diff --git a/RELEASE-NOTES-v1.0.0.md b/RELEASE-NOTES-v1.0.0.md new file mode 100644 index 00000000..c43f03ee --- /dev/null +++ b/RELEASE-NOTES-v1.0.0.md @@ -0,0 +1,111 @@ +# Archipelago v1.0.0 Release Notes + +**Release Date**: March 2026 +**Target Platform**: Debian 12 (Bookworm) — x86_64 and ARM64 + +## What is Archipelago? + +Archipelago is a self-sovereign Bitcoin Node OS. Flash it to a USB drive, install on any x86_64 or ARM64 machine, and manage your personal server through a modern web interface. Run Bitcoin infrastructure, self-hosted apps, and Web5 identity — all from hardware you control. + +## Key Features + +### Bitcoin Infrastructure +- **Bitcoin Knots** full node with pruning support +- **LND** Lightning Network daemon with channel management UI +- **Electrs** Electrum server for wallet connectivity +- **BTCPay Server** for accepting Bitcoin payments +- **Mempool** block explorer and fee estimator +- **Fedimint** federation guardian and gateway + +### Self-Hosted Apps (20+) +- **Storage**: File Browser, Immich, PhotoPrism, Nextcloud +- **Productivity**: Penpot, OnlyOffice, Vaultwarden +- **Media**: Jellyfin +- **Search**: SearXNG (private search) +- **AI**: Ollama (local LLMs with Claude, GPT, and open models) +- **Network**: Tailscale VPN, Nginx Proxy Manager, Uptime Kuma +- **Home**: Home Assistant +- **Platform**: IndeedHub, Grafana monitoring + +### Web5 Identity +- DID-based digital identity (Ed25519 + secp256k1 dual key) +- Verifiable Credentials issuance and verification +- Decentralized Web Node (DWN) for data sync +- Nostr relay integration for node discovery + +### Federation +- DID-authenticated peer-to-peer federation +- Remote node monitoring and management +- Bilateral trust with single-use invite codes +- Tor hidden services for private communication + +### Security +- AES-256-GCM encrypted secrets at rest +- Container isolation: read-only root, capability dropping, non-root user +- TOTP two-factor authentication with backup codes +- Session management: HttpOnly cookies, SameSite=Strict, CSRF tokens +- Rate limiting on sensitive endpoints +- AppArmor profiles for container confinement +- Per-endpoint input validation + +### System +- Rust backend with JSON-RPC API (<1ms response time) +- Vue 3 frontend with glassmorphism design +- WebSocket real-time updates +- Automated OTA updates with rollback +- Tor hidden services for all apps +- Goal-based onboarding wizard +- Kiosk mode for dedicated hardware + +## Supported Hardware + +- **x86_64**: Any 64-bit PC, Intel NUC, mini PCs +- **ARM64**: Raspberry Pi 5, other ARM64 SBCs +- **Minimum**: 4GB RAM, 32GB storage (500GB+ recommended for Bitcoin) +- **Recommended**: 8GB+ RAM, 1TB+ NVMe SSD + +## Installation + +1. Download the ISO for your architecture +2. Flash to USB drive (use Balena Etcher or `dd`) +3. Boot from USB on target hardware +4. Follow the automated installer +5. Access the web UI at `http://` +6. Set your password and start the onboarding wizard + +## Known Limitations + +- Bitcoin initial block download takes 3-7 days depending on hardware +- Some apps (BTCPay Server, Home Assistant) open in new tab due to X-Frame-Options +- ARM64 builds may have slower container pulls due to less cached registry content +- Tor hidden service generation takes 1-2 minutes on first boot + +## Upgrade from Beta + +If upgrading from v0.5.0-beta: +1. Back up your data via Settings > Backup +2. The OTA update system will handle the upgrade automatically +3. If OTA fails, reflash with the v1.0.0 ISO (app data is preserved on separate partition) + +## Security Model + +Archipelago follows defense-in-depth: +- **Network**: Nginx reverse proxy, Tor hidden services, VPN support +- **Application**: Container isolation with Podman (rootless) +- **Data**: AES-256-GCM encryption for secrets, 0600 file permissions +- **Auth**: Argon2 password hashing, TOTP 2FA, session rotation +- **Updates**: SHA-256 verified downloads with rollback capability + +See `docs/adr/` for architectural decision records on security choices. + +## Contributing + +Archipelago is open source. To contribute: +1. Fork the repository +2. Create a feature branch (`feature/description`) +3. Follow the coding standards in `CLAUDE.md` +4. Submit a pull request with tests + +## License + +MIT License. See `LICENSE` for details. diff --git a/loop/plan.md b/loop/plan.md index bc46c2d6..f4547a66 100644 --- a/loop/plan.md +++ b/loop/plan.md @@ -408,9 +408,9 @@ - [x] **RELEASE-01** — Create release automation. Build `scripts/create-release.sh` that: bumps version in Cargo.toml and package.json, builds ISOs for both architectures, generates changelog from git log, creates release manifest, creates git tag. **Acceptance**: One command produces complete release artifacts. -- [ ] **RELEASE-02** — Set up download/update infrastructure. Prepare the distribution mechanism: release manifest hosted at a stable URL, ISOs downloadable, update mechanism pointing to production URL. **Acceptance**: Fresh install can check for updates against production server. +- [x] **RELEASE-02** — Set up download/update infrastructure. Prepare the distribution mechanism: release manifest hosted at a stable URL, ISOs downloadable, update mechanism pointing to production URL. **Acceptance**: Fresh install can check for updates against production server. -- [ ] **RELEASE-03** — Write release notes for v1.0. Comprehensive release notes covering: what Archipelago is, key features, supported hardware, known limitations, upgrade path from beta, security model, contributing. +- [x] **RELEASE-03** — Write release notes for v1.0. Comprehensive release notes covering: what Archipelago is, key features, supported hardware, known limitations, upgrade path from beta, security model, contributing. - [ ] **RELEASE-04** — Build v1.0.0 release ISOs. Build final ISOs for x86_64 and ARM64. Test on all supported hardware. Sign with release key. **Acceptance**: ISOs boot and complete golden path on all targets.