- Wrap ${ANTHROPIC_API_KEY} in quotes so envsubst produces valid nginx
directive even when the variable is empty
- Skip Docker container polling when runtime is unavailable (stops
log spam in demo/Portainer deployments)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch from sshpass to SSH key (~/.ssh/archipelago-deploy)
- Use pre-built AIUI dist instead of rebuilding on every deploy
- Removes password-based auth dependency
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AIUI pre-built dist to demo/ for Portainer deployment
- Add nginx-demo.conf with Claude API proxy (envsubst for API key)
- Add docker-entrypoint.sh for runtime API key injection
- Update Dockerfile.web to include AIUI and Claude proxy
- Update docker-compose.demo.yml with ANTHROPIC_API_KEY env var
- Switch deploy script from sshpass to SSH key auth
- Fix Quick Start Goals animating before other cards (stagger 5, opacity guard)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Convert "Choose Your Path" screen to informative (read-only cards)
- Harden "Choose Your Setup" (gray out Coming Soon options, auto-select Fresh Start)
- Auto-fetch DID on mount with retry and auto-advance after success
- Improve backup download for mobile compatibility
- Add retry logic to verify step with graceful skip option
- Route verify → done → login for complete onboarding flow
- Add AIUI install confirmation via custom event (SEC-001)
- Add file path whitelist for AIUI file access (SEC-002)
- Add log redaction for container logs sent to AIUI (SEC-003)
- Add Secure flag to session cookie in production (SEC-004)
- Fix ISO build script to handle zstd compression errors gracefully
- Sync archipelago.service from live server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- TOTP 2FA: full setup/confirm/disable/login flow with Argon2id + ChaCha20-Poly1305
encrypted secret storage, QR code generation, and bcrypt-hashed backup codes
- API key switcher: OAuth vs personal API key toggle in AIUI chat settings with
status indicator, key validation, and help text
- Login progress bar: server startup detection with health check polling, form
disabled until server is ready
- AI quarantine docs: comprehensive HTML page documenting all 6 security layers
- Settings: AI Data Access permission toggles with per-category control
- Alpha hardening plan: 28-task overnight automation plan across 7 phases
(onboarding, login, app install, AIUI, UI polish, security, ISO build)
- Backlog: node discovery spatial map feature for alpha demo
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- loop/prompt-pentest-fix.md: dedicated prompt for pentest fix overnight
runs, instructs Claude to run verify-pentest-fixes.sh as final step
- loop/loop.sh: automatically runs verification script when all plan
tasks are complete (runs for any plan, not just pentest)
Usage: PROMPT_FILE=loop/prompt-pentest-fix.md caffeinate -i ./loop/loop.sh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- scripts/verify-pentest-fixes.sh: 26-check automated verification
that tests all 21 pentest findings against the live server
- loop/plan.md: add permanent post-fix verification section
- scripts/overnight-loop.sh: accept plan file arg, run verification
after all fixes complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Overnight pentest run produced recon, analysis, exploitation reports,
and a full security assessment. Plan.md updated with 22 prioritized
fix items for auth, SSRF, injection, XSS, and hardening.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Redesign favicon SVG with gradient border matching splash screen
- Rename all icon files with -v2 suffix to bypass browser/SW/PWA caches
- Delete 9 old/duplicate icon files (~13MB removed)
- Add nginx cache-control headers for icons and manifest
- Rename assets-cache to assets-cache-v2 to orphan stale SW cache
- Update all HTML, manifest, and component icon references
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Register bitcoin.rs and lnd.rs modules in mod.rs and add route entries
for bitcoin.getinfo and lnd.getinfo. Add bitcoinInfo ref and context
display to AIUI useArchy.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add readFileAsText() to filebrowser client, read-file and tail-logs action
handlers to context broker, bitcoin.getinfo and lnd.getinfo RPC enrichment
for context categories, and update AIUI protocol types.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moves dynamic pt-20/pt-40 padding from perspective-container-wrapper (which
shrank the content area) to the inner scroll container via computed style.
Removes spacer divs in CloudFolder, AppDetails, MarketplaceAppDetails.
Reduces excessive bottom padding in Marketplace. Hides Cloud/Network tabs
in CloudFolder detail view. Teleports mobile back buttons to body to escape
CSS transform containing block.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The mobile close button uses position: fixed, which breaks inside
a CSS transform containing block. Wrapping in <Teleport to="body">
ensures correct fixed positioning relative to the viewport.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 25 tasks in the overnight loop plan are now [DONE].
Phase 4 research (Capacitor/TWA, StartOS comparison, roadmap)
was documented inline during plan creation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Verified all four integration points on live server:
- AIUI loads in iframe (HTTP 200, embedded mode with postMessage)
- Claude proxy responds (streaming API call successful)
- Context broker sends real data (all 10 categories wired)
- Close button works on mobile (bottom bar) and desktop (top-right pill)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add --cap-drop=ALL, --security-opt=no-new-privileges:true to all
non-privileged containers. Per-app capability grants for apps needing
CHOWN/SETUID/SETGID. Read-only root filesystem with tmpfs for
compatible apps (searxng, grafana, uptime-kuma, filebrowser,
photoprism, vaultwarden). Add Fedimint "Create a Community" goal
with 4-step wizard. Fix deploy script cp -rf for audio directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create DID button generates a did:key identity (tries backend RPC first,
falls back to client-side Web Crypto P-256 key generation). DID stored in
localStorage. Copy DID button for sharing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- --frontend-only skips Rust build and container rebuilds (35s vs 130s)
- SSH connectivity check fails fast if server is unreachable
- Each section now prints elapsed time
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- sanitizeFiles() now fetches real data from FileBrowser (usage, folders, recent files)
- Fixed media state check to include 'running' and 'stopped' states, not just 'installed'
- Removed unused bottomPosition variable in CloudFolder.vue
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a search input to the Apps page that filters installed apps by title,
description, or app ID. Styled consistently with the Marketplace search bar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added proxy configurations for Grafana (3000), Jellyfin (8096), Uptime Kuma
(3001), Portainer (9000), OnlyOffice (9980), and all remaining apps (SearXNG,
LND, Mempool, PhotoPrism, Fedimint, Tailscale, Ollama, Bitcoin UI, Electrs,
Endurain, Nginx Proxy Manager, BTCPay, Home Assistant) to the HTTP server
block. Previously these were only available via HTTPS. Also added
client_max_body_size and proxy_request_buffering to the HTTPS filebrowser
snippet for large file uploads.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace hardcoded "All Running", "Connected", "12" in the Network
overview card with computed values from useAppStore. Services status
reflects actual running/total app counts, connectivity uses WebSocket
connection state, and running apps count is live.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Unified the Easy and Pro mode home views into a single tabbed interface.
Both modes now show Dashboard and Setup tabs, replacing the mode-specific
conditional rendering. Added missing homeTab ref that was referenced in
template but never declared.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Dynamically builds searchable items from installed packages so typing
an app name in CMD-K finds and launches it via the app launcher overlay.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When localStorage confirms auth, the background revalidation now uses
store.checkSession() directly instead of the 8-second timeout wrapper.
This prevents premature redirects to /login on slow networks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drag files over the native file browser area to see a drop zone overlay
with dashed orange border. Dropping files triggers the existing upload
handler. Uses debounced dragleave to prevent flicker between children.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add getUsage() method to filebrowser-client that fetches root directory
and returns total size and folder count. Home.vue Cloud card now shows
real storage used and folder count instead of hardcoded values.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Confirmed data-mobile-tab-bar attribute is present on Dashboard tab bar,
useMobileBackButton composable correctly calculates positioning, and all
views (CloudFolder, Chat, Marketplace, AppDetails) use it properly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Marketplace header container now hidden md:flex to save mobile space.
Home welcome header uses mb-4 on mobile, mb-8 on desktop.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All PWA icon files verified present. VitePWA plugin handles
manifest.webmanifest generation and injection automatically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add maximum-scale=1.0, user-scalable=no, interactive-widget=resizes-content
to viewport meta for proper mobile keyboard behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hide top-right pill on mobile, add bottom-positioned close button
using useMobileBackButton composable for proper tab bar clearance.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add native Cloud file browser with FileBrowser API integration
- Add cloud store, filebrowser-client, useAudioPlayer, useFileType composables
- Add Cloud components: FileGrid, FileCard, FileCardGrid, CloudToolbar
- Add Claude authentication section to Settings with OAuth status check
- Harden deploy script to preserve /aiui/ and claude-login.html
- Add nginx proxies for btcpay, homeassistant, filebrowser (HTTPS block)
- Add app configs for filebrowser, searxng, penpot in package.rs
- Update goal progress tracking with app aliases
- Improve mobile back button composable with ResizeObserver
- Update various views with cloud integration and UI refinements
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Protocol: 10 context categories (apps, system, network, bitcoin, media, files, notes, search, ai-local, wallet)
- ContextBroker: real data wiring for all categories with sanitization
- Permissions: user toggles for all categories in Settings
- Nginx: Claude API, OpenRouter, SearXNG proxy pass-through
- Actions: launch-app, search-web, install-app handlers
- Chat.vue: loading state + connection indicator
- Integration test page: test-aiui.html
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
