- Update IPFS_API_URL to ipfs-api.rspace.online (was kubo:5001)
- Update IPFS_GATEWAY_URL to ipfs.rspace.online (was ipfs.jeffemmett.com)
- Enhance image button: file upload via /api/uploads with IPFS encryption
instead of manual URL prompt, with fallback on failure
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Renamed from 'ipfs' to 'kubo' to avoid Docker DNS collision with
the collab-server's IPFS service on the same network.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add src/lib/ipfs.ts: AES-256-GCM encryption + kubo upload/download
- Add /api/ipfs/[cid] proxy route: decrypt + serve with LRU cache
- Upload route: encrypt + pin to IPFS alongside local disk (fallback)
- Prisma: add ipfsCid/ipfsEncKey fields to File model
- FileUpload: prefer IPFS proxy URL when available
- Feature-flagged via IPFS_ENABLED env var
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Part of the ridentity.online branding migration. The EncryptID auth
server is now accessible at auth.ridentity.online (with the legacy
encryptid.jeffemmett.com kept as a backward-compatible alias).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements workspace-scoped data isolation via subdomain routing:
- Schema: add workspaceSlug to Notebook model + migration
- Middleware: extract subdomain → x-workspace-slug header
- API: filter notebooks/notes/search by workspace on subdomains
- AppSwitcher: generate <username>.r*.online links when logged in
- Sessions: SubdomainSession component syncs auth across subdomains
via .rnotes.online domain-wide cookie
- Auth: auto-migrate unscoped notebooks to user's workspace
- New /api/me endpoint for client-side auth + workspace state
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolves merge conflicts between dev (voice/transcription features) and
main (logseq import/export, memory cards, attachments). Both feature
sets coexist cleanly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Multi-strategy approach to find readable versions of paywalled articles:
1. Wayback Machine (check existing + Save Page Now)
2. Google Web Cache
3. archive.ph (read-only check for existing snapshots)
Adds archiveUrl field to Note model, /api/articles/unlock endpoint,
unlock button on note detail page, and browser extension integration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add /opennotebook route embedding Open Notebook via iframe with space-aware
nav breadcrumb. Middleware detects subdomain (e.g. cca.rnotes.online) and sets
rnotes-space cookie. /ai redirects to /opennotebook. Traefik wildcard router
at priority 100 catches *.rnotes.online subdomains.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Evolve rNotes schema and API to support the Memory Card data model:
- Add parentId self-relation for note hierarchy (NoteTree)
- Dual-format body storage (bodyJson + bodyMarkdown) with HTML fallback
- New cardType field (note/link/file/task/person/idea/reference)
- Structured properties (Logseq-compatible key-value JSON)
- Soft-delete via archivedAt (FUN model: Forget, not Delete)
- File + CardAttachment models for structured attachments
- Tag model evolved with spaceId for scoped tags
- Content conversion library (HTML/JSON/Markdown bidirectional)
- Logseq import/export (ZIP with pages/ + assets/)
- NoteEditor emits TipTap JSON as canonical format
- NoteCard shows cardType badges, child count, properties
- Canvas sync enriched with Memory Card fields
- Backfill script for existing notes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Swap @xenova/transformers (whisper-tiny, ~45MB) for parakeet.js
(Parakeet TDT 0.6B v2, ~634MB) loaded from CDN at runtime. Much higher
transcription accuracy at the cost of larger initial model download.
Uses indirect dynamic import to avoid Next.js/webpack bundling issues.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Maps notebook collaborator roles (OWNER/EDITOR/VIEWER) to SpaceRoles
(ADMIN/PARTICIPANT/VIEWER). Falls back to EncryptID server for
cross-space membership when notebook is linked via canvasSlug.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When both WebSocket streaming and server batch API are unavailable,
falls back to in-browser Whisper (Xenova/whisper-tiny, ~45MB, cached).
Shows download progress bar and transcription status during processing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace static mock data with real-time WebSocket connection to the
shared demo community. Notes are expandable, packing items toggleable,
all changes sync across the r* ecosystem in real-time.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
pushShapesToCanvas now sends X-Internal-Key header from
RSPACE_INTERNAL_KEY env var for authenticated canvas writes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire up EncryptID SDK for user authentication with WebAuthn passkeys.
All write API routes (POST/PUT/DELETE) now require auth, while reads
remain public. First user auto-claims orphaned notebooks/notes.
New files:
- src/lib/auth.ts: getAuthUser, requireAuth, getNotebookRole helpers
- src/lib/authFetch.ts: client-side fetch wrapper with JWT token
- src/components/AuthProvider.tsx: EncryptIDProvider wrapper
- src/components/UserMenu.tsx: sign in/out UI for nav bar
- src/app/auth/signin/page.tsx: passkey login/register page
Protected routes: notebooks CRUD, notes CRUD, canvas create, uploads.
Ownership checks: notebook collaborator roles, note author verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett