, ISO verified
**Gate to Phase 3**: User testing feedback resolved, no P0/P1 issues remaining
---
## Phase 1: Feature Testing (Internal)
Everything in this phase must pass before we hand it to real users.
### Overall Status: EARLY (~15%)
| Workstream | Status | Completion | Gate-blocking? |
|------------|--------|------------|----------------|
| 1A. Critical Bugs | NOT STARTED | 0% | YES |
| 1B. Boot Screen (FEATURE-4) | IN PROGRESS | ~20% | YES |
| 1C. Security Hardening | PARTIAL | ~30% | YES |
| 1D. Rootless Podman (TASK-11) | NOT STARTED | 0% | YES |
| 1E. Beta Telemetry (TASK-12) | NOT STARTED | 0% | YES |
| 1F. App Testing — every feature | NOT STARTED | 0% | YES |
| 1G. ISO Build & Fresh Install | NOT STARTED | 0% | YES |
| 1H. UI Polish & Layout | NOT STARTED | 0% | No |
| 1I. WebSocket Reliability | NOT STARTED | 0% | No |
| 1J. Quality Baseline Check | NOT STARTED | 0% | No |
### 1A. Critical Bugs
#### BUG-1: Random logout / CSRF mismatch — P0
**Status**: PLANNED
**Impact**: Users get randomly logged out. Blocks user testing — unacceptable UX.
**What's known**:
- Sessions now persist to disk (fixed)
- CSRF token mismatch between cookie and header still causes 403s
- Likely caused by cookie rotation in multi-tab or deploy scenarios
**Remaining work**:
- [ ] Add debug logging to capture actual cookie vs header values
- [ ] Reproduce reliably (multi-tab, deploy, long idle)
- [ ] Fix the root cause
- [ ] Verify fix survives deploys and multi-tab use
#### BUG-3: IndeedHub WebSocket spam — P2
**Status**: PLANNED
**Impact**: Console noise, minor. Should fix before user testing.
- [ ] Rebuild IndeedHub with relative WebSocket URL
- [ ] Verify fix
---
### 1B. Boot Screen (FEATURE-4)
**Status**: IN PROGRESS (started 2026-03-17)
**Impact**: Users hit errors on first boot before backend is ready. Blocks user testing.
- [ ] Audit current `/health` endpoint — what does it check?
- [ ] Add granular service readiness to health endpoint
- [ ] Design boot screen component (screensaver + progress)
- [ ] Create pixel art icon animations
- [ ] Implement health polling with smooth transition
- [ ] Handle edge cases (slow start, partial failures, timeout)
- [ ] Test on fresh ISO install (first-boot path)
- [ ] Test on normal reboot (existing user path)
---
### 1C. Security Hardening
**Status**: PARTIAL — 2 critical, 5 high issues from March audit
#### Critical (must fix before user testing)
| ID | Issue | Status |
|----|-------|--------|
| CRIT-01 | Deterministic encryption key (derived from path) | DEFERRED — needs Argon2/TPM redesign |
| CRIT-02 | Hardcoded Bitcoin RPC password (`archipelago123`) | DEFERRED — needs per-install random gen |
#### High (must fix before user testing)
| ID | Issue | Status |
|----|-------|--------|
| HIGH-01 | CSP headers not set | DEFERRED |
| HIGH-02 | HSTS not enabled | DEFERRED |
| HIGH-03 | Rate limit IP spoofing (X-Forwarded-For) | DEFERRED |
| HIGH-04 | Bitcoin RPC bound to 0.0.0.0 | DEFERRED |
| HIGH-05 | (from audit) | DEFERRED |
#### Already fixed
- MED-03: Shell injection in bitcoin.conf generation
- MED-07: No body size limit on /rpc/
#### Decision needed
- CRIT-01 and CRIT-02 are architectural. Are these user-testing-blocking or can they ship with known-issue documentation?
---
### 1D. Rootless Podman (TASK-11)
**Status**: NOT STARTED
**Impact**: Security posture — containers should not require root.
- [ ] Investigate rootless podman feasibility for all current apps
- [ ] Migrate container creation to rootless
- [ ] Restore any security hardening lost during development
- [ ] Verify all apps still work after migration
---
### 1E. Beta Telemetry — Node Reporting (TASK-12)
**Status**: NOT STARTED
**Impact**: Without this we're blind during user testing — can't see what's broken on their machines.
All beta nodes report health/errors to a central log. We build a panel to monitor and triage issues.
