release(v1.7.18-alpha): transitive peers default Trusted + update-flow logs

Flip transitively-discovered federation peers to Trusted instead of
Observer. Hints are already only ingested from peers we trust and only
peers we trust are re-exported via build_local_state, so the chain of
trust is already vetted end-to-end — making the user promote each
newcomer by hand was friction with no security win.

Backend:
- federation/sync.rs: merge_transitive_peers now inserts TrustLevel::Trusted
  (doc comment updated to explain the transitive-trust rationale)
- update.rs: info! log at download start (version, components, total_bytes,
  staging path), cancel (staging wiped?, marker cleared?), and apply (backup
  path) so journalctl reveals where a stuck update actually is

Frontend:
- SystemUpdate What's New block gets a v1.7.18-alpha entry

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

core/Cargo.lock

@@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
 
 [[package]]
 name = "archipelago"
-version = "1.7.17-alpha"
+version = "1.7.18-alpha"
 dependencies = [
  "anyhow",
  "archipelago-container",

core/archipelago/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "archipelago"
-version = "1.7.17-alpha"
+version = "1.7.18-alpha"
 edition = "2021"
 description = "Archipelago Bitcoin Node OS - Native backend"
 authors = ["Archipelago Team"]

core/archipelago/src/federation/sync.rs

@@ -107,8 +107,10 @@ pub async fn sync_with_peer_by_did(
 }
 
 /// Merge peers advertised by a Trusted federated node into our own
-/// federation list. New peers are added at `Observer` trust (not
-/// Trusted — that requires a direct invite). Existing peers get their
+/// federation list. New peers are added at `Trusted` — hints only
+/// arrive from peers we already trust, and `build_local_state` only
+/// re-exports our Trusted list, so transitive membership carries the
+/// same trust the direct-invite path gives. Existing peers get their
 /// `fips_npub` refreshed if we hadn't learned it yet.
 ///
 /// Peers we are (us) or that we already track by DID are skipped.
@@ -142,7 +144,7 @@ async fn merge_transitive_peers(
             pubkey: hint.pubkey.clone(),
             onion: hint.onion.clone(),
             name: hint.name.clone(),
-            trust_level: TrustLevel::Observer,
+            trust_level: TrustLevel::Trusted,
             added_at: chrono::Utc::now().to_rfc3339(),
             last_seen: None,
             last_state: None,

core/archipelago/src/update.rs

@@ -244,6 +244,14 @@ pub async fn download_update(data_dir: &Path) -> Result<DownloadProgress> {
     let mut downloaded = 0u64;
     let total_bytes: u64 = manifest.components.iter().map(|c| c.size_bytes).sum();
 
+    info!(
+        version = %manifest.version,
+        components = manifest.components.len(),
+        total_bytes,
+        staging = %staging_dir.display(),
+        "Starting update download"
+    );
+
     // Clear any stale cancel flag from a prior aborted run, then seed
     // the live counters so polls during the handshake show the right
     // denominator immediately instead of 0/0 → NaN%.
@@ -477,17 +485,27 @@ pub async fn cancel_download(data_dir: &Path) -> Result<()> {
     DOWNLOAD_BYTES.store(0, Ordering::Relaxed);
     DOWNLOAD_TOTAL.store(0, Ordering::Relaxed);
     let staging = data_dir.join("update-staging");
-    if staging.exists() {
-        let _ = tokio::fs::remove_dir_all(&staging).await;
-    }
+    let wiped = if staging.exists() {
+        tokio::fs::remove_dir_all(&staging).await.is_ok()
+    } else {
+        false
+    };
     // Clear the "downloaded, ready to apply" marker too — a canceled
     // download is not a staged update.
+    let mut cleared_marker = false;
     if let Ok(mut state) = load_state(data_dir).await {
         if state.update_in_progress {
             state.update_in_progress = false;
             let _ = save_state(data_dir, &state).await;
+            cleared_marker = true;
         }
     }
+    info!(
+        staging = %staging.display(),
+        wiped,
+        cleared_marker,
+        "Update download canceled"
+    );
     Ok(())
 }
 
@@ -529,6 +547,12 @@ pub async fn apply_update(data_dir: &Path) -> Result<()> {
         .await
         .context("Failed to create backup dir")?;
 
