lfg2025/archy
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
514 Commits 5 Branches 109 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
Dorian
13e4a738be bug fixing and deploy and build diagnostics 2026-03-22 03:30:21 +00:00
Dorian
870ff095d8 feat: rootless podman, session hardening, boot stability, sidebar fix 
Rootless podman migration (TASK-11):
- Remove sudo from all podman calls in PodmanClient + 8 backend files
- Remove sudo from all podman/docker calls in deploy script
- Restore full systemd security hardening: NoNewPrivileges,
  RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime,
  RestrictNamespaces, RestrictSUIDSGID, SystemCallFilter, ProtectSystem=strict
- Enable loginctl linger for rootless container persistence
- Remove Ollama from auto-deploy (marketplace-only)

Session & auth hardening:
- Increase MAX_CONCURRENT_SESSIONS 20→50 (prevents eviction storms)
- Debounced 401 redirect in rpc-client.ts (prevents redirect storms)

Boot stability:
- optimize-debian.sh: adds chrony, swap, removes policy-rc.d
- deploy script: pre-restart chrony + swap setup
- ISO build: chrony package, swap file creation
- BootScreen: no longer clears localStorage (prevents splash replay)
- RootRedirect: sole owner of localStorage clearing on server ready

UI fixes:
- Sidebar opacity default changed from 0→visible (fixes missing sidebar
  after page-persistence login without entrance animation)
- Console.log/error wrapped in import.meta.env.DEV guards
- Remove unused route import from RootRedirect

Beta tracking:
- CLAUDE.md: beta freeze protocol added
- MASTER_PLAN.md: TASK-11, TASK-17, phase structure
- BETA-PROGRESS.md: initial tracking doc
- Tagged v1.2.0-alpha.1 as pre-rootless baseline

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 13:53:27 +00:00
Dorian
139c89d27b fix: add missing tracing::warn import in update.rs 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-14 05:52:16 +00:00
Dorian
077e2887b5 feat: rolling container restart and RBAC user roles 
- Y5-02: rolling_container_restart() in update.rs — restarts containers
  one at a time with health checks, reports success/failure per container
- Y3-01: UserRole enum (Admin/Viewer/AppUser) with can_access() RBAC

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-14 05:48:53 +00:00
Dorian
45032d937b feat: add community infrastructure and update server setup 
- releases/manifest.json: Seed release manifest for update server
- update.rs: Make UPDATE_MANIFEST_URL configurable via ARCHIPELAGO_UPDATE_URL env var
- CONTRIBUTING.md: Comprehensive contribution guidelines covering code style,
  PR process, testing, security disclosure, and app submission
- .github/ISSUE_TEMPLATE/: Bug report, feature request, and app submission
  issue templates with structured forms
- .github/pull_request_template.md: PR template with checklist

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 10:57:33 +00:00
Dorian
e3aa95a103 fix: prevent tokio runtime deadlock in credential issue/verify 
The credential issuance and verification handlers used
Handle::block_on() directly inside the tokio runtime, causing a
deadlock. Wrapped with block_in_place() to properly yield the
runtime thread.

Also completed full feature verification across all 25 test groups
(~175 checks) on live server.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-09 07:43:12 +00:00