Verified: backend stop detection, restart recovery, Tor stop detection,
full reboot recovery. Fixed AppArmor read rules for Tor directories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 3 servers publish to Nostr relays and discover each other.
Removed stale revocation files and suspicious SSRF relay entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add tor-hostnames fallback for reading onion addresses when system Tor
owns hidden_service directories (permissions 700)
- Exempt federation.peer-joined, federation.get-state, and
federation.peer-address-changed from auth/CSRF (inter-node RPC)
- Set up system Tor with AppArmor overrides on archipelago-2 and 3
- All 3 servers federated and syncing successfully
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Deployed to primary (192.168.1.228), archipelago-2, and archipelago-3.
Secondary (192.168.1.198) is offline. All 3 servers healthy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Settings page shows all Tor hidden services with toggle switches
(enable/disable per app) and a Rotate button for the main node address.
Added RPC client methods for tor.list-services, tor.toggle-app,
tor.rotate-service, tor.cleanup-rotated. Toggle CSS classes in style.css.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After rotation, spawns background task that publishes updated .onion to
Nostr relays and sends federation.peer-address-changed RPC to all peers
over Tor. Peers update their nodes.json with the new address.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
tor.rotate-service: renames hidden service dir, restarts Tor, waits
for new hostname. Old dir kept for 24h transition.
tor.cleanup-rotated: removes expired old service directories.
tor.toggle-app: enable/disable Tor access per app with service dir
management and container restart.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend: identity.nostr-encrypt-nip04, identity.nostr-decrypt-nip04,
identity.nostr-encrypt-nip44, identity.nostr-decrypt-nip44 endpoints
with auto-resolve to default identity. Frontend: appLauncher routes
nip04.* and nip44.* postMessage calls to backend RPC.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added nostrudel.ninja as a web-only app in Marketplace (community category).
Configured nginx reverse proxy at /ext/nostrudel/ with NIP-07 provider
injection in both HTTP and HTTPS blocks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingBackup.vue was already calling rpcClient.createBackup()
with real RPC backend. No code changes needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingVerify.vue now signs a random challenge via node.signChallenge
and auto-verifies using identity.verify with the node's DID. Shows
green checkmark on cryptographic verification success.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingDid.vue now fetches node.nostr-pubkey after DID is
retrieved and displays it with a copy button. Both identities
are cached in localStorage. Added missing copyNpub function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every new identity now gets both Ed25519 (DID) and secp256k1 (Nostr)
keys from creation. The create() method calls create_nostr_key()
automatically, so identity.create RPC always returns nostr_pubkey
and nostr_npub fields.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DiskUsage and ContainerCrash alerts now fire webhooks via
send_webhook() after pushing WebSocket notifications. Added
data_dir parameter to spawn_metrics_collector for webhook config
access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Health checks, auto-restarts, and WebSocket notifications now run
unconditionally. Previously the entire health loop was gated on
webhook config, so fresh installs (webhooks disabled) got zero
container monitoring. Webhook HTTP delivery is now fire-and-forget
after the notification is pushed to the UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- x86_64 hardware validated on dev server (E2E-02)
- COMM-04 and FINALDOC-04 superseded by v1.0.0 release
- E2E-04 soak test running (ends Apr 10)
- 158/158 plan items resolved
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Uptime monitor timer running every 5min, 30-day soak test active,
hotfix process documented. 100% uptime so far.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Built 12GB x86_64 installer ISO on dev server. Updated README for v1.0.