**Design**:
- Opt-in telemetry (user consents during onboarding or settings)
- Each node periodically reports: health status, error log digest, container states, uptime
- Central endpoint collects reports (could be a simple API on one of our servers)
- Dashboard panel shows all reporting nodes, their status, recent errors
- Privacy: no wallet data, no keys, no personal data — only system health and error logs
- Nodes identified by anonymous ID (hash of DID), not IP or name
**Tasks**:
- [ ] Design report payload (health, errors, container states, versions, uptime)
- [ ] Design privacy model — what's collected, what's NOT, user consent flow
- [ ] Build reporting endpoint (backend RPC → central collector)
- [ ] Build central collector service (receives + stores reports)
- [ ] Build monitoring dashboard/panel (view all nodes, filter by error type)
- [ ] Add opt-in toggle to Settings UI
- [ ] Add reporting interval config (default: every 15 min?)
- [ ] Test with multi-node fleet (.228, .198, Tailscale nodes)
---
### 1F. App Testing — Every Feature
**Status**: NOT STARTED
**Reference**: `docs/BETA-RELEASE-CHECKLIST.md` — full matrix
Systematic test of **every feature** on the dev server, then on fresh install.
#### Core Flows
- [ ] Onboarding: welcome → password → path → DID → backup → dashboard
- [ ] Login / logout / re-login
- [ ] Password change (invalidates other sessions)
- [ ] 2FA enrollment and verification
- [ ] Settings: view server name, version, DID, Tor address
- [ ] Dashboard: all overview cards render with data
#### App Lifecycle (every app)
- [ ] Bitcoin Knots: install, sync starts, UI loads, uninstall
- [ ] Electrs: install, auto-connects to Bitcoin, UI loads, uninstall
- [ ] LND: install, auto-connects to Bitcoin, UI loads, uninstall
- [ ] BTCPay Server: install, connects, Lightning available, uninstall
- [ ] Mempool: install with Bitcoin+Electrs, shows data, uninstall
- [ ] Fedimint + Gateway: install, UI loads, uninstall
- [ ] File Browser: install, UI loads, uninstall
- [ ] Immich: install, UI loads, uninstall
- [ ] PhotoPrism: install, UI loads, uninstall
- [ ] Penpot: install, UI loads, uninstall
- [ ] SearXNG: install, UI loads, uninstall
- [ ] Ollama: install, UI loads, uninstall
- [ ] Nostr Relay: install, UI loads, uninstall
- [ ] Nginx Proxy Manager: install, UI loads, uninstall
- [ ] Tailscale: install, UI loads, uninstall
- [ ] Home Assistant: install, UI loads (new tab), uninstall
- [ ] IndeedHub: opens external URL in iframe
#### Dependency Chain Errors
- [ ] Electrs without Bitcoin → clear error message
- [ ] LND without Bitcoin → clear error message
- [ ] Mempool without Bitcoin+Electrs → clear error message
#### Federation & Identity
- [ ] Federation invite + join between nodes
- [ ] DWN sync between federated nodes
- [ ] Backup create + download
- [ ] Backup restore on fresh install
#### WebSocket
- [ ] Connects on login, receives initial data
- [ ] Reconnects after network drop
- [ ] Ping/pong heartbeat both directions
- [ ] Connection state visible in UI
- [ ] Install progress delivered real-time
#### Nginx Proxies
- [ ] Every `/app/*` proxy resolves correctly
- [ ] BTCPay and Home Assistant open in new tab
- [ ] Tor hidden services resolve
---
### 1G. ISO Build & Fresh Install
**Status**: NOT STARTED
- [ ] ISO builds successfully on dev server
- [ ] ISO size < 10 GB
- [ ] All container images captured
- [ ] Boot from USB on x86_64 hardware
- [ ] Auto-installer partitions correctly
- [ ] Services start on first boot
- [ ] Web UI accessible within 3 minutes
- [ ] Full onboarding flow completes
- [ ] Second machine test (different hardware)
- [ ] ARM64 test (if targeting)
---
### 1H. UI Polish & Layout
**Status**: NOT STARTED
**Note**: Layout rearrangements and UX improvements allowed during freeze.
- [ ] Review all views for consistent glass design
- [ ] Verify all loading/empty/error states work
- [ ] Check responsive layout on tablet/mobile
- [ ] Audit all button states (disabled during submit, etc.)
