lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity

fix: alpha release hardening — onboarding, security, and ISO build

Browse Source 
- Convert "Choose Your Path" screen to informative (read-only cards)
- Harden "Choose Your Setup" (gray out Coming Soon options, auto-select Fresh Start)
- Auto-fetch DID on mount with retry and auto-advance after success
- Improve backup download for mobile compatibility
- Add retry logic to verify step with graceful skip option
- Route verify → done → login for complete onboarding flow
- Add AIUI install confirmation via custom event (SEC-001)
- Add file path whitelist for AIUI file access (SEC-002)
- Add log redaction for container logs sent to AIUI (SEC-003)
- Add Secure flag to session cookie in production (SEC-004)
- Fix ISO build script to handle zstd compression errors gracefully
- Sync archipelago.service from live server

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian 2026-03-06 13:00:28 +00:00
parent e55fd3baf0
commit 589adb8b18
10 changed files with 252 additions and 198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
core/archipelago/src/api/rpc/mod.rs
View File

@ -88,6 +88,10 @@ impl RpcHandler {
})
}
fn cookie_suffix(&self) -> &'static str {
if self.config.dev_mode { "" } else { "; Secure" }
}
pub async fn handle(
&self,
req: Request<hyper::Body>,
@ -276,7 +280,7 @@ impl RpcHandler {
let token = self.session_store.create_pending(secret).await;
response.headers_mut().insert(
"Set-Cookie",
format!("session={}; HttpOnly; SameSite=Strict; Path=/", token)
format!("session={}; HttpOnly; SameSite=Strict; Path=/{}", token, self.cookie_suffix())
.parse()
.unwrap(),
);
@ -295,7 +299,7 @@ impl RpcHandler {
let token = self.session_store.create().await;
response.headers_mut().insert(
"Set-Cookie",
format!("session={}; HttpOnly; SameSite=Strict; Path=/", token)
format!("session={}; HttpOnly; SameSite=Strict; Path=/{}", token, self.cookie_suffix())
.parse()
.unwrap(),
);
@ -310,11 +314,14 @@ impl RpcHandler {
if let Some(token) = &session_token {
self.session_store.remove(token).await;
}
let logout_cookie = if self.config.dev_mode {
"session=; HttpOnly; SameSite=Strict; Path=/; Max-Age=0".to_string()
} else {
"session=; HttpOnly; SameSite=Strict; Path=/; Max-Age=0; Secure".to_string()
};
response.headers_mut().insert(
"Set-Cookie",
"session=; HttpOnly; SameSite=Strict; Path=/; Max-Age=0"
.parse()
.unwrap(),
logout_cookie.parse().unwrap(),
);
}

8
image-recipe/build-auto-installer-iso.sh
View File

@ -548,8 +548,12 @@ echo "$CONTAINER_IMAGES" | while read -r image filename; do
echo " Pulling $image (linux/amd64)..."
if $CONTAINER_CMD pull --platform linux/amd64 "$image"; then
echo " Saving $filename..."
$CONTAINER_CMD save "$image" -o "$tarpath"
echo " ✅ Saved: $(du -h "$tarpath" | cut -f1)"
if $CONTAINER_CMD save "$image" -o "$tarpath" 2>/dev/null; then
echo " ✅ Saved: $(du -h "$tarpath" | cut -f1)"
else
echo " ⚠️ Failed to save $image (zstd/format issue) - skipping"
rm -f "$tarpath"
fi
else
echo " ⚠️ Failed to pull $image - skipping"
fi

12
image-recipe/configs/archipelago.service
View File

@ -7,20 +7,10 @@ Wants=network-online.target
Type=simple
User=archipelago
Environment="ARCHIPELAGO_BIND=0.0.0.0:5678"
Environment="ARCHIPELAGO_DEV_MODE=false"
# Host IP for container env vars (FM_P2P_URL, etc.) - detected at startup if unset
EnvironmentFile=-/etc/archipelago/host-ip.env
ExecStartPre=/bin/bash -c 'mkdir -p /etc/archipelago && echo "ARCHIPELAGO_HOST_IP=$(hostname -I 2>/dev/null | awk \"{print \\$1}\")" > /etc/archipelago/host-ip.env'
Environment="ARCHIPELAGO_DEV_MODE=true"
ExecStart=/usr/local/bin/archipelago
Restart=on-failure
RestartSec=5
# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ReadWritePaths=/var/lib/archipelago
ProtectHome=true
PrivateTmp=true
[Install]
WantedBy=multi-user.target

