diff --git a/core/Cargo.lock b/core/Cargo.lock
index 3236f32b..01b5972e 100644
--- a/core/Cargo.lock
+++ b/core/Cargo.lock
@@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
 
 [[package]]
 name = "archipelago"
-version = "1.6.0-alpha"
+version = "1.7.0-alpha"
 dependencies = [
  "anyhow",
  "archipelago-container",
diff --git a/core/archipelago/Cargo.toml b/core/archipelago/Cargo.toml
index 05f330b3..c126161c 100644
--- a/core/archipelago/Cargo.toml
+++ b/core/archipelago/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "archipelago"
-version = "1.6.0-alpha"
+version = "1.7.0-alpha"
 edition = "2021"
 description = "Archipelago Bitcoin Node OS - Native backend"
 authors = ["Archipelago Team"]
diff --git a/neode-ui/src/locales/en.json b/neode-ui/src/locales/en.json
index ae5cef50..be726c6b 100644
--- a/neode-ui/src/locales/en.json
+++ b/neode-ui/src/locales/en.json
@@ -683,7 +683,12 @@
     "applySuccess": "Update applied. The service will restart momentarily.",
     "applyFailed": "Failed to apply update. You can try again or rollback.",
     "rollbackSuccess": "Rolled back to previous version. Service will restart.",
-    "rollbackFailed": "Rollback failed."
+    "rollbackFailed": "Rollback failed.",
+    "pullAndRebuild": "Pull & Rebuild",
+    "gitMethodHint": "This node builds from source. Update will git-pull, rebuild the backend and UI, then restart — takes a few minutes.",
+    "gitApplyTitle": "Pull & Rebuild?",
+    "gitApplyMessage": "Archipelago will pull the latest code, rebuild, and restart. This can take several minutes and the UI will be briefly unavailable.",
+    "gitApplyStarted": "Update started. The backend will rebuild and restart — this can take a few minutes."
   },
   "kiosk": {
     "pressEsc": "Press ESC to exit",
diff --git a/neode-ui/src/locales/es.json b/neode-ui/src/locales/es.json
index dbbfff39..79fbca32 100644
--- a/neode-ui/src/locales/es.json
+++ b/neode-ui/src/locales/es.json
@@ -682,7 +682,12 @@
     "applySuccess": "Actualizaci\u00f3n aplicada. El servicio se reiniciar\u00e1 en un momento.",
     "applyFailed": "Error al aplicar la actualizaci\u00f3n. Puede intentar de nuevo o revertir.",
     "rollbackSuccess": "Se revirti\u00f3 a la versi\u00f3n anterior. El servicio se reiniciar\u00e1.",
-    "rollbackFailed": "Error al revertir."
+    "rollbackFailed": "Error al revertir.",
+    "pullAndRebuild": "Pull y Recompilar",
+    "gitMethodHint": "Este nodo compila desde el c\u00f3digo fuente. La actualizaci\u00f3n har\u00e1 git-pull, recompilar\u00e1 y reiniciar\u00e1 — tarda unos minutos.",
+    "gitApplyTitle": "\u00bfPull y Recompilar?",
+    "gitApplyMessage": "Archipelago descargar\u00e1 el c\u00f3digo m\u00e1s reciente, lo compilar\u00e1 y reiniciar\u00e1. Puede tardar varios minutos y la UI estar\u00e1 brevemente no disponible.",
+    "gitApplyStarted": "Actualizaci\u00f3n iniciada. El backend se recompilar\u00e1 y reiniciar\u00e1 — puede tardar unos minutos."
