fix: exclude server paths from space-to-subdomain redirect

The bare-domain routing logic was redirecting all multi-segment paths
like /api/modules → api.rspace.online/modules. Add exclusion for
known server path prefixes (api, admin, admin-data, admin-action,
.well-known) so they fall through to Hono route handlers instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

server/index.ts

@@ -865,9 +865,6 @@ app.get("/create-space", async (c) => {
 app.get("/new", (c) => c.redirect("/create-space", 301));
 
 // ── Admin dashboard & API ──
-// NOTE: Cloudflare has a wildcard rule that redirects any multi-segment path
-// (rspace.online/foo/bar → foo.rspace.online/bar), so all admin endpoints
-// must be single-segment paths. Use POST /admin-action for mutations.
 
 const ADMIN_DIDS = (process.env.ADMIN_DIDS || "").split(",").filter(Boolean);
 
@@ -1331,7 +1328,9 @@ const server = Bun.serve<WSData>({
 
 				// rspace.online/{space}/{...} → redirect to {space}.rspace.online/{...}
 				// (space is not a module ID — it's a space slug, canonicalize to subdomain)
-				if (!knownModuleIds.has(firstSegment) && pathSegments.length >= 2) {
+				// Skip redirect for known server paths (api, admin, etc.)
+				const serverPaths = new Set(["api", "admin", "admin-data", "admin-action", ".well-known"]);
+				if (!knownModuleIds.has(firstSegment) && !serverPaths.has(firstSegment) && pathSegments.length >= 2) {
 					const space = firstSegment;
 					const rest = "/" + pathSegments.slice(1).join("/");
 					const baseDomain = hostClean.replace(/^www\./, "");