---
### 1I. WebSocket Reliability
Covered under 1F testing — no separate workstream needed.
---
### 1J. Quality Baseline Check
**Last known** (2026-03-11):
- Silent catches: 0
- Console statements: 0
- `any` types: 0
- TypeScript errors: 0
- Tests: 515 passed
- npm audit (runtime): 0
- [ ] Re-run full quality sweep — verify no regressions
- [ ] Fix any new violations
---
## Phase 2: User Testing (Controlled)
**Gate**: All Phase 1 items pass. No P0/P1 bugs open.
Starts when we hand ISOs to real users on real hardware we don't control.
| Item | Status |
|------|--------|
| Recruit test users (3-5 people, varied hardware) | NOT STARTED |
| Provide ISOs + install instructions | NOT STARTED |
| Beta telemetry collecting reports from user nodes | NOT STARTED |
| Monitor dashboard for errors across fleet | NOT STARTED |
| Triage + fix reported issues | NOT STARTED |
| User feedback collection (structured form or channel) | NOT STARTED |
| Fix all P0/P1 issues from user reports | NOT STARTED |
| Rebuild ISO with fixes, re-test | NOT STARTED |
---
## Phase 3: Beta Live (Public)
**Gate**: User testing complete. No P0/P1 issues. Telemetry shows stable fleet.
| Item | Status |
|------|--------|
| Final ISO build with all fixes | NOT STARTED |
| Release notes / changelog | NOT STARTED |
| Download page / distribution | NOT STARTED |
| Public announcement | NOT STARTED |
| Telemetry monitoring active for early adopters | NOT STARTED |
---
## Session Log
| Date | Session | Work Done | Items Closed |
|------|---------|-----------|--------------|
| 2026-03-18 | #1 | Created beta freeze plan, progress tracker | — |
| 2026-03-18 | #2 | Restructured into 3-phase pipeline, added telemetry workstream | — |
---
## Post-Beta Parking Lot
These are explicitly deferred until after beta ships:
- FEATURE-6: Watch-only wallet architecture
- TASK-7: Mesh Bitcoin security hardening
- INQUIRY-5: Offline balance check via mesh relay
- TASK-2: Roll incoming-tx into deploy & ISO (P2, not blocking)
- did:dht integration
- Multi-user support
- Cluster mode
- Mobile companion PWA

17
docs/MASTER_PLAN.md
View File

@@ -20,6 +20,7 @@
| **TASK-10** | **ISO build verification + multi-hardware test** | **P1** | PLANNED | - |
| **TASK-11** | **Rootless podman + restore security hardening** | **P1** | PLANNED | - |
| **TASK-12** | **Beta telemetry — node reporting + monitoring panel** | **P1** | PLANNED | - |
| **TASK-17** | **Alpha version tags + rollback strategy** | **P2** | PLANNED | - |
### Phase 2: User Testing (controlled, real hardware)
@@ -181,6 +182,22 @@ Migrate from `sudo podman` (root containers) to rootless podman so the systemd s
---
### TASK-17: Alpha version tags + rollback strategy (PLANNED)
**Priority**: P2 — Medium
**Status**: PLANNED (2026-03-18)
Tag every significant alpha version with git tags for easy rollback. Each tag should correspond to a deployable state. Maintain a version log so any alpha can be rebuilt and deployed.
**Tasks**:
- [ ] Tag current state as `v1.2.0-alpha.1` (pre-rootless-podman)
- [ ] Establish naming convention: `v{major}.{minor}.{patch}-alpha.{build}`
- [ ] Tag after rootless podman migration: `v1.2.0-alpha.2`
- [ ] Document rollback procedure (git checkout tag + deploy)
- [ ] Add version tag step to deploy script (auto-tag on successful deploy)
- [ ] Update CHANGELOG.md with each alpha milestone
---
## Post-Beta (FROZEN)
*These tasks are deferred until after beta ships. Do not start.*