All modals now close with Escape key. Interactive card divs respond to
Enter key. Skip-to-content link added to Dashboard layout. All Web5 and
Settings modals get role=dialog, aria-modal, and escape handlers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Systematic accessibility pass: aria-label on icon-only buttons, role=dialog
and aria-modal on modals, role=tab/tablist on tab switchers, role=switch
on toggles, aria-live on dynamic status/error regions, aria-hidden on
decorative SVGs, aria-label on search inputs, and nav landmarks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Webhook module with HTTP delivery, HMAC-SHA256 signing, and event
filtering. RPC handlers for get-config, configure, and test endpoints.
Settings page gains webhook configuration section with URL, secret,
event toggles, and test button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements monitoring/collector.rs that collects per-container CPU/RAM/network/disk,
system-wide metrics, RPC latency, and WebSocket connection count every 60 seconds.
Data stored in dual ring buffers: 1-min resolution (24h) and 15-min resolution (7d).
Three new RPC endpoints: monitoring.current, monitoring.history, monitoring.containers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- releases/manifest.json: Seed release manifest for update server
- update.rs: Make UPDATE_MANIFEST_URL configurable via ARCHIPELAGO_UPDATE_URL env var
- CONTRIBUTING.md: Comprehensive contribution guidelines covering code style,
PR process, testing, security disclosure, and app submission
- .github/ISSUE_TEMPLATE/: Bug report, feature request, and app submission
issue templates with structured forms
- .github/pull_request_template.md: PR template with checklist
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Server.vue: Add loading/disabled state to WiFi connect button,
success toast on WiFi connection
- Credentials.vue: Disable verify button when input empty, add
disabled styles
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Server.vue: Add user feedback for disk cleanup and restart operations
- Credentials.vue: Add clipboard fallback, better identity load error handling
- Federation.vue: Add clipboard fallback for invite code copy
- ContainerApps.vue: Wrap polling intervals in try-catch to prevent
unhandled promise rejections from background refresh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 30 UX audit findings verified resolved. Added the last missing
loading indicator for Cloud.vue file count fetching. All P0, P1, and P2
items from docs/ux-audit-2026-03.md are now addressed across Login,
Home, Apps, Server, Chat, Federation, Credentials, Settings, Marketplace,
Web5, SystemUpdate, and Cloud views.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every empty/comment-only catch block now logs a descriptive warning
in dev mode via `if (import.meta.env.DEV) console.warn(...)`. Covers
15 files across views, stores, components, and utils. Zero silent
catches remaining.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
41 tests passing, type-check and build clean. This becomes the
regression target — counts must only go down.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Security headers already present in nginx config (X-Content-Type-Options,
X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy). Removed
Access-Control-Allow-Origin: * from electrs-status — CORS is now handled
by the backend with origin validation. Deployed and verified all headers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace blanket cors_origin() with validate_origin() that checks the
incoming Origin header against allowed origins (host IP + dev server).
Unknown origins no longer receive Access-Control-Allow-Origin headers.
Also added X-CSRF-Token to allowed CORS headers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Double-submit cookie pattern: backend generates csrf_token cookie on login
(non-HttpOnly so JS can read it), validates X-CSRF-Token header matches
cookie on all authenticated RPC calls. Returns 403 if missing/mismatched.
Frontend reads cookie and sends header automatically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shows detected physical interfaces (ethernet/wifi) with IP, MAC, and
status. WiFi scan button opens a modal with signal strength bars and
password-protected connection flow. Uses network.list-interfaces and
network.scan-wifi RPC endpoints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add network.list-interfaces, network.scan-wifi, network.configure-wifi,
and network.configure-ethernet endpoints using ip and nmcli commands.
Includes input validation to prevent command injection. Deployed and
verified — list-interfaces returns real interface data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full-width card with color-coded progress bars (green <70%, orange
70-90%, red >90%) and uptime display. Calls system.stats RPC on
mount and refreshes every 30s. Deployed and verified.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Read real metrics from /proc/stat, /proc/meminfo, /proc/uptime, /proc/loadavg,
df, ps, and /sys/class/thermal/. CPU usage computed via dual-sample jiffies.
Deployed and verified on live server — all three endpoints return real data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Web3 card showed hardcoded values (3 active, Valid, 2.4 GB, 1
configured) for features that don't exist yet. Replace with subtle
"Coming Soon" pill badges to avoid misleading users.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace hardcoded values with live data from network.diagnostics and
router.list-forwards RPC calls. Add skeleton loading states and
graceful N/A fallbacks when endpoints are unavailable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
express.json() middleware was consuming the binary file body before the
upload handler could drain it, causing 404/parse errors on file uploads.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Removed !isEmbedded guard from mobile tab auto-switch watchers in
ChatPage.vue. When running embedded in Archy iframe on mobile,
clicking a chat bubble now correctly switches to the content panel.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The entrypoint now injects client_max_body_size 0 at runtime if missing,
as a safety net against Docker layer caching of the nginx config.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Location-level override wasn't sufficient. Setting at http block
disables the body size limit globally for the demo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Onboarding:
- Fixed viewport to use dvh units with position:fixed container
- All views use scrollable glass containers that fit within viewport
- Responsive typography and spacing (mobile-first breakpoints)
- Tighter padding/margins on small screens
- RootRedirect checks localStorage first for instant redirect
- Spinner only appears after 500ms delay to avoid flash
Filebrowser:
- Fix CloudFolder null initialPath crash (watch both useNativeUI + section)
- Remove unused `host` computed (was causing TS error)
- Add mock GET /app/filebrowser/ landing page
- Increase express.json limit to 50mb
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mock backend lan-address now uses localhost so hostname replacement works
correctly. CloudFolder external URLs use origin-relative proxy paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The My Apps page went blank after installing apps because pkg['static-files'].icon
was accessed without optional chaining on dynamically installed packages that lack
the static-files property.
- Make static-files optional in PackageDataEntry type
- Add defensive ?.icon access with fallback in Apps.vue and AppDetails.vue
- Add filebrowser to mock backend staticDevApps (enables Cloud page in demo)
- Expand portMappings and marketplaceMetadata for all marketplace apps
- installPackage now uses staticApp() format for consistent data shape
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes "Method not found: identity.create" on demo onboarding. Adds handlers
for all identity, nostr, content, network, router, and peer RPC methods so
no method-not-found errors occur anywhere in the demo. Expands marketplace
from 2 to 12 apps, adds 5 static dashboard apps, randomizes metrics, and
populates peer/message data for a richer demo experience.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Set http1_keep_alive(false) on hyper server to prevent connection
reuse issues with nginx reverse proxy
- Clean up nginx proxy config: remove upstream block, use direct
proxy_pass to 127.0.0.1:5678
- Update AppLauncherOverlay and appLauncher store with UI fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
