192238cbb8
Single authoritative hub (docs/PRODUCTION-MASTER-PLAN.md) for the app-platform north star: every app manifest-driven (zero OS-level reliance), manifests via the signed registry, developer-ready external marketplace; rootless/secure/robust/ 100%-uptime. Repo CLAUDE.md (auto-loaded each session) points agents at it until the 20x lifecycle gate is green. New design doc registry-manifest-design.md. Consolidated docs 56 -> 28: deleted dated handoffs/resumes/transcripts and superseded trackers (content folded into the master plan or already in memory). Kept all evergreen design/reference docs + ADRs (the master links them). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
7.4 KiB
Archipelago App Registry — Status Survey
Generated: 2026-06-21 · Survey node: .228 (archi resilience node, 14-app) · Binary: v1.7.99-alpha
This document inventories every app in the registry and reports, per app: manifest-based or not · installed on .228 · migration status (Quadlet/legacy) · automated test coverage / release-gate status.
1. Architecture context — "manifest-based or not"
Every registry app is manifest-based. That is the core architecture
(Pillar 4, data-driven apps): install/uninstall needs only the app's
manifest.yml + catalog entry — no host OS changes, no archipelago binary code
per app. The live registry on .228 is 40 loaded manifests
(Loaded 40 app manifest(s) from disk).
The only non-manifest runtime units are:
- 4 companions —
archy-bitcoin-ui,archy-lnd-ui,archy-electrs-ui,archy-fedimint-ui. Built fromdocker/<name>contexts viacore/archipelago/src/container/companion.rs, not the manifest registry. - Stack sub-containers —
immich_*,indeedhub-*,netbird-*. Spawned by their parent manifest app.
2. Migration status (Quadlet-everywhere — Pillar 1)
"Migrated" = runs as a Quadlet unit under user.slice, so it survives an
archipelago.service restart (legacy in-cgroup containers get SIGKILLed on
restart and reconciled back).
On .228 migration is effectively complete — every installed app is
QUADLET:running except one:
| Status | Apps |
|---|---|
| ✅ Migrated (Quadlet / user.slice) | bitcoin-knots, electrumx, lnd, fedimint, fedimint-clientd, fedimint-gateway, btcpay-server (+archy-btcpay-db, archy-nbxplorer), mempool, mempool-api, archy-mempool-db, indeedhub (+7 sub-containers), netbird (+server, +dashboard), vaultwarden, jellyfin, filebrowser, portainer, botfights, nostr-rs-relay, homeassistant, + 4 companions |
| ⚠️ NOT migrated (legacy, service cgroup) | immich_server — still in /system.slice/archipelago.service. The only legacy holdout. (immich_postgres/immich_redis are pod members.) |
3. Exhaustive per-app registry table
| App (registry id) | Manifest | Installed on .228 | Migration | Test coverage |
|---|---|---|---|---|
| bitcoin-knots | yes | ✅ | QUADLET | L1 RPC ●, L2 UI ● |
| bitcoin-core | yes | ✗ (shares knots) | — | ◐ regression-gate |
| lnd | yes | ✅ | QUADLET | L1 RPC ●, L2 ● |
| electrumx | yes | ✅ | QUADLET | L1 RPC ●, L2 ● |
| btcpay-server | yes | ✅ | QUADLET | L1 RPC ●, L2 ● |
| mempool | yes | ✅ | QUADLET | L1 RPC ●, L2 ● |
| mempool-api | yes | ✅ | QUADLET | via mempool stack |
| archy-mempool-db | yes | ✅ | QUADLET | via mempool stack |
| archy-mempool-web | yes | ✗ | — | via mempool stack |
| archy-btcpay-db | yes | ✅ | QUADLET | via btcpay stack |
| archy-nbxplorer | yes | ✅ | QUADLET | via btcpay stack |
| fedimint (Guardian) | yes | ✅ | QUADLET | L1 ◐ container-only, L2 ● |
| fedimint-clientd | yes | ✅ | QUADLET | none |
| fedimint-gateway | yes | ✅ (this session) | QUADLET | none |
| filebrowser | yes | ✅ | QUADLET | L2 probe-only |
| indeedhub | yes | ✅ | QUADLET | none |
| jellyfin | yes | ✅ | QUADLET | none |
| vaultwarden | yes | ✅ | QUADLET | none |
| portainer | yes | ✅ | QUADLET | none |
| botfights | yes | ✅ | QUADLET | none |
| nostr-rs-relay | yes | ✅ | QUADLET | none |
| home-assistant | yes | ✅ (container homeassistant) |
QUADLET | none |
| netbird | yes | ✅ (+server, +dashboard) | QUADLET | none |
| immich | yes | ✅ | ⚠️ LEGACY | none |
| grafana | yes | ✗ (unit activating, no container) | staged | none |
| strfry | yes | ✗ (unit activating) | staged | none |
| — | removed 2026-06-21 | — | — | |
| aiui | yes | ✗ | — | none |
| core-lightning | yes | ✗ | — | none |
| did-wallet | yes | ✗ | — | none |
| gitea | yes | ✗ | — | none |
| lightning-stack | yes | ✗ | — | none |
| meshtastic | yes | ✗ | — | none |
| morphos-server | yes | ✗ | — | none |
| nextcloud | yes | ✗ | — | none |
| photoprism | yes | ✗ | — | none |
| router | yes | ✗ | — | none |
| searxng | yes | ✗ | — | none |
| uptime-kuma | yes | ✗ | — | none |
| bitcoin-ui | yes | runs as companion archy-bitcoin-ui |
QUADLET (companion) | L3 companions ● |
| lnd-ui | yes | runs as companion archy-lnd-ui |
QUADLET (companion) | L3 companions ● |
| electrs-ui | yes | runs as companion archy-electrs-ui |
QUADLET (companion) | L3 companions ● |
| fips-ui | yes | ✗ | — | none |
Notes:
home-assistant(registry id) runs as containerhomeassistant— the app-id ≠ container-name. A duplicatehome-assistant.servicequadlet unit sits in activating; the live container ishomeassistant(Up 6 days, healthy).grafana/strfryhave Quadlet.containerunits but the units are stuck activating with no running container — staged, not live. Worth a separate investigation.onlyofficewas removed from the registry on 2026-06-21.
4. Test-gate reality
No app has passed the formal release gate. The gate is run-20x.sh green
across the full lifecycle matrix (install / UI reachable / stop / start /
restart / reinstall / reboot-survive / archipelago-restart-survive / uninstall),
20× on .228 AND .198. All 8 release-gate checkboxes in
tests/lifecycle/TESTING.md are unchecked (☐).
What exists today:
| Layer | Status |
|---|---|
| L0 unit | 631 tests ● green |
| L1 RPC | ● for 6 core apps only: bitcoin-knots, lnd, electrumx, btcpay, mempool, fedimint |
| L2 UI | ● dashboard + 7 proxy paths + bitcoin-ui:8334 |
| L3 lifecycle survival | companions ● ; backends ◐ (regression-gate only — fails until Phase-3 Quadlet flag flips by default) |
| Per-app L1+L2 matrix | 50 of 110 cells |
| L4 browser / L5 chaos / L6 perf | ○ 0 — not started |
Regression suites added after v1.7.90-alpha (run read-only, abort releases on
failure): bitcoin-receive.bats, port-drift.bats, secret-completeness.bats.
The other ~30 registry apps have zero automated coverage.
5. Key gaps
- immich is the last legacy (in-cgroup) app — migrate to Quadlet to finish Pillar 1.
- grafana / strfry Quadlet units stuck activating with no container — investigate. (onlyoffice removed 2026-06-21.)
- fedimint-gateway / fedimint-clientd (this session) now run but have no lifecycle test coverage.
- The formal 20× release gate has never been green — it is the blocker for the v1.7.52 tag.
6. This session's changes (2026-06-21)
- Generated-secrets system deployed to .228 (binary + manifests). Self-healing:
the root-owned
fedimint-gateway-hashwas regenerated archipelago-owned/readable → fedimint-gateway now starts (gatewayd webserver up on :8176).fmcd-passwordgenerated for fedimint-clientd. - Guardian-UI CSS fix applied on .228: rebuilt the stale
localhost/fedimint-ui:latestcompanion image (built 2026-06-12, pre-fix) from the corrected context (@guardian_assetsproxy fallback to :8177). Guardian's own CSS (/assets/bootstrap.min.css,/assets/style.css) 404 → 200 text/css. Root cause:companion.rs::ensure_image_presentskips rebuild when the:latestimage already exists, so the context fix never re-baked.
Survey method: live podman cgroup inspection on .228 + /opt/archipelago/apps
manifest enumeration + tests/lifecycle/TESTING.md.