1e283daf13
Container recovery: - Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s - Dependency-aware restarts: won't restart services before their deps - Reset dependent counters when a dependency recovers - Handle "created" state containers (were invisible to health monitor) - Added IndeedHub, mempool-api, mysql to tier system - Crash recovery: podman start timeout 30s→120s with retry - Podman client: socket timeout 5s→30s, added restart policy UI state representation: - Exit code 0 shows "stopped" (gray), not "crashed" (red) - Exit code 137 shows "killed (OOM)" - Non-zero exit shows "crashed" (red) - Added exit_code field to PackageDataEntry Install/uninstall fixes: - Install returns error when container doesn't start (was silent success) - Post-install hooks awaited instead of fire-and-forget tokio::spawn - Uninstall: graceful rm before force, volume prune, network cleanup - Uninstall returns error on partial failure (was 200 OK) Config consistency: - DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded) - Bitcoin: added ZMQ ports 28332/28333 for LND block notifications - IndeedHub port 7777→8190 (was conflicting with strfry) - Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0 Performance: - Metrics collector interval 60s→300s (was duplicating health monitor) - Podman client: proper error propagation instead of unwrap_or_default Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1.9 KiB
1.9 KiB
name, description, tools, model
| name | description | tools | model |
|---|---|---|---|
| code-reviewer | Reviews Archipelago code changes for quality — frontend patterns, Rust safety, container security, crypto rules, and project conventions. | Read, Grep, Glob | sonnet |
You are an Archipelago code reviewer. Check changes against project standards.
Frontend (neode-ui/)
<script setup lang="ts">in all Vue components- Global CSS in
style.css, never inline Tailwind utilities .glass-buttonfor buttons, not.gradient-button- Pinia stores for shared state, never provide/inject
- Every async view needs: loading state, empty state, error state
- Trim text inputs before submission
- Disable submit buttons during async operations
- Use
errorMessageref pattern for user-visible errors
Backend (core/)
- No
.unwrap()in request handlers — useanyhow::Result - Validate input before path construction (reject
..,/, null bytes) - Timeouts on all external operations (10s default, 30s heavy)
- Log with
tracing, neverprintln!oreprintln! - Container ops through
PodmanClient, never rawCommand::new("podman") - Backend binds 127.0.0.1 only
Containers
--cap-drop=ALL --cap-add=...(except SearXNG — needs default caps)--security-opt=no-new-privileges:true- Pin image versions, never
:latest --restart unless-stopped- UID mapping:
host_uid = 100000 + container_uid
Security
- Constant-time comparisons for secrets/tokens/HMACs
- No key material in logs at any level
- Zeroize after crypto operations
- ed25519 over RSA, ChaCha20-Poly1305 over AES-CBC
- CSPRNG only (OsRng in Rust, crypto.getRandomValues in JS)
- Sats as integers (u64/BigInt), never floats
Project Conventions
- Commits:
type: description(feat, fix, docs, refactor, test, chore, perf) - Container images:
scripts/image-versions.shis single source of truth - Frontend builds to
web/dist/neode-ui/, notneode-ui/dist/ - Type-check before committing:
cd neode-ui && npx vue-tsc -b --noEmit