ISO available in FileBrowser Builds folder.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added no_new_privileges: true, user: 1000, and seccomp_profile: default
to all app manifests. Created community app review checklist.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace sh -c echo with tokio::fs::write for bitcoin.conf generation
- Add client_max_body_size 1m to /rpc/ in both HTTP and HTTPS nginx blocks
- Document full audit findings in docs/security-audit-2026-03-11.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Updated npm packages to latest semver-compatible versions. 4 remaining
high-severity vulns are dev-only (serialize-javascript in vite-plugin-pwa
chain). 515/515 tests pass, zero type errors, build clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive release notes covering:
- What Archipelago is and key features
- Bitcoin infrastructure, 20+ self-hosted apps, Web5 identity
- Supported hardware (x86_64 and ARM64)
- Installation instructions
- Known limitations
- Upgrade path from beta
- Security model (defense in depth)
- Contributing guidelines
Also marks RELEASE-02 complete — update infrastructure already exists
in core/archipelago/src/update.rs with manifest URL, background
scheduler, and rollback support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
scripts/create-release.sh orchestrates the full release process:
1. Validates SemVer version and clean git state
2. Bumps version in Cargo.toml and package.json
3. Builds frontend
4. Generates changelog from git log
5. Creates release manifest via create-release-manifest.sh
6. Commits version bump and tags release
Supports --dry-run for preview. ISO builds delegated to server.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove unused _restartApp in Apps.vue
- Remove unused version computed in Home.vue
- Remove unused filteredCommunityApps in Marketplace.vue
- All metrics clean: 0 type errors, 0 build warnings, 515/515 tests pass
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Complete user flow documentation from hardware prep through daily use.
6 parts: hardware, installation, onboarding, dashboard, advanced ops,
and maintenance. Ready for screenshot capture and video production.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
20 issues covering connection, apps, Bitcoin sync, backup, updates,
kiosk mode, network, performance, and emergency recovery. Each with
diagnostic commands and step-by-step solutions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
515 tests across 38 files. Branch coverage 88%, function coverage 83%
on testable logic (stores, composables, api, utils, services, router).
New test files: websocket, useLoginSounds, useMobileBackButton,
useControllerNav, routes. Extended: rpc-client (99.5%), container store
(100%). Fixed: useNavSounds AudioContext mock, type errors across tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add --cap-drop ALL and --security-opt no-new-privileges:true to all
containers in first-boot-containers.sh that were missing it:
- Bitcoin Knots, LND, Fedimint, Fedimint Gateway (+ CHOWN/SETUID/SETGID)
- BTCPay Server, Home Assistant (+ CHOWN/SETUID/SETGID/DAC_OVERRIDE)
- Nextcloud (+ CHOWN/SETUID/SETGID/DAC_OVERRIDE)
- Grafana, Uptime Kuma, PhotoPrism, Ollama, Vaultwarden, FileBrowser
(zero extra caps + --read-only + tmpfs for /tmp and /run)
- Jellyfin (zero extra caps)
Tailscale retains --privileged (required for TUN/iptables/routing).
SearXNG, OnlyOffice, Nginx Proxy Manager, Portainer already hardened.
The Rust RPC layer already applies equivalent hardening for all UI
installs; this brings the ISO first-boot path to parity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite verify-pentest-fixes.sh and test-security.sh with comprehensive
security tests covering auth bypass, CSRF protection, rate limiting,
input validation (SQL injection, command injection, path traversal),
session fixation, SSRF, container isolation, and session lifecycle.
Both scripts now pass all checks (35/35 and 14/14).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Set up vue-i18n with English locale file containing 500+ keys organized
by view namespace. All 15 views converted to use t() calls instead of
hardcoded strings. Infrastructure ready for community translations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All modals now close with Escape key. Interactive card divs respond to
Enter key. Skip-to-content link added to Dashboard layout. All Web5 and
Settings modals get role=dialog, aria-modal, and escape handlers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Systematic accessibility pass: aria-label on icon-only buttons, role=dialog
and aria-modal on modals, role=tab/tablist on tab switchers, role=switch
on toggles, aria-live on dynamic status/error regions, aria-hidden on
decorative SVGs, aria-label on search inputs, and nav landmarks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Webhook module with HTTP delivery, HMAC-SHA256 signing, and event
filtering. RPC handlers for get-config, configure, and test endpoints.
Settings page gains webhook configuration section with URL, secret,
event toggles, and test button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
