From 07f525436f0d2dcf90221bfa0d4b451b95f20c5e Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Sun, 12 Apr 2026 11:09:44 -0400 Subject: [PATCH] =?UTF-8?q?feat:=20object=20visibility=20membrane=20?= =?UTF-8?q?=E2=80=94=20per-object=20access=20filtering?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add per-object visibility levels (viewer/member/moderator/admin) across all rSpace modules. Objects default to 'viewer' (open), so existing data remains visible. Server-side GET handlers resolve caller role and filter; MCP tools filter lists and check single-item access; frontend components do defense-in-depth filtering with visibility picker (mod+) and lock badges. - shared/membrane.ts: types + isVisibleTo, filterByVisibility, filterArrayByVisibility - 9 schema files: visibility field on TaskItem, NoteItem, CalendarEvent, etc. - 8 module routes: GET handlers filter by caller role - 6 MCP tool files: list filtering + single-item visibility checks - 4 frontend components: client filtering, picker, lock badges - 18 unit tests (all passing) Co-Authored-By: Claude Opus 4.6 --- modules/rcal/components/folk-calendar-view.ts | 36 ++++- modules/rcal/mod.ts | 20 ++- modules/rcal/schemas.ts | 1 + modules/rchats/mod.ts | 38 ++++- modules/rchats/schemas.ts | 2 + modules/rdocs/components/folk-docs-app.ts | 39 ++++- modules/rdocs/mod.ts | 28 +++- modules/rdocs/schemas.ts | 1 + modules/rnotes/mod.ts | 18 ++- modules/rnotes/schemas.ts | 1 + modules/rphotos/mod.ts | 19 ++- modules/rphotos/schemas.ts | 1 + modules/rtasks/components/folk-tasks-board.ts | 59 ++++++- modules/rtasks/mod.ts | 25 ++- modules/rtasks/schemas.ts | 1 + modules/rtime/mod.ts | 35 +++- modules/rtime/schemas.ts | 2 + modules/rvnb/schemas.ts | 1 + .../rwallet/components/folk-wallet-viewer.ts | 45 +++++- modules/rwallet/mod.ts | 3 + modules/rwallet/schemas.ts | 1 + server/mcp-tools/rcal.ts | 15 +- server/mcp-tools/rchats.ts | 5 +- server/mcp-tools/rdocs.ts | 17 +- server/mcp-tools/rnotes.ts | 10 +- server/mcp-tools/rtasks.ts | 15 +- server/mcp-tools/rtime.ts | 5 +- shared/membrane.test.ts | 152 ++++++++++++++++++ shared/membrane.ts | 62 +++++++ 29 files changed, 604 insertions(+), 53 deletions(-) create mode 100644 shared/membrane.test.ts create mode 100644 shared/membrane.ts diff --git a/modules/rcal/components/folk-calendar-view.ts b/modules/rcal/components/folk-calendar-view.ts index 071b30d6..34299f7d 100644 --- a/modules/rcal/components/folk-calendar-view.ts +++ b/modules/rcal/components/folk-calendar-view.ts @@ -129,6 +129,8 @@ class FolkCalendarView extends HTMLElement { private _offlineUnsub: (() => void) | null = null; private _subscribedDocIds: string[] = []; private _stopPresence: (() => void) | null = null; + // Membrane — caller's role for visibility filtering + private _myRole: string = 'viewer'; // Spatio-temporal state private temporalGranularity = 4; // MONTH @@ -199,7 +201,7 @@ class FolkCalendarView extends HTMLElement { this.boundKeyHandler = (e: KeyboardEvent) => this.handleKeydown(e); document.addEventListener("keydown", this.boundKeyHandler); if (this.space === "demo") { this.loadDemoData(); } - else { this.subscribeOffline(); this.loadMonth(); this.render(); } + else { this.subscribeOffline(); this.loadMonth(); this.loadMyRole(); this.render(); } if (!localStorage.getItem("rcal_tour_done")) { setTimeout(() => this._tour.start(), 1200); } @@ -246,6 +248,26 @@ class FolkCalendarView extends HTMLElement { } } + private _isVisibleTo(vis: string | undefined | null, role: string): boolean { + const levels: Record = { viewer: 0, member: 1, moderator: 2, admin: 3 }; + return (levels[role] ?? 0) >= (levels[vis ?? 'viewer'] ?? 0); + } + + private async loadMyRole() { + if (this.space === 'demo') return; + const token = localStorage.getItem('encryptid-token'); + if (!token) return; + try { + const res = await fetch(`/api/space-access/${encodeURIComponent(this.space)}`, { + headers: { Authorization: `Bearer ${token}` }, + }); + if (res.ok) { + const data = await res.json(); + this._myRole = data.role || 'viewer'; + } + } catch {} + } + private async subscribeOffline() { const runtime = (window as any).