Two new fields on the /rpc fips.status payload:
- authenticated_peer_count: how many FIPS peers the daemon has an
authenticated session to right now. 0 means isolated / not on
the mesh; >0 means traffic to any known npub can DHT-route.
- anchor_connected: true when the public anchor (fips.v0l.io,
npub1zv58cn7…) is present in the daemon's identity cache. The
anchor bootstraps DHT routing for general-case deployments, so
this is the best single-value indicator the UI can show for
"will federation traffic over FIPS work between previously-
unknown peers?"
Implementation: fips::service::peer_connectivity_summary shells
out to `sudo -n fipsctl show peers` + `... show identity-cache`
(archipelago user already has NOPASSWD:ALL per the ISO sudoers
and live fleet nodes, confirmed). Failure returns (0, false) so
the UI degrades to "unknown" state without crashing.
Only queried when service_active — pre-onboarding / daemon-down
nodes skip the fipsctl call entirely.
UI side (FipsNetworkCard) consumes the full status JSON, so the
two new fields are available via existing prop plumbing; visual
treatment can come later.
Also fixes ISO build (commit 3e04456c wasn't sufficient): the
Dockerfile needs `cargo build --release --bins` — upstream FIPS
added a `fips-gateway` binary target, and plain `cargo build
--release` only builds the default bin list, which caused
`cargo deb --no-build` to fail hunting for the missing binary.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3ce7bb6c18