- DWN sync now uses federation node list instead of old peer list
- Fix sync URL to use port 80 (nginx) instead of 5678 (direct backend)
- DWN /dwn endpoint now accessible without auth for peer sync
- Support both message formats: {message:{}} and {messages:[{}]}
- Replace request["message"] with unified message variable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New PeerFiles.vue view shows federated peers and their shared catalogs
- Peer Files card in Cloud.vue shows when federation peers exist
- New content.download-peer RPC fetches content from peer via Tor
- Route: /dashboard/cloud/peers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Catalog browse: 0.33s over Tor. All file sizes (28B to 10MB) download
correctly with matching MD5 checksums. Transfer speeds ~500-800KB/s.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- PeersOnly access now checks X-Federation-DID header against known federation nodes
- Specific availability restricts content to named peer DIDs only
- Anonymous/unknown DID requests get 403 Forbidden
- Free content remains accessible to everyone
- Paid content still returns 402 with price info
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /content and /dwn proxy locations to nginx config (both HTTP and HTTPS)
so peer requests reach the backend instead of the SPA catch-all
- Update content_file_path() to check FileBrowser data dir as fallback when
files aren't in the dedicated content/files/ directory
- Populate size_bytes from actual file metadata in content.add
- Filter out availability:nobody items from the public catalog endpoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Verified: backend stop detection, restart recovery, Tor stop detection,
full reboot recovery. Fixed AppArmor read rules for Tor directories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 3 servers publish to Nostr relays and discover each other.
Removed stale revocation files and suspicious SSRF relay entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add tor-hostnames fallback for reading onion addresses when system Tor
owns hidden_service directories (permissions 700)
- Exempt federation.peer-joined, federation.get-state, and
federation.peer-address-changed from auth/CSRF (inter-node RPC)
- Set up system Tor with AppArmor overrides on archipelago-2 and 3
- All 3 servers federated and syncing successfully
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Deployed to primary (192.168.1.228), archipelago-2, and archipelago-3.
Secondary (192.168.1.198) is offline. All 3 servers healthy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Settings page shows all Tor hidden services with toggle switches
(enable/disable per app) and a Rotate button for the main node address.
Added RPC client methods for tor.list-services, tor.toggle-app,
tor.rotate-service, tor.cleanup-rotated. Toggle CSS classes in style.css.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After rotation, spawns background task that publishes updated .onion to
Nostr relays and sends federation.peer-address-changed RPC to all peers
over Tor. Peers update their nodes.json with the new address.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
tor.rotate-service: renames hidden service dir, restarts Tor, waits
for new hostname. Old dir kept for 24h transition.
tor.cleanup-rotated: removes expired old service directories.
tor.toggle-app: enable/disable Tor access per app with service dir
management and container restart.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend: identity.nostr-encrypt-nip04, identity.nostr-decrypt-nip04,
identity.nostr-encrypt-nip44, identity.nostr-decrypt-nip44 endpoints
with auto-resolve to default identity. Frontend: appLauncher routes
nip04.* and nip44.* postMessage calls to backend RPC.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added nostrudel.ninja as a web-only app in Marketplace (community category).
Configured nginx reverse proxy at /ext/nostrudel/ with NIP-07 provider
injection in both HTTP and HTTPS blocks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingBackup.vue was already calling rpcClient.createBackup()
with real RPC backend. No code changes needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingVerify.vue now signs a random challenge via node.signChallenge
and auto-verifies using identity.verify with the node's DID. Shows
green checkmark on cryptographic verification success.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingDid.vue now fetches node.nostr-pubkey after DID is
retrieved and displays it with a copy button. Both identities
are cached in localStorage. Added missing copyNpub function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every new identity now gets both Ed25519 (DID) and secp256k1 (Nostr)
keys from creation. The create() method calls create_nostr_key()
automatically, so identity.create RPC always returns nostr_pubkey
and nostr_npub fields.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DiskUsage and ContainerCrash alerts now fire webhooks via
send_webhook() after pushing WebSocket notifications. Added
data_dir parameter to spawn_metrics_collector for webhook config
access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Health checks, auto-restarts, and WebSocket notifications now run
unconditionally. Previously the entire health loop was gated on
webhook config, so fresh installs (webhooks disabled) got zero
container monitoring. Webhook HTTP delivery is now fire-and-forget
after the notification is pushed to the UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- x86_64 hardware validated on dev server (E2E-02)
- COMM-04 and FINALDOC-04 superseded by v1.0.0 release
- E2E-04 soak test running (ends Apr 10)
- 158/158 plan items resolved
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Uptime monitor timer running every 5min, 30-day soak test active,
hotfix process documented. 100% uptime so far.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Built 12GB x86_64 installer ISO on dev server. Updated README for v1.0.
ISO available in FileBrowser Builds folder.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added no_new_privileges: true, user: 1000, and seccomp_profile: default
to all app manifests. Created community app review checklist.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace sh -c echo with tokio::fs::write for bitcoin.conf generation
- Add client_max_body_size 1m to /rpc/ in both HTTP and HTTPS nginx blocks
- Document full audit findings in docs/security-audit-2026-03-11.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Updated npm packages to latest semver-compatible versions. 4 remaining
high-severity vulns are dev-only (serialize-javascript in vite-plugin-pwa
chain). 515/515 tests pass, zero type errors, build clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive release notes covering:
- What Archipelago is and key features
- Bitcoin infrastructure, 20+ self-hosted apps, Web5 identity
- Supported hardware (x86_64 and ARM64)
- Installation instructions
- Known limitations
- Upgrade path from beta
- Security model (defense in depth)
- Contributing guidelines
Also marks RELEASE-02 complete — update infrastructure already exists
in core/archipelago/src/update.rs with manifest URL, background
scheduler, and rollback support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
scripts/create-release.sh orchestrates the full release process:
1. Validates SemVer version and clean git state
2. Bumps version in Cargo.toml and package.json
3. Builds frontend
4. Generates changelog from git log
5. Creates release manifest via create-release-manifest.sh
6. Commits version bump and tags release
Supports --dry-run for preview. ISO builds delegated to server.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove unused _restartApp in Apps.vue
- Remove unused version computed in Home.vue
- Remove unused filteredCommunityApps in Marketplace.vue
- All metrics clean: 0 type errors, 0 build warnings, 515/515 tests pass
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Complete user flow documentation from hardware prep through daily use.
6 parts: hardware, installation, onboarding, dashboard, advanced ops,
and maintenance. Ready for screenshot capture and video production.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
20 issues covering connection, apps, Bitcoin sync, backup, updates,
kiosk mode, network, performance, and emergency recovery. Each with
diagnostic commands and step-by-step solutions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
515 tests across 38 files. Branch coverage 88%, function coverage 83%
on testable logic (stores, composables, api, utils, services, router).
New test files: websocket, useLoginSounds, useMobileBackButton,
useControllerNav, routes. Extended: rpc-client (99.5%), container store
(100%). Fixed: useNavSounds AudioContext mock, type errors across tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add --cap-drop ALL and --security-opt no-new-privileges:true to all
containers in first-boot-containers.sh that were missing it:
- Bitcoin Knots, LND, Fedimint, Fedimint Gateway (+ CHOWN/SETUID/SETGID)
- BTCPay Server, Home Assistant (+ CHOWN/SETUID/SETGID/DAC_OVERRIDE)
- Nextcloud (+ CHOWN/SETUID/SETGID/DAC_OVERRIDE)
- Grafana, Uptime Kuma, PhotoPrism, Ollama, Vaultwarden, FileBrowser
(zero extra caps + --read-only + tmpfs for /tmp and /run)
- Jellyfin (zero extra caps)
Tailscale retains --privileged (required for TUN/iptables/routing).
SearXNG, OnlyOffice, Nginx Proxy Manager, Portainer already hardened.
The Rust RPC layer already applies equivalent hardening for all UI
installs; this brings the ISO first-boot path to parity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite verify-pentest-fixes.sh and test-security.sh with comprehensive
security tests covering auth bypass, CSRF protection, rate limiting,
input validation (SQL injection, command injection, path traversal),
session fixation, SSRF, container isolation, and session lifecycle.
Both scripts now pass all checks (35/35 and 14/14).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Set up vue-i18n with English locale file containing 500+ keys organized
by view namespace. All 15 views converted to use t() calls instead of
hardcoded strings. Infrastructure ready for community translations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All modals now close with Escape key. Interactive card divs respond to
Enter key. Skip-to-content link added to Dashboard layout. All Web5 and
Settings modals get role=dialog, aria-modal, and escape handlers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
