release(v1.7.39-alpha): hotfix web-ui perms after OTA (nginx 500) + startup self-heal

v1.7.38 shipped with an OTA bug: the tar-extracted staging dir inherited 700
perms and nginx (www-data) returned 500/403 on every request after the swap.
.116 hit this on rollout; had to chmod by hand to recover.

- update.rs: after extraction, explicitly chmod 755 dirs + 644 files on the
  new staging dir before the mv into place, so nginx can stat/serve them.
- main.rs: self-heal on startup — if /opt/archipelago/web-ui is not
  world-readable, run `sudo chmod -R u=rwX,go=rX` to repair. This is what
  rescues nodes upgrading from v1.7.37/v1.7.38, since their extractor
  (running on the old binary) doesn't have the chmod fix yet — the new
  binary's first boot fixes the mess before nginx serves a single request.

Everything v1.7.38 shipped is still in this release:
- auth.rs auto-heals is_onboarding_complete() from setup_complete +
  password_hash so nodes don't bounce back to /onboarding/intro after
  browser clear / reboot / update
- useOnboarding tri-state: backend-unreachable no longer defaults to intro
- login sounds gated by isFirstInstallPhase() — silent after onboarding,
  typing sounds unaffected
- FIPS app / Nostr Relay / Nostr VPN / Routstr / Penpot removed from
  catalog + frontend + Rust + docker + icons; 15 image versions deleted
  from tx1138, .168, gitea-local
- AIUI baked into release tarball via demo/aiui/
- prebuild hook syncs app-catalog/catalog.json → public/catalog.json

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

core/Cargo.lock

@@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
 
 [[package]]
 name = "archipelago"
-version = "1.7.37-alpha"
+version = "1.7.39-alpha"
 dependencies = [
  "anyhow",
  "archipelago-container",

core/archipelago/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "archipelago"
-version = "1.7.37-alpha"
+version = "1.7.39-alpha"
 edition = "2021"
 description = "Archipelago Bitcoin Node OS - Native backend"
 authors = ["Archipelago Team"]

core/archipelago/src/main.rs

@@ -86,6 +86,36 @@ async fn main() -> Result<()> {
 
     info!("Starting Archipelago Bitcoin Node OS");
 
+    // Self-heal web-ui permissions. The OTA updater in <=v1.7.38 left
+    // /opt/archipelago/web-ui as drwx------ (700) after the atomic
+    // swap — nginx (www-data) then returned 500/403 on every request
+    // until someone shelled in and chmod'd it. Check on every boot
+    // and repair if needed so a node auto-recovers after the next
+    // service restart that follows a broken OTA.
+    tokio::spawn(async move {
+        use std::os::unix::fs::PermissionsExt;
+        let web_ui = std::path::Path::new("/opt/archipelago/web-ui");
+        if let Ok(meta) = tokio::fs::metadata(web_ui).await {
+            let mode = meta.permissions().mode() & 0o777;
+            if mode & 0o005 != 0o005 {
+                tracing::warn!(
+                    "web-ui perms {:o} not world-readable — self-healing",
+                    mode
+                );
+                let _ = tokio::process::Command::new("sudo")
+                    .args([
+                        "-n",
+                        "chmod",
+                        "-R",
+                        "u=rwX,go=rX",
+                        "/opt/archipelago/web-ui",
+                    ])
+                    .status()
+                    .await;
+            }
+        }
+    });
+
     // Load configuration
     let config = Config::load().await?;
     info!("📁 Data directory: {}", config.data_dir.display());

core/archipelago/src/update.rs

@@ -914,6 +914,21 @@ pub async fn apply_update(data_dir: &Path) -> Result<()> {
                 ])
                 .await;
 
+                // Set world-readable perms so nginx (runs as www-data)
+                // can stat + serve the files. Without this, the tar
+                // extraction inherits the staging-dir's 700 mode and
+                // nginx returns 403/500 for every request after the
+                // swap — exactly what bit .116 on the v1.7.38 rollout.
+                let _ = host_sudo(&["chmod", "755", &staging_new]).await;
+                let _ = host_sudo(&[
+                    "find", &staging_new, "-type", "d", "-exec", "chmod", "755", "{}", "+",
+                ])
+                .await;
+                let _ = host_sudo(&[
+                    "find", &staging_new, "-type", "f", "-exec", "chmod", "644", "{}", "+",
+                ])
+                .await;
+
                 // Preserve paths that are installed outside the Vue build
                 // (baked in by the ISO or sibling installers) and so
                 // aren't in the new tarball. Without this copy, every OTA

