- Umbrel app packaging: official Umbrel bundle (compose, manifest, entrypoint) plus GHCR workflow to ship
umbrel-devimages for beta installs. (GitHub)
- Onboarding "Before you start" screen with guidance and links to Igloo Desktop/CLI and other FROSTR apps. (GitHub)
SKIP_ADMIN_SECRET_VALIDATIONflag to bypass the admin-secret step on managed installs (e.g., Umbrel); UI auto-skips when present. (GitHub)- Configure screen can reveal the configured admin secret for signed-in admins via
/api/env/admin-secret. (GitHub) - FROSTR-branded favicon plus Umbrel assets, manifest, Docker compose, and entrypoint scripts. (GitHub)
- WebSocket/CORS handling now trusts proxy
x-forwarded-hostand@selftokens so LAN/Tor Umbrel access no longer returns 403; configure origin input fixed. (GitHub) - Serve static JS/CSS with
no-cache, no-storeto prevent stale bundles behind Umbrel/browser caches. (GitHub) - Hardened data directory permissions for Umbrel volumes during startup. (GitHub)
- OpenAPI docs relocated to
docs/openapi/with updated scripts and docs touch-ups. (GitHub)
- Hardened skip-admin onboarding flows, rate limits, and admin secret handling to avoid accidental leaks or empty secrets. (GitHub)
- Minor documentation corrections and Bun version bump. (GitHub)
- Version bump commit: 1.1.0. (GitHub)
- Echo enhancements: devices now respond to incoming echo requests and can broadcast echoes to peers; echo is triggered on credential/relay updates and during headless startup. (GitHub)
- Respond-to-echo flow + broadcast via a temporary node (create → publish
/echo/req→ cleanup). (GitHub)
- Relay handling: validation/normalization, localhost filtering, sensible fallbacks, and improved resolution for echo flows. (GitHub)
- Dependency updates including
@frostr/igloo-core,@frostr/bifrost,nostr-tools,yaml, Tailwind, types, and tooling. (GitHub)
- Broadcast echo events fire reliably on credential updates. (GitHub)
- Type regressions in broadcast-echo and WS handler; test fixes and small edge-case cleanups. (GitHub)
- Version bump commit: 1.0.1. (GitHub)
- security-hardened API & WebSocket stack: echo subprotocol, per‑IP caps with reservation/rollback, token‑bucket limits; CSP allows
wss:; headless/api/env*now requires auth. - admin API keys (DB mode): issuance and management; session/auth fixes with real TTL handling.
- consolidate API routes; clearer env/onboarding/auth errors; OpenAPI updated.
/api/envnow returnsRELAYSas an array; DB/headless env handling avoids credential leakage.- WS reliability: echo subprotocol, NaN‑safe env parsing, copy‑timeout cleanup; UI
useCallbackdeps fixed. - slimmer Docker image; add
.dockerignoreand targeted copy in Dockerfile. - add API test scripts under
scripts/api/*(CORS preflight, GET sweeps, permissions, NIP‑44/04 crypto, WS events,/sign). - frontend: “API Docs” link and docs improvements.
- fix: NIP‑46 agent restarts when socket closes; keep‑alive refactor.
- fix: auth/session storage with real TTL in DB+memory; refresh
lastAccess; async cleanup. - tests added for origin checks, body limits, rate buckets, and 401s.
- BREAKING: headless
/api/env*endpoints are auth‑gated; update unauthenticated tooling to include auth. - migration: apply
20251008_0009_create_api_keys.sqland20251009_0005_add_sessions_table.sql. - note: rebuild Docker image to pick up slimmer layout and
.dockerignore.
- Merge pull request #18 from FROSTR-ORG/dev
- add database-backed multi-user mode with admin onboarding, session auth, and persistent node credentials
- keep headless single-user mode via
HEADLESS=trueand expand environment/config validation - implement full NIP-46 remote signing stack (pairing, permissions UI, relay handling, auditing)
- expose new NIP-44 and NIP-04 encrypt/decrypt APIs backed by the node service
- persist peer policies and relay metadata, harden node/relay monitoring and keepalive flows
- overhaul auth/session vault, derived-key handling, and security defaults
- refresh frontend for onboarding, signer, and NIP-46 management with new UI components
- document new modes, security posture, and API surface; update OpenAPI specs
- streamline release/build scripts, Docker flow, and QR worker packaging for nostr-connect
- Merge pull request #11 from FROSTR-ORG/dev
- health check fix for release script
- fix release script logic for major minor and fix
- remove websocket doc
- update / simplify release process
- fix: stop health monitor from scheduling duplicate restarts
- fix type issue
- Merge pull request #10 from FROSTR-ORG/feature/auto-reconnection-and-health-monitoring
- openapi fixes
- fix backoff multiplier validation to prevent decreasing delays
- add validation for environment variables in restart and health configs
- fix: stop health monitoring after max restarts to prevent infinite error loops
- ufw allow 22 for ssh in digital ocean deployment instructions
- Use getSecureCorsHeaders for consistent CORS handling in env route
- fix: add health restart limits with exponential backoff to prevent infinite loops
- fix: improve node restart mechanism with concurrency control and configurable backoff
- Merge branch 'dev' into feature/auto-reconnection-and-health-monitoring
- basic health monitoring system, enhanced event listeners, automatic bifrost node restart, better connection management and status api
- Merge pull request #9 from FROSTR-ORG/refactor/event-stream-over-websockets
- fix response
- refactor: replace magic number with named constant and improve WebSocket type safety
- fix: improve WebSocket implementation robustness and type safety
- feat: exponential backoff with jitter for WebSocket reconnection
- initial websocket refactor, seems to be working good locally and through docker
- Merge pull request #8 from FROSTR-ORG/dev
- Merge pull request #7 from FROSTR-ORG/refactor/minimal-mobile-styles
- mobile style fixes for header, page layout, signer, and recover pages
- Merge pull request #6 from FROSTR-ORG/bugfix/configuration-quirks
- docs: clarify HOST_NAME configuration for Docker vs local development
- just use .env to simplify configuration, fix docker configs and readme for this change
- fix: read environment variables from process.env in Docker containers
- Merge pull request #5 from FROSTR-ORG/chore/api-docs
- lint
- add bearer to openapi.json
- more openapi formatting nitpicks
- fix inconsistency between openapi.yaml and openapi.json
- fix server and docker configs interop
- fix more openapi yaml syntax errs
- fixes for openapi syntax
- fix yaml syntax, dedicated openapi validator, fixed scripts after updates
- fix server binding and docker config
- fix docker ci
- fix package version
- openapi docs
- Update CHANGELOG.md
- feat: merge CI/CD workflows and release automation
- feat: add comprehensive CI/CD workflows and release automation
- Merge pull request #4 from FROSTR-ORG/feature/static-igloo-frontend