   },
   "kiosk": {
     "pressEsc": "Presione ESC para salir",
diff --git a/neode-ui/src/views/SystemUpdate.vue b/neode-ui/src/views/SystemUpdate.vue
index c375de5a..f7adf433 100644
--- a/neode-ui/src/views/SystemUpdate.vue
+++ b/neode-ui/src/views/SystemUpdate.vue
@@ -64,21 +64,33 @@
 
       <!-- Actions -->
       <div class="flex gap-3">
+        <!-- Git path: one-shot pull+rebuild+restart -->
         <button
-          v-if="!downloading && !applying"
+          v-if="updateMethod === 'git' && !applying"
+          @click="requestGitApply"
+          class="glass-button rounded-lg px-6 py-2 text-sm font-medium bg-orange-500/20 border-orange-400/30"
+        >
+          {{ t('systemUpdate.pullAndRebuild') }}
+        </button>
+        <!-- Manifest path: download then apply -->
+        <button
+          v-if="updateMethod !== 'git' && !downloading && !applying && !downloaded"
           @click="downloadUpdate"
           class="glass-button rounded-lg px-6 py-2 text-sm font-medium"
         >
           {{ t('systemUpdate.downloadUpdate') }}
         </button>
         <button
-          v-if="downloaded && !applying"
+          v-if="updateMethod !== 'git' && downloaded && !applying"
           @click="requestApply"
           class="glass-button rounded-lg px-6 py-2 text-sm font-medium bg-orange-500/20 border-orange-400/30"
         >
           {{ t('systemUpdate.applyUpdate') }}
         </button>
       </div>
+      <p v-if="updateMethod === 'git'" class="text-xs text-white/40 mt-3">
+        {{ t('systemUpdate.gitMethodHint') }}
+      </p>
     </div>
 
     <!-- No update available -->
@@ -169,12 +181,18 @@
       <div v-if="confirmAction" class="fixed inset-0 z-50 flex items-center justify-center bg-black/10 backdrop-blur-md" @click.self="cancelConfirm">
         <div class="glass-card p-6 max-w-sm w-full mx-4">
           <h3 class="text-lg font-semibold text-white mb-3">
-            {{ confirmAction === 'apply' ? t('systemUpdate.applyTitle') : t('systemUpdate.rollbackTitle') }}
+            {{ confirmAction === 'rollback'
+              ? t('systemUpdate.rollbackTitle')
+              : confirmAction === 'git-apply'
+                ? t('systemUpdate.gitApplyTitle')
+                : t('systemUpdate.applyTitle') }}
           </h3>
           <p class="text-sm text-white/70 mb-6">
-            {{ confirmAction === 'apply'
-              ? t('systemUpdate.applyMessage')
-              : t('systemUpdate.rollbackMessage') }}
+            {{ confirmAction === 'rollback'
+              ? t('systemUpdate.rollbackMessage')
+              : confirmAction === 'git-apply'
+                ? t('systemUpdate.gitApplyMessage')
+                : t('systemUpdate.applyMessage') }}
           </p>
           <div class="flex gap-3 justify-end">
             <button @click="cancelConfirm" class="glass-button rounded-lg px-4 py-2 text-sm font-medium">
@@ -185,7 +203,11 @@
               class="glass-button rounded-lg px-4 py-2 text-sm font-medium"
               :class="confirmAction === 'rollback' ? 'bg-red-500/20 border-red-400/30' : 'bg-orange-500/20 border-orange-400/30'"
             >
-              {{ confirmAction === 'apply' ? t('systemUpdate.applyNow') : t('systemUpdate.rollbackButton') }}
+              {{ confirmAction === 'rollback'
+                ? t('systemUpdate.rollbackButton')
+                : confirmAction === 'git-apply'
+                  ? t('systemUpdate.pullAndRebuild')
+                  : t('systemUpdate.applyNow') }}
             </button>
           </div>
         </div>
@@ -222,10 +244,11 @@ const loading = ref(false)
 const downloading = ref(false)
 const downloaded = ref(false)
 const applying = ref(false)
-const confirmAction = ref<'apply' | 'rollback' | null>(null)
+const confirmAction = ref<'apply' | 'git-apply' | 'rollback' | null>(null)
 const currentVersion = ref('0.0.0')
 const lastCheck = ref<string | null>(null)
 const updateInfo = ref<UpdateDetail | null>(null)
+const updateMethod = ref<'git' | 'manifest' | null>(null)
