Unmatched URLs now show a glass-card 404 page with a link back
to the dashboard instead of a blank page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Updated appLauncher tests to match current session-based routing.
Fixed settings test to use h2 instead of h1. Fixed RPC client test
to expect 'Session expired' on 401.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rate limiters correctly use monotonic Instant. Session TTL uses
SystemTime for wall-clock accuracy across sleep/hibernate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removed unused sync podman_command/docker_command methods.
Removed dead_code annotations from User and AuthManager (now actively used).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Check user role against method permissions before dispatch.
All current users default to Admin, laying groundwork for multi-user.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instant is monotonic but drifts on sleep/hibernate common on NUC
hardware. SystemTime gives proper wall-clock expiry for sessions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
IndeedHub running on port 7777, nostr-provider.js injected,
NIP-07 identity flow wired, NIP-04/NIP-44 RPC handlers in place.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend metadata and manifest now match the actual running config
and the frontend port mapping.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Nginx strips X-Frame-Options on all proxy paths. IndeedHub sub_filter
working. All apps load via /app/{id}/ proxy paths. Deployed and verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch IndeedHub to staging API, add _next asset caching in nginx,
simplify NostrIdentityPicker component, and update Apps/Web5/Marketplace views.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y5-01: docs/community-growth-plan.md — 3 growth phases from
dev preview to 10K nodes, tracking via opt-in analytics
- Y5-04: docs/v3-release-checklist.md — prerequisites, release
steps (code freeze, ISO builds, checksums), post-release plan
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace handle_lnd_lookupinvoice (doesn't exist) with stub.
Payment verification deferred to Y4-02 marketplace implementation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y3-03: cluster.rs with Raft types (ClusterRole, ClusterState,
AppPlacement, ClusterConfig). Ready for openraft integration.
- Y2-04: Existing PWA already serves as mobile companion (installable,
read-only dashboard works on mobile via HTTPS).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- AppMetadata for monerod/monero and elementsd/liquid in docker_packages
- Marketplace entries with pinned images from trusted registries
- Monero: sethforprivacy/simple-monerod:v0.18.3.4
- Liquid: vulpemventures/elements:23.2.2
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y5-02: rolling_container_restart() in update.rs — restarts containers
one at a time with health checks, reports success/failure per container
- Y3-01: UserRole enum (Admin/Viewer/AppUser) with can_access() RBAC
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- UserRole enum: Admin (full), Viewer (read-only), AppUser (minimal)
- can_access() method checks RPC method against role permissions
- Role field on User struct with serde default (backward-compatible)
- Viewer: read system/federation/DWN/identity/backup/container status
- AppUser: system.stats, node.did, container list, password change
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New RPC endpoints:
- analytics.get-status: Check if analytics opted in
- analytics.enable/disable: Toggle opt-in
- analytics.get-snapshot: Anonymous aggregate data (version, app count,
hardware tier, CPU cores, RAM, federation peers)
No personal data: no DIDs, no IPs, no secrets. Strictly opt-in.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New RPC endpoints:
- backup.upload-s3: Upload encrypted backup to any S3-compatible endpoint
- backup.download-s3: Download backup from S3 to local storage
Supports MinIO, Backblaze B2, Wasabi via basic auth + S3 API.
Backups are AES-256-GCM encrypted before upload.
Rate-limited at 3 requests per 10 minutes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Updated i18n.ts with SUPPORTED_LOCALES, setLocale() lazy loading,
localStorage persistence. Added language selector in Settings.vue.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y2-02: scripts/validate-app-manifest.sh — validates community app
manifests (YAML, required fields, trusted registry, no :latest,
security checks, memory limits)
- Y2-03: neode-ui/src/locales/es.json — Spanish locale stub with
common strings translated, template for other languages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: credentials.json had flat-format test data from old code,
incompatible with current W3C VerifiableCredential struct. Parse error
was hidden by error sanitization.
Fix: cleared old test data. VC flow now works bidirectionally:
- .198: 3/3 issue + 3/3 verify
- .228: issue + verify work (rate-limited during repeated testing)
- Both nodes: list-credentials returns correct counts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both nodes rebooted simultaneously. .228 SSH in 115s, .198 in ~5min.
Both healthy. Federation re-established — 2 peers synced.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Session tokens get invalidated when backend restarts. Moving auth
inside the iteration loop ensures each iteration gets a fresh session.
Also fix grep -c arithmetic syntax error for nostr-provider check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: sd_notify::notify(true, ...) cleared NOTIFY_SOCKET env var,
so watchdog pings never reached systemd. Backend killed every 60s.
Fixes:
- Change sd_notify::notify first param to false (keep socket)
- Increase WatchdogSec from 60 to 300 (5min) for crash recovery
- Add TimeoutStartSec=300 for slow container startups
- Adjust watchdog ping interval to 120s
This was causing 47 restarts/day on .198 and blocking REBOOT-03,
FLEET-03, FLEET-04, VC-04.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removed 54 unused/dangling images from .228.
50% total image disk reduction (freed 26.96GB).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
