Traefik routes auth.rspace.online (priority 150) with encryptid.jeffemmett.com
fallback. Landing page rebranded as rStack Identity with rStack.online ecosystem
tagline. Registration form now includes optional email for account recovery.
JWT issuer and recovery URL updated. 14 r* apps listed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace marketing-only landing page with a functional auth page that
lets users register and sign in with passkeys. Shows profile view
after login with DID, passkey list, session info, and recovery email
setup. Still includes feature descriptions and r-suite app links.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Traefik priority=200 and service assignment to encryptid-wellknown
router so it wins over canvas-website/personal-site for the
/.well-known/webauthn path on jeffemmett.com. Add missing origins
(rpubs.online, shop.mycofi.earth, canvas/press/cart.jeffemmett.com)
to the allowed origins list.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SSO token relay, membership endpoints, SpaceRole bridges, and
bidirectional sync all implemented. AC #6 and #7 checked.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds space_members table and CRUD endpoints to EncryptID server for
centralized membership management. Extends Automerge CommunityDoc with
members map and PATCH endpoint for module→canvas shape updates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mark task-19 acceptance criteria complete, add notes on header
re-render fix, Docker build fix, and auto-deploy setup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The parent-directory build context was blocked by a sibling project's
.dockerignore. Switch to using the repo root as context and pull
encryptid-sdk via Docker's additional_contexts feature.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a user authenticates through the community creation form (via
requireAuth), the header bar now re-renders to show the logged-in
state instead of still displaying the Sign In button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a persistent header bar with sign-in/sign-up across landing and canvas
pages. The "Create Community Space" form now requires EncryptID authentication,
showing a passkey auth modal if the user isn't signed in. Auth tokens are sent
with the community creation API call. EncryptID WebAuthn modules are lazy-loaded
only when auth is triggered.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Require DATABASE_URL and JWT_SECRET via env vars instead of falling back
to hardcoded defaults. Removes insecure fallback passwords from compose
file as well. Production was already using strong .env secrets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements BFT-CRDT token infrastructure as FolkShape components that
live in the existing Automerge document — no new server or database needed.
Admins can create token types (mint) and issue them to participants by
DID or email (ledger), with real-time sync across all connected peers.
- folk-token-mint: token definition (name, symbol, supply, color, icon)
- folk-token-ledger: distribution tracker with issuance form, email escrow
- Canvas toolbar "Token" button creates mint+ledger+arrow pair
- Demo seeds: GOV (equal governance) and CRED (contribution credits)
- community-sync: remote property updates for both token shapes
- EncryptID: add rTube, rStack to allowed origins and landing page
- rSpace landing page: add EncryptID and interoperability sections
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add lightweight JSON WebSocket protocol (?mode=json) that bridges
Automerge to JSON for demo pages, avoiding the ~500KB Automerge bundle.
Includes GET /api/communities/:slug/shapes endpoint, POST demo reset
with rate limiting, Alpine Explorer 2026 seed data (~40 shapes), and
the useDemoSync React hook for real-time demo page connectivity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix CSS position:absolute missing for 5 trip planning shapes
- Expand arrow connection mode to all 21 shape types (was only 2)
- Center new shapes in viewport instead of clustering top-left
- Extract createAndAddShape() utility, eliminating ~270 lines of duplication
- Add missing Google Item toolbar button
- Add error handling on remote shape creation (try-catch-finally)
- Implement actual WebSocket keep-alive ping (was a no-op)
- Use shape.toJSON() in sync layer to capture all shape properties (was only 3 types)
- Add index signature to ShapeData for arbitrary shape-specific properties
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Build context changed to parent directory so the encryptid-sdk
(referenced as file:../encryptid-sdk) is accessible during build.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Allows trusted internal services (e.g. rnotes) to push shapes
without EncryptID auth by passing X-Internal-Key header.
Key is set via INTERNAL_API_KEY env var.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix duplicate property in addShapes object literal
- Exclude src/encryptid/ from tsc (pre-existing errors, separate module)
- Add ambient type declaration for @encryptid/sdk/server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use parent context (context: ..) so the SDK at file:../encryptid-sdk
resolves correctly during Docker build. Same pattern as rnotes-online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enables external apps (e.g. rNotes) to push shapes to a canvas via REST API.