 const rollbackAvailable = ref(false)
 const updateInProgress = ref(false)
 const statusMessage = ref('')
@@ -299,10 +322,12 @@ async function checkForUpdates() {
       last_check: string | null
       update_available: boolean
       update: UpdateDetail | null
+      update_method?: string
     }>({ method: 'update.check' })
     currentVersion.value = res.current_version
     lastCheck.value = res.last_check
     updateInfo.value = res.update
+    updateMethod.value = res.update_method === 'git' ? 'git' : 'manifest'
     if (!res.update_available) {
       showStatus(t('systemUpdate.upToDateMessage'))
     }
@@ -349,6 +374,10 @@ function requestApply() {
   confirmAction.value = 'apply'
 }
 
+function requestGitApply() {
+  confirmAction.value = 'git-apply'
+}
+
 function requestRollback() {
   confirmAction.value = 'rollback'
 }
@@ -358,15 +387,32 @@ function cancelConfirm() {
 }
 
 async function executeConfirm() {
-  if (confirmAction.value === 'apply') {
-    confirmAction.value = null
+  const action = confirmAction.value
+  confirmAction.value = null
+  if (action === 'apply') {
     await applyUpdate()
-  } else if (confirmAction.value === 'rollback') {
-    confirmAction.value = null
+  } else if (action === 'git-apply') {
+    await applyUpdateGit()
+  } else if (action === 'rollback') {
     await rollbackUpdate()
   }
 }
 
+async function applyUpdateGit() {
+  applying.value = true
+  statusMessage.value = ''
+  try {
+    await rpcClient.call({ method: 'update.git-apply' })
+    showStatus(t('systemUpdate.gitApplyStarted'))
+    updateInfo.value = null
+  } catch (e) {
+    showStatus(t('systemUpdate.applyFailed'), true)
+    if (import.meta.env.DEV) console.warn('Git apply failed', e)
+  } finally {
+    applying.value = false
+  }
+}
+
 async function applyUpdate() {
   applying.value = true
   statusMessage.value = ''
diff --git a/releases/manifest.json b/releases/manifest.json
index 1afc9e73..6b626336 100644
--- a/releases/manifest.json
+++ b/releases/manifest.json
@@ -1,34 +1,28 @@
 {
-  "version": "1.6.0-alpha",
-  "release_date": "2026-04-19",
+  "version": "1.7.0-alpha",
+  "release_date": "2026-04-20",
   "changelog": [
-    "Bulletproof FIPS from install — no Activate button needed. archipelago auto-starts the FIPS daemon once the seed-derived key exists on disk.",
-    "fips_key written as bech32 nsec (upstream fips daemon format). Auto-migrates legacy raw-byte files from v1.5.0-alpha on first load so existing installs self-heal on this OTA update.",
-    "fips.yaml schema updated to match upstream jmcorgan/fips 0.3+ (`node.identity.persistent: true`, `transports.udp.bind_addr`). Old schema made the daemon crashloop with 'data did not match any variant of untagged enum TransportInstances'.",
-    "ISO: archipelago-fips / archipelago-wg / archipelago-wg-address services no longer masked — ConditionPathExists gates them quietly pre-onboarding. nostr-vpn stays masked (deprecated).",
-    "ISO: persistent journalctl (500M cap) so install, first-boot, and onboarding history survive reboots for post-mortem diagnosis.",
-    "ISO build: verify_backend_version() refuses to ship a binary whose embedded version doesn't match core/archipelago/Cargo.toml. Catches the stale-local-build regression that shipped v1.4.0 binaries inside v1.5.0-alpha ISOs.",
-    "ISO build: installer-env script passed as a bind-mounted file instead of inline `bash -c '…'` — works around a podman/overlay edge case that bricked every rebuild today at debootstrap's first tar extraction.",
-    "VPN status UI: shows 'Not configured' instead of 'Starting…' when no VPN peer has been added yet (wg0 legitimately isn't up; 'Starting' implied something was broken).",
-    "FIPS auto-activates the moment the seed-derived fips_key materialises at onboarding end — no Activate click on fresh installs, even before the first server restart.",
-    "Kiosk health-poll window bumped from 60s to 5 minutes (+TimeoutStartSec=360) so slower hardware doesn't race Chromium against a not-yet-ready backend and white-screen on first boot."
