Added searxng, onlyoffice, filebrowser, nginx-proxy-manager, portainer,
and tailscale to first-boot-containers.sh so fresh ISO installs have all
marketplace apps ready. Fixed penpot icon path in Marketplace.vue to use
the correct app-icons directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update all skill SSH commands from sshpass to key-based auth (~/.ssh/archipelago-deploy)
- Add proxy_connect_timeout 120s to nginx Ollama location blocks
- Add new polish/sweep skills for overnight automation
- Add demo content (documents, photos) for demo stack
- Add .ssh/ to .gitignore
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the brief 4-item checklist with a comprehensive file-level
checklist covering backend, frontend, nginx, deploy, first-boot, and
ISO build. Ensures no file is missed when adding or modifying apps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add electrs-ui to ISO capture patterns (captured from live server)
- Bundle nginx:alpine base image in ISO for UI container builds
- Copy docker UI source files (bitcoin-ui, lnd-ui, electrs-ui) into ISO
- First-boot: create electrs-ui container from pre-built image or source
- First-boot: create bitcoin-ui and lnd-ui containers (same pattern)
- Installer: copy docker/ source dir to target for first-boot fallback
- Nginx: minor config sync from linter changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add electrs to marketplace as standalone installable app
- Add dependency check: refuse install if no bitcoin node is running
- Use container DNS (bitcoin-knots:8332) on archy-net instead of host IP
- Auto-create bitcoin.conf with txindex + RPC on bitcoin-knots install
- Auto-build and start electrs-ui container post-install
- Show index size and estimated progress during initial sync
- Add /electrs-status and /health nginx proxy routes
- Remove Tailwind CDN from electrs-ui, use inline styles
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create Ollama provider plugin in AIUI (ollama-provider.ts)
- Register Ollama alongside Claude in plugin system
- Auto-detect installed models via /api/tags endpoint
- Add Ollama proxy in mock backend (forwards to localhost:11434)
- Add nginx proxy rules for /aiui/api/ollama/ (both HTTP and HTTPS)
- Rebuild AIUI dist with Ollama provider included
- Qwen 2.5 Coder 3B installed on dev server via Ollama
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove webSearch, webResults, context fields before forwarding to
Anthropic API — these are AIUI-internal and cause 400 errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Explicit Google/Cloudflare DNS prevents resolution failures when
the Docker host's DNS is unavailable or misconfigured.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Exclude assets/icon/** from workbox globPatterns (already in includeAssets)
- Remove duplicate /api/* and /aiui/api/web-search routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /api/web-search stub returning empty results in demo mode
- Add /aiui/api/* catch-all returning JSON 404 instead of HTML fallback
- Fix nginx proxy to catch all /api/ routes (not just /aiui/api/web-search)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Inject max_tokens: 4096 in Claude API proxy when AIUI omits it
- Add /aiui/api/web-search stub returning empty results (no search backend in demo)
- Add nginx proxy rule for web-search endpoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Claude API proxy in mock-backend.js (reads ANTHROPIC_API_KEY from env)
- Supports SSE streaming via pipe
- Move ANTHROPIC_API_KEY to backend service in docker-compose.demo.yml
- Remove envsubst from entrypoint (no longer needed)
- nginx-demo.conf proxies /aiui/api/claude/ to backend
This fixes the 401 error when Portainer doesn't pass env vars to
nginx correctly — the Node.js backend reads process.env directly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add node-messages-received, node.messages, node.notifications stubs
- Send WebSocket heartbeat every 45s to prevent client disconnect at 60s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Wrap ${ANTHROPIC_API_KEY} in quotes so envsubst produces valid nginx
directive even when the variable is empty
- Skip Docker container polling when runtime is unavailable (stops
log spam in demo/Portainer deployments)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch from sshpass to SSH key (~/.ssh/archipelago-deploy)
- Use pre-built AIUI dist instead of rebuilding on every deploy
- Removes password-based auth dependency
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AIUI pre-built dist to demo/ for Portainer deployment
- Add nginx-demo.conf with Claude API proxy (envsubst for API key)
- Add docker-entrypoint.sh for runtime API key injection
- Update Dockerfile.web to include AIUI and Claude proxy
- Update docker-compose.demo.yml with ANTHROPIC_API_KEY env var
- Switch deploy script from sshpass to SSH key auth
- Fix Quick Start Goals animating before other cards (stagger 5, opacity guard)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Convert "Choose Your Path" screen to informative (read-only cards)
- Harden "Choose Your Setup" (gray out Coming Soon options, auto-select Fresh Start)
- Auto-fetch DID on mount with retry and auto-advance after success
- Improve backup download for mobile compatibility
- Add retry logic to verify step with graceful skip option
- Route verify → done → login for complete onboarding flow
- Add AIUI install confirmation via custom event (SEC-001)
- Add file path whitelist for AIUI file access (SEC-002)
- Add log redaction for container logs sent to AIUI (SEC-003)
- Add Secure flag to session cookie in production (SEC-004)
- Fix ISO build script to handle zstd compression errors gracefully
- Sync archipelago.service from live server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- TOTP 2FA: full setup/confirm/disable/login flow with Argon2id + ChaCha20-Poly1305
encrypted secret storage, QR code generation, and bcrypt-hashed backup codes
- API key switcher: OAuth vs personal API key toggle in AIUI chat settings with
status indicator, key validation, and help text
