Added start_stopped_containers() to crash_recovery.rs that starts all
exited/created containers on backend startup, fixing the issue where
containers didn't come back after clean reboot (PID marker removed by
systemd stop). Created test-failure-recovery.sh covering 5 failure
scenarios: container crash, backend restart, Tor restart, full reboot,
and Tor traffic block (UPTIME-02).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Created federation-health-check.sh tracking peer online/offline state,
DWN sync status, and federation success rate. Fixed uptime-monitor.sh
to authenticate for system.stats RPC. Both run every 5min via cron
on primary server (UPTIME-01).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers federation, content sharing, DWN messages + sync, health
monitor auto-restart, Tor rotation endpoints, and NIP-07 signing.
Fixed content.list → content.list-mine, system.stats field name.
(INSTALL-04)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
read_onion_address() now checks tor-hostnames readable cache first,
clears cache before wait_for_hostname, updates it after rotation.
Rotation restarts system Tor (not just archy-tor container). Created
test-tor-rotation.sh with 10 automated checks (INSTALL-03).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added node.nostr-sign RPC that uses the node-level Nostr key (matching
getPublicKey), fixing pubkey mismatch where identity.nostr-sign used a
different key. Updated appLauncher to call node.nostr-sign. Added
nostr_sign_hash() to nostr_discovery.rs. Created test-nip07.sh with
11 automated checks (INSTALL-02).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added new dependencies: `adler2`, `crc32fast`, `flate2`, `miniz_oxide`, and `libredox`.
- Updated existing dependencies: `tokio-rustls` to version 0.26.4 and `filetime` to version 0.2.27.
- Removed the `backup.rs` file as it is no longer needed.
- Introduced tests for configuration and credential management.
- Enhanced the `identity` module to generate W3C compliant DID documents.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
scripts/create-release.sh orchestrates the full release process:
1. Validates SemVer version and clean git state
2. Bumps version in Cargo.toml and package.json
3. Builds frontend
4. Generates changelog from git log
5. Creates release manifest via create-release-manifest.sh
6. Commits version bump and tags release
Supports --dry-run for preview. ISO builds delegated to server.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add --cap-drop ALL and --security-opt no-new-privileges:true to all
containers in first-boot-containers.sh that were missing it:
- Bitcoin Knots, LND, Fedimint, Fedimint Gateway (+ CHOWN/SETUID/SETGID)
- BTCPay Server, Home Assistant (+ CHOWN/SETUID/SETGID/DAC_OVERRIDE)
- Nextcloud (+ CHOWN/SETUID/SETGID/DAC_OVERRIDE)
- Grafana, Uptime Kuma, PhotoPrism, Ollama, Vaultwarden, FileBrowser
(zero extra caps + --read-only + tmpfs for /tmp and /run)
- Jellyfin (zero extra caps)
Tailscale retains --privileged (required for TUN/iptables/routing).
SearXNG, OnlyOffice, Nginx Proxy Manager, Portainer already hardened.
The Rust RPC layer already applies equivalent hardening for all UI
installs; this brings the ISO first-boot path to parity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite verify-pentest-fixes.sh and test-security.sh with comprehensive
security tests covering auth bypass, CSRF protection, rate limiting,
input validation (SQL injection, command injection, path traversal),
session fixation, SSRF, container isolation, and session lifecycle.
Both scripts now pass all checks (35/35 and 14/14).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The My Apps page went blank after installing apps because pkg['static-files'].icon
was accessed without optional chaining on dynamically installed packages that lack
the static-files property.
- Make static-files optional in PackageDataEntry type
- Add defensive ?.icon access with fallback in Apps.vue and AppDetails.vue
- Add filebrowser to mock backend staticDevApps (enables Cloud page in demo)
- Expand portMappings and marketplaceMetadata for all marketplace apps
- installPackage now uses staticApp() format for consistent data shape
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Allow zero-amount Lightning invoices (BOLT11 "any amount") by changing
validation from amount_sats < 1 to amount_sats < 0
- identity.verify now extracts pubkey directly from did:key format instead
of requiring the DID to belong to a local identity
- tor.create-service writes config to data_dir/tor-config/ instead of
/var/lib/archipelago/tor/ (owned by debian-tor, not archipelago user)
- Add E2E test script (scripts/run-e2e-tests.sh) covering 47 RPC endpoints
- Add testing plan with results (loop/testing.md)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The credential issuance and verification handlers used
Handle::block_on() directly inside the tokio runtime, causing a
deadlock. Wrapped with block_in_place() to properly yield the
runtime thread.
Also completed full feature verification across all 25 test groups
(~175 checks) on live server.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added searxng, onlyoffice, filebrowser, nginx-proxy-manager, portainer,
and tailscale to first-boot-containers.sh so fresh ISO installs have all
marketplace apps ready. Fixed penpot icon path in Marketplace.vue to use
the correct app-icons directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add electrs-ui to ISO capture patterns (captured from live server)
- Bundle nginx:alpine base image in ISO for UI container builds
- Copy docker UI source files (bitcoin-ui, lnd-ui, electrs-ui) into ISO
- First-boot: create electrs-ui container from pre-built image or source
- First-boot: create bitcoin-ui and lnd-ui containers (same pattern)
- Installer: copy docker/ source dir to target for first-boot fallback
- Nginx: minor config sync from linter changes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch from sshpass to SSH key (~/.ssh/archipelago-deploy)
- Use pre-built AIUI dist instead of rebuilding on every deploy
- Removes password-based auth dependency
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AIUI pre-built dist to demo/ for Portainer deployment
- Add nginx-demo.conf with Claude API proxy (envsubst for API key)
- Add docker-entrypoint.sh for runtime API key injection
- Update Dockerfile.web to include AIUI and Claude proxy
- Update docker-compose.demo.yml with ANTHROPIC_API_KEY env var
- Switch deploy script from sshpass to SSH key auth
- Fix Quick Start Goals animating before other cards (stagger 5, opacity guard)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- scripts/verify-pentest-fixes.sh: 26-check automated verification
that tests all 21 pentest findings against the live server
- loop/plan.md: add permanent post-fix verification section
- scripts/overnight-loop.sh: accept plan file arg, run verification
after all fixes complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Overnight pentest run produced recon, analysis, exploitation reports,
and a full security assessment. Plan.md updated with 22 prioritized
fix items for auth, SSRF, injection, XSS, and hardening.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Redesign favicon SVG with gradient border matching splash screen
- Rename all icon files with -v2 suffix to bypass browser/SW/PWA caches
- Delete 9 old/duplicate icon files (~13MB removed)
- Add nginx cache-control headers for icons and manifest
- Rename assets-cache to assets-cache-v2 to orphan stale SW cache
- Update all HTML, manifest, and component icon references
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add --cap-drop=ALL, --security-opt=no-new-privileges:true to all
non-privileged containers. Per-app capability grants for apps needing
CHOWN/SETUID/SETGID. Read-only root filesystem with tmpfs for
compatible apps (searxng, grafana, uptime-kuma, filebrowser,
photoprism, vaultwarden). Add Fedimint "Create a Community" goal
with 4-step wizard. Fix deploy script cp -rf for audio directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- --frontend-only skips Rust build and container rebuilds (35s vs 130s)
- SSH connectivity check fails fast if server is unreachable
- Each section now prints elapsed time
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added proxy configurations for Grafana (3000), Jellyfin (8096), Uptime Kuma
(3001), Portainer (9000), OnlyOffice (9980), and all remaining apps (SearXNG,
LND, Mempool, PhotoPrism, Fedimint, Tailscale, Ollama, Bitcoin UI, Electrs,
Endurain, Nginx Proxy Manager, BTCPay, Home Assistant) to the HTTP server
block. Previously these were only available via HTTPS. Also added
client_max_body_size and proxy_request_buffering to the HTTPS filebrowser
snippet for large file uploads.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add native Cloud file browser with FileBrowser API integration
- Add cloud store, filebrowser-client, useAudioPlayer, useFileType composables
- Add Cloud components: FileGrid, FileCard, FileCardGrid, CloudToolbar
- Add Claude authentication section to Settings with OAuth status check
- Harden deploy script to preserve /aiui/ and claude-login.html
- Add nginx proxies for btcpay, homeassistant, filebrowser (HTTPS block)
- Add app configs for filebrowser, searxng, penpot in package.rs
- Update goal progress tracking with app aliases
- Improve mobile back button composable with ResizeObserver
- Update various views with cloud integration and UI refinements
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Updated Indeehub references throughout the codebase, changing the name from "IndeedHub" to "Indeehub" for consistency.
- Implemented a virtual app structure for Indeehub, allowing it to open an external URL without requiring a container.
- Enhanced deployment scripts and documentation to clarify SSH access and password management for Indeehub.
- Improved error handling and retry logic in various components to ensure better user experience during onboarding and app interactions.
- Updated CSS for visual enhancements and added new buttons for improved navigation in the AppLauncherOverlay.
- Added logic to remove any existing single-container 'immich' instances to prevent conflicts with the new multi-container 'immich_server' stack.
- Updated `build-auto-installer-iso.sh` to utilize configuration files from the `configs/` directory for Nginx and systemd service, ensuring proper setup.
- Modified deployment scripts to ensure the removal of old containers and improved handling of Immich stack creation.
- Updated documentation to reflect changes in service configurations and critical build checklist items.
- Added support for installing Immich and Penpot stacks, including necessary Docker images and network configurations.
- Updated DockerPackageScanner to exclude Immich and Penpot related containers from app listings.
- Enhanced Nginx configuration to support iframe embedding for Immich and Penpot applications, improving user experience.
- Modified deployment scripts to ensure proper setup of first-boot container creation services.