Shapes are added in a single Automerge change and broadcast to connected
WebSocket clients for real-time sync.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add rnotes.online, rfunds.online, rtrips.online, rnetwork.online to
allowedOrigins for cross-r* authentication support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New folk-* web components for collaborative trip planning:
- folk-itinerary: timeline with day grouping and category icons
- folk-destination: location card with editable notes
- folk-budget: expense tracker with progress bar
- folk-packing-list: collaborative checklist with progress
- folk-booking: booking card with type/status badges
Also adds postMessage broadcasting in community-sync for iframe
embedding in rtrips.online, and toolbar buttons in canvas.html.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Protect POST /api/communities, GET /api/communities/:slug, and WebSocket
upgrade with token verification. Add visibility (public/public_read/
authenticated/members_only) and ownerDID to community metadata. Block
writes from read-only connections.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace in-memory Maps with persistent PostgreSQL storage:
- Add db.ts with typed query functions for users, credentials, challenges
- Add schema.sql with users/credentials/challenges tables
- Update server.ts to use async DB queries
- Add postgres service to docker-compose
- Health endpoint now reports database connectivity
- Auto-cleanup of expired challenges every 10 minutes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add global AbortController for conditional UI requests
- Call abortConditionalUI() at start of registerPasskey and authenticatePasskey
- Export abortConditionalUI from index for manual use if needed
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add bun build step to create browser-compatible JS from TypeScript
- Update demo.html to import from /dist/index.js
- Update server to serve /dist/* for bundled modules
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change Traefik entrypoint from websecure to web (Cloudflare terminates TLS)
- Replace curl with bun-based healthcheck (curl not in slim image)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Bun no longer accepts --production=false syntax. DevDependencies
are included by default during install.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements the EncryptID identity system for the r-ecosystem:
- WebAuthn/Passkey authentication with PRF extension for key derivation
- Client-side cryptographic key derivation (AES-256, ECDSA P-256, Ed25519)
- Social recovery system with guardians (no seed phrases!)
- Session management with authentication levels
- Cross-app SSO via Related Origin Requests
- Web components: login button and guardian setup panel
- Hono server for authentication endpoints
- Docker deployment configuration
Domain: encryptid.jeffemmett.com
RP ID: jeffemmett.com (for cross-subdomain passkey usage)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The :scope selector may not work correctly when querying from a ShadowRoot.
Use slot.parentElement to reliably find the container div to replace.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix activeElement undefined error by guarding against missing shadowRoot
- Fix replaceChild "parameter 2 is not of type Node" error in all 15 child
components by using :scope > div selector to find container div directly
instead of incorrectly searching inside slot.parentElement
The bug was caused by looking for a nested div that doesn't exist - the slot's
parent IS the container div that needs to be replaced.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- folk-video-chat: WebRTC video chat with room joining, mute/video toggle
- folk-obs-note: Rich markdown editor with edit/preview/split modes
- folk-workflow-block: Visual workflow nodes with typed ports
All components integrated into canvas.html with toolbar buttons.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- folk-image-gen: Image generation with style selection
- folk-video-gen: Video generation with I2V/T2V modes
- folk-prompt: LLM chat interface with model selection
- folk-transcription: Real-time transcription via Web Speech API
All shapes integrated into canvas.html with toolbar buttons.
Backend API endpoints are placeholders to be implemented.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- folk-embed: URL embeds for YouTube, Twitter/X, Google Maps
- folk-calendar: Month view calendar with events
- folk-map: MapLibre GL integration with OSM tiles and markers
Integrated all shapes into canvas.html with toolbar buttons.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- PresenceManager class tracks remote users' cursors and selections
- SVG cursor with username label and auto-assigned colors
- CommunitySync.sendPresence() broadcasts cursor/selection updates
- Throttled to 50ms to prevent flooding
- Auto-fade after 5s inactivity, auto-remove after 15s
- Selection highlight shows which shape each user has selected
Completes task-7: Real-time presence cursors
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett