Unmatched URLs now show a glass-card 404 page with a link back
to the dashboard instead of a blank page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Updated appLauncher tests to match current session-based routing.
Fixed settings test to use h2 instead of h1. Fixed RPC client test
to expect 'Session expired' on 401.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removed unused sync podman_command/docker_command methods.
Removed dead_code annotations from User and AuthManager (now actively used).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Check user role against method permissions before dispatch.
All current users default to Admin, laying groundwork for multi-user.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instant is monotonic but drifts on sleep/hibernate common on NUC
hardware. SystemTime gives proper wall-clock expiry for sessions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
IndeedHub running on port 7777, nostr-provider.js injected,
NIP-07 identity flow wired, NIP-04/NIP-44 RPC handlers in place.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend metadata and manifest now match the actual running config
and the frontend port mapping.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Nginx strips X-Frame-Options on all proxy paths. IndeedHub sub_filter
working. All apps load via /app/{id}/ proxy paths. Deployed and verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y5-01: docs/community-growth-plan.md — 3 growth phases from
dev preview to 10K nodes, tracking via opt-in analytics
- Y5-04: docs/v3-release-checklist.md — prerequisites, release
steps (code freeze, ISO builds, checksums), post-release plan
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y3-03: cluster.rs with Raft types (ClusterRole, ClusterState,
AppPlacement, ClusterConfig). Ready for openraft integration.
- Y2-04: Existing PWA already serves as mobile companion (installable,
read-only dashboard works on mobile via HTTPS).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- AppMetadata for monerod/monero and elementsd/liquid in docker_packages
- Marketplace entries with pinned images from trusted registries
- Monero: sethforprivacy/simple-monerod:v0.18.3.4
- Liquid: vulpemventures/elements:23.2.2
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y5-02: rolling_container_restart() in update.rs — restarts containers
one at a time with health checks, reports success/failure per container
- Y3-01: UserRole enum (Admin/Viewer/AppUser) with can_access() RBAC
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New RPC endpoints:
- analytics.get-status: Check if analytics opted in
- analytics.enable/disable: Toggle opt-in
- analytics.get-snapshot: Anonymous aggregate data (version, app count,
hardware tier, CPU cores, RAM, federation peers)
No personal data: no DIDs, no IPs, no secrets. Strictly opt-in.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New RPC endpoints:
- backup.upload-s3: Upload encrypted backup to any S3-compatible endpoint
- backup.download-s3: Download backup from S3 to local storage
Supports MinIO, Backblaze B2, Wasabi via basic auth + S3 API.
Backups are AES-256-GCM encrypted before upload.
Rate-limited at 3 requests per 10 minutes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y2-02: scripts/validate-app-manifest.sh — validates community app
manifests (YAML, required fields, trusted registry, no :latest,
security checks, memory limits)
- Y2-03: neode-ui/src/locales/es.json — Spanish locale stub with
common strings translated, template for other languages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: credentials.json had flat-format test data from old code,
incompatible with current W3C VerifiableCredential struct. Parse error
was hidden by error sanitization.
Fix: cleared old test data. VC flow now works bidirectionally:
- .198: 3/3 issue + 3/3 verify
- .228: issue + verify work (rate-limited during repeated testing)
- Both nodes: list-credentials returns correct counts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both nodes rebooted simultaneously. .228 SSH in 115s, .198 in ~5min.
Both healthy. Federation re-established — 2 peers synced.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removed 54 unused/dangling images from .228.
50% total image disk reduction (freed 26.96GB).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix: bash parameter splitting caused {} to break into body JSON.
Changed rpc() to declare params separately.
Removed set -e to allow individual test failures.
FLEET-02: .228 passes 30/30 (3 iterations) — all features validated.
FLEET-03: .198 blocked — backend instability, 15/28 pass.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Simplify DHT encoding: use JSON instead of DNS packets (drop simple-dns)
- Fix mainline crate API: SigningKey takes 32 bytes, get_mutable returns Result
- Add missing dht_did field to IdentityRecord constructor
- Store DID Document as JSON in DHT (DNS encoding deferred)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- DHT Identity card with blue status indicator
- "Publish to DHT" button calls identity.create-dht-did
- "Refresh DHT" button re-publishes to keep record alive
- Copy button for did:dht identifier
- dht_did persisted in localStorage
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- federation.list-nodes now includes vc_verified: bool per node
- True when a non-revoked FederationTrustCredential exists for the peer DID
- Integrates with VC-02's automatic VC issuance on federation join
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Issue W3C VC (type FederationTrustCredential) when joining federation
- Claims: federationPeer=true, establishedAt=timestamp
- Signed with node Ed25519 identity key
- Runs in background task (non-blocking)
- Stored via credentials system for later verification
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add dht_did field to IdentityRecord (optional, serde-compatible)
- Add prefer_dht_did param to identity.issue-credential RPC
- When true and dht_did is set, uses did:dht as VC issuer
- Credential system already format-agnostic for any DID type
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- PERF-01: Move crash recovery to background tokio task so health
endpoint is available immediately on startup
- PERF-04: Add ResponseCache with 5s TTL for system.stats and
federation.list-nodes. Reduces CPU for frequent polling.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Crash recovery (check_for_crash + recover_containers +
start_stopped_containers) now runs in a background tokio task.
The health endpoint is available immediately on startup instead of
blocking for 260+ seconds while containers restart sequentially.
This directly fixes the .198 boot recovery timeout issue where the
backend took 260s to become healthy after restart.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Initial load: 110KB gzipped (index.js). All views code-split.
Total: 312KB gzipped across all chunks. No optimization needed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TAP format, takes target IP + --iterations N
- Checks: health, memory, disk, containers, federation, DWN,
identity, NIP-07, backup create/verify/delete
- Exit 0 = production ready
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
.198 crash recovery takes >120s for 34 containers. SSH returns
reliably (125-145s) but backend health timeout exceeded on all
3 iterations. Needs CONT-02 deployment and/or increased timeout.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
get_app_tier() classifies all apps:
- core: Bitcoin, LND, Electrs, Mempool, BTCPay, DWN, FileBrowser
- recommended: Fedimint, Grafana, Vaultwarden, Kuma, SearXNG, etc.
- optional: everything else
Tier field added to Manifest struct (data_model.rs) and exposed
via WebSocket package data for frontend tier badges.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