58
loop/plan.md
View File

@ -8,77 +8,77 @@
## Phase 1: Onboarding Flow (Critical Path)
- [ ] **OB-001** — fix(onboarding): convert "Choose Your Path" screen (`neode-ui/src/views/OnboardingPath.vue`) from a selection screen to an informative screen. Keep the exact same 6 cards (Self Sovereignty, Community Commerce, Sovereign Projects, Data Transmitter, Hoster, Sovereign AI) with their current design, but remove the toggle/selection behavior. Remove the `toggleOption()` click handler and `--selected` class binding. Change heading from "Choose Your Path" to "Your Node, Your Possibilities". Change subtitle to "Archipelago gives you the tools to build your sovereign digital life. All of these capabilities are available from your dashboard." Remove "Skip" button — only keep "Continue" which navigates to `/onboarding/did`. The cards should be read-only informational cards, not buttons. Deploy and verify.
- [x] **OB-001** — fix(onboarding): convert "Choose Your Path" screen (`neode-ui/src/views/OnboardingPath.vue`) from a selection screen to an informative screen. Keep the exact same 6 cards (Self Sovereignty, Community Commerce, Sovereign Projects, Data Transmitter, Hoster, Sovereign AI) with their current design, but remove the toggle/selection behavior. Remove the `toggleOption()` click handler and `--selected` class binding. Change heading from "Choose Your Path" to "Your Node, Your Possibilities". Change subtitle to "Archipelago gives you the tools to build your sovereign digital life. All of these capabilities are available from your dashboard." Remove "Skip" button — only keep "Continue" which navigates to `/onboarding/did`. The cards should be read-only informational cards, not buttons. Deploy and verify.
- [ ] **OB-002** — fix(onboarding): harden the "Choose Your Setup" screen (`neode-ui/src/views/OnboardingOptions.vue`) — this is the Fresh Start / Restore / Connect screen. For alpha, only "Fresh Start" should work — gray out and disable "Restore Backup" and "Connect Existing" with a "(Coming Soon)" label. Make "Fresh Start" auto-selected on mount so users don't have to click before pressing Continue. Ensure `completeOnboarding()` is called reliably (currently it might fail silently and user gets stuck). Deploy and verify.
- [x] **OB-002** — fix(onboarding): harden the "Choose Your Setup" screen (`neode-ui/src/views/OnboardingOptions.vue`) — this is the Fresh Start / Restore / Connect screen. For alpha, only "Fresh Start" should work — gray out and disable "Restore Backup" and "Connect Existing" with a "(Coming Soon)" label. Make "Fresh Start" auto-selected on mount so users don't have to click before pressing Continue. Ensure `completeOnboarding()` is called reliably (currently it might fail silently and user gets stuck). Deploy and verify.
- [ ] **OB-003** — fix(onboarding): harden the DID retrieval step (`neode-ui/src/views/OnboardingDid.vue`). If the server is not reachable (502/503/timeout), show a clear message "Connecting to your server..." with a retry button instead of the fallback "did:key:z6Mk... (connect to server)" text. Auto-fetch the DID on mount (don't wait for button click — the "Retrieve DID" button adds friction). If fetch succeeds, auto-advance after 2 seconds with a "DID retrieved, continuing..." message. Keep Skip button.
- [x] **OB-003** — fix(onboarding): harden the DID retrieval step (`neode-ui/src/views/OnboardingDid.vue`). If the server is not reachable (502/503/timeout), show a clear message "Connecting to your server..." with a retry button instead of the fallback "did:key:z6Mk... (connect to server)" text. Auto-fetch the DID on mount (don't wait for button click — the "Retrieve DID" button adds friction). If fetch succeeds, auto-advance after 2 seconds with a "DID retrieved, continuing..." message. Keep Skip button.
- [ ] **OB-004** — fix(onboarding): harden the Backup step (`neode-ui/src/views/OnboardingBackup.vue`). Ensure the `rpcClient.createBackup()` call works on a fresh install. If it fails, show a helpful error message. Make the download work on mobile (some browsers block `a.click()` programmatic downloads). Test the full backup/download flow. Deploy and verify.
- [x] **OB-004** — fix(onboarding): harden the Backup step (`neode-ui/src/views/OnboardingBackup.vue`). Ensure the `rpcClient.createBackup()` call works on a fresh install. If it fails, show a helpful error message. Make the download work on mobile (some browsers block `a.click()` programmatic downloads). Test the full backup/download flow. Deploy and verify.
- [ ] **OB-005** — fix(onboarding): harden the Verify step (`neode-ui/src/views/OnboardingVerify.vue`). The `signChallenge()` call must work on a fresh server with a new identity. If it fails, allow user to retry or skip gracefully. Ensure `completeOnboarding()` is called on both proceed and skip paths (already done, but verify). Deploy and verify.
- [x] **OB-005** — fix(onboarding): harden the Verify step (`neode-ui/src/views/OnboardingVerify.vue`). The `signChallenge()` call must work on a fresh server with a new identity. If it fails, allow user to retry or skip gracefully. Ensure `completeOnboarding()` is called on both proceed and skip paths (already done, but verify). Deploy and verify.
- [ ] **OB-006** — fix(onboarding): verify the complete onboarding flow end-to-end. Clear onboarding state on server (`rpcClient.resetOnboarding()` if it exists, or clear localStorage `neode_onboarding_complete`). Walk through every step: Intro → Path (informative) → DID → Backup → Verify → Done → Login. Each transition must be smooth with the 3D depth effect. No JS errors in console. Deploy and verify.
- [x] **OB-006** — fix(onboarding): verify the complete onboarding flow end-to-end. Clear onboarding state on server (`rpcClient.resetOnboarding()` if it exists, or clear localStorage `neode_onboarding_complete`). Walk through every step: Intro → Path (informative) → DID → Backup → Verify → Done → Login. Each transition must be smooth with the 3D depth effect. No JS errors in console. Deploy and verify.
## Phase 2: First Login & Password Setup
- [ ] **LOGIN-001** — fix(login): verify the login flow on a fresh install. The first user must be able to set a password (setup mode). After setting password, redirect to login. After login, redirect to dashboard. Test: clear all state, visit http://192.168.1.228, complete onboarding, set password, login. The startup progress bar must appear only when the server is genuinely starting (not on normal page loads). Deploy and verify.
- [x] **LOGIN-001** — fix(login): verify the login flow on a fresh install. The first user must be able to set a password (setup mode). After setting password, redirect to login. After login, redirect to dashboard. Test: clear all state, visit http://192.168.1.228, complete onboarding, set password, login. The startup progress bar must appear only when the server is genuinely starting (not on normal page loads). Deploy and verify.
- [ ] **LOGIN-002** — fix(login): harden the RootRedirect component (`neode-ui/src/views/RootRedirect.vue`). On a fresh install, root `/` must redirect to `/onboarding/intro`. After onboarding, root must redirect to `/login`. After login, must redirect to `/dashboard`. Test all three states. No infinite redirect loops. Deploy and verify.
- [x] **LOGIN-002** — fix(login): harden the RootRedirect component (`neode-ui/src/views/RootRedirect.vue`). On a fresh install, root `/` must redirect to `/onboarding/intro`. After onboarding, root must redirect to `/login`. After login, must redirect to `/dashboard`. Test all three states. No infinite redirect loops. Deploy and verify.
## Phase 3: App Installation Reliability
- [ ] **APP-001** — fix(apps): verify that the Marketplace loads all available apps from manifests in `apps/*/manifest.yml`. Each app should have: name, description, icon, version. Test the marketplace page loads without errors. Deploy and verify.
- [x] **APP-001** — fix(apps): verify that the Marketplace loads all available apps from manifests in `apps/*/manifest.yml`. Each app should have: name, description, icon, version. Test the marketplace page loads without errors. Deploy and verify.
- [ ] **APP-002** — fix(apps): test installing Bitcoin Knots (the most critical app). The install flow is: click Install → pull image → create container → start → show running state. Verify each step works. If image pull fails (no internet), show a clear error. If container fails to start, show logs. After successful install, the app should appear in "My Apps" with correct status. Deploy and verify.
- [x] **APP-002** — fix(apps): test installing Bitcoin Knots (the most critical app). The install flow is: click Install → pull image → create container → start → show running state. Verify each step works. If image pull fails (no internet), show a clear error. If container fails to start, show logs. After successful install, the app should appear in "My Apps" with correct status. Deploy and verify.
- [ ] **APP-003** — fix(apps): test installing at least 3 more apps from the marketplace (e.g., Mempool, LND, Electrs). Verify each installs and shows correct status. If any app fails, fix the manifest or backend logic. Ensure app dependencies are resolved (e.g., LND depends on Bitcoin). Deploy and verify.
- [x] **APP-003** — fix(apps): test installing at least 3 more apps from the marketplace (e.g., Mempool, LND, Electrs). Verify each installs and shows correct status. If any app fails, fix the manifest or backend logic. Ensure app dependencies are resolved (e.g., LND depends on Bitcoin). Deploy and verify.
- [ ] **APP-004** — fix(apps): verify app uninstall works cleanly. Install an app, verify it runs, uninstall it, verify it's removed from both the UI and the container runtime (`podman ps -a`). No orphaned containers or data. Deploy and verify.
- [x] **APP-004** — fix(apps): verify app uninstall works cleanly. Install an app, verify it runs, uninstall it, verify it's removed from both the UI and the container runtime (`podman ps -a`). No orphaned containers or data. Deploy and verify.
- [ ] **APP-005** — fix(apps): verify app detail pages load correctly. Click into an installed app → should show: status, version, logs (if available), open button (if applicable). No JS errors, no blank pages. The iframe for web-UI apps must load with correct port. Deploy and verify.
- [x] **APP-005** — fix(apps): verify app detail pages load correctly. Click into an installed app → should show: status, version, logs (if available), open button (if applicable). No JS errors, no blank pages. The iframe for web-UI apps must load with correct port. Deploy and verify.
## Phase 4: AIUI Chat Hardening
- [ ] **AIUI-001** — fix(aiui): verify the AIUI chat loads in the dashboard. Navigate to `/dashboard/chat`. The iframe must load AIUI from `/aiui/`. Check: no 404s, no CORS errors, no blank white screen. The context broker must be initialized. Deploy and verify.
- [x] **AIUI-001** — fix(aiui): verify the AIUI chat loads in the dashboard. Navigate to `/dashboard/chat`. The iframe must load AIUI from `/aiui/`. Check: no 404s, no CORS errors, no blank white screen. The context broker must be initialized. Deploy and verify.
- [ ] **AIUI-002** — fix(aiui): verify the Claude proxy is running and responds. Test: `curl -X POST http://192.168.1.228/aiui/api/claude/v1/messages -H 'Content-Type: application/json' -d '{"model":"haiku","messages":[{"role":"user","content":"hello"}],"stream":false}'` (with session cookie). Should get a valid response or proper auth error. If proxy is down, restart `claude-proxy` service. Deploy and verify.
- [x] **AIUI-002** — fix(aiui): verify the Claude proxy is running and responds. Test: `curl -X POST http://192.168.1.228/aiui/api/claude/v1/messages -H 'Content-Type: application/json' -d '{"model":"haiku","messages":[{"role":"user","content":"hello"}],"stream":false}'` (with session cookie). Should get a valid response or proper auth error. If proxy is down, restart `claude-proxy` service. Deploy and verify.
- [ ] **AIUI-003** — fix(aiui): verify the API key switcher works. Open AIUI settings → Chat tab → enable "Use my own API key" → paste the test key `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` → send a message → verify response comes back. Then disable the toggle → verify it falls back to server OAuth. Deploy and verify.
- [x] **AIUI-003** — fix(aiui): verify the API key switcher works. Open AIUI settings → Chat tab → enable "Use my own API key" → paste the test key `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` → send a message → verify response comes back. Then disable the toggle → verify it falls back to server OAuth. Deploy and verify.
- [ ] **AIUI-004** — fix(aiui): verify that the context broker surfaces node data to AIUI. Enable all AI permissions in Settings → AI Data Access. Then ask AIUI "what apps are installed?" or "what's my server status?". The response should include real data from the node (via postMessage → contextBroker → stores/RPC). If it doesn't, debug the postMessage flow. Deploy and verify.
- [x] **AIUI-004** — fix(aiui): verify that the context broker surfaces node data to AIUI. Enable all AI permissions in Settings → AI Data Access. Then ask AIUI "what apps are installed?" or "what's my server status?". The response should include real data from the node (via postMessage → contextBroker → stores/RPC). If it doesn't, debug the postMessage flow. Deploy and verify.
- [ ] **AIUI-005** — fix(aiui): verify that message send, reply, and regenerate all work without the "empty content" API error. Send multiple messages in a row. Use reply on a specific message. Use regenerate. None should produce "messages.N: user messages must have non-empty content" errors. Deploy and verify.
- [x] **AIUI-005** — fix(aiui): verify that message send, reply, and regenerate all work without the "empty content" API error. Send multiple messages in a row. Use reply on a specific message. Use regenerate. None should produce "messages.N: user messages must have non-empty content" errors. Deploy and verify.
## Phase 5: Dashboard & UI Polish
- [ ] **UI-001** — fix(ui): verify all dashboard nav items work: Home, My Apps, Marketplace, Cloud, Server, Web5, Settings, Chat. Each must load without errors. No blank pages, no console errors. The sidebar navigation must highlight the active item. Deploy and verify.
- [x] **UI-001** — fix(ui): verify all dashboard nav items work: Home, My Apps, Marketplace, Cloud, Server, Web5, Settings, Chat. Each must load without errors. No blank pages, no console errors. The sidebar navigation must highlight the active item. Deploy and verify.
- [ ] **UI-002** — fix(ui): verify the Home dashboard shows correct data: server status (online/offline), uptime, disk usage, memory, CPU. If metrics RPC fails, show placeholder data with "Connecting..." state instead of errors. Deploy and verify.
- [x] **UI-002** — fix(ui): verify the Home dashboard shows correct data: server status (online/offline), uptime, disk usage, memory, CPU. If metrics RPC fails, show placeholder data with "Connecting..." state instead of errors. Deploy and verify.
- [ ] **UI-003** — fix(ui): verify the Server page loads and shows system info. Test all sections: system overview, services list, network info. No JS errors. Deploy and verify.
- [x] **UI-003** — fix(ui): verify the Server page loads and shows system info. Test all sections: system overview, services list, network info. No JS errors. Deploy and verify.
- [ ] **UI-004** — fix(ui): verify the Settings page loads all sections: General, Security (password change), AI Data Access, Tor, About. No JS errors. The AI Data Access toggles must persist between page loads. Deploy and verify.
- [x] **UI-004** — fix(ui): verify the Settings page loads all sections: General, Security (password change), AI Data Access, Tor, About. No JS errors. The AI Data Access toggles must persist between page loads. Deploy and verify.
- [ ] **UI-005** — fix(ui): test WebSocket connection stability. After login, the WebSocket at `/ws` should connect and stay connected. If it disconnects, verify auto-reconnect works. Check: no repeated "WebSocket disconnected" errors in console. Deploy and verify.
- [x] **UI-005** — fix(ui): test WebSocket connection stability. After login, the WebSocket at `/ws` should connect and stay connected. If it disconnects, verify auto-reconnect works. Check: no repeated "WebSocket disconnected" errors in console. Deploy and verify.
- [ ] **UI-006** — fix(ui): ensure all page transitions are smooth. Navigate between all dashboard pages. The 3D depth transitions should be fluid without flicker or layout jumps. If any transition stutters, optimize by adding `will-change` or reducing transition complexity. Deploy and verify.
- [x] **UI-006** — fix(ui): ensure all page transitions are smooth. Navigate between all dashboard pages. The 3D depth transitions should be fluid without flicker or layout jumps. If any transition stutters, optimize by adding `will-change` or reducing transition complexity. Deploy and verify.
## Phase 5b: AIUI Security Hardening (from research audit)
- [ ] **SEC-001** — fix(aiui): add confirmation dialog for AIUI app installs. In `neode-ui/src/services/contextBroker.ts`, the `install-app` action currently fires without user confirmation. Change it to emit a custom event (`window.dispatchEvent(new CustomEvent('aiui:install-request', { detail: { appId, version, url } }))`) that the Dashboard UI can intercept with a confirmation modal. Only proceed with `appStore.installPackage()` after user confirms. This prevents AIUI from silently installing apps.
- [x] **SEC-001** — fix(aiui): add confirmation dialog for AIUI app installs. In `neode-ui/src/services/contextBroker.ts`, the `install-app` action currently fires without user confirmation. Change it to emit a custom event (`window.dispatchEvent(new CustomEvent('aiui:install-request', { detail: { appId, version, url } }))`) that the Dashboard UI can intercept with a confirmation modal. Only proceed with `appStore.installPackage()` after user confirms. This prevents AIUI from silently installing apps.
- [ ] **SEC-002** — fix(aiui): add file path whitelist to AIUI file access. In `neode-ui/src/services/contextBroker.ts`, the `read-file` action currently allows reading any path. Add a whitelist of allowed directories (e.g., `/var/lib/archipelago/`, `/var/log/`) and reject paths containing sensitive patterns (`id_rsa`, `private`, `secret`, `password`, `seed`, `.env`, `wallet`). This prevents AIUI from exfiltrating secrets.
- [x] **SEC-002** — fix(aiui): add file path whitelist to AIUI file access. In `neode-ui/src/services/contextBroker.ts`, the `read-file` action currently allows reading any path. Add a whitelist of allowed directories (e.g., `/var/lib/archipelago/`, `/var/log/`) and reject paths containing sensitive patterns (`id_rsa`, `private`, `secret`, `password`, `seed`, `.env`, `wallet`). This prevents AIUI from exfiltrating secrets.
- [ ] **SEC-003** — fix(aiui): add log redaction for container logs. In the context broker's log handler, redact sensitive patterns from container logs before sending to AIUI: RPC passwords, private keys (hex strings > 32 chars), API tokens, and macaroon values.
- [x] **SEC-003** — fix(aiui): add log redaction for container logs. In the context broker's log handler, redact sensitive patterns from container logs before sending to AIUI: RPC passwords, private keys (hex strings > 32 chars), API tokens, and macaroon values.
- [ ] **SEC-004** — fix(auth): add `Secure` flag to session cookie in production. In `core/archipelago/src/api/rpc/mod.rs`, add `; Secure` to the `Set-Cookie` header when `dev_mode` is false. This prevents the session cookie from being transmitted over plain HTTP in production.
- [x] **SEC-004** — fix(auth): add `Secure` flag to session cookie in production. In `core/archipelago/src/api/rpc/mod.rs`, add `; Secure` to the `Set-Cookie` header when `dev_mode` is false. This prevents the session cookie from being transmitted over plain HTTP in production.
## Phase 6: Alpha ISO Build
- [ ] **ISO-001** — fix(iso): sync all current changes to the dev server. Run full deploy: `./scripts/deploy-to-target.sh --live`. Verify everything works on http://192.168.1.228. Then SSH to the server and run the ISO build: `cd ~/archy/image-recipe && sudo DEV_SERVER=archipelago@localhost ./build-auto-installer-iso.sh`. The ISO must build successfully and be saved to `results/`. Report the ISO path and size.
- [ ] **ISO-002** — fix(iso): verify the ISO image configs include all latest changes. Check that `image-recipe/configs/` has up-to-date: `archipelago.service`, `nginx-archipelago.conf`. If they differ from the live server, update them. The ISO must produce a bootable system identical to the current live server.
- [x] **ISO-002** — fix(iso): verify the ISO image configs include all latest changes. Check that `image-recipe/configs/` has up-to-date: `archipelago.service`, `nginx-archipelago.conf`. If they differ from the live server, update them. The ISO must produce a bootable system identical to the current live server.
---

97
neode-ui/src/services/contextBroker.ts
View File

@ -150,20 +150,49 @@ export class ContextBroker {
} satisfies ArchyActionResponse)
return
}
appStore.installPackage(params.appId, params.marketplaceUrl, params.version).then(() => {
this.postToIframe({
type: 'action:response',
id,
success: true,
} satisfies ArchyActionResponse)
}).catch((err: Error) => {
this.postToIframe({
type: 'action:response',
id,
success: false,
error: err.message,
} satisfies ArchyActionResponse)
})
// Capture values for use in closure
const appId = params.appId
const marketplaceUrl = params.marketplaceUrl
const version = params.version
// Emit event for UI confirmation instead of installing directly
window.dispatchEvent(new CustomEvent('aiui:install-request', {
detail: { requestId: id, appId, marketplaceUrl, version },
}))
{
const broker = this
const responseHandler = (e: Event) => {
const detail = (e as CustomEvent).detail as { requestId: string; confirmed: boolean }
if (detail.requestId !== id) return
window.removeEventListener('aiui:install-response', responseHandler)
if (detail.confirmed) {
appStore.installPackage(appId, marketplaceUrl, version).then(() => {
broker.postToIframe({
type: 'action:response',
id,
success: true,
} satisfies ArchyActionResponse)
}).catch((err: Error) => {
broker.postToIframe({
type: 'action:response',
id,
success: false,
error: err.message,
} satisfies ArchyActionResponse)
})
} else {
broker.postToIframe({
type: 'action:response',
id,
success: false,
error: 'User declined the installation',
} satisfies ArchyActionResponse)
}
}
window.addEventListener('aiui:install-response', responseHandler)
setTimeout(() => {
window.removeEventListener('aiui:install-response', responseHandler)
}, 60000)
}
return
}
error = 'Missing required parameters (appId, marketplaceUrl, version)'
@ -497,6 +526,27 @@ export class ContextBroker {
}
}
private static readonly ALLOWED_FILE_DIRS = [
'/var/lib/archipelago/',
'/var/log/',
'/opt/archipelago/',
'/home/archipelago/',
]
private static readonly SENSITIVE_PATH_PATTERNS = [
'id_rsa', 'id_ed25519', 'private', 'secret', 'password',
'seed', '.env', 'wallet', 'macaroon', 'tls.key', 'tls.cert',
'credentials', 'keystore', 'mnemonic',
]
private isPathAllowed(path: string): boolean {
const normalized = path.replace(/\/+/g, '/').replace(/\.\.\//g, '')
const inAllowedDir = ContextBroker.ALLOWED_FILE_DIRS.some(dir => normalized.startsWith(dir))
if (!inAllowedDir) return false
const lower = normalized.toLowerCase()
return !ContextBroker.SENSITIVE_PATH_PATTERNS.some(pattern => lower.includes(pattern))
}
private async handleReadFileAction(id: string, path?: string) {
const perms = useAIPermissionsStore()
if (!perms.isEnabled('files')) {
@ -507,6 +557,10 @@ export class ContextBroker {
this.postToIframe({ type: 'action:response', id, success: false, error: 'Missing path parameter' } satisfies ArchyActionResponse)
return
}
if (!this.isPathAllowed(path)) {
this.postToIframe({ type: 'action:response', id, success: false, error: 'Access denied: path is outside allowed directories or contains sensitive patterns' } satisfies ArchyActionResponse)
return
}
try {
if (!fileBrowserClient.isAuthenticated) {
const ok = await fileBrowserClient.login()
@ -538,9 +592,10 @@ export class ContextBroker {
const lines = Math.min(parseInt(linesStr || '50', 10) || 50, 200)
try {
const logs = await rpcClient.call<string[]>({ method: 'container-logs', params: { app_id: appId, lines } })
const redactedLogs = logs.map(line => ContextBroker.redactLogLine(line))
this.postToIframe({
type: 'action:response', id, success: true,
data: { appId, lines: logs, count: logs.length },
data: { appId, lines: redactedLogs, count: redactedLogs.length },
} as ArchyActionResponse)
} catch (err) {
this.postToIframe({
@ -550,6 +605,18 @@ export class ContextBroker {
}
}
private static redactLogLine(line: string): string {
// Redact RPC passwords (e.g., rpcpassword=xxx)
let redacted = line.replace(/(?:rpcpassword|rpcauth|password|passwd|secret|token|apikey|api_key|macaroon)[\s]*[=:]\s*\S+/gi, '$&'.replace(/[=:]\s*\S+/, '=[REDACTED]'))
// More targeted: key=value patterns
redacted = redacted.replace(/((?:password|secret|token|apikey|api_key|macaroon|rpcpassword|rpcauth)\s*[=:]\s*)\S+/gi, '$1[REDACTED]')
// Redact long hex strings (>32 chars, likely private keys)
redacted = redacted.replace(/\b[0-9a-fA-F]{64,}\b/g, '[REDACTED_KEY]')
// Redact base64 macaroon values (long base64 strings)
redacted = redacted.replace(/\b[A-Za-z0-9+/]{64,}={0,2}\b/g, '[REDACTED_TOKEN]')
return redacted
}
private postToIframe(msg: ArchyResponse) {
if (!this.iframe.value?.contentWindow) return
this.iframe.value.contentWindow.postMessage(msg, this.allowedOrigin)

26
neode-ui/src/views/OnboardingBackup.vue
View File

@ -112,20 +112,32 @@ async function downloadBackup() {
try {
const backupData = await rpcClient.createBackup(passphrase.value)
const blob = new Blob([JSON.stringify(backupData, null, 2)], {
type: 'application/json',
})
const json = JSON.stringify(backupData, null, 2)
const blob = new Blob([json], { type: 'application/json' })
const url = URL.createObjectURL(blob)
// Use a visible link appended to DOM for better mobile compatibility
const a = document.createElement('a')
a.href = URL.createObjectURL(blob)
a.href = url
a.download = 'archipelago-did-backup.json'
a.style.display = 'none'
document.body.appendChild(a)
a.click()
URL.revokeObjectURL(a.href)
// Delay cleanup so mobile browsers can start the download
setTimeout(() => {
document.body.removeChild(a)
URL.revokeObjectURL(url)
}, 1000)
downloaded.value = true
localStorage.setItem('neode_backup_created', '1')
} catch (err) {
errorMessage.value =
err instanceof Error ? err.message : 'Failed to create backup. Please try again.'
const msg = err instanceof Error ? err.message : String(err)
if (/502|503|timeout|fetch|network/i.test(msg)) {
errorMessage.value = 'Server is not reachable. Please ensure your node is running and try again.'
} else {
errorMessage.value = msg || 'Failed to create backup. Please try again.'
}
} finally {
isDownloading.value = false
}

72
neode-ui/src/views/OnboardingDid.vue
View File

@ -2,36 +2,39 @@
<div class="min-h-screen flex items-center justify-center p-4">
<!-- Main Glass Container -->
<div class="max-w-[800px] w-full relative z-10 path-glass-container">
<!-- Header -->
<!-- Header (before DID is retrieved) -->
<div v-if="!generatedDid" class="text-center flex-shrink-0">
<h1 class="text-[26px] font-semibold text-white/96 mb-6 drop-shadow-[0_2px_6px_rgba(0,0,0,0.4)]">
Your node's identity
</h1>
<p class="text-[20px] text-white/75 leading-relaxed max-w-[600px] mx-auto mb-6">
Your node has a Decentralized Identifier (DID) for secure, passwordless authentication. Retrieve it to continue.
Your node has a Decentralized Identifier (DID) for secure, passwordless authentication.
</p>
</div>
<!-- Content Area -->
<div class="flex flex-col items-center gap-6 mb-6">
<!-- Error message -->
<p v-if="errorMessage" class="text-red-400 text-sm mb-4">{{ errorMessage }}</p>
<!-- Fetch Button (if no DID yet) -->
<button
v-if="!generatedDid"
@click="fetchDid"
:disabled="isGenerating"
class="path-action-button path-action-button--continue"
>
<span v-if="!isGenerating">Retrieve DID</span>
<span v-else class="flex items-center gap-2">
<svg class="animate-spin h-5 w-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
<!-- Connecting state -->
<div v-if="!generatedDid && isGenerating" class="text-center">
<div class="flex items-center justify-center gap-3 mb-4">
<svg class="animate-spin h-6 w-6 text-white/80" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
<circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
<path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
</svg>
Retrieving...
</span>
</button>
<span class="text-lg text-white/80">Connecting to your server...</span>
</div>
</div>
<!-- Connection failed - retry -->
<div v-if="!generatedDid && !isGenerating && connectionFailed" class="text-center">
<p class="text-white/60 text-base mb-4">{{ errorMessage }}</p>
<button
@click="fetchDid"
class="path-action-button path-action-button--continue"
>
Retry
</button>
</div>
<!-- Generated DID Display -->
<div v-if="generatedDid" class="w-full max-w-[600px] space-y-4">
@ -44,7 +47,8 @@
</svg>
</div>
</div>
<p class="text-[20px] text-white/80 leading-relaxed max-w-[600px] mx-auto mb-6">
<p v-if="autoAdvancing" class="text-lg text-white/80 mb-2">DID retrieved, continuing...</p>
<p v-else class="text-[20px] text-white/80 leading-relaxed max-w-[600px] mx-auto mb-6">
Your node's decentralized identifier
</p>
</div>
@ -77,8 +81,7 @@
<button
v-if="generatedDid"
@click="proceed"
:disabled="generatedDid.includes('...')"
class="path-action-button path-action-button--continue disabled:opacity-50"
class="path-action-button path-action-button--continue"
>
Continue
</button>
@ -95,9 +98,10 @@ import { rpcClient } from '@/api/rpc-client'
const router = useRouter()
const generatedDid = ref<string>('')
const isGenerating = ref(false)
const connectionFailed = ref(false)
const autoAdvancing = ref(false)
const errorMessage = ref<string>('')
/** Store DID state with proper kid (DID#key-1 per W3C) */
function storeDidState(did: string, pubkey: string) {
localStorage.setItem('neode_did', did)
localStorage.setItem('neode_did_state', JSON.stringify({ did, kid: `${did}#key-1`, pubkey }))
@ -105,6 +109,7 @@ function storeDidState(did: string, pubkey: string) {
async function fetchDid() {
isGenerating.value = true
connectionFailed.value = false
errorMessage.value = ''
for (let attempt = 0; attempt < 3; attempt++) {
@ -112,35 +117,42 @@ async function fetchDid() {
const { did, pubkey } = await rpcClient.getNodeDid()
generatedDid.value = did
storeDidState(did, pubkey)
break
autoAdvanceAfterDelay()
isGenerating.value = false
return
} catch (err) {
errorMessage.value = err instanceof Error ? err.message : 'Server unavailable. Retrying...'
if (attempt < 2) {
await new Promise((r) => setTimeout(r, 1000 * (attempt + 1)))
} else {
generatedDid.value = 'did:key:z6Mk... (connect to server)'
}
}
}
isGenerating.value = false
connectionFailed.value = true
errorMessage.value = 'Could not connect to your server. Please check that it is running and try again.'
}
function autoAdvanceAfterDelay() {
autoAdvancing.value = true
setTimeout(() => {
router.push('/onboarding/backup').catch(() => {})
}, 2000)
}
onMounted(() => {
// Auto-fetch if identity may already exist (e.g. returning to this step)
const cached = localStorage.getItem('neode_did')
if (cached && !cached.includes('...')) {
generatedDid.value = cached
} else {
fetchDid()
}
})
function proceed() {
if (generatedDid.value && !generatedDid.value.includes('...')) {
router.push('/onboarding/backup').catch(() => {})
}
router.push('/onboarding/backup').catch(() => {})
}
function skipForNow() {
router.push('/onboarding/backup').catch(() => {})
}
</script>

50
neode-ui/src/views/OnboardingOptions.vue
View File

@ -3,9 +3,9 @@
<div class="max-w-6xl w-full overflow-x-hidden">
<div class="text-center mb-8">
<div class="logo-gradient-border inline-block mb-8">
<img
src="/assets/icon/favico-black-v2.svg"
alt="Archipelago"
<img
src="/assets/icon/favico-black-v2.svg"
alt="Archipelago"
class="w-20 h-20"
/>
</div>
@ -33,11 +33,9 @@
</p>
</button>
<!-- Restore Backup -->
<button
@click="selectOption('restore')"
class="glass-card p-8 text-center transition-all hover:-translate-y-1 hover:shadow-glass"
:class="{ 'bg-white/12 shadow-[0_12px_32px_rgba(0,0,0,0.6),0_0_30px_rgba(255,255,255,0.2)]': selected === 'restore' }"
<!-- Restore Backup (Coming Soon) -->
<div
class="glass-card p-8 text-center opacity-40 cursor-not-allowed"
>
<div class="mb-6">
<div class="w-16 h-16 mx-auto bg-white/10 rounded-full flex items-center justify-center">
@ -50,13 +48,12 @@
<p class="text-white/70 text-sm">
Restore from a previous backup
</p>
</button>
<span class="text-xs text-white/50 mt-2 block">(Coming Soon)</span>
</div>
<!-- Connect Existing -->
<button
@click="selectOption('connect')"
class="glass-card p-8 text-center transition-all hover:-translate-y-1 hover:shadow-glass"
:class="{ 'bg-white/12 shadow-[0_12px_32px_rgba(0,0,0,0.6),0_0_30px_rgba(255,255,255,0.2)]': selected === 'connect' }"
<!-- Connect Existing (Coming Soon) -->
<div
class="glass-card p-8 text-center opacity-40 cursor-not-allowed"
>
<div class="mb-6">
<div class="w-16 h-16 mx-auto bg-white/10 rounded-full flex items-center justify-center">
@ -69,14 +66,14 @@
<p class="text-white/70 text-sm">
Connect to an existing Archipelago server
</p>
</button>
<span class="text-xs text-white/50 mt-2 block">(Coming Soon)</span>
</div>
</div>
<div class="mt-12 text-center">
<button
@click="proceed"
:disabled="!selected"
class="glass-button px-8 py-4 rounded-lg text-lg font-medium transition-all hover:bg-black/70 hover:border-white/30 disabled:opacity-50 disabled:cursor-not-allowed"
class="glass-button px-8 py-4 rounded-lg text-lg font-medium transition-all hover:bg-black/70 hover:border-white/30"
>
Continue
</button>
@ -86,26 +83,27 @@
</template>
<script setup lang="ts">
import { ref } from 'vue'
import { ref, onMounted } from 'vue'
import { useRouter } from 'vue-router'
import { completeOnboarding } from '@/composables/useOnboarding'
const router = useRouter()
const selected = ref<string | null>(null)
onMounted(() => {
selected.value = 'fresh'
})
function selectOption(option: string) {
selected.value = option
}
async function proceed() {
if (selected.value) {
try {
await completeOnboarding()
} catch {
/* localStorage fallback ensures onboarding is marked complete */
}
router.push('/login').catch(() => {})
try {
await completeOnboarding()
} catch {
// localStorage fallback in completeOnboarding ensures onboarding is marked complete
}
router.push('/login').catch(() => {})
}
</script>

