v3.6.1 - The Sovereign Guard Release

Summary

This release marks the transition of the Sovereign Stack from a private laboratory project to a public, security-hardened blueprint. Optimized specifically for Raspberry Pi 5 with NVMe storage, this version introduces robust automation, integrity verification, and long-term maintenance utilities.

Key Features & Improvements

🛡️ Security & Resilience

• Sovereign Guards: Implemented flock file-locking and verify_env.sh to prevent overlapping processes and ensure all secrets are present before execution.
• JIT Dependency Management: Scripts now feature Just-In-Time installation for missing system tools like wakeonlan and msmtp.
• Hardened Permissions: Automated 600 permission enforcement for .env files and root-execution prevention.
• Legal Compliance: Integrated GPLv3 license headers and documentation footers across the entire repository.

🚀 Hardware Optimization (M.2 NVMe)

• Re-engineered I/O operations to leverage the speed of M.2 SSDs on Raspberry Pi 5.
• Performance: Verified high-speed integrity checks on NVMe hardware with a successful 03:00/03:30 backup cycle.

🖥️ Windows & Remote Integration

• Enhanced monitor_backup.sh with Windows-aware pathing and if exist logic for remote integrity checks.
• Standardized remote transfer via secure sftp with automated Wake-on-LAN (WOL) support.

📚 Documentation & Maintenance

• Maintenance Guide: New MAINTENANCE.md including a 5-chapter guide on storage hygiene and update strategies.
• Cleanup Utility: Introduced clean_stack.sh to automate Docker pruning and system update checks.
• Interactive Wizard: Enhanced INSTALL.sh setup wizard for automated environment configuration.

Technical Note

This release uses a 30-minute window between the backup pipeline (03:00) and the integrity monitor (03:30). In live tests on NVMe hardware, full backup and remote verification were completed in under 5 minutes.