__rspaceOfflineRuntime; if (!runtime?.isInitialized) return; @@ -435,6 +457,8 @@ class FolkCalendarView extends HTMLElement { return this.events.filter(e => { if (e.latitude == null || e.longitude == null) return false; if (this.filteredSources.has(e.source_name)) return false; + // Client-side membrane filter + if (!this._isVisibleTo(e.accessVisibility, this._myRole)) return false; const t = new Date(e.start_time).getTime(); return t >= start && t < end; }); @@ -481,6 +505,8 @@ class FolkCalendarView extends HTMLElement { const end = new Date(year, month + 1, 1).getTime(); return this.events.filter(e => { const t = new Date(e.start_time).getTime(); + // Client-side membrane filter + if (!this._isVisibleTo(e.accessVisibility, this._myRole)) return false; return t >= start && t < end && !this.filteredSources.has(e.source_name); }); } @@ -909,6 +935,8 @@ class FolkCalendarView extends HTMLElement { private getEventsForDate(dateStr: string): any[] { return this.events.filter(e => { if (!e.start_time || this.filteredSources.has(e.source_name)) return false; + // Client-side membrane filter (defense-in-depth) + if (!this._isVisibleTo(e.accessVisibility, this._myRole)) return false; const startDay = e.start_time.slice(0, 10); const endDay = e.end_time ? e.end_time.slice(0, 10) : startDay; return dateStr >= startDay && dateStr <= endDay; @@ -982,7 +1010,8 @@ class FolkCalendarView extends HTMLElement { const cityHtml = city ? `${this.esc(city)}` : ""; const virtualHtml = e.is_virtual ? `\u{1F4BB}` : ""; const likelihoodHtml = es.isTentative ? `${es.likelihoodLabel}` : ""; - return `
${e.rToolSource === "rSchedule" ? '🔔' : ""}${virtualHtml}${this.formatTime(e.start_time)}${this.esc(e.title)}${likelihoodHtml}${cityHtml}
`; + const lockHtml = e.accessVisibility && e.accessVisibility !== 'viewer' ? `🔒 ` : ""; + return `
${e.rToolSource === "rSchedule" ? '🔔' : ""}${lockHtml}${virtualHtml}${this.formatTime(e.start_time)}${this.esc(e.title)}${likelihoodHtml}${cityHtml}
`; }).join(""); } @@ -2202,10 +2231,11 @@ class FolkCalendarView extends HTMLElement { const srcTag = e.source_name ? `${this.esc(e.source_name)}` : ""; const es = this.getEventStyles(e); const likelihoodBadge = es.isTentative ? `${es.likelihoodLabel}` : ""; + const ddLockBadge = e.accessVisibility && e.accessVisibility !== 'viewer' ? `🔒 ` : ""; return `
-
${this.esc(e.title)}${likelihoodBadge}${srcTag}
+
${ddLockBadge}${this.esc(e.title)}${likelihoodBadge}${srcTag}
${this.formatTime(e.start_time)}${e.end_time ? ` \u2013 ${this.formatTime(e.end_time)}` : ""}${e.location_name ? ` \u00B7 ${this.esc(e.location_name)}` : ""}${e.is_virtual ? " \u00B7 Virtual" : ""}
${ddDesc ? `
${this.esc(ddDesc)}
` : ""}
diff --git a/modules/rcal/mod.ts b/modules/rcal/mod.ts index 8362ee9c..f7eacf84 100644 --- a/modules/rcal/mod.ts +++ b/modules/rcal/mod.ts @@ -14,6 +14,10 @@ import { renderShell } from "../../server/shell"; import { getModuleInfoList } from "../../shared/module"; import type { RSpaceModule } from "../../shared/module"; import { verifyToken, extractToken } from "../../server/auth"; +import { resolveCallerRole } from "../../server/spaces"; +import type { SpaceRoleString } from "../../server/spaces"; +import { filterArrayByVisibility } from "../../shared/membrane"; +import type { ObjectVisibility } from "../../shared/membrane"; import { renderLanding } from "./landing"; import type { SyncServer } from '../../server/local-first/sync-server'; import { calendarSchema, calendarDocId } from './schemas'; @@ -301,7 +305,21 @@ routes.get("/api/events", async (c) => { const { start, end, source, search, rTool, rEntityId, upcoming, tags: tagsParam } = c.req.query(); const doc = ensureDoc(dataSpace); - let events = Object.values(doc.events); + + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + let events = filterArrayByVisibility( + Object.values(doc.events), callerRole, + (e) => e.accessVisibility as ObjectVisibility | undefined, + ); // Apply filters if (tagsParam) { diff --git a/modules/rcal/schemas.ts b/modules/rcal/schemas.ts index d302cd4a..36c4b04b 100644 --- a/modules/rcal/schemas.ts +++ b/modules/rcal/schemas.ts @@ -78,6 +78,7 @@ export interface CalendarEvent { metadata: unknown | null; createdAt: number; updatedAt: number; + accessVisibility?: import('../../shared/membrane').ObjectVisibility; } export interface SavedCalendarViewFilter { diff --git a/modules/rchats/mod.ts b/modules/rchats/mod.ts index ad718ecd..c1a449d9 100644 --- a/modules/rchats/mod.ts +++ b/modules/rchats/mod.ts @@ -11,6 +11,9 @@ import { renderShell } from "../../server/shell"; import { getModuleInfoList } from "../../shared/module"; import type { RSpaceModule } from "../../shared/module"; import { verifyToken, extractToken } from "../../server/auth"; +import { resolveCallerRole } from "../../server/spaces"; +import type { SpaceRoleString } from "../../server/spaces"; +import { filterByVisibility, filterArrayByVisibility } from "../../shared/membrane"; import { renderLanding } from "./landing"; import type { SyncServer } from '../../server/local-first/sync-server'; import { chatsDirectorySchema, chatChannelSchema, chatsDirectoryDocId, chatChannelDocId } from './schemas'; @@ -53,11 +56,24 @@ function ensureChannelDoc(space: string, channelId: string): ChatChannelDoc { // ── CRUD: Channels ── -routes.get("/api/channels", (c) => { +routes.get("/api/channels", async (c) => { if (!_syncServer) return c.json({ channels: [] }); const space = c.req.param("space") || "demo"; + + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + const doc = ensureDirectoryDoc(space); - return c.json({ channels: Object.values(doc.channels || {}) }); + const visibleChannels = filterByVisibility(doc.channels || {}, callerRole); + return c.json({ channels: Object.values(visibleChannels) }); }); routes.post("/api/channels", async (c) => { @@ -80,12 +96,26 @@ routes.post("/api/channels", async (c) => { // ── CRUD: Messages ── -routes.get("/api/channels/:channelId/messages", (c) => { +routes.get("/api/channels/:channelId/messages", async (c) => { if (!_syncServer) return c.json({ messages: [] }); const space = c.req.param("space") || "demo"; const channelId = c.req.param("channelId"); + + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + const doc = ensureChannelDoc(space, channelId); - const messages = Object.values(doc.messages || {}).sort((a, b) => a.createdAt - b.createdAt); + const messages = filterArrayByVisibility( + Object.values(doc.messages || {}), callerRole, + ).sort((a, b) => a.createdAt - b.createdAt); return c.json({ messages }); }); diff --git a/modules/rchats/schemas.ts b/modules/rchats/schemas.ts index be5a418f..c84aa2bb 100644 --- a/modules/rchats/schemas.ts +++ b/modules/rchats/schemas.ts @@ -18,6 +18,7 @@ export interface ChannelInfo { createdBy: string | null; createdAt: number; updatedAt: number; + visibility?: import('../../shared/membrane').ObjectVisibility; } export interface ChatsDirectoryDoc { @@ -46,6 +47,7 @@ export interface ChatMessage { replyTo: string | null; editedAt: number | null; createdAt: number; + visibility?: import('../../shared/membrane').ObjectVisibility; } export interface ChatChannelDoc { diff --git a/modules/rdocs/components/folk-docs-app.ts b/modules/rdocs/components/folk-docs-app.ts index d90bb1ae..e2929980 100644 --- a/modules/rdocs/components/folk-docs-app.ts +++ b/modules/rdocs/components/folk-docs-app.ts @@ -180,6 +180,9 @@ class FolkDocsApp extends HTMLElement { private audioRecordingTimer: ReturnType | null = null; private audioRecordingDictation: SpeechDictation | null = null; + // Membrane — caller's role for visibility filtering + private _myRole: string = 'viewer'; + // Automerge sync state (via shared runtime) private doc: Automerge.Doc | null = null; private subscribedDocId: string | null = null; @@ -220,7 +223,7 @@ class FolkDocsApp extends HTMLElement { this.space = this.getAttribute("space") || "demo"; this.setupShadow(); if (this.space === "demo") { this.loadDemoData(); } - else { this.subscribeOfflineRuntime(); this.loadNotebooks(); this.setupPresence(); } + else { this.subscribeOfflineRuntime(); this.loadNotebooks(); this.setupPresence(); this.loadMyRole(); } // Auto-start tour on first visit if (!localStorage.getItem("rdocs_tour_done")) { setTimeout(() => this._tour.start(), 1200); @@ -621,6 +624,28 @@ Gear: EUR 400 (10%)

Maya is tracking expenses in rF this._subscribedDocIds = []; } + // ── Membrane ── + + private _isVisibleTo(vis: string | undefined | null, role: string): boolean { + const levels: Record = { viewer: 0, member: 1, moderator: 2, admin: 3 }; + return (levels[role] ?? 0) >= (levels[vis ?? 'viewer'] ?? 0); + } + + private async loadMyRole() { + if (this.space === 'demo') return; + const token = localStorage.getItem('encryptid-token'); + if (!token) return; + try { + const res = await fetch(`/api/space-access/${encodeURIComponent(this.space)}`, { + headers: { Authorization: `Bearer ${token}` }, + }); + if (res.ok) { + const data = await res.json(); + this._myRole = data.role || 'viewer'; + } + } catch {} + } + // ── Sync (via shared runtime) ── private async subscribeNotebook(notebookId: string) { @@ -3097,13 +3122,15 @@ Gear: EUR 400 (10%)

Maya is tracking expenses in rF let treeHtml = ''; if (isSearching && this.searchResults.length > 0) { + // Client-side membrane filter on search results + const visibleResults = this.searchResults.filter(n => this._isVisibleTo((n as any).visibility, this._myRole)); treeHtml = `

- ${this.searchResults.map(n => { + ${visibleResults.map(n => { const nbId = (n as any).notebook_id || ''; const nb = this.notebooks.find(x => x.id === nbId); return `
${this.getNoteIcon(n.type)} - ${this.esc(n.title)} + ${(n as any).visibility && (n as any).visibility !== 'viewer' ? '🔒 ' : ''}${this.esc(n.title)} ${nb ? `${this.esc(nb.title)}` : ''}
`; }).join('')} @@ -3113,7 +3140,9 @@ Gear: EUR 400 (10%)

Maya is tracking expenses in rF } else { treeHtml = this.notebooks.map(nb => { const isExpanded = this.expandedNotebooks.has(nb.id); - const notes = this.notebookNotes.get(nb.id) || []; + const allNotes = this.notebookNotes.get(nb.id) || []; + // Client-side membrane filter (defense-in-depth) + const notes = allNotes.filter(n => this._isVisibleTo((n as any).visibility, this._myRole)); return `

@@ -3127,7 +3156,7 @@ Gear: EUR 400 (10%)

Maya is tracking expenses in rF ${notes.length > 0 ? notes.map(n => `

${this.getNoteIcon(n.type)} - ${this.esc(n.title)} + ${(n as any).visibility && (n as any).visibility !== 'viewer' ? '🔒 ' : ''}${this.esc(n.title)} ${n.is_pinned ? '\u{1F4CC}' : ''}
`).join('') : '
No notes
'} diff --git a/modules/rdocs/mod.ts b/modules/rdocs/mod.ts index 43179e24..13387505 100644 --- a/modules/rdocs/mod.ts +++ b/modules/rdocs/mod.ts @@ -14,6 +14,9 @@ import { getModuleInfoList } from "../../shared/module"; import type { RSpaceModule, SpaceLifecycleContext } from "../../shared/module"; import { resolveDataSpace } from "../../shared/scope-resolver"; import { verifyToken, extractToken } from "../../server/auth"; +import { resolveCallerRole } from "../../server/spaces"; +import type { SpaceRoleString } from "../../server/spaces"; +import { filterArrayByVisibility } from "../../shared/membrane"; import { renderLanding } from "./landing"; import { notebookSchema, notebookDocId, connectionsDocId, createNoteItem } from "./schemas"; import type { NotebookDoc, NoteItem, ConnectionsDoc } from "./schemas"; @@ -273,6 +276,17 @@ routes.get("/api/notebooks", async (c) => { const space = c.req.param("space") || "demo"; const dataSpace = c.get("effectiveSpace") || space; + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + const notebooks = listNotebooks(dataSpace).map(({ doc }) => notebookToRest(doc)); notebooks.sort((a, b) => new Date(b.updated_at).getTime() - new Date(a.updated_at).getTime()); return c.json({ notebooks, source: "automerge" }); @@ -408,8 +422,20 @@ routes.get("/api/notes", async (c) => { })() : listNotebooks(dataSpace); + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + for (const { doc } of notebooks) { - for (const item of Object.values(doc.items)) { + const visibleItems = filterArrayByVisibility(Object.values(doc.items), callerRole); + for (const item of visibleItems) { if (type && item.type !== type) continue; if (q) { const lower = q.toLowerCase(); diff --git a/modules/rdocs/schemas.ts b/modules/rdocs/schemas.ts index 1aaeba90..0f08c5b1 100644 --- a/modules/rdocs/schemas.ts +++ b/modules/rdocs/schemas.ts @@ -64,6 +64,7 @@ export interface NoteItem { comments?: Record; createdAt: number; updatedAt: number; + visibility?: import('../../shared/membrane').ObjectVisibility; } export interface NotebookMeta { diff --git a/modules/rnotes/mod.ts b/modules/rnotes/mod.ts index 01e9de1d..a31e1bde 100644 --- a/modules/rnotes/mod.ts +++ b/modules/rnotes/mod.ts @@ -21,6 +21,9 @@ import { getModuleInfoList } from "../../shared/module"; import type { RSpaceModule, SpaceLifecycleContext } from "../../shared/module"; import { resolveDataSpace } from "../../shared/scope-resolver"; import { verifyToken, extractToken } from "../../server/auth"; +import { resolveCallerRole } from "../../server/spaces"; +import type { SpaceRoleString } from "../../server/spaces"; +import { filterArrayByVisibility } from "../../shared/membrane"; import { renderLanding } from "./landing"; import { vaultSchema, vaultDocId } from "./schemas"; import type { VaultDoc, VaultNoteMeta } from "./schemas"; @@ -305,7 +308,7 @@ routes.get("/api/vault/:vaultId/status", (c) => { }); // GET /api/vault/:vaultId/notes — list notes (with ?folder= and ?search=) -routes.get("/api/vault/:vaultId/notes", (c) => { +routes.get("/api/vault/:vaultId/notes", async (c) => { const space = c.req.param("space") || "demo"; const dataSpace = resolveDataSpace("rnotes", space); const vaultId = c.req.param("vaultId"); @@ -315,7 +318,18 @@ routes.get("/api/vault/:vaultId/notes", (c) => { const doc = _syncServer!.getDoc(docId); if (!doc) return c.json({ error: "Vault not found" }, 404); - let notes = Object.values(doc.notes); + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + + let notes = filterArrayByVisibility(Object.values(doc.notes), callerRole); if (folder) { const prefix = folder.endsWith("/") ? folder : `${folder}/`; diff --git a/modules/rnotes/schemas.ts b/modules/rnotes/schemas.ts index 150af2ca..59333e2f 100644 --- a/modules/rnotes/schemas.ts +++ b/modules/rnotes/schemas.ts @@ -25,6 +25,7 @@ export interface VaultNoteMeta { lastModifiedAt: number; // file mtime from vault syncStatus: 'synced' | 'local-modified' | 'conflict'; frontmatter?: Record; // parsed YAML frontmatter + visibility?: import('../../shared/membrane').ObjectVisibility; } export interface VaultMeta { diff --git a/modules/rphotos/mod.ts b/modules/rphotos/mod.ts index bb066c82..6d33f7cd 100644 --- a/modules/rphotos/mod.ts +++ b/modules/rphotos/mod.ts @@ -12,6 +12,9 @@ import { renderShell, renderExternalAppShell } from "../../server/shell"; import { getModuleInfoList } from "../../shared/module"; import type { RSpaceModule } from "../../shared/module"; import { verifyToken, extractToken } from "../../server/auth"; +import { resolveCallerRole } from "../../server/spaces"; +import type { SpaceRoleString } from "../../server/spaces"; +import { filterArrayByVisibility } from "../../shared/membrane"; import { renderLanding } from "./landing"; import type { SyncServer } from '../../server/local-first/sync-server'; import { photosSchema, photosDocId } from './schemas'; @@ -41,11 +44,23 @@ function ensurePhotosDoc(space: string): PhotosDoc { // ── CRUD: Curated Albums ── -routes.get("/api/curations", (c) => { +routes.get("/api/curations", async (c) => { if (!_syncServer) return c.json({ albums: [] }); const space = c.req.param("space") || "demo"; + + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + const doc = ensurePhotosDoc(space); - return c.json({ albums: Object.values(doc.sharedAlbums || {}) }); + return c.json({ albums: filterArrayByVisibility(Object.values(doc.sharedAlbums || {}), callerRole) }); }); routes.post("/api/curations", async (c) => { diff --git a/modules/rphotos/schemas.ts b/modules/rphotos/schemas.ts index da58f680..5cf70d2b 100644 --- a/modules/rphotos/schemas.ts +++ b/modules/rphotos/schemas.ts @@ -18,6 +18,7 @@ export interface SharedAlbum { description: string; sharedBy: string | null; sharedAt: number; + visibility?: import('../../shared/membrane').ObjectVisibility; } export interface PhotoAnnotation { diff --git a/modules/rtasks/components/folk-tasks-board.ts b/modules/rtasks/components/folk-tasks-board.ts index 9e894a55..ee9a56a5 100644 --- a/modules/rtasks/components/folk-tasks-board.ts +++ b/modules/rtasks/components/folk-tasks-board.ts @@ -43,6 +43,8 @@ class FolkTasksBoard extends HTMLElement { private _confirmDeleteId: string | null = null; // Space members for assignee dropdown private _spaceMembers: { did: string; displayName?: string; role: string; isOwner: boolean }[] = []; + // Membrane — caller's role for visibility filtering + private _myRole: string = 'viewer'; // Drag guard — prevents column click from firing after drag private _justDragged = false; // ClickUp integration state @@ -89,6 +91,7 @@ class FolkTasksBoard extends HTMLElement { this.loadTasks(); this.loadClickUpStatus(); this.loadSpaceMembers(); + this.loadMyRole(); this.render(); } if (!localStorage.getItem("rtasks_tour_done")) { @@ -106,8 +109,14 @@ class FolkTasksBoard extends HTMLElement { private _escHandler: ((e: KeyboardEvent) => void) | null = null; + private _isVisibleTo(vis: string | undefined | null, role: string): boolean { + const levels: Record = { viewer: 0, member: 1, moderator: 2, admin: 3 }; + return (levels[role] ?? 0) >= (levels[vis ?? 'viewer'] ?? 0); + } + private getFilteredTasks(): any[] { - let filtered = this.tasks; + // Client-side membrane filter (defense-in-depth — server already filters API responses) + let filtered = this.tasks.filter(t => this._isVisibleTo(t.visibility, this._myRole)); if (this._searchQuery) { const q = this._searchQuery.toLowerCase(); filtered = filtered.filter(t => t.title?.toLowerCase().includes(q) || t.description?.toLowerCase().includes(q)); @@ -223,6 +232,21 @@ class FolkTasksBoard extends HTMLElement { } catch { /* not authenticated or no members — fallback to text input */ } } + private async loadMyRole() { + if (this.isDemo) return; + const token = localStorage.getItem('encryptid-token'); + if (!token) return; + try { + const res = await fetch(`/api/space-access/${encodeURIComponent(this.space)}`, { + headers: { Authorization: `Bearer ${token}` }, + }); + if (res.ok) { + const data = await res.json(); + this._myRole = data.role || 'viewer'; + } + } catch {} + } + private async loadClickUpStatus() { if (this.isDemo) return; try { @@ -430,7 +454,7 @@ class FolkTasksBoard extends HTMLElement { return ''; } - private async submitCreateTask(title: string, priority: string, description: string, opts?: { dueDate?: string; status?: string; assignee?: string }) { + private async submitCreateTask(title: string, priority: string, description: string, opts?: { dueDate?: string; status?: string; assignee?: string; visibility?: string }) { if (!title.trim()) return; const taskStatus = opts?.status || this.statuses[0] || "TODO"; if (this.isDemo) { @@ -444,7 +468,7 @@ class FolkTasksBoard extends HTMLElement { const res = await fetch(`${base}/api/spaces/${this.workspaceSlug}/tasks`, { method: "POST", headers: this.authHeaders({ "Content-Type": "application/json" }), - body: JSON.stringify({ title: title.trim(), priority, status: taskStatus, description: description.trim() || undefined, due_date: opts?.dueDate || undefined, assignee_id: opts?.assignee || undefined }), + body: JSON.stringify({ title: title.trim(), priority, status: taskStatus, description: description.trim() || undefined, due_date: opts?.dueDate || undefined, assignee_id: opts?.assignee || undefined, visibility: (opts?.visibility && opts.visibility !