release(v1.7.23-alpha): FIPS Seed Anchors reachable via gear icon

Adds a gear button next to the FIPS Mesh card's status pill that
opens a Teleport-ed modal containing FipsSeedAnchorsCard. The card
was landed on disk in v1.7.21 but never wired into a UI entry point
per the entry-point convention, so users couldn't access the
Add/Remove/Apply controls at all. One gear click now opens them.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

core/Cargo.lock

@@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
 
 [[package]]
 name = "archipelago"
-version = "1.7.20-alpha"
+version = "1.7.23-alpha"
 dependencies = [
  "anyhow",
  "archipelago-container",

core/archipelago/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "archipelago"
-version = "1.7.20-alpha"
+version = "1.7.23-alpha"
 edition = "2021"
 description = "Archipelago Bitcoin Node OS - Native backend"
 authors = ["Archipelago Team"]

core/archipelago/src/api/rpc/dispatcher.rs

@@ -414,6 +414,16 @@ impl RpcHandler {
             "fips.install" => self.handle_fips_install().await,
             "fips.restart" => self.handle_fips_restart().await,
             "fips.reconnect" => self.handle_fips_reconnect().await,
+            "fips.list-seed-anchors" => self.handle_fips_list_seed_anchors().await,
+            "fips.add-seed-anchor" => {
+                let p = params.unwrap_or(serde_json::json!({}));
+                self.handle_fips_add_seed_anchor(&p).await
+            }
+            "fips.remove-seed-anchor" => {
+                let p = params.unwrap_or(serde_json::json!({}));
+                self.handle_fips_remove_seed_anchor(&p).await
+            }
+            "fips.apply-seed-anchors" => self.handle_fips_apply_seed_anchors().await,
 
             // System updates
             "update.check" => self.handle_update_check().await,

core/archipelago/src/api/rpc/fips.rs

@@ -12,8 +12,7 @@ use anyhow::Result;
 
 impl RpcHandler {
     pub(super) async fn handle_fips_status(&self) -> Result<serde_json::Value> {
-        let identity_dir = fips::identity_dir_from(&self.config.data_dir);
-        let status = fips::FipsStatus::query(&identity_dir).await;
+        let status = fips::FipsStatus::query(&self.config.data_dir).await;
         Ok(serde_json::to_value(status)?)
     }
 
@@ -36,13 +35,19 @@ impl RpcHandler {
         let identity_dir = fips::identity_dir_from(&self.config.data_dir);
         fips::config::install(&identity_dir).await?;
         fips::service::activate(fips::SERVICE_UNIT).await?;
-        let status = fips::FipsStatus::query(&identity_dir).await;
+        let status = fips::FipsStatus::query(&self.config.data_dir).await;
         Ok(serde_json::to_value(status)?)
     }
 
+    /// Restart whichever fips unit is supervising the daemon on this host.
+    /// Nodes installed from the archipelago ISO use `archipelago-fips.service`;
+    /// nodes that had the upstream debian package set up first may only have
+    /// `fips.service`. We resolve the active one via `service::active_unit()`
+    /// so the UI button is never a no-op.
     pub(super) async fn handle_fips_restart(&self) -> Result<serde_json::Value> {
-        fips::service::restart(fips::SERVICE_UNIT).await?;
-        Ok(serde_json::json!({ "restarted": true }))
+        let unit = fips::service::active_unit().await;
+        fips::service::restart(unit).await?;
+        Ok(serde_json::json!({ "restarted": true, "unit": unit }))
     }
 
     /// Full reconnect: stop the daemon, bring it back, wait for the DHT
@@ -53,7 +58,7 @@ impl RpcHandler {
     /// Runtime: ~20s. Needs an RPC timeout ≥ 45s on the client.
     pub(super) async fn handle_fips_reconnect(&self) -> Result<serde_json::Value> {
         let identity_dir = fips::identity_dir_from(&self.config.data_dir);
-        let before = fips::FipsStatus::query(&identity_dir).await;
+        let before = fips::FipsStatus::query(&self.config.data_dir).await;
 
         // Heal the pre-fix bech32-text fips_key.pub → 32-raw-bytes
         // mismatch. The daemon silently authenticates with a garbage
@@ -70,12 +75,26 @@ impl RpcHandler {
             let _ = fips::config::install(&identity_dir).await;
         }
 
-        // Clean stop+start rather than `restart`, so a daemon that
-        // fails to come back up surfaces as service_active=false
-        // instead of quietly sticking with the old process.
-        let _ = fips::service::stop(fips::SERVICE_UNIT).await;
+        // Operate on whichever fips unit is actually up — nodes that
+        // have the upstream `fips.service` rather than the
+        // archipelago-managed `archipelago-fips.service` used to see
+        // Reconnect silently fail because we stopped a unit that
+        // didn't exist. Clean stop+start rather than `restart` so a
+        // daemon that fails to come back up surfaces as
+        // service_active=false instead of quietly sticking with the
+        // old process.
+        let unit = fips::service::active_unit().await;
+        let _ = fips::service::stop(unit).await;
         tokio::time::sleep(std::time::Duration::from_millis(800)).await;
-        fips::service::activate(fips::SERVICE_UNIT).await?;
+        fips::service::activate(unit).await?;
+
+        // Re-push seed anchors after restart so freshly-bound daemons
+        // don't have to wait 5 min for the periodic apply loop.
+        if let Ok(list) = fips::anchors::load(&self.config.data_dir).await {
+            if !list.is_empty() {
+                let _ = fips::anchors::apply(&list).await;
+            }
+        }
 
