Stale service workers from the old fetch-proxy approach were intercepting
cross-origin iframe requests, causing CORS and replaceState errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove hardcoded encryption fallback and Postgres password defaults
flagged by GitGuardian. ENCRYPTION_SECRET and DATABASE_URL are now
required env vars that throw on missing rather than falling back to
insecure defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaced the fetch-and-proxy approach (which caused CORS errors for
cross-origin assets, fonts, and service workers) with full-page iframe
embedding. Modules with standalone domains are embedded in an iframe
below the rSpace header. Modules without get a simple generated landing
page. All "Try Demo" and app switcher links now consistently use
rspace.online/{moduleId} instead of demo.rspace.online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rProviders (providers.mycofi.earth) is a separate project — removed
module registration, app switcher entry, tab bar badge, canvas embed
button, Traefik router, and standalone config. rSwag domain updated
from swag.mycofi.earth to rswag.online across all references.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Registers rsocials module in rSpace unified system. Embeds the campaign
strategy builder from rsocials:3000 via iframe in the rSpace shell, with
API proxy for campaign CRUD. Accessible at /{space}/rsocials/campaign.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instead of the generated landing page, rspace.online/rnotes now fetches
and serves the real page from rnotes.online (with <base> tag for asset
resolution). 5-minute in-memory cache avoids repeated fetches. Falls
back to the generated landing page for modules without a standalone
domain or when the fetch fails.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
App switcher on demo/bare domain now links to rspace.online/{moduleId}
landing pages instead of jumping straight to demo. "Try Demo" buttons
use standalone domain builds (rnotes.online, rvote.online, etc.) which
have better styling and more updated features. Falls back to
demo.rspace.online for modules without a standalone domain.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bare domain now serves a dedicated landing page for each rApp instead
of directly loading the demo. "Try Demo" links to demo.rspace.online
which loads the live app. Sub-paths still rewrite to demo for API compat.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
App switcher fallback was "personal" causing all rApp links to resolve
to personal.rspace.online/r*. Changed to "demo" so links use the bare
domain which the server rewrites to demo mode. Updated landing page
CTAs and ecosystem links to match.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reinforces the r-suite "your tools" philosophy across all rApp landing pages.
Also normalizes title separators to em-dash (—) for consistency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enhance the folk-rapp canvas shape with three improvements:
1. PostMessage bridge: parent sends context to iframe on load,
listens for shape-updated events from CommunitySync. Green
status dot indicates active connection.
2. Module switcher: header dropdown (⇄ button) lets users change
which rApp is embedded without recreating the shape.
3. Open-in-tab: ↗ button navigates to the module page (adds a tab)
instead of opening a new browser window.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
POC for cross-app embedding (TASK-46). New folk-rapp shape type that
embeds any rApp module as a live iframe inside a canvas shape. Features:
- Module picker dropdown when no module selected
- Colored header with module badge/icon
- Open-in-tab action button
- Syncs moduleId + spaceSlug via Automerge CRDT
- Toolbar rApps section now creates folk-rapp (not generic folk-embed)
- Fixed stale "canvas" moduleId refs → "rspace" in canvas.html
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
App dropdown links now go to rspace.online/r* (bare domain) instead of
demo.rspace.online/r*. Only the "Try Demo" button links to the explicit
demo subdomain. Server internally rewrites bare-domain module paths to
/demo/{moduleId} while preserving the browser URL.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add description to demo space seed for context in the UI
- Sort spaces API: user's own spaces first, then demo, then alphabetical
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add teal "Try Demo" button to rstack-header (right side, before identity)
- Button links to demo.rspace.online/{currentModule} for context-aware demo entry
- Hidden when already on the demo space (server-side conditional)
- Revert website/index.html to original copy, only updating CTA link + adding demo button
- Add demo button CSS to shell.css
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rename all 23 module IDs to r-prefixed slugs (canvas→rspace, notes→rnotes, etc.)