neode-ui/package.json

@@ -1,7 +1,7 @@
 {
   "name": "neode-ui",
   "private": true,
-  "version": "1.7.38-alpha",
+  "version": "1.7.39-alpha",
   "type": "module",
   "scripts": {
     "start": "./start-dev.sh",

neode-ui/src/views/settings/AccountInfoSection.vue

@@ -180,6 +180,16 @@ init()
               </button>
             </div>
             <div class="overflow-y-auto flex-1 min-h-0 space-y-6 pr-1">
+              <!-- v1.7.39-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.39-alpha</span>
+                  <span class="text-xs text-white/40">Apr 22, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>Hotfix for v1.7.38 — on some nodes the update landed with the web UI directory set to private file permissions, so nginx returned a 500 / "Internal Server Error" on every page. This release fixes the updater to set world-readable permissions on the new frontend, and the node also now self-heals on boot if it ever finds the UI directory in that state again.</p>
+                </div>
+              </div>
               <!-- v1.7.38-alpha -->
               <div>
                 <div class="flex items-center gap-2 mb-3">

releases/manifest.json

@@ -1,27 +1,28 @@
 {
-  "version": "1.7.38-alpha",
+  "version": "1.7.39-alpha",
   "release_date": "2026-04-22",
   "changelog": [
-    "Signing in is quiet after the first boot. The intro music, welcome voice, and transition sounds only play during initial onboarding — every subsequent login is silent. Typing sounds in the search bar and dashboard are unaffected.",
-    "Fixed a bug where clearing your browser cache, updating the node, or rebooting could bounce you back through the onboarding wizard even though your node was already set up. The node now self-heals so already-onboarded nodes always go straight to the login screen.",
-    "Trimmed the App Store — FIPS, Nostr Relay, Nostr VPN, Routstr, and Penpot are no longer listed and their container images have been removed from all registries. Your node's built-in FIPS transport is untouched; this only removes the app-store entries."
+    "Hotfix: on some nodes the v1.7.38 update landed the web UI directory with private permissions, so nginx returned 500 / Internal Server Error on every page. v1.7.39 fixes the updater to leave the new frontend world-readable, and the node now also self-heals on boot if it ever finds the UI in that state again.",
+    "Signing in is quiet after the first boot. The intro music, welcome voice, and transition sounds only play during initial onboarding — every login after that is silent. Typing sounds in the search bar and dashboard are unaffected.",
+    "Nodes that completed setup no longer get bounced back through the onboarding wizard after clearing browser cache, updating, or rebooting. The node self-heals so already-onboarded nodes always go straight to the login screen.",
+    "Trimmed the App Store — FIPS, Nostr Relay, Nostr VPN, Routstr, and Penpot are no longer listed and their container images have been removed from all registries. Your node's built-in FIPS transport is untouched."
   ],
   "components": [
     {
       "name": "archipelago",
       "current_version": "1.7.37-alpha",
-      "new_version": "1.7.38-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.38-alpha/archipelago",
-      "sha256": "d8c8b8eea14fae78906c79628828b3fba74d1673e983726d6463ec30d434bbca",
-      "size_bytes": 41085368
+      "new_version": "1.7.39-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.39-alpha/archipelago",
+      "sha256": "533d5ff9421aba2a1b4acc981746da1692f6a2abb5101da5500f5f920c26fd3a",
+      "size_bytes": 41107808
     },
     {
-      "name": "archipelago-frontend-1.7.38-alpha.tar.gz",
+      "name": "archipelago-frontend-1.7.39-alpha.tar.gz",
       "current_version": "1.7.37-alpha",
-      "new_version": "1.7.38-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.38-alpha/archipelago-frontend-1.7.38-alpha.tar.gz",
-      "sha256": "c5861b60a9e888d21a0e77d2f02b5c1f5dea30b02b8fad2c302713e78d595a53",
-      "size_bytes": 162087753
+      "new_version": "1.7.39-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.39-alpha/archipelago-frontend-1.7.39-alpha.tar.gz",
+      "sha256": "e5dc5b51a1e72836688b7883b8032245aa252a33500d6eba37839569b5c5b17a",
+      "size_bytes": 162085565
     }
   ]
 }