- Login progress bar: server startup detection with health check polling, form
disabled until server is ready
- AI quarantine docs: comprehensive HTML page documenting all 6 security layers
- Settings: AI Data Access permission toggles with per-category control
- Alpha hardening plan: 28-task overnight automation plan across 7 phases
(onboarding, login, app install, AIUI, UI polish, security, ISO build)
- Backlog: node discovery spatial map feature for alpha demo
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- loop/prompt-pentest-fix.md: dedicated prompt for pentest fix overnight
runs, instructs Claude to run verify-pentest-fixes.sh as final step
- loop/loop.sh: automatically runs verification script when all plan
tasks are complete (runs for any plan, not just pentest)
Usage: PROMPT_FILE=loop/prompt-pentest-fix.md caffeinate -i ./loop/loop.sh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- scripts/verify-pentest-fixes.sh: 26-check automated verification
that tests all 21 pentest findings against the live server
- loop/plan.md: add permanent post-fix verification section
- scripts/overnight-loop.sh: accept plan file arg, run verification
after all fixes complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Overnight pentest run produced recon, analysis, exploitation reports,
and a full security assessment. Plan.md updated with 22 prioritized
fix items for auth, SSRF, injection, XSS, and hardening.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Redesign favicon SVG with gradient border matching splash screen
- Rename all icon files with -v2 suffix to bypass browser/SW/PWA caches
- Delete 9 old/duplicate icon files (~13MB removed)
- Add nginx cache-control headers for icons and manifest
- Rename assets-cache to assets-cache-v2 to orphan stale SW cache
- Update all HTML, manifest, and component icon references
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Register bitcoin.rs and lnd.rs modules in mod.rs and add route entries
for bitcoin.getinfo and lnd.getinfo. Add bitcoinInfo ref and context
display to AIUI useArchy.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add readFileAsText() to filebrowser client, read-file and tail-logs action
handlers to context broker, bitcoin.getinfo and lnd.getinfo RPC enrichment
for context categories, and update AIUI protocol types.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moves dynamic pt-20/pt-40 padding from perspective-container-wrapper (which
shrank the content area) to the inner scroll container via computed style.
Removes spacer divs in CloudFolder, AppDetails, MarketplaceAppDetails.
Reduces excessive bottom padding in Marketplace. Hides Cloud/Network tabs
in CloudFolder detail view. Teleports mobile back buttons to body to escape
CSS transform containing block.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The mobile close button uses position: fixed, which breaks inside
a CSS transform containing block. Wrapping in <Teleport to="body">
ensures correct fixed positioning relative to the viewport.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 25 tasks in the overnight loop plan are now [DONE].
Phase 4 research (Capacitor/TWA, StartOS comparison, roadmap)
was documented inline during plan creation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Verified all four integration points on live server:
- AIUI loads in iframe (HTTP 200, embedded mode with postMessage)
- Claude proxy responds (streaming API call successful)
- Context broker sends real data (all 10 categories wired)
- Close button works on mobile (bottom bar) and desktop (top-right pill)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add --cap-drop=ALL, --security-opt=no-new-privileges:true to all
non-privileged containers. Per-app capability grants for apps needing
CHOWN/SETUID/SETGID. Read-only root filesystem with tmpfs for
compatible apps (searxng, grafana, uptime-kuma, filebrowser,
photoprism, vaultwarden). Add Fedimint "Create a Community" goal
with 4-step wizard. Fix deploy script cp -rf for audio directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create DID button generates a did:key identity (tries backend RPC first,
falls back to client-side Web Crypto P-256 key generation). DID stored in
localStorage. Copy DID button for sharing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- --frontend-only skips Rust build and container rebuilds (35s vs 130s)
- SSH connectivity check fails fast if server is unreachable
- Each section now prints elapsed time
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- sanitizeFiles() now fetches real data from FileBrowser (usage, folders, recent files)
- Fixed media state check to include 'running' and 'stopped' states, not just 'installed'
- Removed unused bottomPosition variable in CloudFolder.vue
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a search input to the Apps page that filters installed apps by title,
description, or app ID. Styled consistently with the Marketplace search bar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added proxy configurations for Grafana (3000), Jellyfin (8096), Uptime Kuma
(3001), Portainer (9000), OnlyOffice (9980), and all remaining apps (SearXNG,
LND, Mempool, PhotoPrism, Fedimint, Tailscale, Ollama, Bitcoin UI, Electrs,
Endurain, Nginx Proxy Manager, BTCPay, Home Assistant) to the HTTP server
block. Previously these were only available via HTTPS. Also added
client_max_body_size and proxy_request_buffering to the HTTPS filebrowser
snippet for large file uploads.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace hardcoded "All Running", "Connected", "12" in the Network
overview card with computed values from useAppStore. Services status
reflects actual running/total app counts, connectivity uses WebSocket
connection state, and running apps count is live.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Unified the Easy and Pro mode home views into a single tabbed interface.
Both modes now show Dashboard and Setup tabs, replacing the mode-specific
conditional rendering. Added missing homeTab ref that was referenced in
template but never declared.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
