Created scripts/test-cross-node.sh covering:
- US-01: System health (6 checks per node per iteration)
- US-05: Tor hidden service resolution (bidirectional)
- US-09: NIP-07 nostr-provider injection
31/32 tests pass. Both nodes healthy, Tor working bidirectionally,
NIP-07 provider injected on both nodes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
STAB-01: Added 4GB swap on .198
STAB-02: Added 8GB swap on .228
STAB-03: Upgraded Tor on .198 from 0.4.7.16 to 0.4.9.5 (Tor Project repo)
STAB-04: .onion resolution working — .198 can reach .228 via Tor
STAB-05: Nostr identity valid — revocation is intentional (blocks old format)
STAB-06: Federation already established between .228 and .198
STAB-07: Root podman correctly aligned with backend on .198
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: UFW firewall was blocking all traffic from Podman container
subnets (10.88.0.0/16, 10.89.0.0/16) to the host, which prevented
Aardvark DNS resolution. Containers could not resolve each other by
hostname, causing mempool-web, mempool-api, nbxplorer, btcpay-server,
and immich_server to crash loop (6000+ total restarts).
Fix: Added UFW allow rules for Podman network subnets. Also removed
unused ollama container. All 32 containers now stable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bump version to 1.1.0 in Cargo.toml and package.json.
Add comprehensive CHANGELOG.md entry covering all v1.1.0 features:
NIP-07 iframe signing, file sharing across nodes, DWN multi-node sync,
node visualization map, Tor address rotation, boot container recovery,
and full monitoring/testing suite.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three issues found during uptime testing: boot container recovery,
uptime monitor auth, Tor hostname permissions — all fixed in prior
commits. No memory leaks detected. 99.5% uptime over 415 checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added start_stopped_containers() to crash_recovery.rs that starts all
exited/created containers on backend startup, fixing the issue where
containers didn't come back after clean reboot (PID marker removed by
systemd stop). Created test-failure-recovery.sh covering 5 failure
scenarios: container crash, backend restart, Tor restart, full reboot,
and Tor traffic block (UPTIME-02).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Created federation-health-check.sh tracking peer online/offline state,
DWN sync status, and federation success rate. Fixed uptime-monitor.sh
to authenticate for system.stats RPC. Both run every 5min via cron
on primary server (UPTIME-01).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers federation, content sharing, DWN messages + sync, health
monitor auto-restart, Tor rotation endpoints, and NIP-07 signing.
Fixed content.list → content.list-mine, system.stats field name.
(INSTALL-04)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
read_onion_address() now checks tor-hostnames readable cache first,
clears cache before wait_for_hostname, updates it after rotation.
Rotation restarts system Tor (not just archy-tor container). Created
test-tor-rotation.sh with 10 automated checks (INSTALL-03).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added node.nostr-sign RPC that uses the node-level Nostr key (matching
getPublicKey), fixing pubkey mismatch where identity.nostr-sign used a
different key. Updated appLauncher to call node.nostr-sign. Added
nostr_sign_hash() to nostr_discovery.rs. Created test-nip07.sh with
11 automated checks (INSTALL-02).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Web5.vue already has protocol management (register/list/remove),
message browser with pagination, sync targets, and sync now button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Install d3@7 and @types/d3@7
- NetworkMap.vue: force-directed graph with draggable nodes, trust-level
coloring (green/amber/red), online/offline opacity, dashed links
- Federation.vue: List/Map tab switcher with localStorage persistence
- Wire map to real federation data (self node centered, peers as satellites)
- Default to map view when 3+ nodes federated
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Shows message count, last sync time, sync status indicator
- Sync Now button triggers dwn.sync RPC with loading state
- DWN status dot in node list cards (green/amber/red)
- Loads DWN status on mount alongside federation nodes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sync successfully contacts federation peers over Tor. Pull/push protocol
works end-to-end (tested via direct Tor DWN endpoint). Peers need updated
backend deployed for full cross-node replication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- DWN sync now uses federation node list instead of old peer list
- Fix sync URL to use port 80 (nginx) instead of 5678 (direct backend)
- DWN /dwn endpoint now accessible without auth for peer sync
- Support both message formats: {message:{}} and {messages:[{}]}
- Replace request["message"] with unified message variable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New PeerFiles.vue view shows federated peers and their shared catalogs
- Peer Files card in Cloud.vue shows when federation peers exist
- New content.download-peer RPC fetches content from peer via Tor
- Route: /dashboard/cloud/peers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Catalog browse: 0.33s over Tor. All file sizes (28B to 10MB) download
correctly with matching MD5 checksums. Transfer speeds ~500-800KB/s.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- PeersOnly access now checks X-Federation-DID header against known federation nodes
- Specific availability restricts content to named peer DIDs only
- Anonymous/unknown DID requests get 403 Forbidden
- Free content remains accessible to everyone
- Paid content still returns 402 with price info
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /content and /dwn proxy locations to nginx config (both HTTP and HTTPS)
so peer requests reach the backend instead of the SPA catch-all
- Update content_file_path() to check FileBrowser data dir as fallback when
files aren't in the dedicated content/files/ directory
- Populate size_bytes from actual file metadata in content.add
- Filter out availability:nobody items from the public catalog endpoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Verified: backend stop detection, restart recovery, Tor stop detection,
full reboot recovery. Fixed AppArmor read rules for Tor directories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 3 servers publish to Nostr relays and discover each other.
Removed stale revocation files and suspicious SSRF relay entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add tor-hostnames fallback for reading onion addresses when system Tor
owns hidden_service directories (permissions 700)
- Exempt federation.peer-joined, federation.get-state, and
federation.peer-address-changed from auth/CSRF (inter-node RPC)
- Set up system Tor with AppArmor overrides on archipelago-2 and 3
- All 3 servers federated and syncing successfully
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Deployed to primary (192.168.1.228), archipelago-2, and archipelago-3.
Secondary (192.168.1.198) is offline. All 3 servers healthy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Settings page shows all Tor hidden services with toggle switches
(enable/disable per app) and a Rotate button for the main node address.
Added RPC client methods for tor.list-services, tor.toggle-app,
tor.rotate-service, tor.cleanup-rotated. Toggle CSS classes in style.css.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After rotation, spawns background task that publishes updated .onion to
Nostr relays and sends federation.peer-address-changed RPC to all peers
over Tor. Peers update their nodes.json with the new address.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
tor.rotate-service: renames hidden service dir, restarts Tor, waits
for new hostname. Old dir kept for 24h transition.
tor.cleanup-rotated: removes expired old service directories.
tor.toggle-app: enable/disable Tor access per app with service dir
management and container restart.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend: identity.nostr-encrypt-nip04, identity.nostr-decrypt-nip04,
identity.nostr-encrypt-nip44, identity.nostr-decrypt-nip44 endpoints
with auto-resolve to default identity. Frontend: appLauncher routes
nip04.* and nip44.* postMessage calls to backend RPC.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added nostrudel.ninja as a web-only app in Marketplace (community category).
Configured nginx reverse proxy at /ext/nostrudel/ with NIP-07 provider
injection in both HTTP and HTTPS blocks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingBackup.vue was already calling rpcClient.createBackup()
with real RPC backend. No code changes needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingVerify.vue now signs a random challenge via node.signChallenge
and auto-verifies using identity.verify with the node's DID. Shows
green checkmark on cryptographic verification success.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OnboardingDid.vue now fetches node.nostr-pubkey after DID is
retrieved and displays it with a copy button. Both identities
are cached in localStorage. Added missing copyNpub function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every new identity now gets both Ed25519 (DID) and secp256k1 (Nostr)
keys from creation. The create() method calls create_nostr_key()
automatically, so identity.create RPC always returns nostr_pubkey
and nostr_npub fields.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DiskUsage and ContainerCrash alerts now fire webhooks via
send_webhook() after pushing WebSocket notifications. Added
data_dir parameter to spawn_metrics_collector for webhook config
access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Health checks, auto-restarts, and WebSocket notifications now run
unconditionally. Previously the entire health loop was gated on
webhook config, so fresh installs (webhooks disabled) got zero
container monitoring. Webhook HTTP delivery is now fire-and-forget
after the notification is pushed to the UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added new dependencies: `adler2`, `crc32fast`, `flate2`, `miniz_oxide`, and `libredox`.
- Updated existing dependencies: `tokio-rustls` to version 0.26.4 and `filetime` to version 0.2.27.
- Removed the `backup.rs` file as it is no longer needed.
- Introduced tests for configuration and credential management.
- Enhanced the `identity` module to generate W3C compliant DID documents.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The manifest field was validated but never applied to the podman create
command. Now passes --security-opt no-new-privileges=true for all containers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- x86_64 hardware validated on dev server (E2E-02)
- COMM-04 and FINALDOC-04 superseded by v1.0.0 release
- E2E-04 soak test running (ends Apr 10)
- 158/158 plan items resolved
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Uptime monitor timer running every 5min, 30-day soak test active,
hotfix process documented. 100% uptime so far.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Built 12GB x86_64 installer ISO on dev server. Updated README for v1.0.
ISO available in FileBrowser Builds folder.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace outdated macOS/Docker Desktop references with current Debian 12
target platform, Podman containers, and accurate feature list.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added no_new_privileges: true, user: 1000, and seccomp_profile: default
to all app manifests. Created community app review checklist.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace sh -c echo with tokio::fs::write for bitcoin.conf generation
- Add client_max_body_size 1m to /rpc/ in both HTTP and HTTPS nginx blocks
- Document full audit findings in docs/security-audit-2026-03-11.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Updated npm packages to latest semver-compatible versions. 4 remaining
high-severity vulns are dev-only (serialize-javascript in vite-plugin-pwa
chain). 515/515 tests pass, zero type errors, build clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