== 'viewer') ? opts.visibility : undefined }), }); if (!res.ok) { const data = await res.json().catch(() => ({})); @@ -701,6 +725,7 @@ class FolkTasksBoard extends HTMLElement { .badge-medium { background: #3b3511; color: #facc15; } .badge-low { background: #112a3b; color: #60a5fa; } .badge-assignee { background: #1a2332; color: #93c5fd; font-style: italic; } + .membrane-lock { font-size: 11px; opacity: 0.6; cursor: help; } .move-btns { display: flex; gap: 4px; margin-top: 6px; } .move-btn { font-size: 11px; padding: 6px 10px; min-height: 36px; border-radius: 4px; border: 1px solid var(--rs-border-strong); background: var(--rs-bg-surface-sunken); color: var(--rs-text-muted); cursor: pointer; } @@ -902,6 +927,13 @@ class FolkTasksBoard extends HTMLElement { ${this._spaceMembers.map(m => ``).join('')} ` : ''} + ${this._isVisibleTo('moderator', this._myRole) ? ` + ` : ''}
@@ -1036,7 +1068,7 @@ class FolkTasksBoard extends HTMLElement { ${isEditing ? `` - : `
${this.esc(task.title)} ${cuBadge}
`} + : `
${task.visibility && task.visibility !== 'viewer' ? '🔒 ' : ''}${this.esc(task.title)} ${cuBadge}
`} ${descPreview}
${priorityBadge(task.priority || "")} @@ -1108,6 +1140,16 @@ class FolkTasksBoard extends HTMLElement {
+ ${this._isVisibleTo('moderator', this._myRole) ? ` +
+ + +
` : ''}
${task.created_at ? new Date(task.created_at).toLocaleString() : new Date(task.createdAt || Date.now()).toLocaleString()} @@ -1185,10 +1227,11 @@ class FolkTasksBoard extends HTMLElement { desc: (this.shadow.getElementById("cf-desc") as HTMLTextAreaElement)?.value || "", status: (this.shadow.getElementById("cf-status") as HTMLInputElement)?.value || "", assignee: (this.shadow.getElementById("cf-assignee") as HTMLSelectElement)?.value || "", + visibility: (this.shadow.getElementById("cf-visibility") as HTMLSelectElement)?.value || "", }); this.shadow.getElementById("cf-submit")?.addEventListener("click", () => { const v = getCreateFormValues(); - this.submitCreateTask(v.title, v.priority, v.desc, { status: v.status, assignee: v.assignee }); + this.submitCreateTask(v.title, v.priority, v.desc, { status: v.status, assignee: v.assignee, visibility: v.visibility }); }); this.shadow.getElementById("cf-cancel")?.addEventListener("click", () => { this.showCreateForm = false; this.render(); @@ -1196,7 +1239,7 @@ class FolkTasksBoard extends HTMLElement { this.shadow.getElementById("cf-title")?.addEventListener("keydown", (e) => { if ((e as KeyboardEvent).key === "Enter") { const v = getCreateFormValues(); - this.submitCreateTask(v.title, v.priority, v.desc, { status: v.status, assignee: v.assignee }); + this.submitCreateTask(v.title, v.priority, v.desc, { status: v.status, assignee: v.assignee, visibility: v.visibility }); } }); @@ -1313,6 +1356,10 @@ class FolkTasksBoard extends HTMLElement { const v = (e.target as HTMLInputElement).value; detailFieldSave('due_date', v ? new Date(v).toISOString() : null); }); + this.shadow.getElementById("detail-visibility")?.addEventListener("change", (e) => { + const v = (e.target as HTMLSelectElement).value; + detailFieldSave('visibility', v === 'viewer' ? null : v); + }); // Detail label add this.shadow.getElementById("detail-add-label")?.addEventListener("keydown", (e) => { if ((e as KeyboardEvent).key === "Enter") { diff --git a/modules/rtasks/mod.ts b/modules/rtasks/mod.ts index fde270da..0ed7440c 100644 --- a/modules/rtasks/mod.ts +++ b/modules/rtasks/mod.ts @@ -14,6 +14,9 @@ import { renderShell } from "../../server/shell"; import { getModuleInfoList } from "../../shared/module"; import type { RSpaceModule, SpaceLifecycleContext } from "../../shared/module"; import { verifyToken, extractToken } from "../../server/auth"; +import { resolveCallerRole } from "../../server/spaces"; +import type { SpaceRoleString } from "../../server/spaces"; +import { filterByVisibility } from "../../shared/membrane"; import { renderLanding } from "./landing"; import type { SyncServer } from '../../server/local-first/sync-server'; import { boardSchema, boardDocId, createTaskItem, clickupConnectionDocId, clickupConnectionSchema } from './schemas'; @@ -327,7 +330,19 @@ routes.get("/api/spaces/:slug/tasks", async (c) => { const slug = c.req.param("slug"); const doc = ensureDoc(slug); - const tasks = Object.values(doc.tasks).map((t) => ({ + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(slug, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + const visibleTasks = filterByVisibility(doc.tasks, callerRole); + + const tasks = Object.values(visibleTasks).map((t) => ({ id: t.id, space_id: t.spaceId, title: t.title, @@ -370,7 +385,7 @@ routes.post("/api/spaces/:slug/tasks", async (c) => { const slug = c.req.param("slug"); const body = await c.req.json(); - const { title, description, status, priority, labels, due_date, assignee_id } = body; + const { title, description, status, priority, labels, due_date, assignee_id, visibility } = body; if (!title?.trim()) return c.json({ error: "Title required" }, 400); const doc = ensureDoc(slug); @@ -389,6 +404,7 @@ routes.post("/api/spaces/:slug/tasks", async (c) => { createdBy, }); if (assignee_id) task.assigneeId = assignee_id; + if (visibility) task.visibility = visibility; d.tasks[taskId] = task; }); @@ -460,12 +476,12 @@ routes.patch("/api/tasks/:id", async (c) => { const id = c.req.param("id"); const body = await c.req.json(); - const { title, description, status, priority, labels, sort_order, assignee_id, due_date } = body; + const { title, description, status, priority, labels, sort_order, assignee_id, due_date, visibility } = body; // Check that at least one field is being updated if (title === undefined && description === undefined && status === undefined && priority === undefined && labels === undefined && sort_order === undefined && - assignee_id === undefined && due_date === undefined) { + assignee_id === undefined && due_date === undefined && visibility === undefined) { return c.json({ error: "No fields to update" }, 400); } @@ -492,6 +508,7 @@ routes.patch("/api/tasks/:id", async (c) => { if (sort_order !== undefined) task.sortOrder = sort_order; if (assignee_id !== undefined) task.assigneeId = assignee_id || null; if (due_date !== undefined) task.dueDate = due_date ? new Date(due_date).getTime() : null; + if (visibility !== undefined) task.visibility = visibility || undefined; task.updatedAt = Date.now(); }); diff --git a/modules/rtasks/schemas.ts b/modules/rtasks/schemas.ts index cb23cc9d..1e029149 100644 --- a/modules/rtasks/schemas.ts +++ b/modules/rtasks/schemas.ts @@ -34,6 +34,7 @@ export interface TaskItem { createdAt: number; updatedAt: number; clickup?: ClickUpTaskMeta; + visibility?: import('../../shared/membrane').ObjectVisibility; } export interface ClickUpBoardMeta { diff --git a/modules/rtime/mod.ts b/modules/rtime/mod.ts index c12652af..a97e286f 100644 --- a/modules/rtime/mod.ts +++ b/modules/rtime/mod.ts @@ -17,6 +17,9 @@ import { renderShell } from "../../server/shell"; import { getModuleInfoList } from "../../shared/module"; import type { RSpaceModule } from "../../shared/module"; import { verifyToken, extractToken } from "../../server/auth"; +import { resolveCallerRole } from "../../server/spaces"; +import type { SpaceRoleString } from "../../server/spaces"; +import { filterArrayByVisibility } from "../../shared/membrane"; import { renderLanding } from "./landing"; import { notify } from '../../server/notification-service'; import type { SyncServer } from '../../server/local-first/sync-server'; @@ -372,11 +375,23 @@ function seedDemoIfEmpty(space: string = 'demo') { // ── Commitments API ── -routes.get("/api/commitments", (c) => { +routes.get("/api/commitments", async (c) => { const space = c.req.param("space") || "demo"; + + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + ensureCommitmentsDoc(space); const doc = _syncServer!.getDoc(commitmentsDocId(space))!; - const items = Object.values(doc.items); + const items = filterArrayByVisibility(Object.values(doc.items), callerRole); return c.json({ commitments: items }); }); @@ -424,12 +439,24 @@ routes.delete("/api/commitments/:id", async (c) => { // ── Tasks API ── -routes.get("/api/tasks", (c) => { +routes.get("/api/tasks", async (c) => { const space = c.req.param("space") || "demo"; + + // Resolve caller role for membrane filtering + let callerRole: SpaceRoleString = 'viewer'; + const token = extractToken(c.req.raw.headers); + if (token) { + try { + const claims = await verifyToken(token); + const resolved = await resolveCallerRole(space, claims); + if (resolved) callerRole = resolved.role; + } catch {} + } + ensureTasksDoc(space); const doc = _syncServer!.getDoc(tasksDocId(space))!; return c.json({ - tasks: Object.values(doc.tasks), + tasks: filterArrayByVisibility(Object.values(doc.tasks), callerRole), connections: Object.values(doc.connections), execStates: Object.values(doc.execStates), }); diff --git a/modules/rtime/schemas.ts