MemoryTracker in health_monitor.rs tracks per-container RSS every 5 min.
Warns when a container's memory grows >50% over tracking period.
Parses podman stats output (GiB/MiB/KiB formats).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MEM-01: OOM kill detection via dmesg checks every 5 minutes
MEM-03: Disk growth rate tracking (288 samples over 24h), warns at >1GB/day
MEM-04: Systemd watchdog (WatchdogSec=60, sd_notify::Watchdog every 30s)
Service Type=notify for proper startup notification
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Creates scripts/test-reboot-survival.sh with TAP format output.
Records pre-reboot containers, reboots node, waits for SSH + health,
verifies container count/state/health. 6 checks per iteration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add US-10 backup/restore test section to test-cross-node.sh
- Test cycle: create → list → verify → delete, 10 iterations × 2 nodes
- Increase backup.create rate limit from 3/600 to 10/600 (still conservative)
- Increase backup.restore rate limit from 2/600 to 5/600
- Clean up 21K+ stale DWN test messages on both servers
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make dwn.sync endpoint async: spawns background task, returns immediately
- Add 90s overall timeout to sync_with_peers via tokio::time::timeout
- Deduplicate peer onion addresses before syncing
- Batch message pushes (50 per request) instead of one-at-a-time over Tor
- Add 15s connect_timeout to Tor SOCKS5 client
- Cap local message query to 200 messages per sync
- Fix DWN HTTP handler to process ALL messages in batch (was only first)
- Add recordId deduplication in handler to prevent duplicate imports
- Update test script to poll dwn.status for sync completion
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixed ssh_sudo in US-07 section where chown ran without sudo because
&& in the command broke the sudo pipe. With set -e, this silently killed
the script. Wrapped compound commands in sudo bash -c to keep everything
under sudo. All file sharing tests pass bidirectionally over Tor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- UI-CLEAN-04: Web5.vue verified clean (DID, wallet, DWN, credentials all from RPC)
- UI-CLEAN-05: Settings.vue no section duplication with other pages
- UI-CLEAN-06: Marketplace — fix photoprims.svg → photoprism.svg typo, all 33 icons verified
- UI-CLEAN-07: Cloud.vue file management from real FileBrowser API
- UI-CLEAN-08: Federation.vue all data from federation RPC endpoints
- UI-CLEAN-09: Chat.vue proper AIUI availability check with fallback
- UI-CLEAN-10: Apps.vue shows real containers from store + intentional web bookmarks
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added checkConnectivity() call on mount instead of assuming connected
- Restart now polls server.health up to 15 times instead of blindly
assuming success after 2s
- Marks UI-CLEAN-01, 02, 03 done in plan
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Created scripts/test-cross-node.sh covering:
- US-01: System health (6 checks per node per iteration)
- US-05: Tor hidden service resolution (bidirectional)
- US-09: NIP-07 nostr-provider injection
31/32 tests pass. Both nodes healthy, Tor working bidirectionally,
NIP-07 provider injected on both nodes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
STAB-01: Added 4GB swap on .198
STAB-02: Added 8GB swap on .228
STAB-03: Upgraded Tor on .198 from 0.4.7.16 to 0.4.9.5 (Tor Project repo)
STAB-04: .onion resolution working — .198 can reach .228 via Tor
STAB-05: Nostr identity valid — revocation is intentional (blocks old format)
STAB-06: Federation already established between .228 and .198
STAB-07: Root podman correctly aligned with backend on .198
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: UFW firewall was blocking all traffic from Podman container
subnets (10.88.0.0/16, 10.89.0.0/16) to the host, which prevented
Aardvark DNS resolution. Containers could not resolve each other by
hostname, causing mempool-web, mempool-api, nbxplorer, btcpay-server,
and immich_server to crash loop (6000+ total restarts).
Fix: Added UFW allow rules for Podman network subnets. Also removed
unused ollama container. All 32 containers now stable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bump version to 1.1.0 in Cargo.toml and package.json.
Add comprehensive CHANGELOG.md entry covering all v1.1.0 features:
NIP-07 iframe signing, file sharing across nodes, DWN multi-node sync,
node visualization map, Tor address rotation, boot container recovery,
and full monitoring/testing suite.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three issues found during uptime testing: boot container recovery,
uptime monitor auth, Tor hostname permissions — all fixed in prior
commits. No memory leaks detected. 99.5% uptime over 415 checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added start_stopped_containers() to crash_recovery.rs that starts all
exited/created containers on backend startup, fixing the issue where
containers didn't come back after clean reboot (PID marker removed by
systemd stop). Created test-failure-recovery.sh covering 5 failure
scenarios: container crash, backend restart, Tor restart, full reboot,
and Tor traffic block (UPTIME-02).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Created federation-health-check.sh tracking peer online/offline state,
DWN sync status, and federation success rate. Fixed uptime-monitor.sh
to authenticate for system.stats RPC. Both run every 5min via cron
on primary server (UPTIME-01).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers federation, content sharing, DWN messages + sync, health
monitor auto-restart, Tor rotation endpoints, and NIP-07 signing.
Fixed content.list → content.list-mine, system.stats field name.
(INSTALL-04)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
read_onion_address() now checks tor-hostnames readable cache first,
clears cache before wait_for_hostname, updates it after rotation.
Rotation restarts system Tor (not just archy-tor container). Created
test-tor-rotation.sh with 10 automated checks (INSTALL-03).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added node.nostr-sign RPC that uses the node-level Nostr key (matching
getPublicKey), fixing pubkey mismatch where identity.nostr-sign used a
different key. Updated appLauncher to call node.nostr-sign. Added
nostr_sign_hash() to nostr_discovery.rs. Created test-nip07.sh with
11 automated checks (INSTALL-02).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Web5.vue already has protocol management (register/list/remove),
message browser with pagination, sync targets, and sync now button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Install d3@7 and @types/d3@7
- NetworkMap.vue: force-directed graph with draggable nodes, trust-level
coloring (green/amber/red), online/offline opacity, dashed links
- Federation.vue: List/Map tab switcher with localStorage persistence
- Wire map to real federation data (self node centered, peers as satellites)
- Default to map view when 3+ nodes federated
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Shows message count, last sync time, sync status indicator
- Sync Now button triggers dwn.sync RPC with loading state
- DWN status dot in node list cards (green/amber/red)
- Loads DWN status on mount alongside federation nodes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sync successfully contacts federation peers over Tor. Pull/push protocol
works end-to-end (tested via direct Tor DWN endpoint). Peers need updated
backend deployed for full cross-node replication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- DWN sync now uses federation node list instead of old peer list
- Fix sync URL to use port 80 (nginx) instead of 5678 (direct backend)
- DWN /dwn endpoint now accessible without auth for peer sync
- Support both message formats: {message:{}} and {messages:[{}]}
- Replace request["message"] with unified message variable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New PeerFiles.vue view shows federated peers and their shared catalogs
- Peer Files card in Cloud.vue shows when federation peers exist
- New content.download-peer RPC fetches content from peer via Tor
- Route: /dashboard/cloud/peers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Catalog browse: 0.33s over Tor. All file sizes (28B to 10MB) download
correctly with matching MD5 checksums. Transfer speeds ~500-800KB/s.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- PeersOnly access now checks X-Federation-DID header against known federation nodes
- Specific availability restricts content to named peer DIDs only
- Anonymous/unknown DID requests get 403 Forbidden
- Free content remains accessible to everyone
- Paid content still returns 402 with price info
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /content and /dwn proxy locations to nginx config (both HTTP and HTTPS)
so peer requests reach the backend instead of the SPA catch-all
- Update content_file_path() to check FileBrowser data dir as fallback when
files aren't in the dedicated content/files/ directory
- Populate size_bytes from actual file metadata in content.add
- Filter out availability:nobody items from the public catalog endpoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Verified: backend stop detection, restart recovery, Tor stop detection,
full reboot recovery. Fixed AppArmor read rules for Tor directories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 3 servers publish to Nostr relays and discover each other.
Removed stale revocation files and suspicious SSRF relay entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add tor-hostnames fallback for reading onion addresses when system Tor
owns hidden_service directories (permissions 700)
- Exempt federation.peer-joined, federation.get-state, and
federation.peer-address-changed from auth/CSRF (inter-node RPC)
- Set up system Tor with AppArmor overrides on archipelago-2 and 3
- All 3 servers federated and syncing successfully
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Deployed to primary (192.168.1.228), archipelago-2, and archipelago-3.
Secondary (192.168.1.198) is offline. All 3 servers healthy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Settings page shows all Tor hidden services with toggle switches
(enable/disable per app) and a Rotate button for the main node address.
Added RPC client methods for tor.list-services, tor.toggle-app,
tor.rotate-service, tor.cleanup-rotated. Toggle CSS classes in style.css.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After rotation, spawns background task that publishes updated .onion to
Nostr relays and sends federation.peer-address-changed RPC to all peers
over Tor. Peers update their nodes.json with the new address.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
tor.rotate-service: renames hidden service dir, restarts Tor, waits
for new hostname. Old dir kept for 24h transition.
tor.cleanup-rotated: removes expired old service directories.
tor.toggle-app: enable/disable Tor access per app with service dir
management and container restart.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend: identity.nostr-encrypt-nip04, identity.nostr-decrypt-nip04,
identity.nostr-encrypt-nip44, identity.nostr-decrypt-nip44 endpoints
with auto-resolve to default identity. Frontend: appLauncher routes
nip04.* and nip44.* postMessage calls to backend RPC.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added nostrudel.ninja as a web-only app in Marketplace (community category).
Configured nginx reverse proxy at /ext/nostrudel/ with NIP-07 provider
injection in both HTTP and HTTPS blocks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingBackup.vue was already calling rpcClient.createBackup()
with real RPC backend. No code changes needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingVerify.vue now signs a random challenge via node.signChallenge
and auto-verifies using identity.verify with the node's DID. Shows
green checkmark on cryptographic verification success.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingDid.vue now fetches node.nostr-pubkey after DID is
retrieved and displays it with a copy button. Both identities
are cached in localStorage. Added missing copyNpub function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every new identity now gets both Ed25519 (DID) and secp256k1 (Nostr)
keys from creation. The create() method calls create_nostr_key()
automatically, so identity.create RPC always returns nostr_pubkey
and nostr_npub fields.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DiskUsage and ContainerCrash alerts now fire webhooks via
send_webhook() after pushing WebSocket notifications. Added
data_dir parameter to spawn_metrics_collector for webhook config
access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Health checks, auto-restarts, and WebSocket notifications now run
unconditionally. Previously the entire health loop was gated on
webhook config, so fresh installs (webhooks disabled) got zero
container monitoring. Webhook HTTP delivery is now fire-and-forget
after the notification is pushed to the UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