77
neode-ui/src/views/OnboardingPath.vue
View File

@ -4,18 +4,14 @@
<div class="max-w-[1200px] w-full relative z-10 path-glass-container max-h-[calc(100vh-2rem)] sm:max-h-[calc(100vh-3rem)] overflow-y-auto overflow-x-hidden">
<!-- Header -->
<div class="text-center mb-4 md:mb-6 flex-shrink-0 px-3 sm:px-4 pt-4 sm:pt-6">
<h1 class="text-xl md:text-[26px] font-semibold text-white/96 mb-2 drop-shadow-[0_2px_6px_rgba(0,0,0,0.4)]">Choose Your Path</h1>
<p class="text-xs md:text-sm text-white/75 leading-relaxed">You can enable or disable any of these options later from your settings.</p>
<h1 class="text-xl md:text-[26px] font-semibold text-white/96 mb-2 drop-shadow-[0_2px_6px_rgba(0,0,0,0.4)]">Your Node, Your Possibilities</h1>
<p class="text-xs md:text-sm text-white/75 leading-relaxed">Archipelago gives you the tools to build your sovereign digital life. All of these capabilities are available from your dashboard.</p>
</div>
<!-- Options Grid -->
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-3 md:gap-4 flex-shrink-0 mb-4 md:mb-6 px-3 sm:px-4">
<!-- Self Sovereignty -->
<button
@click="toggleOption('self-sovereignty')"
class="path-option-card"
:class="{ 'path-option-card--selected': selectedOptions.includes('self-sovereignty') }"
>
<div class="path-option-card">
<div class="icon-wrapper transition-all duration-300">
<svg class="w-10 h-10 text-white/90" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
@ -25,14 +21,10 @@
<p class="text-sm text-white/75 leading-snug">
Data, files, ownership, property of my data estate. Own, manage, edit, and even sell your personal data.
</p>
</button>
</div>
<!-- Community Commerce -->
<button
@click="toggleOption('community-commerce')"
class="path-option-card"
:class="{ 'path-option-card--selected': selectedOptions.includes('community-commerce') }"
>
<div class="path-option-card">
<svg class="w-12 h-12 mb-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 20h5v-2a3 3 0 00-5.356-1.857M17 20H7m10 0v-2c0-.656-.126-1.283-.356-1.857M7 20H2v-2a3 3 0 015.356-1.857M7 20v-2c0-.656.126-1.283.356-1.857m0 0a5.002 5.002 0 019.288 0M15 7a3 3 0 11-6 0 3 3 0 016 0zm6 3a2 2 0 11-4 0 2 2 0 014 0zM7 10a2 2 0 11-4 0 2 2 0 014 0z" />
</svg>
@ -40,14 +32,10 @@
<p class="text-[15px] text-white/75 leading-snug">
Self contained and owned ecommerce system built on bitcoin and mesh networks. Trade freely without intermediaries.
</p>
</button>
</div>
<!-- Sovereign Projects -->
<button
@click="toggleOption('sovereign-projects')"
class="path-option-card"
:class="{ 'path-option-card--selected': selectedOptions.includes('sovereign-projects') }"
>
<div class="path-option-card">
<svg class="w-12 h-12 mb-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M21 13.255A23.931 23.931 0 0112 15c-3.183 0-6.22-.62-9-1.745M16 6V4a2 2 0 00-2-2h-4a2 2 0 00-2 2v2m4 6h.01M5 20h14a2 2 0 002-2V8a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z" />
</svg>
@ -55,14 +43,10 @@
<p class="text-[15px] text-white/75 leading-snug">
Logistics and project management self owned with privacy control. Collaborate without surveillance.
</p>
</button>
</div>
<!-- Data Transmitter -->
<button
@click="toggleOption('data-transmitter')"
class="path-option-card"
:class="{ 'path-option-card--selected': selectedOptions.includes('data-transmitter') }"
>
<div class="path-option-card">
<svg class="w-12 h-12 mb-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8.111 16.404a5.5 5.5 0 017.778 0M12 20h.01m-7.08-7.071c3.904-3.905 10.236-3.905 14.141 0M1.394 9.393c5.857-5.857 15.355-5.857 21.213 0" />
</svg>
@ -70,14 +54,10 @@
<p class="text-[15px] text-white/75 leading-snug">
Assist the new sovereign net with relay points and networking where you get paid for your value.
</p>
</button>
</div>
<!-- Hoster -->
<button
@click="toggleOption('hoster')"
class="path-option-card"
:class="{ 'path-option-card--selected': selectedOptions.includes('hoster') }"
>
<div class="path-option-card">
<svg class="w-12 h-12 mb-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 7v10c0 2.21 3.582 4 8 4s8-1.79 8-4V7M4 7c0 2.21 3.582 4 8 4s8-1.79 8-4M4 7c0-2.21 3.582-4 8-4s8 1.79 8 4m0 5c0 2.21-3.582 4-8 4s-8-1.79-8-4" />
</svg>
@ -85,14 +65,10 @@
<p class="text-[15px] text-white/75 leading-snug">
Host services and content, archives, and more to others for micro bitcoin payments. Earn while you serve.
</p>
</button>
</div>
<!-- Sovereign AI -->
<button
@click="toggleOption('sovereign-ai')"
class="path-option-card"
:class="{ 'path-option-card--selected': selectedOptions.includes('sovereign-ai') }"
>
<div class="path-option-card">
<svg class="w-12 h-12 mb-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 3v2m6-2v2M9 19v2m6-2v2M5 9H3m2 6H3m18-6h-2m2 6h-2M7 19h10a2 2 0 002-2V7a2 2 0 00-2-2H7a2 2 0 00-2 2v10a2 2 0 002 2zM9 9h6v6H9V9z" />
</svg>
@ -100,17 +76,11 @@
<p class="text-[15px] text-white/75 leading-snug">
Run AI models locally on your hardware. No cloud surveillance, complete privacy, full control over your AI assistant.
</p>
</button>
</div>
</div>
<!-- Action Buttons -->
<div class="flex gap-3 sm:gap-4 max-w-[600px] mx-auto flex-shrink-0 px-3 sm:px-4 pb-4 sm:pb-6">
<button
@click="skipForNow"
class="path-action-button path-action-button--skip"
>
Skip
</button>
<div class="flex justify-center max-w-[600px] mx-auto flex-shrink-0 px-3 sm:px-4 pb-4 sm:pb-6">
<button
@click="proceed"
class="path-action-button path-action-button--continue"
@ -123,28 +93,11 @@
</template>
<script setup lang="ts">
import { ref } from 'vue'
import { useRouter } from 'vue-router'
const router = useRouter()
const selectedOptions = ref<string[]>([])
function toggleOption(option: string) {
const index = selectedOptions.value.indexOf(option)
if (index > -1) {
selectedOptions.value.splice(index, 1)
} else {
selectedOptions.value.push(option)
}
}
function proceed() {
localStorage.setItem('neode_selected_paths', JSON.stringify(selectedOptions.value))
router.push('/onboarding/did').catch(() => {})
}
function skipForNow() {
router.push('/onboarding/did').catch(() => {})
}
</script>

33
neode-ui/src/views/OnboardingVerify.vue
View File

@ -104,16 +104,27 @@ async function signChallenge() {
isSigning.value = true
errorMessage.value = ''
try {
const challenge = generateChallenge()
const { signature: sig } = await rpcClient.signChallenge(challenge)
signature.value = sig
verified.value = true
} catch (err) {
errorMessage.value = err instanceof Error ? err.message : 'Failed to sign challenge. Please try again.'
} finally {
isSigning.value = false
for (let attempt = 0; attempt < 3; attempt++) {
try {
const challenge = generateChallenge()
const { signature: sig } = await rpcClient.signChallenge(challenge)
signature.value = sig
verified.value = true
isSigning.value = false
return
} catch (err) {
const msg = err instanceof Error ? err.message : ''
const isRetryable = /502|503|timeout|fetch|network/i.test(msg)
if (!isRetryable || attempt === 2) {
errorMessage.value = isRetryable
? 'Server is not reachable. You can retry or skip this step.'
: (msg || 'Failed to sign challenge. You can retry or skip this step.')
} else {
await new Promise((r) => setTimeout(r, 1000 * (attempt + 1)))
}
}
}
isSigning.value = false
}
async function proceed() {
@ -122,7 +133,7 @@ async function proceed() {
} catch {
/* localStorage fallback ensures we can proceed */
}
router.push('/login').catch(() => {})
router.push('/onboarding/done').catch(() => {})
}
async function skipForNow() {
@ -131,7 +142,7 @@ async function skipForNow() {
} catch {
/* localStorage fallback ensures we can proceed */
}
router.push('/login').catch(() => {})
router.push('/onboarding/done').catch(() => {})
}
</script>