+    "Fixes update.download hard-fail on nodes that have ~/archy checked out (the git-path fleet class: .228, .116). Root cause: handle_update_check's git path returned update_available=true + update_method=\"git\" but never populated state.available_update, so update.download / update.apply RPC calls errored with 'No update available to download' even though the UI advertised one.",
+    "Frontend: SystemUpdate.vue now branches on update_method. When method==\"git\", renders a single 'Pull & Rebuild' action that calls update.git-apply (which runs ~/archy/scripts/self-update.sh: git pull → cargo build --release → frontend rebuild → systemctl restart archipelago). Manifest-path nodes continue to use the existing Download → Apply pipeline. Confirm modal and i18n strings (en + es) added for the git path.",
+    "Forces OTA trigger for nodes already on 1.6.0-alpha (.198, .253) that otherwise saw 'I'm at manifest.version, nothing to do' and skipped the refreshed 1.6 artifacts.",
+    "Container reconciler: scripts/reconcile-containers.sh no longer creates missing containers from the canonical tier spec. SPEC_OPTIONAL now defaults to true in container-specs.sh, so reconcile is strictly a REPAIR tool (fix ownership, restart crashed, recreate on drift). Containers come from exactly two sources: first-boot-containers.sh (baseline filebrowser on unbundled installs) and the package install RPC (every other app). Fixes the bug where fresh unbundled installs woke up 10 minutes after first boot with archy-mempool-db and archy-btcpay-db silently created by the reconcile timer."
   ],
   "components": [
     {
       "name": "archipelago",
-      "current_version": "1.5.0-alpha",
-      "new_version": "1.6.0-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.6.0-alpha/archipelago",
-      "sha256": "24fc20d6e76131b44f55e4f41e1355762edf7f6d94b1cbb039fe662e97db41a9",
-      "size_bytes": 40303184
+      "current_version": "1.6.0-alpha",
+      "new_version": "1.7.0-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.0-alpha/archipelago",
+      "sha256": "87b945bd6d57825d95b7595409580df5d881cfdbb0f944e00c7c050ecce2a6f3",
+      "size_bytes": 40300680
     },
     {
-      "name": "archipelago-frontend-1.6.0-alpha.tar.gz",
-      "current_version": "1.5.0-alpha",
-      "new_version": "1.6.0-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.6.0-alpha/archipelago-frontend-1.6.0-alpha.tar.gz",
-      "sha256": "9118ac5a392c7501d1bf35c8b2c328d00a3b3f0845cb2e5f72fd4337b5687c0c",
-      "size_bytes": 76985839
+      "name": "archipelago-frontend-1.7.0-alpha.tar.gz",
+      "current_version": "1.6.0-alpha",
+      "new_version": "1.7.0-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.0-alpha/archipelago-frontend-1.7.0-alpha.tar.gz",
+      "sha256": "cbadd0510362fc9afdc747cba9c70f76315516c2f0f4536044d718aaddcc46fd",
+      "size_bytes": 76982017
     }
   ]
 }
diff --git a/releases/v1.7.0-alpha/archipelago b/releases/v1.7.0-alpha/archipelago
new file mode 100755
index 00000000..4f643bc8
Binary files /dev/null and b/releases/v1.7.0-alpha/archipelago differ
diff --git a/releases/v1.7.0-alpha/archipelago-frontend-1.7.0-alpha.tar.gz b/releases/v1.7.0-alpha/archipelago-frontend-1.7.0-alpha.tar.gz
new file mode 100644
index 00000000..51616851
Binary files /dev/null and b/releases/v1.7.0-alpha/archipelago-frontend-1.7.0-alpha.tar.gz differ
diff --git a/scripts/container-specs.sh b/scripts/container-specs.sh
index 7bdcb70a..34df8689 100755
--- a/scripts/container-specs.sh
+++ b/scripts/container-specs.sh
@@ -73,7 +73,12 @@ reset_spec() {
   SPEC_SECURITY="no-new-privileges:true" SPEC_RESTART="unless-stopped"
   SPEC_HEALTH_CMD="" SPEC_ENV="" SPEC_CUSTOM_ARGS="" SPEC_READONLY="false"
   SPEC_TMPFS="" SPEC_TIER="3" SPEC_DATA_DIR="" SPEC_DATA_UID="100000:100000"
-  SPEC_DEPENDS="" SPEC_LOCAL_IMAGE="false" SPEC_OPTIONAL="false"
+  # SPEC_OPTIONAL defaults true: reconcile-containers.sh only REPAIRS existing
+  # containers — it never creates missing ones. Baseline (filebrowser) is
+  # bootstrapped by first-boot-containers.sh; all other apps come from the
+  # install RPC. Per-spec `SPEC_OPTIONAL="true"` lines below are now redundant
+  # but kept for readability.
+  SPEC_DEPENDS="" SPEC_LOCAL_IMAGE="false" SPEC_OPTIONAL="true"
   SPEC_ENTRYPOINT=""
 }