Add per-object visibility levels (viewer/member/moderator/admin) across
all rSpace modules. Objects default to 'viewer' (open), so existing data
remains visible. Server-side GET handlers resolve caller role and filter;
MCP tools filter lists and check single-item access; frontend components
do defense-in-depth filtering with visibility picker (mod+) and lock badges.
- shared/membrane.ts: types + isVisibleTo, filterByVisibility, filterArrayByVisibility
- 9 schema files: visibility field on TaskItem, NoteItem, CalendarEvent, etc.
- 8 module routes: GET handlers filter by caller role
- 6 MCP tool files: list filtering + single-item visibility checks
- 4 frontend components: client filtering, picker, lock badges
- 18 unit tests (all passing)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- MI bar z-index lowered to 1 so dropdowns render above it; panel
gets z-index 10001 only when open
- SW registration URL bumped to v=8 to match cache version
- rtime: pool and weaving are now two separate scrollable sections
on mobile (50vh/60vh min-heights) with a "Commitment Weaving"
section header visible on constrained screens
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /api/auth/*, /api/register/*, /api/account/* proxy routes to
rspace-online server, forwarding to encryptid container internally.
This eliminates cross-origin requests that Safari blocks via ITP or
Cloudflare security challenges.
- Change client auth URLs from https://auth.rspace.online to same-origin
in rstack-identity, rspace-header, login-button, and session modules.
- Add PRF extension try/catch fallback in webauthn.ts — Safari throws
TypeError on the unsupported PRF extension, now retries without it.
- Bump SW cache version v7→v8 to bust stale cached bundles.
Fixes passkey login for Safari/macOS users (e.g. christina) who were
getting "Network error when attempting to reach resource".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Previously, visiting a private space on *.rspace.online without a session
redirected to rspace.online, causing a redirect loop after login. Now shows
the sign-in gate in-place so the user logs in and stays on the same page.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds always-visible home button in tab bar, toggleable dashboard overlay,
widget card system with 8 widgets (tasks, calendar, activity, members,
tools, quick actions, wallet, flows), customize mode with toggle/reorder,
and dashboard summary API endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Browser-side:
- Fix switchSpace() to LRU-evict idle space WebSocket connections (cap: 3)
- Add runtime.unsubscribe() to disconnectedCallback in 24 components
- Fix DocSyncManager.unsubscribe() to clean up syncStates, timers, listeners
- Fix 14 components leaking RAF loops, ResizeObservers, MutationObservers,
document/window listeners, setIntervals, MapLibre WebGL contexts, and
AbortControllers on disconnect
- Deduplicate Automerge WASM: module builds now use global shim from
shell-offline instead of bundling ~2.5MB each (8 modules affected)
Server-side:
- Add LRU eviction to SyncServer.#docs (cap: 500, evicts idle docs with
no subscribers, persists to disk before eviction)
- registerWatcher() now returns unsubscribe function
Data:
- Cap unbounded CRDT arrays: rexchange chatMessages (200), rcart events (200)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 2-3 of the rNotes/rDocs split. Rewrites rNotes from a full TipTap
editor (~1800 lines) into a lightweight Obsidian/Logseq vault sync and
browse module (~560 lines). Rich editing features remain in rDocs.
rNotes vault browser:
- VaultDoc schema: metadata-only in Automerge (title, tags, hash, wikilinks)
- ZIP vault uploads stored on disk at /data/files/uploads/vaults/
- File tree browser, search, read-only markdown preview
- Wikilink graph data endpoint for visualization
- 5 MCP tools: list_vaults, browse_vault, search_vault, get_vault_note, sync_status
- Browser extension compat shim redirects old API calls to rDocs
Cleanup:
- Removed dead editor files from rnotes (converters, components, local-first-client)
- Updated MI integration to use getRecentVaultNotesForMI
- Updated ONTOLOGY.md with new module descriptions
- Bumped JS cache versions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New folk-makereal shape converts hand-drawn wireframes into functional
HTML/CSS using Gemini Flash 2.5 vision. Drawing canvas + live iframe
preview with framework selector (HTML/Tailwind/React), code view toggle,
and copy/open-tab actions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The rsheet→rsheets rename was partially applied - server/index.ts
imported rsheets/mod but the files still lived at rsheet/. This
caused a crash on startup: "Cannot find module '../modules/rsheets/mod'".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Figma-style threaded comment markers anchored to data-collab-id
elements across all module pages. Comments stored in per-space Automerge
doc, synced via existing local-first stack. Bell is now context-aware
(canvas pins on canvas, module pins on module pages). Notifications
route through existing WS/push/email system with new module_comment
and module_mention event types.
New files: module-comment-types, module-comment-schemas,
rstack-module-comments component. Updated: shell, comment bell,
notification routes. Added data-collab-id to crowdsurf, rtime, rmeets.
