lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/docs/MASTER_PLAN.md

142 lines
7.5 KiB
Markdown
Raw Normal View History

feat: bitcoin-ui CSS fix, HTTPS proxy support, deploy script improvements Bitcoin UI: - Replace cdn.tailwindcss.com with locally bundled tailwind.css (CSP blocks external scripts) - Make all asset paths relative for nginx proxy compatibility - Add bitcoin-ui build/deploy to deploy-to-target.sh (was missing entirely) - Use --network host (bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332) HTTPS mixed content fix: - Add HTTPS_PROXY_PATHS in AppSession.vue — when parent page is HTTPS, iframe loads through nginx proxy instead of direct HTTP port - Prevents browser blocking HTTP iframes inside HTTPS pages - All Tailscale servers use HTTPS, this was breaking all app iframes Deploy & first-boot improvements: - first-boot-containers.sh auto-detects disk size for pruning vs txindex - first-boot-containers.sh checks fallback source path for UI containers - Added mempool-electrs to APP_PORTS mapping - ElectrumX container creation in first-boot - Podman doctor/fix/uptime skills added Also includes: session persistence, identity management, LND transactions, ElectrumX status UI, nostr-provider improvements, Web5 enhancements Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 12:58:35 +00:00
# MASTER PLAN
> Archipelago project task tracking and roadmap.
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
>
> **BETA FREEZE ACTIVE (2026-03-18)** — No new features. Fix bugs, harden security, test everything.
> Pipeline: **Feature Testing** → **User Testing** → **Beta Live**
> Progress: `docs/BETA-PROGRESS.md` | Acceptance: `docs/BETA-RELEASE-CHECKLIST.md`
feat: bitcoin-ui CSS fix, HTTPS proxy support, deploy script improvements Bitcoin UI: - Replace cdn.tailwindcss.com with locally bundled tailwind.css (CSP blocks external scripts) - Make all asset paths relative for nginx proxy compatibility - Add bitcoin-ui build/deploy to deploy-to-target.sh (was missing entirely) - Use --network host (bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332) HTTPS mixed content fix: - Add HTTPS_PROXY_PATHS in AppSession.vue — when parent page is HTTPS, iframe loads through nginx proxy instead of direct HTTP port - Prevents browser blocking HTTP iframes inside HTTPS pages - All Tailscale servers use HTTPS, this was breaking all app iframes Deploy & first-boot improvements: - first-boot-containers.sh auto-detects disk size for pruning vs txindex - first-boot-containers.sh checks fallback source path for UI containers - Added mempool-electrs to APP_PORTS mapping - ElectrumX container creation in first-boot - Podman doctor/fix/uptime skills added Also includes: session persistence, identity management, LND transactions, ElectrumX status UI, nostr-provider improvements, Web5 enhancements Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 12:58:35 +00:00
## Roadmap
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
### Phase 1: Feature Testing (internal) — CURRENT
feat: bitcoin-ui CSS fix, HTTPS proxy support, deploy script improvements Bitcoin UI: - Replace cdn.tailwindcss.com with locally bundled tailwind.css (CSP blocks external scripts) - Make all asset paths relative for nginx proxy compatibility - Add bitcoin-ui build/deploy to deploy-to-target.sh (was missing entirely) - Use --network host (bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332) HTTPS mixed content fix: - Add HTTPS_PROXY_PATHS in AppSession.vue — when parent page is HTTPS, iframe loads through nginx proxy instead of direct HTTP port - Prevents browser blocking HTTP iframes inside HTTPS pages - All Tailscale servers use HTTPS, this was breaking all app iframes Deploy & first-boot improvements: - first-boot-containers.sh auto-detects disk size for pruning vs txindex - first-boot-containers.sh checks fallback source path for UI containers - Added mempool-electrs to APP_PORTS mapping - ElectrumX container creation in first-boot - Podman doctor/fix/uptime skills added Also includes: session persistence, identity management, LND transactions, ElectrumX status UI, nostr-provider improvements, Web5 enhancements Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 12:58:35 +00:00
| ID | Title | Priority | Status | Dependencies |
|----|-------|----------|--------|--------------|
fix(TASK-31): Sticky nav header for Apps + Marketplace My Apps/App Store/Services tabs, category filters, and search bar now stay fixed at the top on scroll using sticky positioning with glass-blur background. Applied to both Apps.vue and Marketplace.vue desktop views. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 18:18:31 +00:00
| **FEATURE-4** | **Onboarding loading screen with progress** | **P1** | IN PROGRESS | - |
| **TASK-9** | **Full feature testing sweep** | **P1** | PLANNED | - |
| **TASK-10** | **ISO build verification + multi-hardware test** | **P1** | PLANNED | - |
test: fix 5 appLauncher tests for panel mode, 515/515 passing Tests expected router.push but panel mode (now default) uses panelAppId store state instead. Updated assertions to check panelAppId. Fixed BTCPay app ID from 'btcpay' to 'btcpay-server'. All 515 tests pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 23:27:26 +00:00
| **TASK-12** | **Beta telemetry — node reporting + settings toggle** | **P1** | IN PROGRESS | - |
feat: TASK-31 nav header cleanup, TASK-38 Bitcoin sync gauge on homepage TASK-31: Cleaned up Apps page nav header structure (tabs + categories + search). TASK-38: Added Bitcoin Core sync progress gauge to homepage System Stats card — shows sync percentage, block height, and green/orange color coding. Only appears when Bitcoin is running. Grid expands to 4 columns when visible. Updated MASTER_PLAN.md — cleaned up completed sections, moved done items. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:22:39 +00:00
| **TASK-39** | **Finish .198 rootless container migration** | **P1** | PLANNED | TASK-11 |
fix: BUG-1 CSRF, TASK-8 H2/H3/H4, BUG-20/37/40/41 — 7 bugs fixed BUG-1 (P0): CSRF tokens now HMAC-derived from session token instead of random — survives backend restarts, eliminates cookie/header race conditions. Frontend retries 403s as belt-and-suspenders. TASK-8 H2: federation.peer-joined verifies ed25519 signature on join messages. TASK-8 H3: federation.peer-address-changed requires signed proof from known peer. TASK-8 H4: Rust backend default bind 0.0.0.0 → 127.0.0.1 (nginx proxies all). BUG-20: ElectrumX index estimate string fixed from ~55GB to ~130GB. BUG-37: App card Start/Stop buttons split into loading vs interactive states to prevent WebSocket state flicker during container scans. BUG-40: Uninstall modal uses Teleport to body with z-[3000] for full overlay. BUG-41: Uninstalling overlay on card + optimistic store removal. Updated MASTER_PLAN.md and BETA-PROGRESS.md to reflect all completed work. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:05:21 +00:00
| **BUG-3** | **IndeedHub WebSocket spam in console** | **P2** | PLANNED | - |
fix(TASK-31): Sticky nav header for Apps + Marketplace My Apps/App Store/Services tabs, category filters, and search bar now stay fixed at the top on scroll using sticky positioning with glass-blur background. Applied to both Apps.vue and Marketplace.vue desktop views. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 18:18:31 +00:00
| **TASK-17** | **Alpha version tags + rollback strategy** | **P2** | PLANNED | - |
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
### Phase 2: User Testing (controlled, real hardware)
| ID | Title | Priority | Status | Dependencies |
|----|-------|----------|--------|--------------|
| **TASK-13** | **Recruit 3-5 test users, distribute ISOs** | **P1** | NOT STARTED | Phase 1 complete |
| **TASK-14** | **Monitor telemetry, triage + fix user-reported issues** | **P1** | NOT STARTED | TASK-12, TASK-13 |
| **TASK-15** | **Rebuild ISO with fixes, re-verify** | **P1** | NOT STARTED | TASK-14 |
### Phase 3: Beta Live (public)
| ID | Title | Priority | Status | Dependencies |
|----|-------|----------|--------|--------------|
| **TASK-16** | **Final ISO build + release notes + distribution** | **P1** | NOT STARTED | Phase 2 complete |
### Post-Beta (FROZEN — do not start)
| ID | Title | Priority | Status | Dependencies |
|----|-------|----------|--------|--------------|
| **TASK-2** | **Roll incoming-tx into deploy & ISO** | **P2** | DEFERRED | - |
| **INQUIRY-5** | **Offline balance check via mesh relay** | **P2** | DEFERRED | - |
| **FEATURE-6** | **Watch-only wallet architecture** | **P1** | DEFERRED | - |
| **TASK-7** | **Mesh Bitcoin security hardening** | **P1** | DEFERRED | FEATURE-6 |
feat: bitcoin-ui CSS fix, HTTPS proxy support, deploy script improvements Bitcoin UI: - Replace cdn.tailwindcss.com with locally bundled tailwind.css (CSP blocks external scripts) - Make all asset paths relative for nginx proxy compatibility - Add bitcoin-ui build/deploy to deploy-to-target.sh (was missing entirely) - Use --network host (bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332) HTTPS mixed content fix: - Add HTTPS_PROXY_PATHS in AppSession.vue — when parent page is HTTPS, iframe loads through nginx proxy instead of direct HTTP port - Prevents browser blocking HTTP iframes inside HTTPS pages - All Tailscale servers use HTTPS, this was breaking all app iframes Deploy & first-boot improvements: - first-boot-containers.sh auto-detects disk size for pruning vs txindex - first-boot-containers.sh checks fallback source path for UI containers - Added mempool-electrs to APP_PORTS mapping - ElectrumX container creation in first-boot - Podman doctor/fix/uptime skills added Also includes: session persistence, identity management, LND transactions, ElectrumX status UI, nostr-provider improvements, Web5 enhancements Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 12:58:35 +00:00
## Active Work
feat: v1.2.0-alpha — E2E encrypted mesh relay, steganography, relay status polling Phase 5 mesh networking: - E2E encrypted TX relay (X25519 + ChaCha20-Poly1305) — non-Archy nodes relay encrypted blobs transparently via Meshcore native routing - Steganographic encoding modes (WeatherStation, SensorNetwork) — traffic looks like sensor data on the wire, 0xAA marker, configurable per-node - Pre-flight Bitcoin Core health check on relay node — specific error codes (bitcoin_unreachable, bitcoin_syncing, tx_rejected) instead of generic fails - mesh.relay-status RPC endpoint — frontend polls for relay result every 3s - On-Chain / Lightning tabs in Off-Grid Bitcoin panel - Archy Peers vs Mesh Broadcast relay mode selector - Mesh view fills viewport (no page scroll), internal panel scrolling - Version bump to 1.2.0-alpha Also includes: deploy hardening, container fixes, IndeedHub updates, boot screen, dashboard improvements, MASTER_PLAN task tracking Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 23:56:37 +00:00
### FEATURE-4: Onboarding loading screen with progress (IN PROGRESS)
**Priority**: P1 — High
**Status**: IN PROGRESS (2026-03-17)
Users hit the onboarding screen before the backend is ready, resulting in "Server is still starting up" errors that block identity creation. The onboarding flow should not begin until the server is fully operational.
**Solution**: Show the existing screensaver as a loading/boot screen with server startup progress. Swap the inner logo for animated pixel art icons (smiley face, Bitcoin logo, etc.) that cycle while services come online. Show progress indicators for each backend service (identity store, container runtime, LND, etc.). Only transition to onboarding once `/health` returns ready.
**Key considerations**:
- Reuse the existing screensaver component as the boot screen
- Animated pixel art icons rotate in the center (smiley, BTC, lightning bolt, etc.)
- Progress bar or status checklist showing which services are ready
- Poll `/health` endpoint for service readiness
- Smooth transition from boot screen → onboarding once all critical services are up
- First-boot vs normal boot: first boot shows onboarding after, normal boot goes to dashboard
**Key files**:
- `neode-ui/src/views/Onboarding.vue` — current onboarding flow
- `neode-ui/src/components/Screensaver.vue` — existing screensaver to repurpose
- `core/archipelago/src/api/rpc/mod.rs` — health endpoint
- `core/archipelago/src/server.rs` — startup sequence and service initialization
**Tasks**:
- [ ] Investigate current health endpoint — what services does it check, what's missing
- [ ] Design boot screen component: screensaver background + animated pixel icons + progress
- [ ] Create pixel art icon set (smiley, BTC, lightning, shield, etc.) as SVG/CSS animations
- [ ] Implement service readiness polling (health check with granular service status)
- [ ] Add backend support for granular startup progress (which services are ready)
- [ ] Build boot screen component with smooth transition to onboarding/dashboard
- [ ] Handle edge cases: very slow starts, partial service failures, timeout fallback
- [ ] Test on fresh ISO install (first-boot scenario)
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
### TASK-9: Full app testing matrix on fresh install (PLANNED)
security hardening
2026-03-18 09:56:40 +00:00
**Priority**: P1 — High
**Status**: PLANNED (2026-03-18)
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
Run through the complete `docs/BETA-RELEASE-CHECKLIST.md` app matrix on a fresh ISO install. Every app: install, launch, UI loads, uninstall. Every dependency chain: correct errors when deps missing.
security hardening
2026-03-18 09:56:40 +00:00
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
### TASK-10: ISO build verification + multi-hardware test (PLANNED)
**Priority**: P1 — High
**Status**: PLANNED (2026-03-18)
security hardening
2026-03-18 09:56:40 +00:00
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
Build a fresh ISO, install on at least 2 different hardware configurations, verify full onboarding flow, app installs, and multi-day uptime.
security hardening
2026-03-18 09:56:40 +00:00
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
---
security hardening
2026-03-18 09:56:40 +00:00
feat: rootless podman, session hardening, boot stability, sidebar fix Rootless podman migration (TASK-11): - Remove sudo from all podman calls in PodmanClient + 8 backend files - Remove sudo from all podman/docker calls in deploy script - Restore full systemd security hardening: NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, RestrictNamespaces, RestrictSUIDSGID, SystemCallFilter, ProtectSystem=strict - Enable loginctl linger for rootless container persistence - Remove Ollama from auto-deploy (marketplace-only) Session & auth hardening: - Increase MAX_CONCURRENT_SESSIONS 20→50 (prevents eviction storms) - Debounced 401 redirect in rpc-client.ts (prevents redirect storms) Boot stability: - optimize-debian.sh: adds chrony, swap, removes policy-rc.d - deploy script: pre-restart chrony + swap setup - ISO build: chrony package, swap file creation - BootScreen: no longer clears localStorage (prevents splash replay) - RootRedirect: sole owner of localStorage clearing on server ready UI fixes: - Sidebar opacity default changed from 0→visible (fixes missing sidebar after page-persistence login without entrance animation) - Console.log/error wrapped in import.meta.env.DEV guards - Remove unused route import from RootRedirect Beta tracking: - CLAUDE.md: beta freeze protocol added - MASTER_PLAN.md: TASK-11, TASK-17, phase structure - BETA-PROGRESS.md: initial tracking doc - Tagged v1.2.0-alpha.1 as pre-rootless baseline Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 13:53:27 +00:00
### TASK-17: Alpha version tags + rollback strategy (PLANNED)
**Priority**: P2 — Medium
**Status**: PLANNED (2026-03-18)
Tag every significant alpha version with git tags for easy rollback. Each tag should correspond to a deployable state. Maintain a version log so any alpha can be rebuilt and deployed.
**Tasks**:
- [ ] Tag current state as `v1.2.0-alpha.1` (pre-rootless-podman)
- [ ] Establish naming convention: `v{major}.{minor}.{patch}-alpha.{build}`
- [ ] Tag after rootless podman migration: `v1.2.0-alpha.2`
- [ ] Document rollback procedure (git checkout tag + deploy)
- [ ] Add version tag step to deploy script (auto-tag on successful deploy)
- [ ] Update CHANGELOG.md with each alpha milestone
---
fix: restore container scanning — relax systemd sandbox for podman The security hardening (NoNewPrivileges, RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime, ProtectSystem=strict) all blocked podman container management via sudo. These are temporarily disabled until TASK-11 (rootless podman migration) is complete. Remaining active protections: ProtectSystem=true (/usr, /boot), ProtectHome=yes, PrivateTmp=yes, PrivateDevices=no (mesh radio). Also adds TASK-11 to MASTER_PLAN.md for tracking the rootless podman migration that will allow re-enabling full security hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 12:06:35 +00:00
## Post-Beta (FROZEN)
*These tasks are deferred until after beta ships. Do not start.*
- **INQUIRY-5**: Offline balance check via mesh relay
- **FEATURE-6**: Watch-only wallet architecture
- **TASK-7**: Mesh Bitcoin security hardening
- **TASK-2**: Roll incoming-tx into deploy & ISO
security hardening
2026-03-18 09:56:40 +00:00
feat: bitcoin-ui CSS fix, HTTPS proxy support, deploy script improvements Bitcoin UI: - Replace cdn.tailwindcss.com with locally bundled tailwind.css (CSP blocks external scripts) - Make all asset paths relative for nginx proxy compatibility - Add bitcoin-ui build/deploy to deploy-to-target.sh (was missing entirely) - Use --network host (bitcoin-ui proxies Bitcoin RPC at 127.0.0.1:8332) HTTPS mixed content fix: - Add HTTPS_PROXY_PATHS in AppSession.vue — when parent page is HTTPS, iframe loads through nginx proxy instead of direct HTTP port - Prevents browser blocking HTTP iframes inside HTTPS pages - All Tailscale servers use HTTPS, this was breaking all app iframes Deploy & first-boot improvements: - first-boot-containers.sh auto-detects disk size for pruning vs txindex - first-boot-containers.sh checks fallback source path for UI containers - Added mempool-electrs to APP_PORTS mapping - ElectrumX container creation in first-boot - Podman doctor/fix/uptime skills added Also includes: session persistence, identity management, LND transactions, ElectrumX status UI, nostr-provider improvements, Web5 enhancements Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 12:58:35 +00:00
## Completed
fix: BUG-1 CSRF, TASK-8 H2/H3/H4, BUG-20/37/40/41 — 7 bugs fixed BUG-1 (P0): CSRF tokens now HMAC-derived from session token instead of random — survives backend restarts, eliminates cookie/header race conditions. Frontend retries 403s as belt-and-suspenders. TASK-8 H2: federation.peer-joined verifies ed25519 signature on join messages. TASK-8 H3: federation.peer-address-changed requires signed proof from known peer. TASK-8 H4: Rust backend default bind 0.0.0.0 → 127.0.0.1 (nginx proxies all). BUG-20: ElectrumX index estimate string fixed from ~55GB to ~130GB. BUG-37: App card Start/Stop buttons split into loading vs interactive states to prevent WebSocket state flicker during container scans. BUG-40: Uninstall modal uses Teleport to body with z-[3000] for full overlay. BUG-41: Uninstalling overlay on card + optimistic store removal. Updated MASTER_PLAN.md and BETA-PROGRESS.md to reflect all completed work. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:05:21 +00:00
| ID | Title | Completed |
|----|-------|-----------|
| **TASK-11** | Rootless podman migration (.228 — 30 containers) | 2026-03-18 |
| **TASK-32** | Integrate boot loader into deploy + build + production | 2026-03-17 |
| **TASK-34** | Pentest findings remediation plan | 2026-03-18 |
| **TASK-26** | Rename fedimintd to "Fedimint Guardian" + icon | 2026-03-18 |
| **TASK-27** | Add tab-launch icon to apps that open in tabs | 2026-03-18 |
| **TASK-28** | Sort installed apps to end of marketplace | 2026-03-18 |
| **TASK-29** | Fix mesh mobile: remove title/flash/peers header, fix gutters | 2026-03-18 |
| **TASK-30** | On-Chain as first tab in receive Bitcoin modals | 2026-03-18 |
| **TASK-35** | Federation node names (show name not DID, hover for key) | 2026-03-18 |
| **TASK-36** | Cleaner iframe error screen with remediation | 2026-03-18 |
feat: TASK-31 nav header cleanup, TASK-38 Bitcoin sync gauge on homepage TASK-31: Cleaned up Apps page nav header structure (tabs + categories + search). TASK-38: Added Bitcoin Core sync progress gauge to homepage System Stats card — shows sync percentage, block height, and green/orange color coding. Only appears when Bitcoin is running. Grid expands to 4 columns when visible. Updated MASTER_PLAN.md — cleaned up completed sections, moved done items. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:22:39 +00:00
| **BUG-1** | Random logout / CSRF mismatch — HMAC-derived tokens | 2026-03-18 |
| **TASK-8** | Security hardening — 12/12 pentest findings fixed | 2026-03-18 |
| **BUG-20** | ElectrumX index estimate string ~55→~130 GB | 2026-03-18 |
| **BUG-37** | App card Start/Launch flicker during container scan | 2026-03-18 |
| **BUG-40** | Uninstall dialog not full-screen modal | 2026-03-18 |
| **BUG-41** | Uninstall loader ends but app card persists | 2026-03-18 |
fix: BUG-1 CSRF, TASK-8 H2/H3/H4, BUG-20/37/40/41 — 7 bugs fixed BUG-1 (P0): CSRF tokens now HMAC-derived from session token instead of random — survives backend restarts, eliminates cookie/header race conditions. Frontend retries 403s as belt-and-suspenders. TASK-8 H2: federation.peer-joined verifies ed25519 signature on join messages. TASK-8 H3: federation.peer-address-changed requires signed proof from known peer. TASK-8 H4: Rust backend default bind 0.0.0.0 → 127.0.0.1 (nginx proxies all). BUG-20: ElectrumX index estimate string fixed from ~55GB to ~130GB. BUG-37: App card Start/Stop buttons split into loading vs interactive states to prevent WebSocket state flicker during container scans. BUG-40: Uninstall modal uses Teleport to body with z-[3000] for full overlay. BUG-41: Uninstalling overlay on card + optimistic store removal. Updated MASTER_PLAN.md and BETA-PROGRESS.md to reflect all completed work. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:05:21 +00:00
| **BUG-33** | CPU load alert threshold too low (8 = 2x cores) | 2026-03-18 |
feat: TASK-31 nav header cleanup, TASK-38 Bitcoin sync gauge on homepage TASK-31: Cleaned up Apps page nav header structure (tabs + categories + search). TASK-38: Added Bitcoin Core sync progress gauge to homepage System Stats card — shows sync percentage, block height, and green/orange color coding. Only appears when Bitcoin is running. Grid expands to 4 columns when visible. Updated MASTER_PLAN.md — cleaned up completed sections, moved done items. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:22:39 +00:00
| **TASK-31** | Sticky nav header (Apps page) | 2026-03-18 |
| **TASK-38** | Blockchain sync info on homepage System card | 2026-03-18 |
Reference in New Issue Copy Permalink