         // Anchor bootstrap window: poll the status every ~3s for up to
         // 20s. Bail as soon as the anchor is connected.
@@ -83,7 +102,7 @@ impl RpcHandler {
         let deadline = std::time::Instant::now() + std::time::Duration::from_secs(20);
         loop {
             tokio::time::sleep(std::time::Duration::from_secs(3)).await;
-            let s = fips::FipsStatus::query(&identity_dir).await;
+            let s = fips::FipsStatus::query(&self.config.data_dir).await;
             if s.anchor_connected {
                 last_status = Some(s);
                 break;
@@ -111,13 +130,13 @@ impl RpcHandler {
             "peers_but_no_anchor"
         };
         let hint = match likely_cause {
-            "connected" => "Anchor is reachable.",
-            "daemon_down" => "The FIPS daemon didn't come back up — check archipelago-fips.service.",
+            "connected" => "An anchor is reachable.",
+            "daemon_down" => "The FIPS daemon didn't come back up — check the FIPS service on this host.",
             "no_seed_key" => "No seed-derived FIPS key on disk. Re-run the onboarding unlock step.",
             "no_outbound_udp_or_anchor_down" =>
-                "Daemon is running but no peers handshook. Your router / ISP might be blocking outbound UDP 8668, or the anchor (fips.v0l.io) could be down.",
+                "Daemon is running but no peers handshook. Your router / ISP might be blocking outbound UDP 8668, or every configured anchor could be down. Add a reachable peer in Seed Anchors.",
             "peers_but_no_anchor" =>
-                "Mesh has peers but the anchor hasn't been seen yet. Give it a minute and re-check.",
+                "Mesh has peers but none of them are anchors we recognise. Add your cluster's anchor in Seed Anchors.",
             _ => "",
         };
 
@@ -129,4 +148,66 @@ impl RpcHandler {
             "after": after,
         }))
     }
+
+    /// List the seed-anchor entries configured on this node.
+    pub(super) async fn handle_fips_list_seed_anchors(&self) -> Result<serde_json::Value> {
+        let list = fips::anchors::load(&self.config.data_dir).await?;
+        Ok(serde_json::json!({ "seed_anchors": list }))
+    }
+
+    /// Add (or update) a seed anchor and immediately push it into the
+    /// running daemon. Params: `{ npub, address, transport?, label? }`.
+    pub(super) async fn handle_fips_add_seed_anchor(
+        &self,
+        params: &serde_json::Value,
+    ) -> Result<serde_json::Value> {
+        let anchor: fips::anchors::SeedAnchor = serde_json::from_value(params.clone())
+            .map_err(|e| anyhow::anyhow!("bad seed anchor payload: {}", e))?;
+        if !anchor.npub.starts_with("npub1") {
+            anyhow::bail!("npub must be bech32 (npub1...)");
+        }
+        if !anchor.address.contains(':') {
+            anyhow::bail!("address must be host:port (e.g. 192.168.1.116:8668)");
+        }
+        let list =
+            fips::anchors::add(&self.config.data_dir, anchor.clone()).await?;
+        // Push just the newly-added anchor into the running daemon so
+        // the user sees effect without waiting for the periodic apply.
+        let results = fips::anchors::apply(&[anchor]).await;
+        Ok(serde_json::json!({
+            "seed_anchors": list,
+            "apply": results.iter().map(|r| {
+                serde_json::json!({ "npub": r.npub, "ok": r.ok, "message": r.message })
+            }).collect::<Vec<_>>(),
+        }))
+    }
+
+    /// Remove a seed anchor by npub. Params: `{ npub }`. Does NOT tear
+    /// down an already-authenticated peer connection — it only stops
+    /// us from re-dialing the anchor on the next apply cycle.
+    pub(super) async fn handle_fips_remove_seed_anchor(
+        &self,
+        params: &serde_json::Value,
+    ) -> Result<serde_json::Value> {
+        let npub = params
+            .get("npub")
+            .and_then(|v| v.as_str())
+            .ok_or_else(|| anyhow::anyhow!("missing npub"))?;
+        let list = fips::anchors::remove(&self.config.data_dir, npub).await?;
+        Ok(serde_json::json!({ "seed_anchors": list }))
+    }
+
+    /// Re-apply all seed anchors to the running daemon. Useful after a
+    /// FIPS restart or when the user wants to force a reconnection
+    /// attempt without waiting for the periodic apply loop.
+    pub(super) async fn handle_fips_apply_seed_anchors(&self) -> Result<serde_json::Value> {
+        let list = fips::anchors::load(&self.config.data_dir).await?;
+        let results = fips::anchors::apply(&list).await;
+        Ok(serde_json::json!({
+            "applied": results.len(),
+            "results": results.iter().map(|r| {
+                serde_json::json!({ "npub": r.npub, "ok": r.ok, "message": r.message })
+            }).collect::<Vec<_>>(),
+        }))
+    }
 }

core/archipelago/src/fips/anchors.rs

@@ -0,0 +1,241 @@
+//! Seed-anchor management for FIPS bootstrap.
+//!
+//! A freshly-installed node can't reach the global mesh via npub
+//! routing until it's connected to at least one peer that's already in
+//! the DHT. Upstream `fips` solves this by dialing a public anchor
+//! (e.g. `fips.v0l.io`) on first start. That's a single point of
+//! failure and doesn't help nodes behind restrictive firewalls or
+//! intermittent networks — archipelago operators reported fresh
+//! installs failing to reach any public anchor.
+//!
+//! This module adds a local, operator-editable seed-anchor list. Each
+//! entry is a `{npub, address, transport}` triple that archipelago
+//! pushes into the running daemon via `fipsctl connect` on startup and
+//! periodically thereafter. If one anchor falls over, the next one
+//! seeds the DHT instead. A well-configured cluster (e.g. a VPS
+//! running fips in anchor mode + a couple of home nodes) stops
+//! depending on the global anchor entirely.
+//!
+//! The list is persisted at `<data_dir>/seed-anchors.json`. The
+//! archipelago service user owns that directory, so no sudo is needed
+//! to read or write it.
+
+use anyhow::{Context, Result};
+use serde::{Deserialize, Serialize};
+use std::path::{Path, PathBuf};
+use tokio::process::Command;
+
+/// On-disk filename under `data_dir/`.
+const SEED_ANCHORS_FILE: &str = "seed-anchors.json";
+
+/// Public anchor (`fips.v0l.io`) carried as a default seed for fresh
+/// installs — the one the upstream daemon dials anyway. Operators can
+/// remove it from the UI once their own cluster has independent anchors.
+pub const DEFAULT_PUBLIC_ANCHOR_NPUB: &str =
+    "npub1zv58cn7v83mxvttl70w5fwjwuclfmntv9cnmv5wmz2nzz88u5urqvdx96n";
+pub const DEFAULT_PUBLIC_ANCHOR_ADDR: &str = "fips.v0l.io:8668";
+
+/// One seed-anchor entry. `address` must be directly dialable (IP or
+/// resolvable hostname + UDP port); `transport` is one of "udp", "tcp",
+/// "tor", "ethernet" (the values upstream `fipsctl connect` accepts).
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct SeedAnchor {
+    /// Bech32 `npub1...` of the anchor's FIPS identity.
+    pub npub: String,
+    /// Directly-dialable transport address, e.g. `192.168.1.116:8668`.
+    pub address: String,
+    /// Transport to use — almost always `"udp"`.
+    #[serde(default = "default_transport")]
+    pub transport: String,
+    /// Human-readable note shown in the UI (e.g. "Home anchor", "VPS").
+    #[serde(default)]
+    pub label: String,
+}
+
+fn default_transport() -> String {
+    "udp".to_string()
+}
+
+fn anchors_path(data_dir: &Path) -> PathBuf {
+    data_dir.join(SEED_ANCHORS_FILE)
+}
+
+/// Load the seed-anchor list. Returns an empty list if the file
+/// doesn't exist yet — a first-boot node with no operator config.
+pub async fn load(data_dir: &Path) -> Result<Vec<SeedAnchor>> {
+    let path = anchors_path(data_dir);
+    if !path.exists() {
+        return Ok(Vec::new());
+    }
+    let bytes = tokio::fs::read(&path)
+        .await
+        .with_context(|| format!("read {}", path.display()))?;
+    let anchors: Vec<SeedAnchor> = serde_json::from_slice(&bytes)
+        .with_context(|| format!("parse {}", path.display()))?;
+    Ok(anchors)
+}
+
+/// Persist the list. Overwrites atomically via write-then-rename so a
+/// crashed archipelago never leaves a half-written config.
+pub async fn save(data_dir: &Path, anchors: &[SeedAnchor]) -> Result<()> {
+    tokio::fs::create_dir_all(data_dir)
+        .await
+        .with_context(|| format!("mkdir -p {}", data_dir.display()))?;
+    let path = anchors_path(data_dir);
+    let tmp = path.with_extension("json.tmp");
+    let json = serde_json::to_vec_pretty(anchors).context("serialize seed anchors")?;
+    tokio::fs::write(&tmp, json)
+        .await
+        .with_context(|| format!("write {}", tmp.display()))?;
+    tokio::fs::rename(&tmp, &path)
+        .await
+        .with_context(|| format!("rename {} -> {}", tmp.display(), path.display()))?;
+    Ok(())
+}
+
+/// Add (or update) one anchor, keyed by npub. Returns the resulting list.
+pub async fn add(data_dir: &Path, anchor: SeedAnchor) -> Result<Vec<SeedAnchor>> {
+    let mut list = load(data_dir).await?;
+    if let Some(existing) = list.iter_mut().find(|a| a.npub == anchor.npub) {
+        *existing = anchor;
+    } else {
+        list.push(anchor);
+    }
+    save(data_dir, &list).await?;
+    Ok(list)
+}
+
+/// Remove an anchor by npub. Returns the resulting list.
+pub async fn remove(data_dir: &Path, npub: &str) -> Result<Vec<SeedAnchor>> {
+    let mut list = load(data_dir).await?;
+    list.retain(|a| a.npub != npub);
+    save(data_dir, &list).await?;
+    Ok(list)
+}
+
+/// Apply the seed anchors to the running FIPS daemon. For each entry,
+/// asks `fipsctl connect` to dial the peer. Errors are logged but don't
+/// fail the whole operation — a single unreachable anchor shouldn't
+/// block the others.
+///
+/// `fipsctl connect` is idempotent-ish: calling it for an already-
+/// connected peer is a no-op at the protocol layer, so re-applying on
+/// a timer is safe. Returns a list of per-anchor results for logging.
+pub async fn apply(anchors: &[SeedAnchor]) -> Vec<ApplyResult> {
+    let mut results = Vec::with_capacity(anchors.len());
+    for anchor in anchors {
+        let out = Command::new("fipsctl")
+            .args([
+                "connect",
+                &anchor.npub,
+                &anchor.address,
+                &anchor.transport,
+            ])
+            .output()
+            .await;
+        let result = match out {
+            Ok(o) if o.status.success() => ApplyResult {
+                npub: anchor.npub.clone(),
+                ok: true,
+                message: String::from_utf8_lossy(&o.stdout).trim().to_string(),
+            },
+            Ok(o) => ApplyResult {
+                npub: anchor.npub.clone(),
+                ok: false,
+                message: format!(
+                    "fipsctl exited {}: {}",
+                    o.status,
+                    String::from_utf8_lossy(&o.stderr).trim()
+                ),
+            },
+            Err(e) => ApplyResult {
+                npub: anchor.npub.clone(),
+                ok: false,
+                message: format!("fipsctl launch failed: {}", e),
+            },
+        };
+        if result.ok {
+            tracing::debug!(npub = %result.npub, "Seed anchor applied");
+        } else {
+            tracing::warn!(
+                npub = %result.npub,
+                message = %result.message,
+                "Seed anchor apply failed (non-fatal)"
+            );
+        }
+        results.push(result);
+    }
+    results
+}
+
+/// Outcome of a single `fipsctl connect` call.
+#[derive(Debug, Clone)]
+pub struct ApplyResult {
+    pub npub: String,
+    pub ok: bool,
+    pub message: String,
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn mk(npub: &str) -> SeedAnchor {
+        SeedAnchor {
+            npub: npub.to_string(),
+            address: "example.test:8668".to_string(),
+            transport: "udp".to_string(),
+            label: "test".to_string(),
+        }
+    }
+
+    #[tokio::test]
+    async fn load_missing_returns_empty() {
+        let dir = tempfile::tempdir().unwrap();
+        let got = load(dir.path()).await.unwrap();
+        assert!(got.is_empty());
+    }
+
+    #[tokio::test]
+    async fn save_and_load_roundtrip() {
+        let dir = tempfile::tempdir().unwrap();
+        let a = mk("npub1aaa");
+        let b = mk("npub1bbb");
+        save(dir.path(), &[a.clone(), b.clone()]).await.unwrap();
+        let got = load(dir.path()).await.unwrap();
+        assert_eq!(got, vec![a, b]);
+    }
+
+    #[tokio::test]
+    async fn add_replaces_existing_by_npub() {
+        let dir = tempfile::tempdir().unwrap();
+        let mut a = mk("npub1aaa");
+        save(dir.path(), &[a.clone()]).await.unwrap();
+        a.address = "newhost:8668".to_string();
+        let list = add(dir.path(), a.clone()).await.unwrap();
+        assert_eq!(list.len(), 1);
+        assert_eq!(list[0].address, "newhost:8668");
+    }
+
+    #[tokio::test]
+    async fn remove_by_npub() {
+        let dir = tempfile::tempdir().unwrap();
+        save(
+            dir.path(),
+            &[mk("npub1aaa"), mk("npub1bbb"), mk("npub1ccc")],
+        )
+        .await
+        .unwrap();
+        let list = remove(dir.path(), "npub1bbb").await.unwrap();
+        assert_eq!(list.len(), 2);
+        assert!(list.iter().all(|a| a.npub != "npub1bbb"));
+    }
+
+    #[test]
+    fn seed_anchor_uses_udp_by_default() {
+        let json = r#"{"npub":"npub1x","address":"h:8668"}"#;
+        let a: SeedAnchor = serde_json::from_str(json).unwrap();
+        assert_eq!(a.transport, "udp");
+        assert_eq!(a.label, "");
+    }
+}

core/archipelago/src/fips/mod.rs

@@ -25,6 +25,7 @@
 // the module is deliberately API-ready ahead of those call-sites.
 #![allow(dead_code)]
 
+pub mod anchors;
 pub mod config;
 pub mod dial;
 pub mod iface;
@@ -98,7 +99,13 @@ pub struct FipsStatus {
 
 impl FipsStatus {
     /// Snapshot the current state across package, key, and service.
-    pub async fn query(identity_dir: &Path) -> Self {
+    ///
+    /// `data_dir` is the archipelago data-dir (used to load the
+    /// operator-configured seed-anchor list so "anchor_connected" means
+    /// "at least one authenticated peer matches a public or configured
+    /// seed anchor", not just "fips.v0l.io specifically").
+    pub async fn query(data_dir: &Path) -> Self {
+        let identity_dir = identity_dir_from(data_dir);
         let installed = service::package_installed().await;
         let version = if installed {
             service::daemon_version().await.ok()
@@ -109,17 +116,24 @@ impl FipsStatus {
         let upstream_service_state = service::unit_state(UPSTREAM_SERVICE_UNIT).await;
         let service_active =
             service_state == "active" || upstream_service_state == "active";
-        let key_present = crate::identity::fips_key_exists(identity_dir);
+        let key_present = crate::identity::fips_key_exists(&identity_dir);
 
         // Prefer the seed-derived npub; otherwise read the daemon's own
         // key file at /etc/fips/fips.pub (world-readable per debian pkg).
-        let npub = match crate::identity::fips_npub(identity_dir).await {
+        let npub = match crate::identity::fips_npub(&identity_dir).await {
             Ok(Some(n)) => Some(n),
             _ => service::read_upstream_npub().await.ok().flatten(),
         };
 
         let (authenticated_peer_count, anchor_connected) = if service_active {
-            service::peer_connectivity_summary().await
+            // Build the anchor-candidate list: hardcoded public anchor
+            // plus every entry in the operator's seed-anchors.json.
+            // The card lights up if any of them is authenticated.
+            let mut anchor_npubs = vec![service::PUBLIC_ANCHOR_NPUB.to_string()];
+            if let Ok(seed) = anchors::load(data_dir).await {
+                anchor_npubs.extend(seed.into_iter().map(|a| a.npub));
+            }
+            service::peer_connectivity_summary(&anchor_npubs).await
         } else {
             (0, false)
         };
@@ -152,10 +166,11 @@ mod tests {
     #[tokio::test]
     async fn test_status_reports_no_key_pre_onboarding() {
         let dir = tempfile::tempdir().unwrap();
-        let id_dir = dir.path().join("identity");
-        tokio::fs::create_dir_all(&id_dir).await.unwrap();
-
-        let status = FipsStatus::query(&id_dir).await;
+        // query() now takes a data_dir (parent) rather than identity_dir,
+        // since it also reads seed-anchors.json for the anchor check.
+        // No identity/ subdir → no key; no seed-anchors.json → public
+        // anchor is the only candidate.
+        let status = FipsStatus::query(dir.path()).await;
         assert!(!status.key_present, "no key before onboarding");
         assert!(status.npub.is_none());
         // `installed`, `service_state`, `version` depend on the host and are

core/archipelago/src/fips/service.rs

@@ -97,6 +97,27 @@ pub async fn restart(unit: &str) -> Result<()> {
     sudo_systemctl("restart", unit).await
 }
 
+/// Resolve which systemd unit is actually supervising the fips daemon
+/// on this host. Nodes installed from the archipelago ISO run
+/// `archipelago-fips.service`; nodes that were apt-installed (or had
+/// fips running before archipelago took over) may only have the
+/// upstream `fips.service`. Restart/Reconnect must operate on whichever
+/// one is running, otherwise the UI button is a silent no-op.
+///
+/// Returns the archipelago-managed unit name if it's active,
+/// else the upstream unit name if that's active,
+/// else the archipelago-managed name as a default (so activate() can
+/// bring it up).
+pub async fn active_unit() -> &'static str {
+    if unit_state(super::SERVICE_UNIT).await == "active" {
+        return super::SERVICE_UNIT;
+    }
+    if unit_state(super::UPSTREAM_SERVICE_UNIT).await == "active" {
+        return super::UPSTREAM_SERVICE_UNIT;
+    }
+    super::SERVICE_UNIT
+}
+
 pub async fn mask(unit: &str) -> Result<()> {
     let _ = sudo_systemctl("stop", unit).await;
     let _ = sudo_systemctl("disable", unit).await;
@@ -108,12 +129,19 @@ pub async fn mask(unit: &str) -> Result<()> {
 pub const PUBLIC_ANCHOR_NPUB: &str =
     "npub1zv58cn7v83mxvttl70w5fwjwuclfmntv9cnmv5wmz2nzz88u5urqvdx96n";
 
-/// Summarise peer connectivity from `fipsctl show peers` + `identity-cache`.
-/// Returns `(authenticated_peer_count, anchor_connected)`. Shells out rather
-/// than embedding a fips client because fipsctl is the daemon's own ground
-/// truth — the daemon can always rewrite its internal routing and we'd
-/// rather be consistent with `fipsctl` than snapshot it ourselves.
-pub async fn peer_connectivity_summary() -> (u32, bool) {
+/// Summarise peer connectivity from `fipsctl show peers`. Returns
+/// `(authenticated_peer_count, anchor_connected)`.
+///
+/// `anchor_candidates` is the operator-controlled list of npubs this
+/// node considers a valid mesh anchor — always includes the hard-coded
+/// public anchor, plus any entries from `seed-anchors.json`. A node is
+/// "anchor connected" when at least one currently-authenticated peer
+/// matches one of these npubs. We used to check the identity cache
+/// (which includes transient hearsay from other peers), but a cache
+/// hit on `fips.v0l.io` didn't mean we could actually route through
+/// it, and the card lied to users whose mesh was federated through
+/// their own seed anchors instead.
+pub async fn peer_connectivity_summary(anchor_candidates: &[String]) -> (u32, bool) {
     let peers_json = match Command::new("sudo")
         .args(["-n", "fipsctl", "show", "peers"])
         .output()
@@ -122,39 +150,26 @@ pub async fn peer_connectivity_summary() -> (u32, bool) {
         Ok(o) if o.status.success() => o.stdout,
         _ => return (0, false),
     };
-    let authenticated_peer_count =
-        match serde_json::from_slice::<serde_json::Value>(&peers_json) {
-            Ok(v) => v
-                .get("peers")
-                .and_then(|p| p.as_array())
-                .map(|a| a.len() as u32)
-                .unwrap_or(0),
-            Err(_) => 0,
+    let parsed: serde_json::Value =
+        match serde_json::from_slice(&peers_json) {
+            Ok(v) => v,
+            Err(_) => return (0, false),
         };
-
-    // Anchor check: look in identity-cache (known node pubkeys the daemon
-    // has heard about) rather than authenticated peers — the anchor may be
-    // in the cache but not currently at session depth.
-    let cache_json = match Command::new("sudo")
-        .args(["-n", "fipsctl", "show", "identity-cache"])
-        .output()
-        .await
-    {
-        Ok(o) if o.status.success() => o.stdout,
-        _ => return (authenticated_peer_count, false),
-    };
-    let anchor_connected = match serde_json::from_slice::<serde_json::Value>(&cache_json) {
-        Ok(v) => v
-            .get("entries")
-            .and_then(|e| e.as_array())
-            .map(|entries| {
-                entries
-                    .iter()
-                    .any(|e| e.get("npub").and_then(|n| n.as_str()) == Some(PUBLIC_ANCHOR_NPUB))
-            })
-            .unwrap_or(false),
-        Err(_) => false,
-    };
+    let peers = parsed
+        .get("peers")
+        .and_then(|p| p.as_array())
+        .cloned()
+        .unwrap_or_default();
+    let authenticated_peer_count = peers.len() as u32;
+    let anchor_connected = peers.iter().any(|p| {
+        let npub = p.get("npub").and_then(|n| n.as_str()).unwrap_or_default();
+        let connected = p
+            .get("connectivity")
+            .and_then(|c| c.as_str())
+            .map(|s| s == "connected")
+            .unwrap_or(true);
+        connected && anchor_candidates.iter().any(|a| a == npub)
+    });
     (authenticated_peer_count, anchor_connected)
 }
 

core/archipelago/src/server.rs

@@ -353,6 +353,34 @@ impl Server {
             });
         }
 
+        // FIPS seed-anchor apply loop — every 5 minutes we re-push the
+        // configured seed anchors into the running fips daemon via
+        // `fipsctl connect`. This keeps the mesh bootstrap resilient:
+        // operators add cluster-local anchors in the UI, and a daemon
+        // restart or a flaky public anchor can't strand the node.
+        // First run is delayed 30s so fips has time to come up after
+        // onboarding before we start dialing.
+        {
+            let data_dir = config.data_dir.clone();
+            tokio::spawn(async move {
+                tokio::time::sleep(Duration::from_secs(30)).await;
+                let mut interval = tokio::time::interval(Duration::from_secs(300));
+                loop {
+                    interval.tick().await;
+                    match crate::fips::anchors::load(&data_dir).await {
+                        Ok(list) if !list.is_empty() => {
+                            let _ = crate::fips::anchors::apply(&list).await;
+                        }
+                        Ok(_) => { /* no seed anchors configured yet */ }
+                        Err(e) => tracing::debug!(
+                            "Seed-anchor apply: load failed (non-fatal): {}",
+                            e
+                        ),
+                    }
+                }
+            });
+        }
+
         // did:dht auto-refresh — re-publish DHT records every 2 hours
         if config.nostr_discovery_enabled {
             let data_dir = config.data_dir.clone();

neode-ui/src/views/server/FipsNetworkCard.vue

@@ -9,15 +9,57 @@
       <div class="flex-1">
         <div class="flex items-start justify-between gap-4 mb-2">
           <h2 class="text-xl font-semibold text-white">FIPS Mesh</h2>
-          <div class="flex items-center gap-2" :title="statusLabel">
-            <span class="w-2 h-2 rounded-full" :class="statusDotColor"></span>
-            <span class="text-sm font-medium" :class="statusTextColor">{{ statusLabel }}</span>
+          <div class="flex items-center gap-3">
+            <div class="flex items-center gap-2" :title="statusLabel">
+              <span class="w-2 h-2 rounded-full" :class="statusDotColor"></span>
+              <span class="text-sm font-medium" :class="statusTextColor">{{ statusLabel }}</span>
+            </div>
+            <button
+              type="button"
+              class="p-1.5 rounded-md text-white/50 hover:text-white hover:bg-white/10 transition-colors"
+              title="Seed anchors"
+              aria-label="Open FIPS seed anchors settings"
+              @click="showAnchorsModal = true"
+            >
+              <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.065 2.572c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.572 1.065c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.065-2.572c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
+              </svg>
+            </button>
           </div>
         </div>
         <p class="text-white/70 text-sm mb-4">Fast Nostr-keyed mesh routing</p>
       </div>
     </div>
 
+    <!-- Seed anchors modal — operator-editable list of peers this node
+         dials to bootstrap the mesh. Tucked behind the gear so it
+         doesn't crowd the card but is still one click away. -->
+    <Teleport to="body">
+      <Transition name="fade">
+        <div
+          v-if="showAnchorsModal"
+          class="fixed inset-0 z-[3000] flex items-center justify-center p-4"
+          @click.self="showAnchorsModal = false"
+        >
+          <div class="absolute inset-0 bg-black/60 backdrop-blur-sm"></div>
+          <div class="relative z-10 max-w-xl w-full" style="max-height: 90vh; overflow-y: auto">
+            <div class="flex justify-end mb-2">
+              <button
+                type="button"
+                class="p-2 rounded-md bg-white/10 hover:bg-white/20 text-white/70 hover:text-white transition-colors"
+                aria-label="Close"
+                @click="showAnchorsModal = false"
+              >
+                <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12" /></svg>
+              </button>
+            </div>
+            <FipsSeedAnchorsCard />
+          </div>
+        </div>
+      </Transition>
+    </Teleport>
+
     <div class="grid grid-cols-1 sm:grid-cols-2 gap-3 mb-3 shrink-0">
       <div class="p-3 bg-white/5 rounded-lg">
         <p class="text-xs text-white/60 mb-1">Daemon version</p>
@@ -50,7 +92,7 @@
       <div class="flex items-center justify-between gap-3 flex-wrap">
         <div class="flex items-center gap-2 text-xs">
           <span class="w-2 h-2 rounded-full" :class="status.anchor_connected ? 'bg-cyan-400' : 'bg-orange-400'"></span>
-          <span class="text-white/70">Anchor (fips.v0l.io):</span>
+          <span class="text-white/70">Anchor:</span>
           <span :class="status.anchor_connected ? 'text-cyan-300' : 'text-orange-300'">
             {{ status.anchor_connected ? 'connected' : 'not reached' }}
           </span>
@@ -68,7 +110,7 @@
         </button>
       </div>
       <p v-if="!status.anchor_connected" class="mt-2 text-[11px] text-white/40 leading-snug">
-        Without the anchor, DHT routing to unknown npubs can't bootstrap; federation and messaging fall back to Tor until it reconnects. Reconnect restarts the FIPS daemon, which usually clears a stale identity cache.
+        No known anchor is currently an authenticated peer. DHT routing to unknown npubs can't bootstrap; federation and messaging fall back to Tor until one reconnects. Reconnect restarts the FIPS daemon, which usually clears a stale identity cache. Add a cluster-local anchor in Seed Anchors if the public one is unreachable.
       </p>
     </div>
 
@@ -84,6 +126,7 @@
 import { computed, onMounted, ref } from 'vue'
 import { rpcClient } from '@/api/rpc-client'
 import { safeClipboardWrite } from '@/views/web5/utils'
+import FipsSeedAnchorsCard from './FipsSeedAnchorsCard.vue'
 
 interface FipsStatus {
   installed: boolean
@@ -113,6 +156,7 @@ const reconnecting = ref(false)
 const statusMessage = ref('')
 const statusIsError = ref(false)
 const copied = ref(false)
+const showAnchorsModal = ref(false)
 
 async function copyNpub() {
   if (!status.value.npub) return

neode-ui/src/views/server/FipsSeedAnchorsCard.vue

@@ -0,0 +1,169 @@
+<template>
+  <div data-controller-container tabindex="0" class="glass-card p-6 flex flex-col transition-all hover:-translate-y-1">
+    <div class="flex items-start gap-4 mb-4 shrink-0">
+      <div class="flex-shrink-0 w-12 h-12 rounded-lg bg-white/10 flex items-center justify-center">
+        <svg class="w-6 h-6 text-white/80" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 11c0 3.517-1.009 6.799-2.753 9.571m-3.44-2.04.054-.09A13.916 13.916 0 0 0 8 11a4 4 0 1 1 8 0c0 1.017-.07 2.019-.203 3M9.497 10.997 14 18m-9.41-3.41L4 18.5" />
+        </svg>
+      </div>
+      <div class="flex-1">
+        <div class="flex items-start justify-between gap-4 mb-2">
+          <h2 class="text-xl font-semibold text-white">FIPS Seed Anchors</h2>
+          <button
+            type="button"
+            class="text-xs px-3 py-1.5 rounded-md bg-white/5 hover:bg-white/10 text-white/70 hover:text-white transition-colors disabled:opacity-60"
+            :disabled="applying"
+            :title="applying ? 'Applying…' : 'Re-dial every anchor in the list'"
+            @click="applyAll"
+          >
+            {{ applying ? 'Applying…' : 'Apply now' }}
+          </button>
+        </div>
+        <p class="text-white/70 text-sm mb-4">
+          Peers this node dials to bootstrap the FIPS mesh. A cluster with its own anchors doesn't depend on the global public anchor — if one is down, the next seeds the DHT instead.
+        </p>
+      </div>
+    </div>
+
+    <div v-if="statusMessage" class="mb-3 p-3 rounded-lg text-xs" :class="statusIsError ? 'bg-red-400/10 text-red-300' : 'bg-green-400/10 text-green-300'">{{ statusMessage }}</div>
+
+    <div v-if="anchors.length === 0" class="p-4 rounded-lg bg-white/5 text-sm text-white/60 mb-3">
+      <p>No seed anchors configured. The daemon will fall back to whatever the upstream FIPS build dials on its own — usually the single public anchor, which is fine until it isn't.</p>
+      <p class="mt-2 text-white/50">Add at least one known-reachable peer (e.g. your VPS or a home node with port-forwarded UDP 8668) to make this cluster self-anchoring.</p>
+    </div>
+
+    <ul v-else class="space-y-2 mb-3">
+      <li v-for="a in anchors" :key="a.npub" class="p-3 bg-white/5 rounded-lg flex items-start gap-3">
+        <div class="flex-1 min-w-0">
+          <p class="text-sm font-medium text-white truncate">{{ a.label || 'Unlabeled anchor' }}</p>
+          <p class="text-xs text-white/60 font-mono break-all">{{ a.npub.slice(0, 20) }}…{{ a.npub.slice(-8) }}</p>
+          <p class="text-xs text-white/50 mt-0.5">{{ a.address }} · {{ a.transport }}</p>
+        </div>
+        <button
+          type="button"
+          class="shrink-0 text-xs px-2 py-1 rounded-md text-red-300 hover:bg-red-400/10 transition-colors"
+          :title="`Remove ${a.label || a.npub.slice(0, 12)}`"
+          @click="removeAnchor(a.npub)"
+        >Remove</button>
+      </li>
+    </ul>
+
+    <form class="grid grid-cols-1 sm:grid-cols-2 gap-2 mt-auto pt-3 border-t border-white/10 shrink-0" @submit.prevent="addAnchor">
+      <label class="flex flex-col gap-1 sm:col-span-2">
+        <span class="text-xs text-white/60">Anchor npub</span>
+        <input v-model="draft.npub" type="text" placeholder="npub1…" class="px-3 py-2 rounded-md bg-white/5 border border-white/10 text-sm text-white focus:border-white/30 focus:outline-none" />
+      </label>
+      <label class="flex flex-col gap-1">
+        <span class="text-xs text-white/60">Address (host:port)</span>
+        <input v-model="draft.address" type="text" placeholder="192.168.1.116:8668" class="px-3 py-2 rounded-md bg-white/5 border border-white/10 text-sm text-white focus:border-white/30 focus:outline-none" />
+      </label>
+      <label class="flex flex-col gap-1">
+        <span class="text-xs text-white/60">Label (optional)</span>
+        <input v-model="draft.label" type="text" placeholder="Home anchor" class="px-3 py-2 rounded-md bg-white/5 border border-white/10 text-sm text-white focus:border-white/30 focus:outline-none" />
+      </label>
+      <button type="submit" class="sm:col-span-2 min-h-[44px] glass-button rounded-lg text-sm font-medium disabled:opacity-60" :disabled="adding || !draft.npub || !draft.address">{{ adding ? 'Adding…' : 'Add anchor' }}</button>
+    </form>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { onMounted, reactive, ref } from 'vue'
+import { rpcClient } from '@/api/rpc-client'
+
+interface SeedAnchor {
+  npub: string
+  address: string
+  transport: string
+  label: string
+}
+
+interface ApplyResult {
+  npub: string
+  ok: boolean
+  message: string
+}
+
+const anchors = ref<SeedAnchor[]>([])
+const adding = ref(false)
+const applying = ref(false)
+const statusMessage = ref('')
+const statusIsError = ref(false)
+
+const draft = reactive<Pick<SeedAnchor, 'npub' | 'address' | 'label'>>({
+  npub: '',
+  address: '',
+  label: '',
+})
+
+function flash(msg: string, isError = false) {
+  statusMessage.value = msg
+  statusIsError.value = isError
+  setTimeout(() => { statusMessage.value = '' }, 6000)
+}
+
+async function load() {
+  try {
+    const res = await rpcClient.call<{ seed_anchors: SeedAnchor[] }>({ method: 'fips.list-seed-anchors' })
+    anchors.value = res.seed_anchors
+  } catch (e: unknown) {
+    if (import.meta.env.DEV) console.warn('fips.list-seed-anchors failed', e)
+  }
+}
+
+async function addAnchor() {
+  if (!draft.npub.trim() || !draft.address.trim()) return
+  adding.value = true
+  try {
+    const res = await rpcClient.call<{ seed_anchors: SeedAnchor[]; apply: ApplyResult[] }>({
+      method: 'fips.add-seed-anchor',
+      params: {
+        npub: draft.npub.trim(),
+        address: draft.address.trim(),
+        transport: 'udp',
+        label: draft.label.trim(),
+      },
+    })
+    anchors.value = res.seed_anchors
+    draft.npub = ''
+    draft.address = ''
+    draft.label = ''
+    const applied = res.apply.find(r => r.ok)
+    flash(applied ? 'Anchor added and dialed.' : 'Anchor saved — dial failed, will retry on the next apply cycle.', !applied)
+  } catch (e: unknown) {
+    const msg = e instanceof Error ? e.message : String(e)
+    flash(`Add failed: ${msg}`, true)
+  } finally {
+    adding.value = false
+  }
+}
+
+async function removeAnchor(npub: string) {
+  try {
+    const res = await rpcClient.call<{ seed_anchors: SeedAnchor[] }>({
+      method: 'fips.remove-seed-anchor',
+      params: { npub },
+    })
+    anchors.value = res.seed_anchors
+    flash('Anchor removed.')
+  } catch (e: unknown) {
+    const msg = e instanceof Error ? e.message : String(e)
+    flash(`Remove failed: ${msg}`, true)
+  }
+}
+
+async function applyAll() {
+  applying.value = true
+  try {
+    const res = await rpcClient.call<{ applied: number; results: ApplyResult[] }>({ method: 'fips.apply-seed-anchors' })
+    const ok = res.results.filter(r => r.ok).length
+    flash(`${ok} of ${res.applied} anchor${res.applied === 1 ? '' : 's'} dialed.`, ok === 0 && res.applied > 0)
+  } catch (e: unknown) {
+    const msg = e instanceof Error ? e.message : String(e)
+    flash(`Apply failed: ${msg}`, true)
+  } finally {
+    applying.value = false
+  }
+}
+
+onMounted(load)
+</script>

neode-ui/src/views/settings/AccountInfoSection.vue

@@ -180,6 +180,41 @@ init()
               </button>
             </div>
             <div class="overflow-y-auto flex-1 min-h-0 space-y-6 pr-1">
+              <!-- v1.7.23-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.23-alpha</span>
+                  <span class="text-xs text-white/40">Apr 21, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>FIPS Seed Anchors are now one click away. A small gear icon sits next to the status pill on the FIPS Mesh card — click it to open a modal where you can add, remove, and re-apply anchors. No more needing to go digging for the card or editing JSON by hand.</p>
+                  <p>The modal lists each anchor with its label, truncated npub, address, and transport, plus an Apply button to force-redial the full list and a Remove button per entry. The add form right below validates that the address is host:port and the npub is bech32 before saving.</p>
+                </div>
+              </div>
+              <!-- v1.7.22-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.22-alpha</span>
+                  <span class="text-xs text-white/40">Apr 21, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>The FIPS Reconnect and Restart buttons now work on every node, regardless of which systemd unit is actually supervising the daemon. Previously they targeted only the archipelago-managed unit — nodes that were running the upstream unit instead saw the buttons silently do nothing. Both paths now auto-detect which unit is up and act on that one.</p>
+                  <p>The FIPS anchor status no longer shows red just because one specific public anchor is unreachable. It now lights green whenever any authenticated peer is a recognised anchor — that's either the public anchor or something you added under Seed Anchors. A federated cluster that routes through its own seed anchor finally reports the truth.</p>
+                  <p>Reconnect also re-pushes your seed anchors after the restart, so you don't have to wait five minutes for the background apply loop to re-dial them.</p>
+                </div>
+              </div>
+              <!-- v1.7.21-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.21-alpha</span>
+                  <span class="text-xs text-white/40">Apr 21, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>FIPS bootstrap no longer depends on a single public anchor. You can now add your own anchors — other archipelago nodes or a VPS you control — and the node will dial every one of them to join the mesh on startup. If one anchor is down, the next one seeds the routing layer instead, so a flaky public anchor no longer strands a fresh install.</p>
+                  <p>Anchors persist across restarts and are re-applied every five minutes, so a daemon that got temporarily isolated reconnects on its own without anyone having to SSH in. Each anchor carries an operator-editable label so you can remember which is which.</p>
+                  <p>No behavior change if you don't configure any — the upstream daemon's own defaults keep working as before. This purely adds an operator-controlled list on top.</p>
+                </div>
+              </div>
               <!-- v1.7.20-alpha -->
               <div>
                 <div class="flex items-center gap-2 mb-3">

releases/manifest.json

@@ -1,26 +1,26 @@
 {
-  "version": "1.7.20-alpha",
+  "version": "1.7.23-alpha",
   "release_date": "2026-04-21",
   "changelog": [
-    "Fixed a critical bug where nodes on 'Check & Apply Daily' could end up offline after their nightly update. The scheduler was killing the service a moment too early, before the built-in restart handler could bring the new version back up — leaving the node dead until someone SSH'd in. The scheduler now uses the same restart path as the 'Install Update' button, so auto-applied updates come back online on their own.",
-    "Applies automatically — no action needed on your end beyond taking this update."
+    "FIPS Seed Anchors are now one click away. A small gear icon sits next to the status pill on the FIPS Mesh card — click it to open a modal where you can add, remove, and re-apply anchors. No more needing to go digging for the card or editing JSON by hand.",
+    "The modal lists each anchor with its label, truncated npub, address, and transport, plus an Apply button to force-redial the full list and a Remove button per entry. The add form right below validates that the address is host:port and the npub is bech32 before saving."
   ],
   "components": [
     {
       "name": "archipelago",
-      "current_version": "1.7.19-alpha",
-      "new_version": "1.7.20-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.20-alpha/archipelago",
-      "sha256": "bf4f8b91b021cad445a868f454707e0fa005446f755604f8c3e072bb7a059e6f",
-      "size_bytes": 40640016
+      "current_version": "1.7.22-alpha",
+      "new_version": "1.7.23-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.23-alpha/archipelago",
+      "sha256": "ec5a1b4e6fcc4377c3e79abc7bf0b46d94912ce312b0004edf2620d5fb268126",
+      "size_bytes": 40817000
     },
     {
-      "name": "archipelago-frontend-1.7.20-alpha.tar.gz",
-      "current_version": "1.7.19-alpha",
-      "new_version": "1.7.20-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.20-alpha/archipelago-frontend-1.7.20-alpha.tar.gz",
-      "sha256": "a82f187b597c51e5f3d8753529914651ab2d8e8bb3ad9c36d287b335e4d386a9",
-      "size_bytes": 162082209
+      "name": "archipelago-frontend-1.7.23-alpha.tar.gz",
+      "current_version": "1.7.22-alpha",
+      "new_version": "1.7.23-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.23-alpha/archipelago-frontend-1.7.23-alpha.tar.gz",
+      "sha256": "4037e5da05c3404b0f2d30fd864659d4ef51680c9ecd13a7c4d351f7a8043bc3",
+      "size_bytes": 162082763
     }
   ]
 }