- Root rspace.online/ now serves the landing page instead of redirecting to demo
- rStack header in app switcher dropdown is now a clickable link to rstack.online
- Update all internal navigation links, badge maps, and URL helpers
- Space root redirects to /rspace instead of /canvas
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every module except canvas was using renderIframeShell() to embed standalone
domains (rdata.online, rwork.online, etc.) via iframe. None of these domains
had independent deployments — they routed back to the same container, causing
infinite redirect loops or 404s.
Now all 22 modules render their web components directly inside renderShell(),
eliminating cross-origin failures, iframe loading spinners, and ~820 lines
of dead code. Standalone domain requests are internally rewritten to module
routes instead of 301 redirecting.
- Remove renderIframeShell(), renderStandaloneShell(), IframeShellOptions
- Remove keepStandalone set; rewrite standalone domains internally
- Convert all module GET / handlers to renderShell + <folk-*> components
- Delete 20 standalone.ts entry points (circular/broken)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tabs now persist in localStorage across page navigations so opening
a new rApp adds it alongside existing tabs instead of replacing them.
Iframe shell shows a loading spinner with 12s timeout and error panel
when standalone apps are unreachable. Converts rSwag to iframe shell.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add the missing tab bar to the canvas page so users can switch between
rApp layers (with full CommunitySync persistence). Add an "rApps"
toolbar group that embeds any of the 18 remaining modules as interactive
iframes directly on the canvas. Switch all module page routes to
renderIframeShell, loading standalone domains inside the unified shell.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidate URL routing so all rApps flow through
{space}.rspace.online/{moduleId} as the canonical URL pattern.
- Subdomain handler now routes all modules (not just canvas)
- Standalone domains (rvote.online etc) → 301 redirect to canonical
- Add shared/url-helpers.ts for subdomain-aware URL generation
- Update app-switcher, space-switcher, identity, tab-bar navigation
- Shell inline scripts use __rspaceNavUrl for all URL generation
- Path-based rspace.online/:space/:moduleId still works as fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create modules/photos/ with Immich API proxy, gallery component,
shared albums, lightbox viewer, and standard rapp-nav header
- Register photosModule in server/index.ts and add vite build step
- Fix remaining module headers: books (shelf + reader), splat, swag, tube
- All 23 modules now use consistent rapp-nav pattern — no branding headers
- Immich running at demo.rphotos.online, landing page at rphotos.online
- Add backlog tasks 53-58 for recent feature work
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consistent nav headers, button styles, and layout patterns
across calendar, cart, choices, data, forum, funds, inbox,
maps, network, notes, providers, trips, vote, and work modules.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Anon users visiting any rApp (standalone or unified) land on demo space
- Logged-in users auto-redirect to personal space (auto-provisioned)
- POST /api/spaces/auto-provision creates personal space on first visit
- Standalone domains support /<space> path prefix (rpubs.online/jeff)
- rspace.online/ redirects to /demo/canvas (app-first experience)
- Quarter-screen welcome overlay on demo space for first-time visitors
- Full landing page moved to /about
- Auth flow triggers auto-space-resolution on sign-in/register
- Demo space seeded with shapes for all 22 rApps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces the full layer/tab architecture for rSpace — each rApp becomes
a layer in a vertical stack with typed flows (economic, trust, data,
attention, governance, resource) connecting them.
New components:
- rstack-tab-bar: tab bar with flat/stack view toggle, drag reorder,
drag-to-connect flow creation with kind/label/strength dialog
- folk-feed: canvas shape that pulls live data from other layers with
bidirectional write-back (edit items inline, push changes to source API)
- layer-types: Layer, LayerFlow, FlowKind types and color palette
Automerge schema extended with layers, flows, activeLayerId, layerViewMode.
CommunitySync gains 11 new methods for layer/flow CRUD.
Feed definitions added to 10 modules (funds, notes, vote, choices, wallet,
data, work, network, trips, canvas) with typed feeds and acceptsFeeds.
