Private repo needs auth — pass GITEA_TOKEN as env var in Portainer,
never hardcoded. Or make the repo public to skip auth entirely.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
No submodule needed — the Dockerfile clones the IndeedHub repo
directly during build. Works with Portainer without any manual steps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
IndeedHub source included as git submodule at ./indeedhub/.
Demo compose builds all services from source — no registry needed.
Stack: app, api, postgres, redis, minio, relay.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Just pull git.tx1138.com/lfg2025/indeedhub:latest directly.
No source build, no backend stack needed for demo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Full 8-service IndeedHub stack: app (frontend), api (NestJS), postgres,
redis, minio (S3), minio-init, ffmpeg-worker, nostr-relay.
All env vars have sensible defaults for demo — override in Portainer
env vars for production. IndeedHub builds from ../Indeedhub Prototype
source. Frontend on port 7777 with NIP-07 nostr-provider.js for
signing via Archipelago's identity system.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The toggle handler only tried `podman restart archy-tor` which fails
on servers running Tor as a systemd service. Now tries
`systemctl restart tor` first (like the rotation handler already does),
falling back to container restart.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Every enabled Tor service now shows a Rotate button that instantly
creates a new .onion address and decommissions the old one. Previously
only the main 'archipelago' service had this button.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix .onion address overflow: add min-width:0 to flex children
- Reduce field font size for long addresses
- Auto-select Local Network mode when Tor unavailable
- Fix Tor hidden service paths on Arch 1/3 (was /var/lib/tor/,
backend reads /var/lib/archipelago/tor/)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When tor_onion is null in the connect info response, automatically
switch dropdown to "REST (Local Network)" and show a helpful message
instead of "Tor not configured for LND" error.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- fetchConnectInfo: use window.location.protocol instead of hardcoded http://
- getBackendUrl: default to current origin when no ?backend= param
- Fixes mixed content errors on HTTPS Tailscale servers
- Also fixed: nginx needed reload on Tailscale servers, Arch 2 missing
/lnd-connect-info nginx location
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- LND UI: replace cdn.tailwindcss.com with local tailwind.css (CSP fix)
- LND UI: make asset paths relative for nginx proxy compatibility
- Web5 wallet: add QR code for on-chain receive addresses (qrcode npm)
- Web5 wallet: hide incoming transactions after 3 confirmations
- Apps: add "Services" tab to separate backend containers from user apps
- Home: null guard on packages.value to prevent TypeError on load
- First-boot: auto-create Bitcoin Knots wallet (no longer auto-created)
- AppSession: add mempool-electrs to port mapping
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added YAML frontmatter to all 8 polish-* skills and sweep skill
so Claude can auto-invoke them
- New bitcoin-conventions skill with PROUX UX methodology, sats display,
address validation, Tor preferences, Lightning patterns
- Path-specific rules for containers (security hardening) and frontend
(Vue/glassmorphism conventions)
- Gitea Actions: nightly security review and weekly dependency audit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All code changes deployed and verified. Frontend type-check passes
(0 errors), all 515 tests pass, backend builds clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- system.factory-reset RPC: wipes user data, preserves images/node_key
- Factory Reset button in Settings with confirmation modal
- backup.restore-identity RPC: decrypts and restores DID key
- Restore from Backup panel in OnboardingIntro first screen
- Auto-create default identity with Nostr key on boot if none exist
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Unmatched URLs now show a glass-card 404 page with a link back
to the dashboard instead of a blank page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Updated appLauncher tests to match current session-based routing.
Fixed settings test to use h2 instead of h1. Fixed RPC client test
to expect 'Session expired' on 401.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rate limiters correctly use monotonic Instant. Session TTL uses
SystemTime for wall-clock accuracy across sleep/hibernate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removed unused sync podman_command/docker_command methods.
Removed dead_code annotations from User and AuthManager (now actively used).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Check user role against method permissions before dispatch.
All current users default to Admin, laying groundwork for multi-user.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instant is monotonic but drifts on sleep/hibernate common on NUC
hardware. SystemTime gives proper wall-clock expiry for sessions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
IndeedHub running on port 7777, nostr-provider.js injected,
NIP-07 identity flow wired, NIP-04/NIP-44 RPC handlers in place.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend metadata and manifest now match the actual running config
and the frontend port mapping.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Nginx strips X-Frame-Options on all proxy paths. IndeedHub sub_filter
working. All apps load via /app/{id}/ proxy paths. Deployed and verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch IndeedHub to staging API, add _next asset caching in nginx,
simplify NostrIdentityPicker component, and update Apps/Web5/Marketplace views.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y5-01: docs/community-growth-plan.md — 3 growth phases from
dev preview to 10K nodes, tracking via opt-in analytics
- Y5-04: docs/v3-release-checklist.md — prerequisites, release
steps (code freeze, ISO builds, checksums), post-release plan
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace handle_lnd_lookupinvoice (doesn't exist) with stub.
Payment verification deferred to Y4-02 marketplace implementation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y3-03: cluster.rs with Raft types (ClusterRole, ClusterState,
AppPlacement, ClusterConfig). Ready for openraft integration.
- Y2-04: Existing PWA already serves as mobile companion (installable,
read-only dashboard works on mobile via HTTPS).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- AppMetadata for monerod/monero and elementsd/liquid in docker_packages
- Marketplace entries with pinned images from trusted registries
- Monero: sethforprivacy/simple-monerod:v0.18.3.4
- Liquid: vulpemventures/elements:23.2.2
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
