Dorian 7b56927c3c feat: complete AIUI integration — all 31 overnight tasks
- Protocol: 10 context categories (apps, system, network, bitcoin, media, files, notes, search, ai-local, wallet)
- ContextBroker: real data wiring for all categories with sanitization
- Permissions: user toggles for all categories in Settings
- Nginx: Claude API, OpenRouter, SearXNG proxy pass-through
- Actions: launch-app, search-web, install-app handlers
- Chat.vue: loading state + connection indicator
- Integration test page: test-aiui.html

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 14:34:02 +00:00

50 lines
1.5 KiB
Markdown

---
name: add-app
description: Step-by-step guide for adding a new containerized app to Archipelago
disable-model-invocation: true
allowed-tools: Bash, Read, Write, Edit, Glob, Grep
argument-hint: "[app-name]"
---
Add a new containerized app ($ARGUMENTS) to Archipelago.
## Steps
### 1. Create the manifest
Create `apps/{app-id}/manifest.yml` following the spec in `docs/app-manifest-spec.md`:
- `app.id` (kebab-case), `app.name`, `app.version` (SemVer)
- `container.image` (pinned version, **NEVER** `latest`)
- `security`: readonly_root, dropped capabilities, non-root UID > 1000
- `health_check`, `dependencies`
### 2. Add app icon
Place icon at `neode-ui/public/assets/img/app-icons/{app-id}.{png|webp|svg}`
### 3. Create status UI (if no native web UI)
For apps without their own web interface, create a UI container in `docker/{app-id}-ui/` following the patterns in `.cursor/rules/APP-UI-STANDARDS.md`.
Reference implementations:
- Bitcoin UI: `docker/bitcoin-ui/`
- LND UI: `docker/lnd-ui/`
### 4. Update backend
- Add port mapping in `core/archipelago/src/container/docker_packages.rs`
- Add env vars in `get_app_config()` in `core/archipelago/src/api/rpc.rs`
### 5. Deploy and test
- Deploy: `./scripts/deploy-to-target.sh --live`
- Install from marketplace UI at http://192.168.1.228
- Verify it launches and auto-connects to dependencies
- Check logs: `sudo podman logs {container-name}`
### 6. Security review
- Verify readonly root, dropped caps, non-root user
- Check network isolation
- No hardcoded secrets