RSpaceModule interface extended with FeedDefinition and acceptsFeeds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Header consistency:
- Fix 52px → 56px header height in 7 module CSS files (pubs, funds,
providers, books, swag, choices, cart)
- Remove custom header background overrides in books.css and pubs.css
- All pages now use the same 3-section header layout: left (app/space
switchers), center (mi), right (identity)
- Add <rstack-mi> to all 4 standalone HTML pages (index, admin,
create-space, canvas) and both shell renderers
mi AI assistant:
- New <rstack-mi> web component with search input "Ask mi anything..."
- Dropdown panel with streaming chat UI, typing indicator, markdown
formatting
- POST /api/mi/ask endpoint: streams from Ollama with full rApp context
in system prompt (all 22 modules, current space/module)
- Graceful fallback to keyword-based responses when Ollama unavailable
- Configurable via MI_MODEL and OLLAMA_URL env vars
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server (src/encryptid/server.ts):
- POST /api/account/email/start — send 6-digit verification code via SMTP
- POST /api/account/email/verify — verify code and set email on account
- POST /api/account/device/start — WebAuthn creation options for same-device
passkey registration (authenticated, reuses existing userId)
- POST /api/account/device/complete — store additional credential under
existing account
DB (src/encryptid/db.ts):
- Add 'device_registration' to StoredChallenge.type union
- Add 'email_verification' to StoredRecoveryToken.type union
Client (shared/components/rstack-identity.ts):
- Rewrite social recovery modal to use existing guardian API:
GET /api/guardians, POST /api/guardians, DELETE /api/guardians/:id
- Loads existing guardians on open, adds/removes in real-time
- Shows guardian status (accepted/pending), invite emails sent on add
- Two name+email inputs (max 3 guardians, server-enforced)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Auth modal: unified "Sign up / Sign in" landing with stacked passkey buttons,
close X button, and "Powered by EncryptID" link to ridentity.online
- Logged-in dropdown: replace Profile/Recovery (auth.ridentity.online) with
Add Email, Add Second Device, Add Social Recovery settings modals
- Add Email: two-step flow (enter email → verify code)
- Add Second Device: WebAuthn credential registration for backup access
- Add Social Recovery: trusted contacts with configurable threshold
- Space switcher: emoji visibility badges (🔓 green / 🔑 yellow / 🔒 red),
remove slash prefix, match app-switcher button styling
- Add rdata.online to standalone domain list
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- rTube → Creating, rSwag stays in Creating
- Rename Social & Media → Sharing, split rData → Observing
- Add tube to Creating in MODULE_CATEGORIES and badge comments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rename "Social & Media" to "Sharing", split out rData into new "Observing"
category, and move rTube from Social to Creating.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Space dropdown now shows visibility badges (PUBLIC/PRIVATE/PERMISSIONED)
with green/red/yellow color coding and left border accents. Trigger button
styled with background fill to match the rApps dropdown beside it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
28 flat tool buttons replaced with 6 category dropdowns (Create, Media,
Embed, AI, Travel, Decide) plus direct-access Connect/Memory/Zoom buttons.
Toolbar is now collapsible via a minimize toggle. Mobile responsive with
accordion-style groups.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use the actual favicon.png ([rS] brand mark) instead of the galaxy emoji
across index, create-space, and admin pages to match canvas.html.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Two-finger touch and trackpad scroll now pan instead of zoom.
Zoom is still available via Ctrl+wheel or trackpad pinch (ctrlKey).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Notebook detail view now subscribes to Automerge docs instead of REST,
enabling real-time sync across tabs. Note creation and editing use
Automerge.change() with debounced sync. REST fallback after 5s timeout.
Notebook list and search remain REST-based.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Auth-free POST /api/internal/provision creates community via Hono route,
triggers onSpaceCreate for all registered modules.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Part of the ridentity.online branding migration. The EncryptID auth
server is now accessible at auth.ridentity.online (with the legacy
encryptid.jeffemmett.com kept as a backward-compatible alias).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett