release(v1.7.37-alpha): bitcoin-core install fixes + dynamic node UI + full-archive default

Install flow
- api/rpc/package/install.rs: always append the literal image URL as a
  last-resort pull candidate in do_pull_image, so images not carried by
  any configured mirror (docker.io/bitcoin/bitcoin:28.4) still install
  instead of masquerading as a generic pull failure across every mirror.
- api/rpc/package/install.rs: write_bitcoin_conf now skips on any stat
  error, not just "file exists". Once bitcoin-knots' first-boot chowns
  /var/lib/archipelago/bitcoin into the container's user namespace (700
  perms, UID 100100/100101), the archipelago daemon can't even traverse
  in — try_exists returns Err which unwrap_or(false) treated as "not
  present" and drove a doomed write. Now errors out of the directory
  traversal are treated as "conf already owned by container user" and
  the write is skipped. Mirrors the lnd.conf pattern.
- api/rpc/package/install.rs: drop the hardcoded `prune=550` from the
  conf default. Operators with multi-TB drives shouldn't be silently
  pruned; users who want a pruned node can set it in bitcoin.conf
  themselves. Full archive is the only honest default.
- api/rpc/package/config.rs: bitcoin-core now passes explicit
  -server/-rpcbind/-rpcallowip/-rpcport/-printtoconsole/-datadir CLI
  args. Vanilla bitcoin/bitcoin:28.4 has no entrypoint wrapper and
  reads conf + argv only; without these the RPC listens on 127.0.0.1
  inside the container and rootlessport can't reach it, so the
  bitcoin-ui companion gets 502 on every /bitcoin-rpc/ call.
  Bitcoin Knots keeps its own entrypoint-driven defaults.
- container/docker_packages.rs: split bitcoin-core out of the shared
  AppMetadata arm. bitcoin-core now surfaces as "Bitcoin Core" with
  bitcoin-core.svg and a Reference-implementation description; the
  bitcoin + bitcoin-knots ids keep the Knots branding. Fixes the home
  card showing "Bitcoin Knots" for a Core install.

Bitcoin node UI (docker/bitcoin-ui)
- index.html: impl name/tagline/logo now dynamic. applyImplBranding()
  reads subversion from getnetworkinfo — /Satoshi:X/Knots:Y/ resolves
  to Bitcoin Knots, plain /Satoshi:X/ resolves to Bitcoin Core. Both
  get their own icon and subtitle. Settings modal replaced its
  hardcoded Regtest/txindex=1/port-18443 placeholders with live values
  from getblockchaininfo + getindexinfo + getzmqnotifications.
- index.html: new Storage info card (Full Archive · X GB /
  Pruned · X GB from blockchainInfo.pruned + size_on_disk) visible on
  the main dashboard, same level as Network. Settings modal mirrors it
  with the prune height when applicable.
- Dockerfile + assets/: bitcoin-core.svg, bitcoin-knots.webp, and the
  bg-network.jpg used by the dashboard are now COPY'd into the image
  under /usr/share/nginx/html/assets. Previously the <img src> pointed
  at paths that 404'd into the SPA fallback and the onerror handler
  hid the broken logo silently.

Frontend
- appSession/appSessionConfig.ts: add bitcoin-core to APP_PORTS (8334),
  HTTPS_PROXY_PATHS (/app/bitcoin-ui/), and APP_TITLES (Bitcoin Core).
  Without these the AppSessionFrame showed "No URL found for
  bitcoin-core" and the home/app-list title fell through to the raw id.
- settings/AccountInfoSection.vue: backfill What's New entries for
  v1.7.31 through v1.7.37 that had been missed in earlier cuts.

Release plumbing
- releases/v1.7.37-alpha/: binary + frontend tarball.
- releases/manifest.json: v1.7.37-alpha, sha256/size refreshed.
- Cargo.toml / package.json: version bumps.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

app-catalog/catalog.json

@@ -1,6 +1,6 @@
 {
   "version": 2,
-  "updated": "2026-04-12T00:00:00Z",
+  "updated": "2026-04-22T00:00:00Z",
   "registry": "git.tx1138.com/lfg2025",
   "featured": {
     "id": "indeedhub",
@@ -18,6 +18,14 @@
       "dockerImage": "git.tx1138.com/lfg2025/bitcoin-knots:latest",
       "repoUrl": "https://github.com/bitcoinknots/bitcoin"
     },
+    {
+      "id": "bitcoin-core", "title": "Bitcoin Core", "version": "28.4",
+      "description": "Reference implementation of the Bitcoin protocol. Run a full node validating and relaying blocks.",
+      "icon": "/assets/img/app-icons/bitcoin-core.svg",
+      "author": "Bitcoin Core contributors", "category": "money", "tier": "optional",
+      "dockerImage": "docker.io/bitcoin/bitcoin:28.4",
+      "repoUrl": "https://github.com/bitcoin/bitcoin"
+    },
     {
       "id": "lnd", "title": "LND", "version": "0.18.4",
       "description": "Lightning Network Daemon. Fast Bitcoin payments through Lightning.",

apps/bitcoin-core/manifest.yml

@@ -1,11 +1,11 @@
 app:
   id: bitcoin-core
   name: Bitcoin Core
-  version: 24.0.0
+  version: 28.4.0
   description: Full Bitcoin node implementation. The reference implementation of the Bitcoin protocol.
-  
+
   container:
-    image: bitcoin/bitcoin:24.0
+    image: bitcoin/bitcoin:28.4
     image_signature: cosign://...
     pull_policy: verify-signature
     
@@ -13,8 +13,8 @@ app:
     - storage: 500Gi  # Minimum disk space for mainnet
     
   resources:
-    cpu_limit: 2
-    memory_limit: 2Gi
+    cpu_limit: 0      # 0 = unlimited; bitcoind uses -par=auto across all cores
+    memory_limit: 4Gi # matches container-specs.sh bitcoin-knots large-disk dbcache=4096
     disk_limit: 500Gi
     
   security:

core/Cargo.lock

@@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
 
 [[package]]
 name = "archipelago"
-version = "1.7.32-alpha"
+version = "1.7.37-alpha"
 dependencies = [
  "anyhow",
  "archipelago-container",

core/archipelago/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "archipelago"
-version = "1.7.32-alpha"
+version = "1.7.37-alpha"
 edition = "2021"
 description = "Archipelago Bitcoin Node OS - Native backend"
 authors = ["Archipelago Team"]

core/archipelago/src/api/handler/mod.rs

@@ -115,14 +115,41 @@ impl ApiHandler {
 
     /// Server-side fetch of the upstream app catalog so the browser can
     /// load it without fighting CORS (git.tx1138.com emits no ACAO) or
-    /// CSP (the fallback IP-port URL isn't in `connect-src`). Tries the
-    /// upstream URLs in the same order the frontend used, returns the
-    /// first 2xx response. 15s total timeout.
-    async fn handle_app_catalog_proxy() -> Result<Response<hyper::Body>> {
-        const UPSTREAMS: &[&str] = &[
-            "http://23.182.128.160:3000/lfg2025/app-catalog/raw/branch/main/catalog.json",
-            "https://git.tx1138.com/lfg2025/app-catalog/raw/branch/main/catalog.json",
-        ];
+    /// CSP (the fallback IP-port URL isn't in `connect-src`). The upstream
+    /// list is derived from the operator's configured container registries
+    /// so switching mirrors in Settings changes the App Store source too —
+    /// each active registry contributes one Gitea `raw/branch/main/catalog.json`
+    /// URL (http or https per `tls_verify`), tried in priority order.
+    /// If registry config can't be loaded, falls back to the legacy
+    /// hardcoded pair so the App Store still renders on nodes that haven't
+    /// persisted a registry config yet. 15s total timeout.
+    async fn handle_app_catalog_proxy(&self) -> Result<Response<hyper::Body>> {
+        let mut upstreams: Vec<String> = Vec::new();
+        if let Ok(config) =
+            crate::container::registry::load_registries(&self.config.data_dir).await
+        {
+            for reg in config.active_registries() {
+                let scheme = if reg.tls_verify { "https" } else { "http" };
+                // Gitea raw URL: <scheme>://<host>/<namespace>/app-catalog/raw/branch/main/catalog.json.
+                // reg.url already includes the namespace (e.g. "host/lfg2025"),
+                // so we just tack on the repo + raw path.
+                upstreams.push(format!(
+                    "{}://{}/app-catalog/raw/branch/main/catalog.json",
+                    scheme, reg.url
+                ));
+            }
+        }
+        if upstreams.is_empty() {
+            upstreams.push(
+                "http://23.182.128.160:3000/lfg2025/app-catalog/raw/branch/main/catalog.json"
+                    .to_string(),
+            );
+            upstreams.push(
+                "https://git.tx1138.com/lfg2025/app-catalog/raw/branch/main/catalog.json"
+                    .to_string(),
+            );
+        }
+
         let client = match reqwest::Client::builder()
             .timeout(std::time::Duration::from_secs(15))
             .build()
@@ -136,8 +163,8 @@ impl ApiHandler {
                 ));
             }
         };
-        for url in UPSTREAMS {
-            match client.get(*url).send().await {
+        for url in &upstreams {
+            match client.get(url).send().await {
                 Ok(resp) if resp.status().is_success() => {
                     if let Ok(bytes) = resp.bytes().await {
                         return Ok(Response::builder()
@@ -408,7 +435,7 @@ impl ApiHandler {
                 if !self.is_authenticated(&headers).await {
                     return Ok(Self::unauthorized());
                 }
-                Self::handle_app_catalog_proxy().await
+                self.handle_app_catalog_proxy().await
             }
 
             // LND connect info — nginx validates session cookie (presence check),

core/archipelago/src/api/rpc/package/config.rs

@@ -483,7 +483,30 @@ pub(super) async fn get_app_config(
             None,
             None,
         ),
-        "bitcoin" | "bitcoin-core" | "bitcoin-knots" => (
+        "bitcoin-core" => (
+            vec![
+                "8332:8332".to_string(),
+                "8333:8333".to_string(),
+                "28332:28332".to_string(),
+                "28333:28333".to_string(),
+            ],
+            vec!["/var/lib/archipelago/bitcoin:/home/bitcoin/.bitcoin".to_string()],
+            vec![],
+            None,
+            // Vanilla bitcoin/bitcoin image has no entrypoint wrapper and reads
+            // only what's in bitcoin.conf + argv. The shared bitcoin.conf
+            // carries rpcauth; we inject the networking flags as CLI args so
+            // RPC is reachable from the bitcoin-ui companion container.
+            Some(vec![
+                "-server=1".to_string(),
+                "-rpcbind=0.0.0.0".to_string(),
+                "-rpcallowip=0.0.0.0/0".to_string(),
+                "-rpcport=8332".to_string(),
+                "-printtoconsole=1".to_string(),
+                "-datadir=/home/bitcoin/.bitcoin".to_string(),
+            ]),
+        ),
+        "bitcoin" | "bitcoin-knots" => (
             vec![
                 "8332:8332".to_string(),
                 "8333:8333".to_string(),

core/archipelago/src/api/rpc/package/install.rs

@@ -728,8 +728,11 @@ impl RpcHandler {
                 candidates.push((url, reg.tls_verify));
             }
         }
-        // If no registries are configured, fall back to the literal URL.
-        if candidates.is_empty() {
+        // Always include the literal URL as a last-resort candidate —
+        // internal mirrors may not host every third-party upstream image
+        // (e.g. docker.io/bitcoin/bitcoin:28.4), and we don't want
+        // "app not mirrored" to masquerade as a generic pull failure.
+        if tried.insert(docker_image.to_string()) {
             candidates.push((docker_image.to_string(), true));
         }
 
@@ -873,6 +876,24 @@ impl RpcHandler {
         let bitcoin_dir = "/var/lib/archipelago/bitcoin";
         let conf_path = format!("{}/bitcoin.conf", bitcoin_dir);
 
+        // Idempotent: once bitcoin-knots (or a prior install) has started,
+        // the data dir is chowned into the container's user namespace
+        // (e.g. UID 100100 on the host) with 700 perms — the archipelago
+        // daemon can no longer stat or write there. Treat any non-NotFound
+        // error on the conf as "conf already provisioned by the container
+        // user" and skip. Matches the lnd.conf behavior below.
+        match tokio::fs::metadata(&conf_path).await {
+            Ok(_) => {
+                info!("bitcoin.conf already exists, skipping write");
+                return Ok(());
+            }
+            Err(e) if e.kind() == std::io::ErrorKind::NotFound => {}
+            Err(_) => {
+                info!("bitcoin.conf path inaccessible (container-owned data dir), skipping write");
+                return Ok(());
+            }
+        }
+
         use hmac::{Hmac, Mac};
         use sha2::Sha256;
         let salt_bytes: [u8; 16] = rand::random();
@@ -883,12 +904,14 @@ impl RpcHandler {
         let hash_hex = hex::encode(mac.finalize().into_bytes());
         let rpcauth_line = format!("rpcauth={}:{}${}", rpc_user, salt_hex, hash_hex);
 
+        // Default to full archive — operators with 2TB+ drives shouldn't be
+        // silently pruned down to 550 MB. Users who want a pruned node can
+        // set `prune=N` in bitcoin.conf themselves after install.
         let bitcoin_conf = format!(
             "\
 # rpcauth: salted hash only — no plaintext password in config or CLI\n\
 {}\n\
 server=1\n\
-prune=550\n\
 rpcbind=0.0.0.0\n\
 rpcallowip=0.0.0.0/0\n\
 rpcport=8332\n\

core/archipelago/src/bootstrap.rs

@@ -0,0 +1,264 @@
+//! Bootstrap host-side artifacts on every archipelago startup.
+//!
+//! The update pipeline swaps the archipelago binary but does not touch
+//! scripts, systemd units, or nginx configuration — those are installed
+//! once by the ISO builder. Without this module, changes to
+//! `container-doctor.sh`, the doctor service/timer, or the nginx config
+//! never reach boxes installed before the change.
+//!
+//! Two things are synced on startup:
+//!   1. Doctor artifacts (container-doctor.sh + service + timer).
+//!   2. An nginx `location /api/app-catalog` proxy block — required for
+//!      the App Store catalog proxy to actually reach the backend.
+//!
+//! Idempotent: no-ops on boxes that are already in sync. All work is
+//! best-effort — failures are logged but never abort the backend.
+
+use anyhow::{Context, Result};
+use std::path::Path;
+use tokio::fs;
+use tracing::{debug, info, warn};
+
+use crate::update::host_sudo;
+
+const DOCTOR_SH: &str = include_str!("../../../scripts/container-doctor.sh");
+const DOCTOR_SERVICE: &str =
+    include_str!("../../../image-recipe/configs/archipelago-doctor.service");
+const DOCTOR_TIMER: &str =
+    include_str!("../../../image-recipe/configs/archipelago-doctor.timer");
+
+const DOCTOR_SH_PATH: &str = "/home/archipelago/archy/scripts/container-doctor.sh";
+const DOCTOR_SERVICE_PATH: &str = "/etc/systemd/system/archipelago-doctor.service";
+const DOCTOR_TIMER_PATH: &str = "/etc/systemd/system/archipelago-doctor.timer";
+
+const NGINX_CONF_PATH: &str = "/etc/nginx/sites-available/archipelago";
+
+/// Inserted into every server block of the nginx config that lacks the
+/// `/api/app-catalog` proxy. Kept in sync with the canonical block in
+/// image-recipe/configs/nginx-archipelago.conf.
+const NGINX_APP_CATALOG_BLOCK: &str = "\n    # App Store catalog proxy — backend fetches from configured registries\n    # so the browser doesn't hit CORS/CSP. Without this block nginx falls\n    # through to the SPA index.html and the frontend gets HTML back instead\n    # of JSON.\n    location /api/app-catalog {\n        proxy_pass http://127.0.0.1:5678;\n        proxy_http_version 1.1;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header Cookie $http_cookie;\n        proxy_connect_timeout 15s;\n        proxy_read_timeout 30s;\n        proxy_send_timeout 15s;\n        error_page 502 503 = @backend_unavailable;\n        error_page 504 = @backend_timeout;\n    }\n\n";
+
+/// Entry point called from main startup. Never returns an error to the caller —
+/// failing to bootstrap host artifacts must not prevent the backend from serving.
+pub async fn ensure_doctor_installed() {
+    match run().await {
+        Ok(changed) if changed => info!("Doctor artifacts synchronized with binary"),
+        Ok(_) => debug!("Doctor artifacts already in sync"),
+        Err(e) => warn!("Doctor bootstrap failed (non-fatal): {:#}", e),
+    }
+    match run_nginx().await {
+        Ok(true) => info!("Patched nginx config to proxy /api/app-catalog"),
+        Ok(false) => debug!("Nginx already has /api/app-catalog block"),
+        Err(e) => warn!("Nginx bootstrap failed (non-fatal): {:#}", e),
+    }
+}
+
+async fn run() -> Result<bool> {
+    // Dev-box guard: on contributors' laptops `/home/archipelago/archy` is
+    // typically a symlink into the git checkout, and writing through it
+    // would clobber the working tree with whatever the binary happens to
+    // have been compiled from. Production ISO installs materialize a real
+    // directory.
+    let home_archy = Path::new("/home/archipelago/archy");
+    if fs::symlink_metadata(home_archy)
+        .await
+        .map(|m| m.file_type().is_symlink())
+        .unwrap_or(false)
+    {
+        debug!("/home/archipelago/archy is a symlink — skipping doctor bootstrap (dev box)");
+        return Ok(false);
+    }
+
+    // Skip entirely on machines without the canonical scripts directory —
+    // writing orphan files there just causes confusion.
+    let scripts_dir = Path::new(DOCTOR_SH_PATH)
+        .parent()
+        .context("doctor script path has no parent")?;
+    if !scripts_dir.exists() {
+        debug!(
+            "Scripts dir {} missing — skipping doctor bootstrap",
+            scripts_dir.display()
+        );
+        return Ok(false);
+    }
+
+    let mut changed = false;
+
+    // 1. Script — lives in archipelago's home dir, user-writable.
+    if needs_write(DOCTOR_SH_PATH, DOCTOR_SH).await {
+        fs::write(DOCTOR_SH_PATH, DOCTOR_SH)
+            .await
+            .with_context(|| format!("write {}", DOCTOR_SH_PATH))?;
+        let _ = tokio::process::Command::new("chmod")
+            .args(["+x", DOCTOR_SH_PATH])
+            .status()
+            .await;
+        info!("Updated {}", DOCTOR_SH_PATH);
+        changed = true;
+    }
+
+    // 2. Systemd unit files — /etc is restricted; route through host_sudo.
+    let service_changed = write_root_if_needed(DOCTOR_SERVICE_PATH, DOCTOR_SERVICE).await?;
+    let timer_changed = write_root_if_needed(DOCTOR_TIMER_PATH, DOCTOR_TIMER).await?;
+    changed = changed || service_changed || timer_changed;
+
+    // 3. Reload + enable. Only when we actually touched units, or when the
+    // timer isn't enabled yet (catches fresh upgrades of boxes that predate
+    // the doctor entirely).
+    let timer_enabled = is_timer_enabled().await;
+    if service_changed || timer_changed || !timer_enabled {
+        if let Err(e) = host_sudo(&["systemctl", "daemon-reload"]).await {
+            warn!("daemon-reload failed: {:#}", e);
+        }
+        if let Err(e) = host_sudo(&["systemctl", "enable", "--now", "archipelago-doctor.timer"])
+            .await
+        {
+            warn!("enable archipelago-doctor.timer failed: {:#}", e);
+        } else if !timer_enabled {
+            info!("Enabled archipelago-doctor.timer");
+        }
+    }
+
+    Ok(changed)
+}
+
+async fn needs_write(path: &str, expected: &str) -> bool {
+    match fs::read_to_string(path).await {
+        Ok(current) => current != expected,
+        Err(_) => true,
+    }
+}
+
+/// Write content to a root-owned path via `sudo mv` of a user-owned tmp file.
+/// Returns true if a write happened.
+async fn write_root_if_needed(path: &str, content: &str) -> Result<bool> {
+    if !needs_write(path, content).await {
+        return Ok(false);
+    }
+    let tmp = format!(
+        "/tmp/archipelago-bootstrap-{}-{}.tmp",
+        std::process::id(),
+        Path::new(path)
+            .file_name()
+            .and_then(|n| n.to_str())
+            .unwrap_or("unit")
+    );
+    fs::write(&tmp, content)
+        .await
+        .with_context(|| format!("write tmp {}", tmp))?;
+    let status = host_sudo(&["mv", &tmp, path])
+        .await
+        .with_context(|| format!("sudo mv {} -> {}", tmp, path))?;
+    if !status.success() {
+        let _ = fs::remove_file(&tmp).await;
+        anyhow::bail!("sudo mv to {} exited with {}", path, status);
+    }
+    info!("Updated {}", path);
+    Ok(true)
+}
+
+async fn is_timer_enabled() -> bool {
+    tokio::process::Command::new("systemctl")
+        .args(["is-enabled", "--quiet", "archipelago-doctor.timer"])
+        .status()
+        .await
+        .map(|s| s.success())
+        .unwrap_or(false)
+}
+
+/// Patch the nginx site config to add a `/api/app-catalog` proxy block if
+/// it's missing. The original ISO shipped individual per-endpoint `location`
+/// blocks and no catch-all `/api/`, so `/api/app-catalog` silently fell
+/// through to the SPA `index.html` and the frontend got HTML instead of
+/// JSON. We anchor the insert to the DWN comment that already sits right
+/// after the `/api/blob` block, so the new block lands in both the HTTP
+/// and HTTPS server blocks.
+///
+/// Validates via `nginx -t` before reloading. On failure the patch is
+/// rolled back from a backup written just before the write.
+async fn run_nginx() -> Result<bool> {
+    // Skip on dev symlinks — we don't want to touch `/etc/nginx` on laptops.
+    let home_archy = Path::new("/home/archipelago/archy");
+    if fs::symlink_metadata(home_archy)
+        .await
+        .map(|m| m.file_type().is_symlink())
+        .unwrap_or(false)
+    {
+        return Ok(false);
+    }
+
+    if !Path::new(NGINX_CONF_PATH).exists() {
+        debug!(
+            "{} missing — skipping nginx bootstrap",
+            NGINX_CONF_PATH
+        );
+        return Ok(false);
+    }
+
+    let content = fs::read_to_string(NGINX_CONF_PATH)
+        .await
+        .with_context(|| format!("read {}", NGINX_CONF_PATH))?;
+    if content.contains("location /api/app-catalog") {
+        return Ok(false);
+    }
+
+    // The DWN comment sits at the same indent right after the `/api/blob`
+    // block in both server blocks — a stable anchor that existed on every
+    // ISO shipped to date. If it's absent (config got heavily customized),
+    // we bail rather than guess where to splice.
+    let anchor = "    # DWN endpoints — peer access over Tor (no auth)";
+    if !content.contains(anchor) {
+        warn!("nginx conf missing DWN anchor — skipping /api/app-catalog patch");
+        return Ok(false);
+    }
+
+    let replacement = format!("{}{}", NGINX_APP_CATALOG_BLOCK, anchor);
+    let patched = content.replace(anchor, &replacement);
+
+    // Write patched config via a user-owned tmp + sudo mv, after stashing
+    // a backup so we can revert if `nginx -t` hates what we produced.
+    let pid = std::process::id();
+    let tmp = format!("/tmp/archipelago-nginx-{}.conf", pid);
+    fs::write(&tmp, &patched)
+        .await
+        .with_context(|| format!("write {}", tmp))?;
+
+    let backup = format!("/tmp/archipelago-nginx-backup-{}.conf", pid);
+    if let Err(e) = host_sudo(&["cp", NGINX_CONF_PATH, &backup]).await {
+        let _ = fs::remove_file(&tmp).await;
+        return Err(e.context("backup nginx conf"));
+    }
+
+    let mv = host_sudo(&["mv", &tmp, NGINX_CONF_PATH]).await;
+    match mv {
+        Ok(s) if s.success() => {}
+        Ok(s) => {
+            let _ = fs::remove_file(&tmp).await;
+            anyhow::bail!("sudo mv nginx conf exited with {}", s);
+        }
+        Err(e) => {
+            let _ = fs::remove_file(&tmp).await;
+            return Err(e.context("mv tmp -> nginx conf"));
+        }
+    }
+
+    // Validate.
+    let test = host_sudo(&["nginx", "-t"]).await;
+    let valid = matches!(&test, Ok(s) if s.success());
+    if !valid {
+        warn!("nginx -t failed after patch — reverting");
+        let _ = host_sudo(&["mv", &backup, NGINX_CONF_PATH]).await;
+        if let Err(e) = test {
+            return Err(e.context("nginx -t"));
+        }
+        anyhow::bail!("nginx config invalid after patch — reverted");
+    }
+
+    // Reload nginx so the new block takes effect immediately. Reload (not
+    // restart) keeps in-flight connections alive.
+    if let Err(e) = host_sudo(&["systemctl", "reload", "nginx"]).await {
+        warn!("nginx reload failed (non-fatal): {:#}", e);
+    }
+    let _ = host_sudo(&["rm", "-f", &backup]).await;
+    Ok(true)
+}

core/archipelago/src/container/docker_packages.rs

@@ -297,9 +297,16 @@ fn get_app_tier(app_id: &str) -> &'static str {
 
 fn get_app_metadata(app_id: &str) -> AppMetadata {
     let mut meta = match app_id {
-        "bitcoin" | "bitcoin-core" | "bitcoin-knots" => AppMetadata {
+        "bitcoin-core" => AppMetadata {
+            title: "Bitcoin Core".to_string(),
+            description: "Reference Bitcoin node implementation".to_string(),
+            icon: "/assets/img/app-icons/bitcoin-core.svg".to_string(),
+            repo: "https://github.com/bitcoin/bitcoin".to_string(),
+            tier: "",
+        },
+        "bitcoin" | "bitcoin-knots" => AppMetadata {
             title: "Bitcoin Knots".to_string(),
-            description: "Full Bitcoin node implementation".to_string(),
+            description: "Enhanced Bitcoin node implementation".to_string(),
             icon: "/assets/img/app-icons/bitcoin-knots.webp".to_string(),
             repo: "https://github.com/bitcoinknots/bitcoin".to_string(),
             tier: "",

core/archipelago/src/identity_manager.rs

@@ -216,6 +216,80 @@ impl IdentityManager {
         Ok(record)
     }
 
+    /// Mirror an existing Ed25519 signing key as a manager-level identity.
+    ///
+    /// Used at boot to expose the node's own seed-derived key (the one that
+    /// backs `server_info.pubkey` and peer-to-peer connections) as an
+    /// entry in the Identities page, so all three surfaces — DID Status,
+    /// "Node" entry on Identities, and peer-connect DID — resolve to the
+    /// same DID. The id is deterministic (`node-<pubkey16>`), so repeated
+    /// calls on the same key are idempotent: if the file already exists
+    /// we return the existing record untouched.
+    pub async fn create_from_signing_key(
+        &self,
+        name: String,
+        purpose: IdentityPurpose,
+        signing_key: SigningKey,
+    ) -> Result<IdentityRecord> {
+        let pubkey_hex = hex::encode(signing_key.verifying_key().as_bytes());
+        let did = did_key_from_pubkey_hex(&pubkey_hex)?;
+        let id = format!("node-{}", &pubkey_hex[..16]);
+
+        // Idempotent: if we already mirrored this key, just return it.
+        let file_path = self.identities_dir.join(format!("{}.json", id));
+        if file_path.exists() {
+            return self.get(&id).await;
+        }
+
+        let created_at = chrono::Utc::now().to_rfc3339();
+        // Mark as the node (master) identity so it gets the hex SVG.
+        let default_profile = IdentityProfile {
+            picture: Some(crate::avatar::default_picture(&pubkey_hex, true)),
+            ..Default::default()
+        };
+
+        let identity_file = IdentityFile {
+            id: id.clone(),
+            name: name.clone(),
+            purpose: purpose.clone(),
+            secret_key: signing_key.to_bytes().to_vec(),
+            pubkey_hex: pubkey_hex.clone(),
+            did: did.clone(),
+            created_at,
+            nostr_secret_hex: None,
+            nostr_pubkey_hex: None,
+            profile: Some(default_profile),
+            derivation_index: Some(0),
+        };
+
+        let json = serde_json::to_string_pretty(&identity_file)
+            .context("Failed to serialize identity")?;
+        fs::write(&file_path, json.as_bytes())
+            .await
+            .context("Failed to write identity file")?;
+        #[cfg(unix)]
+        {
+            use std::os::unix::fs::PermissionsExt;
+            fs::set_permissions(&file_path, std::fs::Permissions::from_mode(0o600))
+                .await
+                .context("Failed to set identity file permissions")?;
+        }
+
+        // First identity becomes the default.
+        let (existing, _) = self.list().await?;
+        if existing.len() <= 1 {
+            self.set_default(&id).await?;
+        }
+
+        tracing::info!(
+            "Mirrored node signing key as Node identity '{}' ({})",
+            name,
+            purpose
+        );
+
+        self.get(&id).await
+    }
+
     /// Create a new identity with keys derived from a BIP-39 master seed.
     /// The derivation index is auto-incremented and persisted.
     pub async fn create_from_seed(

core/archipelago/src/main.rs

@@ -28,6 +28,7 @@ mod avatar;
 mod backup;
 mod bitcoin_rpc;
 mod blobs;
+mod bootstrap;
 mod config;
 mod constants;
 mod container;
@@ -171,6 +172,11 @@ async fn main() -> Result<()> {
         update::run_update_scheduler(update_data_dir).await;
     });
 
+    // Synchronize host-side doctor artifacts (script + systemd units) with
+    // what's embedded in this binary. Runs in the background so it never
+    // delays server readiness; best-effort, warnings only.
+    tokio::spawn(bootstrap::ensure_doctor_installed());
+
     // Spawn periodic container snapshot (for crash recovery)
     crash_recovery::spawn_snapshot_task(config.data_dir.clone());
 

core/archipelago/src/server.rs

@@ -89,22 +89,32 @@ impl Server {
         // Load persisted messages (Archipelago channel)
         node_message::init(&config.data_dir).await;
 
-        // Auto-create default identity if none exist (fresh boot or factory reset)
+        // Auto-create the Node identity on fresh boot, mirroring the node's
+        // own signing key (seed-derived when onboarded, random otherwise).
+        // This keeps the DID shown on the Identities page, the DID Status
+        // card, and the DID used for peer-to-peer connects all aligned on
+        // one value — the seed-derived node DID. Idempotent: if the entry
+        // already exists from a prior boot, create_from_signing_key returns
+        // the existing record unchanged.
         {
             let im = crate::identity_manager::IdentityManager::new(&config.data_dir).await;
             if let Ok(mgr) = im {
                 if let Ok((list, _)) = mgr.list().await {
                     if list.is_empty() {
+                        let signing_key = ed25519_dalek::SigningKey::from_bytes(
+                            &identity.signing_key().to_bytes(),
+                        );
                         match mgr
-                            .create(
-                                "Default".to_string(),
+                            .create_from_signing_key(
+                                "Node".to_string(),
                                 crate::identity_manager::IdentityPurpose::Personal,
+                                signing_key,
                             )
                             .await
                         {
                             Ok(record) => {
                                 let _ = mgr.create_nostr_key(&record.id).await;
-                                tracing::info!(did = %record.did, "Auto-created default identity with Nostr key");
+                                tracing::info!(did = %record.did, "Auto-created Node identity mirroring node key");
                             }
                             Err(e) => tracing::debug!("Auto-identity creation (non-fatal): {}", e),
                         }

core/archipelago/src/update.rs

@@ -792,7 +792,7 @@ pub async fn cancel_download(data_dir: &Path) -> Result<()> {
 /// though sudo itself is root. `systemd-run --wait` spawns a transient
 /// service unit that inherits systemd's default protections (i.e. none
 /// of ours), escaping the namespace.
-async fn host_sudo(args: &[&str]) -> Result<std::process::ExitStatus> {
+pub(crate) async fn host_sudo(args: &[&str]) -> Result<std::process::ExitStatus> {
     let mut full: Vec<&str> = vec![
         "systemd-run",
         "--wait",

docker/bitcoin-ui/Dockerfile

@@ -1,6 +1,7 @@
 FROM git.tx1138.com/lfg2025/nginx:1.27.4-alpine
 COPY index.html /usr/share/nginx/html/
 COPY 50x.html /usr/share/nginx/html/
+COPY assets/ /usr/share/nginx/html/assets/
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 # Run nginx as root to avoid chown failures in rootless Podman user namespaces
 RUN sed -i 's/^user  nginx;/user  root;/' /etc/nginx/nginx.conf && \

docker/bitcoin-ui/index.html

@@ -6,7 +6,7 @@
     <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
     <meta http-equiv="Pragma" content="no-cache">
     <meta http-equiv="Expires" content="0">
-    <title>Bitcoin Knots - Archipelago</title>
+    <title id="pageTitle">Bitcoin Node - Archipelago</title>
     <script src="https://cdn.tailwindcss.com"></script>
     <style>
         * {
@@ -336,9 +336,10 @@
                 <!-- Logo - Top Left -->
                 <div class="flex-shrink-0">
                     <div class="logo-gradient-border">
-                        <img 
+                        <img
+                            id="implLogo"
                             src="/assets/img/app-icons/bitcoin-knots.webp"
-                            alt="Bitcoin Knots" 
+                            alt="Bitcoin Node"
                             class="w-16 h-16"
                             style="object-fit: contain;"
                             onerror="this.style.display='none'"
@@ -348,8 +349,8 @@
                 
                 <!-- Title and Description -->
                 <div class="flex-1 min-w-0">
-                    <h1 class="text-3xl font-bold text-white mb-2">Bitcoin Knots</h1>
-                    <p class="text-white/70">Enhanced Bitcoin node implementation</p>
+                    <h1 id="implName" class="text-3xl font-bold text-white mb-2">Bitcoin Node</h1>
+                    <p id="implTagline" class="text-white/70">Detecting implementation…</p>
                 </div>
 
                 <!-- Node Status Info - Compact on Desktop -->
@@ -385,8 +386,18 @@
                         </div>
                     </div>
 
-                    <button 
-                        onclick="openSettings()" 
+                    <div class="info-card flex items-center gap-3">
+                        <svg class="w-5 h-5 text-white/60" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 7v10c0 2 1.6 3 4 3h8c2.4 0 4-1 4-3V7M4 7c0-2 1.6-3 4-3h8c2.4 0 4 1 4 3M4 7h16M9 11h6M9 15h6" />
+                        </svg>
+                        <div>
+                            <p class="text-xs text-white/60">Storage</p>
+                            <p class="text-sm font-medium text-white" id="storageMode">Loading...</p>
+                        </div>
+                    </div>
+
+                    <button
+                        onclick="openSettings()"
                         class="px-4 py-3 glass-button rounded-lg text-sm font-medium"
                     >
                         Settings
@@ -556,19 +567,23 @@
             <div class="space-y-3">
                 <div class="p-3 bg-white/5 rounded-lg">
                     <div class="font-semibold text-white mb-1">Network Mode</div>
-                    <div class="text-white/70 text-sm">Regtest (Development)</div>
+                    <div class="text-white/70 text-sm" id="settingsNetworkMode">Loading…</div>
+                </div>
+                <div class="p-3 bg-white/5 rounded-lg">
+                    <div class="font-semibold text-white mb-1">Storage Mode</div>
+                    <div class="text-white/70 text-sm" id="settingsStorageMode">Loading…</div>
                 </div>
                 <div class="p-3 bg-white/5 rounded-lg">
                     <div class="font-semibold text-white mb-1">Transaction Index</div>
-                    <div class="text-white/70 text-sm">Enabled (txindex=1)</div>
+                    <div class="text-white/70 text-sm" id="settingsTxIndex">Loading…</div>
                 </div>
                 <div class="p-3 bg-white/5 rounded-lg">
                     <div class="font-semibold text-white mb-1">ZMQ Publishing</div>
-                    <div class="text-white/70 text-sm">Block & TX notifications enabled</div>
+                    <div class="text-white/70 text-sm" id="settingsZmq">Loading…</div>
                 </div>
                 <div class="p-3 bg-white/5 rounded-lg">
                     <div class="font-semibold text-white mb-1">RPC Access</div>
-                    <div class="text-white/70 text-sm">Enabled on 0.0.0.0:18443</div>
+                    <div class="text-white/70 text-sm" id="settingsRpc">Loading…</div>
                 </div>
             </div>
         </div>
@@ -630,6 +645,31 @@
             }
         }
 
+        // Implementation branding — detected from getnetworkinfo.subversion.
+        // Bitcoin Knots identifies as "/Satoshi:<ver>/Knots:<date>/", Bitcoin Core as "/Satoshi:<ver>/".
+        let brandingApplied = false;
+        function applyImplBranding(subversion) {
+            if (brandingApplied) return;
+            if (!subversion) return;
+            const isKnots = /Knots/i.test(subversion);
+            const name = isKnots ? 'Bitcoin Knots' : 'Bitcoin Core';
+            const tagline = isKnots
+                ? 'Enhanced Bitcoin node implementation'
+                : 'Reference Bitcoin node implementation';
+            const icon = isKnots
+                ? '/assets/img/app-icons/bitcoin-knots.webp'
+                : '/assets/img/app-icons/bitcoin-core.svg';
+            const pageTitle = document.getElementById('pageTitle');
+            const implName = document.getElementById('implName');
+            const implTagline = document.getElementById('implTagline');
+            const implLogo = document.getElementById('implLogo');
+            if (pageTitle) pageTitle.textContent = `${name} - Archipelago`;
+            if (implName) implName.textContent = name;
+            if (implTagline) implTagline.textContent = tagline;
+            if (implLogo) { implLogo.src = icon; implLogo.alt = name; }
+            brandingApplied = true;
+        }
+
         // Track last block count for animations
         let lastBlockCount = 0;
 