- Updated the Development-Workflow.mdc to clarify testing procedures for apps launching in iframes or new tabs.
- Changed Archipelago app configuration to use new credentials for RPC and database connections.
- Enhanced deployment scripts to improve handling of mempool-electrs and added support for NBXplorer in the BTCPay Server setup.
- Added PWAInstallPrompt component to facilitate app installation beyond the "Add to Home Screen" option.
- Updated vite.config.ts to include display_override and id properties for improved PWA manifest.
- Modified nginx configuration to ensure proper serving of the manifest with application/manifest+json type for better installability on Android.
- Updated the cache revision for index.html in the service worker to ensure proper asset management.
- Enhanced AppSwitcher.vue with a new online status button for mobile/tablet views and a dropdown for desktop.
- Improved setup-https-dev.sh to include PWA snippet for nginx configuration, facilitating Android install and ensuring HTTPS is properly set up for PWA functionality.
- Replaced PNG favicon with SVG for better scalability and visual quality across devices.
- Updated Vite configuration to include the new SVG favicon and adjusted asset paths.
- Enhanced various UI components with improved focus management and accessibility features.
- Introduced new styles to hide scrollbars while maintaining scroll functionality for a cleaner interface.
- Updated App.vue to include a toast notification system for new messages, enhancing user engagement.
- Modified SplashScreen.vue to streamline the intro text display with improved typing effects.
- Added Montserrat font styles in style.css for better typography across the application.
- Improved controller navigation in useControllerNav.ts to support enhanced focus management and sound feedback.
- Updated routing logic in index.ts to redirect authenticated users from the login page to the home page.
- Enhanced the Login.vue view with transition effects for a smoother user experience during login and setup processes.
- Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI.
- Modified .gitignore to exclude deploy-config.sh script.
- Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup.
- Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience.
- Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
- Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server.
- Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo.
- Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server.
- Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds.
- Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
- Updated BUILD-GUIDE.md to streamline instructions for building the Archipelago Auto-Installer ISO, including prerequisites and post-installation steps.
- Added detailed sections on capturing the live server state and building from source.
- Enhanced Docker and Podman integration in build scripts for improved backend and web UI capture.
- Introduced new app metadata for "IndeedHub" in the Docker package scanner and updated UI components for better installation progress tracking.
- Improved styling and functionality in the Bitcoin UI for a more cohesive user experience.
- Added instructions to README.md for building an ISO from source and flashing it to USB.
- Introduced a new RPC method for package installation, including security checks and container management.
- Updated Docker and Podman integration in build scripts to support both container runtimes.
- Enhanced Nginx configuration for improved timeout settings and WebSocket support.
- Added new app metadata for additional applications in the Docker package scanner.
- Updated the Development-Workflow documentation to clarify deployment strategy, emphasizing direct deployment to the live system for testing.
- Added detailed instructions for the deployment command, including syncing code, building frontend and backend, and restarting services.
- Improved SSH key management section to assist with authentication issues.
- Expanded the testing workflow to include steps for checking logs and syncing changes back to the ISO build.
- Updated the ISO build integration section to ensure system-level changes are captured for future builds.
- Refactored various sections for clarity and completeness, including deployment paths and system configuration files.
- Updated Cargo.toml to remove unnecessary package backtrace optimizations.
- Changed default bind host and port in config.rs for broader accessibility.
- Renamed state_manager to _state_manager in server.rs for clarity.
- Updated user field to _user in PodmanClient and DockerRuntime for consistency.
- Modified build-debian-iso.sh to enhance welcome message and backend startup instructions.
- Improved archipelago-menu.sh to display backend status and updated Web UI URL.
- Enhanced install-to-disk.sh for better package management and user creation during installation.
- Added new entries to .gitignore for build artifacts and macOS output directories to streamline the build process.
- Deleted outdated documentation files: AUTH_LOGIN_FIX.md, AUTBOOT_CONFIGURATION.md, BACKEND_FIXES.md, BACKEND_STARTUP_FIX.md, BITCOIN_CORE_HEADLESS_FIX.md, BITCOIN_CORE_UI_COMPLETE.md, BITCOIN_STANDALONE_UI_COMPLETE.md, BITCOIN_UI_COMPLETE.md, BOOT_SEQUENCE_DIAGRAM.txt, and BUILD_COMMANDS_REFERENCE.txt to declutter the repository and remove unnecessary content.
- Implemented Docker container scanning and periodic updates in the Server initialization.
- Added new RPC endpoints for managing Docker containers, including start, stop, and restart functionalities.
- Updated the API to handle package management for Docker-based applications.
- Improved environment variable handling for user-specific configurations in Podman and Docker clients.
- Enhanced the development startup script to include Docker container management and provide clearer instructions for full stack setup.
- API handler, RPC, and server updates
- Auth and coding rules
- Container data manager, dev orchestrator, health monitor, podman client
- Parmanode script runner
- Performance resource manager
- Security container policies and secrets manager
- Add build scripts and documentation