b/modules/rtime/schemas.ts index 848945a5..68d4ba1e 100644 --- a/modules/rtime/schemas.ts +++ b/modules/rtime/schemas.ts @@ -41,6 +41,7 @@ export interface Commitment { intentId?: string; // links commitment to its intent status?: 'active' | 'matched' | 'settled' | 'withdrawn'; ownerDid?: string; // DID of the commitment creator (for notifications) + visibility?: import('../../shared/membrane').ObjectVisibility; } // ── Task / Connection / ExecState ── @@ -53,6 +54,7 @@ export interface Task { links: { label: string; url: string }[]; notes: string; intentFrameId?: string; // links task to solver result that spawned it + visibility?: import('../../shared/membrane').ObjectVisibility; } export interface Connection { diff --git a/modules/rvnb/schemas.ts b/modules/rvnb/schemas.ts index d671f02f..695ec531 100644 --- a/modules/rvnb/schemas.ts +++ b/modules/rvnb/schemas.ts @@ -193,6 +193,7 @@ export interface Endorsement { trustWeight: number; // 0-1 createdAt: number; + accessVisibility?: import('../../shared/membrane').ObjectVisibility; } export interface SpaceConfig { diff --git a/modules/rwallet/components/folk-wallet-viewer.ts b/modules/rwallet/components/folk-wallet-viewer.ts index 915966f1..711458bc 100644 --- a/modules/rwallet/components/folk-wallet-viewer.ts +++ b/modules/rwallet/components/folk-wallet-viewer.ts @@ -229,6 +229,8 @@ class FolkWalletViewer extends HTMLElement { private _subscribedDocIds: string[] = []; private watchedAddresses: WatchedAddress[] = []; private _stopPresence: (() => void) | null = null; + // Membrane — caller's role for visibility filtering + private _myRole: string = 'viewer'; constructor() { super(); @@ -257,6 +259,7 @@ class FolkWalletViewer extends HTMLElement { this.address = params.get("address") || ""; this.checkAuthState(); this.initWalletSync(space); + this.loadMyRole(); // Auto-load address from passkey or linked wallet if (!this.address && this.passKeyEOA) { @@ -298,6 +301,28 @@ class FolkWalletViewer extends HTMLElement { } }; + // ── Membrane ── + + private _isVisibleTo(vis: string | undefined | null, role: string): boolean { + const levels: Record = { viewer: 0, member: 1, moderator: 2, admin: 3 }; + return (levels[role] ?? 0) >= (levels[vis ?? 'viewer'] ?? 0); + } + + private async loadMyRole() { + if (this.isDemo || this.space === 'demo') return; + const token = localStorage.getItem('encryptid-token'); + if (!token) return; + try { + const res = await fetch(`/api/space-access/${encodeURIComponent(this.space)}`, { + headers: { Authorization: `Bearer ${token}` }, + }); + if (res.ok) { + const data = await res.json(); + this._myRole = data.role || 'viewer'; + } + } catch {} + } + private checkAuthState() { try { const session = localStorage.getItem("encryptid_session"); @@ -2568,7 +2593,9 @@ class FolkWalletViewer extends HTMLElement { } private renderWatchlist(): string { - if (this.watchedAddresses.length === 0 && !this.lfClient) return ''; + // Client-side membrane filter (defense-in-depth) + const visibleAddresses = this.watchedAddresses.filter(w => this._isVisibleTo(w.visibility, this._myRole)); + if (visibleAddresses.length === 0 && !this.lfClient) return ''; const isLive = this.lfClient?.isConnected ?? false; return `
@@ -2577,12 +2604,13 @@ class FolkWalletViewer extends HTMLElement { ${isLive ? 'LIVE' : ''}
- ${this.watchedAddresses.length === 0 + ${visibleAddresses.length === 0 ? '
No watched addresses. Click "Watch" to add one.
' - : `
${this.watchedAddresses.map(w => { + : `
${visibleAddresses.map(w => { const key = `${w.chain}:${w.address.toLowerCase()}`; + const wLock = w.visibility && w.visibility !== 'viewer' ? '🔒 ' : ''; return `
- ${this.esc(w.label || w.address.slice(0, 8) + '...')} + ${wLock}${this.esc(w.label || w.address.slice(0, 8) + '...')} ${w.address.slice(0, 6)}...${w.address.slice(-4)}
`; @@ -3440,17 +3468,20 @@ class FolkWalletViewer extends HTMLElement { } private renderWatchlistChips(): string { - const chips = this.watchedAddresses.map(w => { + // Client-side membrane filter (defense-in-depth) + const visibleChipAddresses = this.watchedAddresses.filter(w => this._isVisibleTo(w.visibility, this._myRole)); + const chips = visibleChipAddresses.map(w => { const isActive = this.address && w.address.toLowerCase() === this.address.toLowerCase(); + const chipLock = w.visibility && w.visibility !== 'viewer' ? '🔒 ' : ''; return ``; }).join(''); // Show example wallets as suggestions when watchlist is empty and no wallet loaded - const showSuggestions = this.watchedAddresses.length === 0 && !this.hasData() && !this.loading; + const showSuggestions = visibleChipAddresses.length === 0 && !this.hasData() && !this.loading; const suggestions = showSuggestions ? EXAMPLE_WALLETS.map(w => `