+    info!(
+        staging = %staging_dir.display(),
+        backup = %backup_dir.display(),
+        "Applying staged update"
+    );
+
     // Back up current backend binary
     let current_binary = Path::new("/usr/local/bin/archipelago");
     if current_binary.exists() {

neode-ui/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "neode-ui",
-  "version": "1.3.5",
+  "version": "1.6.0-alpha",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "neode-ui",
-      "version": "1.3.5",
+      "version": "1.6.0-alpha",
       "dependencies": {
         "@types/dompurify": "^3.0.5",
         "@vue-leaflet/vue-leaflet": "^0.10.1",

neode-ui/src/views/settings/AccountInfoSection.vue

@@ -180,6 +180,17 @@ init()
               </button>
             </div>
             <div class="overflow-y-auto flex-1 min-h-0 space-y-6 pr-1">
+              <!-- v1.7.18-alpha -->
+              <div>
+                <div class="flex items-center gap-2 mb-3">
+                  <span class="text-xs font-mono px-2 py-0.5 rounded bg-orange-500/20 text-orange-300">v1.7.18-alpha</span>
+                  <span class="text-xs text-white/40">Apr 20, 2026</span>
+                </div>
+                <div class="space-y-3 text-sm text-white/80 pl-3 border-l border-white/10">
+                  <p>Nodes discovered through a trusted peer now land as Trusted instead of Observer. When your federated peer shares its own peer list with you, those nodes get the same trust level as a direct invite — the link they came through is already one you vetted, so you no longer need to promote them by hand before they can be used normally.</p>
+                  <p>The update flow now writes clearer logs at every step. Start of download, cancel, and apply each emit a one-line entry to the system journal with the staging path and the affected files, so if a download misbehaves on your node it's easy to see exactly where it got to.</p>
+                </div>
+              </div>
               <!-- v1.7.17-alpha -->
               <div>
                 <div class="flex items-center gap-2 mb-3">

releases/manifest.json

@@ -1,27 +1,26 @@
 {
-  "version": "1.7.17-alpha",
+  "version": "1.7.18-alpha",
   "release_date": "2026-04-20",
   "changelog": [
-    "When a download gets stuck, you can now cancel it. A new Cancel Download button sits next to the progress bar — it stops the transfer, clears the partial file, and returns you to a clean state so you can retry. No more staring at a frozen bar with no way to recover.",
-    "Downloads that stall for 30 seconds or more now say so. The progress bar turns amber and shows 'Download appears stuck — try Cancel and start again' instead of just sitting silently at whatever percent it reached.",
-    "Canceling is fast. It no longer has to wait out the retry timer — the download bails within half a second, so you're not stuck watching a stuck screen while you wait to unstick it."
+    "Nodes discovered through a trusted peer now land as Trusted instead of Observer. When your federated peer shares its own peer list with you, those nodes get the same trust level as a direct invite — the link they came through is already one you vetted, so you no longer need to promote them by hand before they can be used normally.",
+    "The update flow now writes clearer logs at every step. Start of download, cancel, and apply each emit a one-line entry to the system journal with the staging path and the affected files, so if a download misbehaves on your node it's easy to see exactly where it got to."
   ],
   "components": [
     {
       "name": "archipelago",
-      "current_version": "1.7.16-alpha",
-      "new_version": "1.7.17-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.17-alpha/archipelago",
-      "sha256": "57020053d8c587feb9e4761ca66dd3fac43edafe0e8198c399e7ca4246e7752d",
-      "size_bytes": 40649896
+      "current_version": "1.7.17-alpha",
+      "new_version": "1.7.18-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.18-alpha/archipelago",
+      "sha256": "a025110247f49290f0005dc78af106b3205f676bbf5dc883531b3c5a14f8d663",
+      "size_bytes": 40661320
     },
     {
-      "name": "archipelago-frontend-1.7.17-alpha.tar.gz",
-      "current_version": "1.7.16-alpha",
-      "new_version": "1.7.17-alpha",
-      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.17-alpha/archipelago-frontend-1.7.17-alpha.tar.gz",
-      "sha256": "59679f6d45c11f44ffb5dbd060ffca00022789aa830e731640bcb41be07d7a93",
-      "size_bytes": 162083786
+      "name": "archipelago-frontend-1.7.18-alpha.tar.gz",
+      "current_version": "1.7.17-alpha",
+      "new_version": "1.7.18-alpha",
+      "download_url": "https://git.tx1138.com/lfg2025/archy/raw/branch/main/releases/v1.7.18-alpha/archipelago-frontend-1.7.18-alpha.tar.gz",
+      "sha256": "e6bfee15ff8cb3aad7cef381fc3b13a937630ad6fafd1ff4955883f69cc3b9b0",
+      "size_bytes": 162065873
     }
   ]
 }