@@ -648,7 +688,9 @@
                 }
 
                 const networkInfo = await callRPC('getnetworkinfo');
-                
+
+                applyImplBranding(networkInfo && networkInfo.subversion);
+
                 // Update network mode
                 const chain = blockchainInfo.chain || 'unknown';
                 const networkType = document.getElementById('networkType');
@@ -666,6 +708,70 @@
                 
                 if (networkType) networkType.textContent = networkShort;
 
+                // Mirror to Settings modal — Network Mode
+                const settingsNetworkMode = document.getElementById('settingsNetworkMode');
+                if (settingsNetworkMode) {
+                    const labels = { main: 'Mainnet', test: 'Testnet', signet: 'Signet', regtest: 'Regtest (Development)' };
+                    settingsNetworkMode.textContent = labels[chain] || networkShort;
+                }
+
+                // Update storage mode (pruned vs full archive)
+                const storageMode = document.getElementById('storageMode');
+                if (storageMode) {
+                    const sizeGb = blockchainInfo.size_on_disk
+                        ? (blockchainInfo.size_on_disk / 1e9).toFixed(1) + ' GB'
+                        : null;
+                    if (blockchainInfo.pruned) {
+                        storageMode.textContent = sizeGb ? `Pruned · ${sizeGb}` : 'Pruned';
+                        storageMode.className = 'text-sm font-medium text-amber-300';
+                    } else {
+                        storageMode.textContent = sizeGb ? `Full Archive · ${sizeGb}` : 'Full Archive';
+                        storageMode.className = 'text-sm font-medium text-emerald-300';
+                    }
+                }
+
+                // Mirror to Settings modal — Storage Mode
+                const settingsStorageMode = document.getElementById('settingsStorageMode');
+                if (settingsStorageMode) {
+                    if (blockchainInfo.pruned) {
+                        const heightNote = blockchainInfo.prune_height != null
+                            ? ` (keeping from block ${blockchainInfo.prune_height.toLocaleString()})` : '';
+                        settingsStorageMode.textContent = `Pruned${heightNote}`;
+                    } else {
+                        settingsStorageMode.textContent = 'Full archive (no pruning)';
+                    }
+                }
+
+                // Populate Settings — Transaction Index, ZMQ, RPC (fire-and-forget)
+                (async () => {
+                    const txIndexEl = document.getElementById('settingsTxIndex');
+                    if (txIndexEl) {
+                        const idx = await callRPC('getindexinfo');
+                        if (idx && typeof idx === 'object') {
+                            const names = Object.keys(idx);
+                            txIndexEl.textContent = names.length
+                                ? `Enabled: ${names.join(', ')}`
+                                : 'Disabled';
+                        } else {
+                            txIndexEl.textContent = 'Disabled';
+                        }
+                    }
+                    const zmqEl = document.getElementById('settingsZmq');
+                    if (zmqEl) {
+                        const zmq = await callRPC('getzmqnotifications');
+                        if (Array.isArray(zmq) && zmq.length) {
+                            zmqEl.textContent = zmq.map(z => `${z.type}@${z.address}`).join('; ');
+                        } else {
+                            zmqEl.textContent = 'Not enabled';
+                        }
+                    }
+                    const rpcEl = document.getElementById('settingsRpc');
+                    if (rpcEl && networkInfo) {
+                        const port = chain === 'main' ? 8332 : (chain === 'test' ? 18332 : (chain === 'signet' ? 38332 : 18443));
+                        rpcEl.textContent = `Reachable on port ${port}`;
+                    }
+                })();
+
                 // Update sync status
                 const blocks = blockchainInfo.blocks || 0;
                 const headers = blockchainInfo.headers || 0;
@@ -779,7 +885,9 @@
                 const peerInfo = await callRPC('getpeerinfo');
                 
                 if (networkInfo && blockchainInfo) {
-                    logsContent.textContent = `Bitcoin Knots version ${networkInfo.subversion || 'unknown'}
+                    applyImplBranding(networkInfo.subversion);
+                    const implLabel = /Knots/i.test(networkInfo.subversion || '') ? 'Bitcoin Knots' : 'Bitcoin Core';
+                    logsContent.textContent = `${implLabel} version ${networkInfo.subversion || 'unknown'}
 Network: ${blockchainInfo.chain}
 Blocks: ${blockchainInfo.blocks}
 Headers: ${blockchainInfo.headers}

image-recipe/configs/nginx-archipelago.conf

@@ -241,6 +241,23 @@ server {
         error_page 504 = @backend_timeout;
     }
 
+    # App Store catalog proxy — backend fetches from configured registries
+    # so the browser doesn't hit CORS/CSP. Without this block nginx falls
+    # through to the SPA index.html and the frontend gets HTML back instead
+    # of JSON.
+    location /api/app-catalog {
+        proxy_pass http://127.0.0.1:5678;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Cookie $http_cookie;
+        proxy_connect_timeout 15s;
+        proxy_read_timeout 30s;
+        proxy_send_timeout 15s;
+        error_page 502 503 = @backend_unavailable;
+        error_page 504 = @backend_timeout;
+    }
+
     # DWN endpoints — peer access over Tor (no auth)
     location /dwn {
         limit_req zone=peer burst=20 nodelay;
@@ -1029,6 +1046,23 @@ server {
         error_page 504 = @backend_timeout;
     }
 
+    # App Store catalog proxy — backend fetches from configured registries
+    # so the browser doesn't hit CORS/CSP. Without this block nginx falls
+    # through to the SPA index.html and the frontend gets HTML back instead
+    # of JSON.
+    location /api/app-catalog {
+        proxy_pass http://127.0.0.1:5678;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Cookie $http_cookie;
+        proxy_connect_timeout 15s;
+        proxy_read_timeout 30s;
+        proxy_send_timeout 15s;
+        error_page 502 503 = @backend_unavailable;
+        error_page 504 = @backend_timeout;
+    }
+
     # DWN endpoints — peer access over Tor (no auth)
     location /dwn {
         limit_req zone=peer burst=20 nodelay;

neode-ui/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "neode-ui",
-  "version": "1.6.0-alpha",
+  "version": "1.7.37-alpha",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "neode-ui",
-      "version": "1.6.0-alpha",
+      "version": "1.7.37-alpha",
       "dependencies": {
         "@types/dompurify": "^3.0.5",
         "@vue-leaflet/vue-leaflet": "^0.10.1",

neode-ui/package.json

@@ -1,7 +1,7 @@
 {
   "name": "neode-ui",
   "private": true,
-  "version": "1.6.0-alpha",
+  "version": "1.7.37-alpha",
   "type": "module",
   "scripts": {
     "start": "./start-dev.sh",

neode-ui/public/catalog.json

@@ -22,6 +22,18 @@
       "category": "money",
       "tier": "core"
     },
+    {
+      "id": "bitcoin-core",
+      "title": "Bitcoin Core",
+      "version": "28.4",
+      "description": "Reference implementation of the Bitcoin protocol. Run a full node validating and relaying blocks on the Bitcoin network.",
+      "icon": "/assets/img/app-icons/bitcoin-core.svg",
+      "author": "Bitcoin Core contributors",
+      "dockerImage": "docker.io/bitcoin/bitcoin:28.4",
+      "repoUrl": "https://github.com/bitcoin/bitcoin",
+      "category": "money",
+      "tier": "optional"
+    },
     {
       "id": "lnd",
       "title": "LND",

neode-ui/src/composables/useOnboarding.ts

@@ -19,11 +19,24 @@ async function callWithRetry<T>(fn: () => Promise<T>, maxRetries = 3): Promise<T
 }
 
 export async function isOnboardingComplete(): Promise<boolean> {
-  // localStorage is set on completion and survives backend restarts/resets
-  if (localStorage.getItem('neode_onboarding_complete') === '1') return true
+  // Prefer the backend — localStorage gets stale across nodes (a
+  // browser that onboarded node A would otherwise treat fresh node B
+  // as already-onboarded and skip the wizard entirely). Only fall
+  // back to localStorage if the backend is unreachable.
   const result = await callWithRetry(() => rpcClient.isOnboardingComplete(), 2)
-  if (result !== null) return result
-  return false
+  if (result !== null) {
+    // Re-seed the localStorage cache so non-async consumers
+    // (OnboardingWrapper's useVideoBackground computed, etc.) see the
+    // right answer after the user clears site data on an already-
+    // onboarded node.
+    if (result) {
+      try { localStorage.setItem('neode_onboarding_complete', '1') } catch {}
+    } else {
+      try { localStorage.removeItem('neode_onboarding_complete') } catch {}
+    }
+    return result
+  }
+  return localStorage.getItem('neode_onboarding_complete') === '1'
 }
 
 export async function completeOnboarding(): Promise<void> {

neode-ui/src/locales/en.json

@@ -19,6 +19,8 @@
     "launch": "Launch",
     "starting": "Starting...",
     "stopping": "Stopping...",
+    "update": "Update",
+    "updating": "Updating...",
     "send": "Send",
     "sending": "Sending...",
     "back": "Back",

neode-ui/src/locales/es.json

@@ -19,6 +19,8 @@
     "launch": "Abrir",
     "starting": "Iniciando...",
     "stopping": "Deteniendo...",
+    "update": "Actualizar",
+    "updating": "Actualizando...",
     "send": "Enviar",
     "sending": "Enviando...",
     "back": "Volver",

neode-ui/src/stores/__tests__/loginTransition.test.ts

@@ -10,10 +10,19 @@ describe('useLoginTransitionStore', () => {
   it('starts with all flags false', () => {
     const store = useLoginTransitionStore()
     expect(store.justLoggedIn).toBe(false)
+    expect(store.justCompletedOnboarding).toBe(false)
     expect(store.pendingWelcomeTyping).toBe(false)
     expect(store.startWelcomeTyping).toBe(false)
   })
 
+  it('setJustCompletedOnboarding updates justCompletedOnboarding', () => {
+    const store = useLoginTransitionStore()
+    store.setJustCompletedOnboarding(true)
+    expect(store.justCompletedOnboarding).toBe(true)
+    store.setJustCompletedOnboarding(false)
+    expect(store.justCompletedOnboarding).toBe(false)
+  })
+
   it('setJustLoggedIn updates justLoggedIn', () => {
     const store = useLoginTransitionStore()
     store.setJustLoggedIn(true)

neode-ui/src/stores/loginTransition.ts

@@ -4,6 +4,13 @@ import { ref } from 'vue'
 /** Signals that we just logged in - Dashboard uses this for zoom + oomph */
 export const useLoginTransitionStore = defineStore('loginTransition', () => {
   const justLoggedIn = ref(false)
+  /**
+   * True only when the user just finished the onboarding wizard
+   * (first password setup), as distinct from a regular re-login.
+   * Dashboard uses this to decide whether to play the full glitchy
+   * reveal vs just a quick interface-draw.
+   */
+  const justCompletedOnboarding = ref(false)
   /** Show empty welcome block until typing starts (hide static text) */
   const pendingWelcomeTyping = ref(false)
   /** Trigger welcome typing on Home - set true after dashboard animation finishes */
@@ -13,6 +20,10 @@ export const useLoginTransitionStore = defineStore('loginTransition', () => {
     justLoggedIn.value = value
   }
 
+  function setJustCompletedOnboarding(value: boolean) {
+    justCompletedOnboarding.value = value
+  }
+
   function setPendingWelcomeTyping(value: boolean) {
     pendingWelcomeTyping.value = value
   }
@@ -24,6 +35,8 @@ export const useLoginTransitionStore = defineStore('loginTransition', () => {
   return {
     justLoggedIn,
     setJustLoggedIn,
+    justCompletedOnboarding,
+    setJustCompletedOnboarding,
     pendingWelcomeTyping,
     setPendingWelcomeTyping,
     startWelcomeTyping,

neode-ui/src/views/Apps.vue

@@ -117,6 +117,7 @@
         @start="actions.startApp"
         @stop="actions.stopApp"
         @restart="actions.restartApp"
+        @update="updateApp"
         @show-uninstall="showUninstallModal"
       />
     </div>
@@ -296,4 +297,12 @@ function goToApp(id: string) {
 function launchApp(id: string) {
   useAppLauncherStore().openSession(id)
 }
+
+async function updateApp(id: string) {
+  try {
+    await serverStore.updatePackage(id)
+  } catch (err) {
+    actions.actionError.value = `Failed to update ${id}: ${err instanceof Error ? err.message : 'Unknown error'}`
+  }
+}
 </script>

neode-ui/src/views/Dashboard.vue

@@ -264,10 +264,13 @@ watch(() => route.path, (newPath) => {
 onMounted(() => {
   previousRoutePath = route.path
   document.body.classList.add('dashboard-active')
-  if (loginTransition.justLoggedIn) {
+  if (loginTransition.justCompletedOnboarding) {
+    // Full glitchy reveal — only on the very first dashboard entry
+    // right after onboarding (one-time event, persists in feel).
     playDashboardLoadOomph()
     showZoomIn.value = true
     loginTransition.setPendingWelcomeTyping(true)
+    loginTransition.setJustCompletedOnboarding(false)
     loginTransition.setJustLoggedIn(false)
     const triggerRevealGlitch = () => {
       isGlitching.value = true
@@ -281,6 +284,16 @@ onMounted(() => {
       loginTransition.setStartWelcomeTyping(true)
       loginTransition.setPendingWelcomeTyping(false)
     }, 4000)
+  } else if (loginTransition.justLoggedIn) {
+    // Regular re-login — no zoom, no glitch. Just land on the
+    // dashboard and kick off the welcome typing quickly.
+    playDashboardLoadOomph()
+    loginTransition.setPendingWelcomeTyping(true)
+    loginTransition.setJustLoggedIn(false)
+    scheduledTimeout(() => {
+      loginTransition.setStartWelcomeTyping(true)
+      loginTransition.setPendingWelcomeTyping(false)
+    }, 300)
   }
 
   window.addEventListener('keydown', handleKioskShortcuts)

neode-ui/src/views/Login.vue

@@ -408,6 +408,7 @@ async function handleSetup() {
     stopSynthwave()
     whooshAway.value = true
     playLoginSuccessWhoosh()
+    loginTransition.setJustCompletedOnboarding(true)
     loginTransition.setJustLoggedIn(true)
     await new Promise(r => setTimeout(r, 520))
     await router.replace(loginRedirectTo.value).catch(() => {

neode-ui/src/views/OnboardingWrapper.vue

@@ -86,9 +86,23 @@ const videoBackgroundRoutes = ['/onboarding/intro', '/login']
 // Login uses video when coming from splash, or static + glitch when direct
 const isLoginRoute = computed(() => route.path === '/login')
 
+// True once onboarding is complete. Used to skip the intro video on
+// the /login route so that returning (logged-out) users go straight
+// to the screensaver-style static + glitch background instead of
+// replaying the full intro every time.
+const onboardingDone = computed(() => {
+  try {
+    return localStorage.getItem('neode_onboarding_complete') === '1'
+  } catch {
+    return false
+  }
+})
+
 // Check if current route should use video background
 const useVideoBackground = computed(() => {
-  return videoBackgroundRoutes.includes(route.path)
+  if (!videoBackgroundRoutes.includes(route.path)) return false
+  if (route.path === '/login' && onboardingDone.value) return false
+  return true
 })
 
 // Map each route to a specific background image
@@ -108,7 +122,32 @@ const routeBackgrounds: Record<string, string> = {
   '/login': 'bg-intro.jpg' // Video loops from splash (same as intro)
 }
 
-const loginBackground = 'bg-intro-1.jpg'
+// Rotate the login background so the lock screen doesn't look
+// identical on every logout. Cycles through bg-intro-1..6 using a
+// counter persisted to localStorage so subsequent visits advance.
+const LOGIN_BACKGROUNDS = [
+  'bg-intro-1.jpg',
+  'bg-intro-2.jpg',
+  'bg-intro-3.jpg',
+  'bg-intro-4.jpg',
+  'bg-intro-5.jpg',
+  'bg-intro-6.jpg',
+]
+function pickNextLoginBackground(): string {
+  try {
+    const raw = localStorage.getItem('neode_login_bg_idx')
+    const prev = raw !== null ? parseInt(raw, 10) : -1
+    const next = (Number.isFinite(prev) ? prev + 1 : 0) % LOGIN_BACKGROUNDS.length
+    localStorage.setItem('neode_login_bg_idx', String(next))
+    return LOGIN_BACKGROUNDS[next]!
+  } catch {
+    return LOGIN_BACKGROUNDS[Math.floor(Math.random() * LOGIN_BACKGROUNDS.length)]!
+  }
+}
+const loginBackground = ref(pickNextLoginBackground())
+watch(() => route.path, (p) => {
+  if (p === '/login') loginBackground.value = pickNextLoginBackground()
+})
 
 // Restore video time from splash screen for seamless transition
 function restoreVideoTime() {

neode-ui/src/views/RootRedirect.vue

@@ -129,7 +129,31 @@ onMounted(async () => {
     return
   }
 
-  // Server not ready — show boot screen (waiting for backend)
+  // Server not ready. The full BootScreen is meant for a genuine
+  // cold-start (fresh install), not for the brief blip during an
+  // OTA update where the backend restarts. If onboarding has already
+  // completed we just keep the spinner and retry until the server
+  // responds again.
+  const wasOnboardedBefore = localStorage.getItem('neode_onboarding_complete') === '1'
+  if (wasOnboardedBefore) {
+    log('server down + onboarded → polling without boot screen')
+    let retries = 0
+    const maxRetries = 30 // 30 * 2s = 60s before giving up and showing boot screen
+    const poll = setInterval(async () => {
+      retries++
+      if (await quickHealthCheck()) {
+        clearInterval(poll)
+        proceedToApp()
+        return
+      }
+      if (retries >= maxRetries) {
+        clearInterval(poll)
+        log('server still down after retries → falling back to boot screen')
+        showBootScreen.value = true
+      }
+    }, 2000)
+    return
+  }
   showBootScreen.value = true
 })
 </script>

neode-ui/src/views/appSession/appSessionConfig.ts

@@ -7,6 +7,7 @@ export const DISPLAY_MODE_KEY = 'archipelago_app_display_mode'
 /** Container apps: direct port access (avoids root-relative asset breakage under /app/xxx/ proxy) */
 export const APP_PORTS: Record<string, number> = {
   'bitcoin-knots': 8334,
+  'bitcoin-core':  8334,
   'bitcoin-ui':    8334,
   'electrumx':     50002,
   'electrs':       50002,
@@ -57,6 +58,7 @@ export const PROXY_APPS: Record<string, string> = {}
  *  On HTTP, direct port access is used instead (faster, no proxy). */
 export const HTTPS_PROXY_PATHS: Record<string, string> = {
   'bitcoin-knots': '/app/bitcoin-ui/',
+  'bitcoin-core': '/app/bitcoin-ui/',
   'bitcoin-ui': '/app/bitcoin-ui/',
   'lnd': '/app/lnd/',
   'electrumx': '/app/electrs/',
@@ -107,7 +109,8 @@ export const EXTERNAL_URLS: Record<string, string> = {
 }
 
 export const APP_TITLES: Record<string, string> = {
-  'bitcoin-knots': 'Bitcoin', 'btcpay-server': 'BTCPay Server', 'indeedhub': 'Indeehub',
+  'bitcoin-knots': 'Bitcoin Knots', 'bitcoin-core': 'Bitcoin Core',
+  'btcpay-server': 'BTCPay Server', 'indeedhub': 'Indeehub',
   'botfights': 'BotFights', 'gitea': 'Gitea', '484-kitchen': '484 Kitchen', 'arch-presentation': 'Presentation',
   'nostr-vpn': 'Nostr VPN', 'fips': 'FIPS', 'routstr': 'Routstr',
   'homeassistant': 'Home Assistant', 'uptime-kuma': 'Uptime Kuma',

neode-ui/src/views/apps/AppCard.vue

@@ -114,6 +114,29 @@
     </div>
 
     <div v-else class="mt-4 flex gap-2">
+      <!-- Update available -->
+      <button
+        v-if="pkg['available-update'] && pkg.state !== 'updating'"
+        @click.stop="$emit('update', id)"
+        class="px-3 py-2 rounded-lg text-sm font-medium flex items-center justify-center gap-1.5 bg-orange-500/20 border border-orange-500/40 text-orange-200 hover:bg-orange-500/30 transition-colors"
+        :title="`Update to v${pkg['available-update']}`"
+      >
+        <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15" />
+        </svg>
+        {{ t('common.update') }}
+      </button>
+      <!-- Updating in progress -->
+      <span
+        v-if="pkg.state === 'updating'"
+        class="px-3 py-2 rounded-lg text-sm font-medium flex items-center justify-center gap-1.5 bg-orange-500/20 border border-orange-500/40 text-orange-200"
+      >
+        <svg class="animate-spin h-4 w-4" fill="none" viewBox="0 0 24 24">
+          <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+          <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+        </svg>
+        {{ t('common.updating') }}
+      </span>
       <!-- Launch -->
       <button
         v-if="canLaunch(pkg)"
@@ -211,6 +234,7 @@ const emit = defineEmits<{
   start: [id: string]
   stop: [id: string]
   restart: [id: string]
+  update: [id: string]
   showUninstall: [id: string, pkg: PackageDataEntry]
 }>()
 

neode-ui/src/views/discover/curatedApps.ts

@@ -77,6 +77,7 @@ export async function fetchAppCatalog(): Promise<AppCatalog | null> {
 export function getCuratedAppList(): MarketplaceApp[] {
   return [
     { id: 'bitcoin-knots', title: 'Bitcoin Knots', version: '28.1.0', description: 'Run a full Bitcoin node. Validate and relay blocks and transactions on the Bitcoin network.', icon: '/assets/img/app-icons/bitcoin-knots.webp', author: 'Bitcoin Knots', dockerImage: `${R}/bitcoin-knots:latest`, repoUrl: 'https://github.com/bitcoinknots/bitcoin' },
+    { id: 'bitcoin-core', title: 'Bitcoin Core', version: '28.4', description: 'Reference implementation of the Bitcoin protocol. Run a full node validating and relaying blocks on the Bitcoin network.', icon: '/assets/img/app-icons/bitcoin-core.svg', author: 'Bitcoin Core contributors', dockerImage: 'docker.io/bitcoin/bitcoin:28.4', repoUrl: 'https://github.com/bitcoin/bitcoin' },
     { id: 'btcpay-server', title: 'BTCPay Server', version: '1.13.7', description: 'Self-hosted Bitcoin payment processor. Accept Bitcoin payments without intermediaries or fees.', icon: '/assets/img/app-icons/btcpay-server.png', author: 'BTCPay Server Foundation', dockerImage: `${R}/btcpayserver:1.13.7`, repoUrl: 'https://github.com/btcpayserver/btcpayserver' },
     { id: 'lnd', title: 'LND', version: '0.18.4', description: 'Lightning Network Daemon. Fast and cheap Bitcoin payments through the Lightning Network.', icon: '/assets/img/app-icons/lnd.svg', author: 'Lightning Labs', dockerImage: `${R}/lnd:v0.18.4-beta`, repoUrl: 'https://github.com/lightningnetwork/lnd' },
     { id: 'mempool', title: 'Mempool Explorer', version: '3.0.0', description: 'Self-hosted Bitcoin blockchain and mempool visualizer. Monitor transactions without revealing your addresses to third parties.', icon: '/assets/img/app-icons/mempool.webp', author: 'Mempool', dockerImage: `${R}/mempool-frontend:v3.0.0`, repoUrl: 'https://github.com/mempool/mempool' },
@@ -164,6 +165,11 @@ export const FEATURED_DEFINITIONS: {
     desc: 'The foundation of sovereignty. Run a full Bitcoin node to validate every transaction yourself. No trusted third parties. No asking permission. Your node enforces the consensus rules that protect your wealth. Don\'t trust — verify.',
     tag: 'FULL VALIDATION // ZERO TRUST',
   },
+  {
+    id: 'bitcoin-core',
+    desc: 'The reference Bitcoin implementation. Same full-node guarantees as Knots, tracking upstream releases from the Bitcoin Core maintainers. Pick this if you\'d rather run mainline Bitcoin Core than Knots — both validate every block themselves.',
+    tag: 'REFERENCE CLIENT // ZERO TRUST',
+  },
   {
     id: 'lnd',
     desc: 'Lightning-fast payments over the Lightning Network. Open channels, route transactions, and earn routing fees — all from your sovereign node. Instant settlement. Near-zero fees. The future of money, running on your hardware.',

neode-ui/src/views/settings/AccountInfoSection.vue

@@ -180,6 +180,90 @@ init()
               </button>
             </div>
             <div class="overflow-y-auto flex-1 min-h-0 space-y-6 pr-1">
+              <!-- v1.7.37-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.37-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>Bitcoin Core (the reference implementation) now installs from the App Store and runs cleanly alongside Bitcoin Knots as a first-class option. The install flow pulls the official docker.io/bitcoin image directly if your internal mirrors don't carry it, and the node UI auto-detects which implementation is running so the logo, title, and version line all reflect Core vs. Knots without any manual config.</p>
+                  <p>The node dashboard now shows a Storage indicator (Full Archive · X GB or Pruned · X GB) right next to Network, so you can tell at a glance whether your node is carrying the full chain history or the last ~550 MB. The Node Settings modal was stripped of its hardcoded Regtest/port-18443 placeholders and now shows real values — network mode, storage mode, transaction index, ZMQ publishing, and RPC port — all read from the running node.</p>
+                  <p>Fresh installs no longer default to pruned mode. Previously, a new install would write <code>prune=550</code> into bitcoin.conf even on boxes with 2 TB of free space; now the default is full archive and you can opt into pruning by editing the conf yourself.</p>
+                </div>
+              </div>
+              <!-- v1.7.36-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.36-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>Bitcoin Core joins the App Store as its own entry, with the Umbrel community icon and a description that frames it as a reference alternative to Bitcoin Knots rather than a replacement. A Sovereignty Stack tile on the Discover page now groups your node options together so the choice is obvious.</p>
+                  <p>The App Store catalog fetch now follows whichever container registries you've set as primary in Settings. Previously the catalog URL was hardcoded to two servers; now the operator's own mirror priority drives where the App Store pulls its listings from, so switching primary actually moves the catalog too.</p>
+                </div>
+              </div>
+              <!-- v1.7.35-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.35-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>Rootless-netns self-heal: if the container network loses its outbound tap (symptom: Bitcoin Knots and other outbound containers can't reach the internet even though container-to-container still works), the node now detects it and restarts the network from scratch on its own. No more having to SSH in and bounce podman.</p>
+                  <p>Every app card on the Apps page now has an Update button whenever a newer version of the app is available — same flow as the detail view, one click away. Updating apps used to require drilling into each card individually.</p>
+                  <p>Your node's Web5 DID, Identities list, and peer-to-peer pubkey now all resolve to the same seed-derived identity instead of drifting apart after onboarding. The Node identity on fresh installs is mirrored from the onboarding seed rather than generated as a separate random keypair.</p>
+                  <p>Bitcoin Knots (and the new Bitcoin Core slot) now run on bitcoin/bitcoin 28.4 with a realistic 4 GiB memory cap and uncapped CPUs so bitcoind can run -par=auto across every core on your box.</p>
+                </div>
+              </div>
+              <!-- v1.7.34-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.34-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>The login background now rotates through six atmospheric images, advancing one each time you land on the login screen, so returning to your node doesn't keep showing the same wallpaper. The chosen index is remembered across logouts.</p>
+                  <p>Re-logging in is noticeably snappier. The dashboard entry animation used to replay the full 1.2-second zoom reveal on every login; that's now reserved for the first entry after onboarding. Subsequent logins fade in with just the welcome typing in about 300 ms.</p>
+                  <p>If you clear site data on a node you've already onboarded, the intro video no longer fires again on the login screen. The onboarding cache is re-seeded from the backend automatically, so /login stays quiet instead of replaying the whole intro sequence.</p>
+                </div>
+              </div>
+              <!-- v1.7.33-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.33-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>The onboarding wizard no longer gets skipped on genuinely-fresh nodes when you connect from a browser that onboarded a different node earlier. The backend is now the source of truth for "has this node been onboarded yet?" — the browser's local flag is the offline fallback, not the primary answer.</p>
+                  <p>Already-onboarded nodes no longer show the "boot loader" or "server starting up" screens during an OTA update blip. The health check polls quietly for up to a minute before showing the boot screen, so a 10-second restart no longer looks like a catastrophic failure.</p>
+                  <p>Logging out and returning to <code>/login</code> no longer replays the full intro video — you get a quiet lock-screen background instead. The full welcome sequence is reserved for genuine first-time entries.</p>
+                  <p>Upgrading nodes now pick up this release's UI cleanly without a stale cache hanging on. A cache-version bump tells your browser's service worker to ditch the old bundle on first load.</p>
+                </div>
+              </div>
+              <!-- v1.7.32-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.32-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>Hotfix: v1.7.31's frontend tarball was packaged with an extra wrapper directory, which left some nodes serving 403/500 after applying the update instead of the new UI. This release ships the tarball with the correct flat layout, and broken nodes heal automatically when this update applies.</p>
+                  <p>Updates now finalize cleanly instead of being force-killed by systemd. Previously the node logged "shut down cleanly" during an update, then systemd waited 15 seconds and SIGKILL'd the service because one of the internal threads wasn't releasing. That's been tracked down and fixed, so the service exits promptly and the restart path is snappier.</p>
+                </div>
+              </div>
+              <!-- v1.7.31-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.31-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>IndeedHub install is now idempotent — re-running it after a failed first attempt no longer leaves orphaned containers blocking the retry with a "name already in use" error. The installer force-cleans leftover containers and the dedicated network before starting a fresh stack.</p>
+                  <p>Server 3 (OVH) is now an automatic tertiary mirror for both system updates and app registries. Existing nodes pick it up on next restart without any manual config — another independent network path, so a single-provider outage can't stall downloads.</p>
+                  <p>The reachability test on the Registries page no longer reports false "unreachable" for Gitea-backed registries. The probe now hits the Docker V2 API at the correct host-root path and accepts HTTP 405 in addition to 200/401 as "registry alive".</p>
+                </div>
+              </div>
               <!-- v1.7.30-alpha -->
               <div>
                 <div class="flex items-center gap-2 mb-3">

neode-ui/vite.config.ts

@@ -94,7 +94,7 @@ export default defineConfig({
             urlPattern: /\/assets\/.*/i,
             handler: 'CacheFirst',
             options: {
-              cacheName: 'assets-cache-v2',
+              cacheName: 'assets-cache-v3',
               expiration: {
                 maxEntries: 100,
                 maxAgeSeconds: 60 * 60 * 24 * 30 // 30 days

releases/manifest.json

@@ -1,26 +1,27 @@
 {
-  "version": "1.7.32-alpha",
+  "version": "1.7.37-alpha",
   "release_date": "2026-04-22",
   "changelog": [
-    "Critical fix: the v1.7.31-alpha frontend package shipped with the wrong archive layout, which caused the web UI to return 403/500 after the update landed. v1.7.32-alpha ships the frontend correctly — nodes that got stuck on the 403 page will auto-recover on this update.",
-    "Shutdown fix: updates no longer briefly show the archipelago service as 'Failed' in systemd. The old version was logging 'shut down cleanly' but leaving a background mDNS thread alive, so systemd would force-kill it 15 seconds later and mark the unit failed. The process now exits promptly after saving its state."
+    "Bitcoin Core now installs cleanly from the App Store and runs with its own branding — the node UI auto-detects which implementation is running so logo, title, and version line reflect Core vs. Knots without any manual config.",
+    "The Bitcoin node dashboard now shows a Storage indicator (Full Archive · X GB or Pruned · X GB) next to Network, and the Node Settings modal shows the real network mode, transaction index, ZMQ publishing, and RPC port instead of hardcoded placeholders.",
+    "Fresh Bitcoin installs no longer default to pruned mode — nodes with plenty of disk keep the full archive rather than being silently capped at 550 MB."
   ],
   "components": [
     {
       "name": "archipelago",
-      "current_version": "1.7.31-alpha",
-      "new_version": "1.7.32-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.32-alpha/archipelago",
-      "sha256": "f5c0d51a3235b7619ac5b71140abd07b04cc90555205a4c0416c8c8c4a9a4588",
-      "size_bytes": 40791792
+      "current_version": "1.7.36-alpha",
+      "new_version": "1.7.37-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.37-alpha/archipelago",
+      "sha256": "df7ce22c185f97db2acabf7490c200f2d4af1371db97151ee0de116149150ce8",
+      "size_bytes": 41162992
     },
     {
-      "name": "archipelago-frontend-1.7.32-alpha.tar.gz",
-      "current_version": "1.7.31-alpha",
-      "new_version": "1.7.32-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.32-alpha/archipelago-frontend-1.7.32-alpha.tar.gz",
-      "sha256": "1eb1deaf479538f0552f395fc1aea67b1a247ddef6bfbf436353ba1997eac1be",
-      "size_bytes": 77008678
+      "name": "archipelago-frontend-1.7.37-alpha.tar.gz",
+      "current_version": "1.7.36-alpha",
+      "new_version": "1.7.37-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.37-alpha/archipelago-frontend-1.7.37-alpha.tar.gz",
+      "sha256": "bdb893755e2d8c43a14c03fad76eb5dcb7262643dca3932f6c8fd0b3aea2e980",
+      "size_bytes": 77033652
     }
   ]
 }

scripts/container-doctor.sh

@@ -367,7 +367,72 @@ print(' '.join(['\"' + a + '\"' if ' ' in a else a for a in args[2:]]))
     [ ${#fixed_names[@]} -gt 0 ] && return 0 || return 1
 }
 
-# ── Fix 8: Restart stopped core containers ──────────────────
+# ── Fix 8: Rootless netns egress lost ────────────────────────
+# Rootless podman uses pasta to give containers internet egress. If pasta's
+# tap vanishes (host link flap, mount churn), the rootless-netns keeps inter-
+# container traffic working but silently loses outbound. Bitcoin IBD stalls
+# at 0 peers; package pulls fail. The only reliable repair is a stop-all/
+# start-all cycle so pasta + aardvark-dns rebuild the netns from scratch.
+fix_rootless_netns_egress() {
+    local archi_uid
+    archi_uid=$(id -u archipelago 2>/dev/null) || return 1
+
+    # Locate the rootless-netns via aardvark-dns (it lives inside it).
+    local aardvark_pid
+    aardvark_pid=$(pgrep -U "$archi_uid" -f '^/usr/lib/podman/aardvark-dns' 2>/dev/null | head -1)
+    [ -z "$aardvark_pid" ] && return 1   # no rootless network active
+
+    # Host precheck: if the host itself can't reach the internet, no point
+    # cycling containers — this is an upstream problem.
+    if ! timeout 3 bash -c '</dev/tcp/1.1.1.1/443' 2>/dev/null; then
+        return 1
+    fi
+
+    # Probe egress from inside the rootless-netns. One probe is noisy;
+    # require two consecutive failures 10s apart to rule out transients.
+    if timeout 3 nsenter -t "$aardvark_pid" -n bash -c '</dev/tcp/1.1.1.1/443' 2>/dev/null; then
+        return 1   # first probe succeeded
+    fi
+    sleep 10
+    aardvark_pid=$(pgrep -U "$archi_uid" -f '^/usr/lib/podman/aardvark-dns' 2>/dev/null | head -1)
+    [ -z "$aardvark_pid" ] && return 1
+    if timeout 3 nsenter -t "$aardvark_pid" -n bash -c '</dev/tcp/1.1.1.1/443' 2>/dev/null; then
+        return 1   # recovered on its own
+    fi
+
+    log "Rootless-netns egress is broken (host online, container netns unreachable) — cycling"
+
+    local PODMANCMD="sudo -u archipelago XDG_RUNTIME_DIR=/run/user/$archi_uid podman"
+    local running
+    running=$($PODMANCMD ps --format '{{.Names}}' 2>/dev/null)
+    if [ -z "$running" ]; then
+        log "  No running containers to cycle — skipping"
+        return 1
+    fi
+
+    local count
+    count=$(echo "$running" | wc -l)
+    log "  Stopping $count running containers (graceful, 30s)..."
+    $PODMANCMD stop --all --time 30 >/dev/null 2>&1
+    sleep 5
+
+    log "  Starting containers back up..."
+    for c in $running; do
+        $PODMANCMD start "$c" >/dev/null 2>&1 &
+    done
+    wait
+    sleep 5
+
+    aardvark_pid=$(pgrep -U "$archi_uid" -f '^/usr/lib/podman/aardvark-dns' 2>/dev/null | head -1)
+    if [ -n "$aardvark_pid" ] && timeout 3 nsenter -t "$aardvark_pid" -n bash -c '</dev/tcp/1.1.1.1/443' 2>/dev/null; then
+        log "  Rootless-netns egress restored ($count containers cycled)"
+    else
+        log "  WARN: egress still broken after cycle — may need manual intervention"
+    fi
+    return 0
+}
+
+# ── Fix 9: Restart stopped core containers ──────────────────
 # Rootless Podman 4.x restart policies don't auto-restart on crash.
 # This check restarts any exited core containers (tiers 0-2).
 fix_stopped_core_containers() {
@@ -414,6 +479,7 @@ run_fix "tor-permissions"  fix_tor_permissions
 run_fix "searxng"         fix_searxng
 run_fix "bitcoin-txindex" fix_bitcoin_txindex
 run_fix "exit-127"        fix_exit_127
+run_fix "netns-egress"    fix_rootless_netns_egress
 run_fix "stopped-core"    fix_stopped_core_containers
 
 echo ""