Fixed pre-existing SKILL_LABELS import error in rtime/mod.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a ✕ button next to the + tab button that closes all open rApp tabs
and returns to the user dashboard. Shows a confirm() prompt with tab count
before proceeding.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Broadcasts in-app, push, and email notifications to all space members
when a comment pin is created or replied to. @mentioned users get their
specific mention notification instead (no double-notify). Fixes pre-existing
TS error in rtasks local-first-client (missing dueDate default).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a small bug icon (bottom-right) that opens a modal to collect
errors, device info, comments, and optional screenshots, then emails
the report to jeff@jeffemmett.com via the existing SMTP transport.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The oven/bun:1-slim image lacks system CA certs, causing TLS verification
failures on outbound HTTPS for link-preview. Also implements the
/api/design-agent SSE endpoint — Gemini Flash tool loop driving the
Scribus bridge for DTP layout generation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
HMAC-signed stateless tokens let external respondents vote on rChoices
polls or RSVP to rCal events via a single tap — no account required.
Routes mounted at /respond/:token bypass space auth. Typed EventAttendee
schema replaces unknown[] on CalendarEvent.attendees. Invite endpoints
on both modules generate tokens and optionally send email invitations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Docker Engine 29.0.4 on Netcup requires minimum API version 1.44,
causing all sidecar starts (Blender, FreeCAD, KiCad, Ollama) to fail
with "client version 1.43 is too old".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The clf space is private, so all API calls were getting 401'd by the
space access middleware before reaching the rtasks routes. Add
/rtasks/api/ to the public endpoint exemption list (like rwallet,
rdesign, rvote already are).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Root route now sends no-cache headers to bust stale 301s from the
rcal standaloneDomain mishap. Standalone domain redirects changed from
301 (permanent/browser-cached) to 302 (temporary) so misconfiguration
can never stick in user browsers again.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Ranking: replace broken :hover drop-target with getBoundingClientRect hit testing
- Spider: add #isSliding guard to prevent slider destruction during drag
- Video gen: bump timeout to 10min, show real fal.ai queue position/status
- Fix NotificationCategory type to include 'payment' in db.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- rCal landing: strip inline style overrides, use standard rl-* CSS classes
- rCal mod: update standaloneDomain from rcal.online to rspace.online
- Info popup: change from per-rApp auto-show to global one-time auto-show
- Update banner: track dismissal in sessionStorage so it stops re-showing
on every page load within the same session (likely the "persistent banner")
- rpubs landing: fix stale rcart.online URLs → demo.rspace.online/rcart
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Community members post buy/sell intents for CRDT tokens (cUSDC, $MYCO, fUSDC)
against 8 fiat currencies. Bipartite solver matches intents every 60s. Escrow
via token-service burn/mint trio. Reputation scoring with badges. 14 API routes,
canvas shape with physics orbs, and landing page.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Module onInit functions (rvote, rtasks, rcal, etc.) call seedDemoIfEmpty
which checks the sync server for existing docs. Previously onInit ran
as an IIFE before loadAllDocs completed, so it always found empty docs
and re-seeded demo data — overwriting user deletions/changes. Now
onInit runs inside the loadAllDocs .then() chain, ensuring persisted
data is loaded before any seed checks run.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add internal endpoints for payment infrastructure integration:
- GET /api/internal/user-by-wallet — resolve wallet to email/username
- POST /api/internal/notify — trigger in-app notifications by wallet/DID
- Add 'payment' notification category and payment_sent/received event types
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SMTP auth on port 587 was broken across all modules due to stale
credentials. Since rspace is on the mailcow Docker network, all 6
SMTP transports now use unauthenticated relay on port 25 when the
host is the internal postfix container. Fixes emails for: payment
receipts, space invitations, inbox approvals, agent notifications,
scheduled emails, and publication sharing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ascii-art service returns raw HTML, not JSON. Wrap response in
{html, text} JSON envelope and strip tags for plain text version.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add folk-ascii-gen canvas shape with pattern/palette selectors
- Add POST /api/ascii-gen proxy to ascii-art service
- Register create_ascii_art in canvas tools + triage panel
- Fix WAN 2.1 t2v endpoint URL (fal-ai/wan/v2.1 → fal-ai/wan-t2v)
- Convert video gen to async job queue (avoids Cloudflare timeouts)
- Fix Docker API Content-Type bug in sidecar-manager
- Convert scribus-novnc and open-notebook to on-demand sidecars
- Add ensureSidecar("scribus-novnc") to rDesign bridge proxy
- Fix Hono ContextVariableMap and handleTransakMessage type errors
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Audit and fix ~60 violations across 47 files where URLs were constructed
as /{space}/moduleId instead of /moduleId (subdomain provides the space).
- Add getModuleApiBase() helper to shared/url-helpers.ts
- Fix client components: use getModuleApiBase() for fetch URLs,
rspaceNavUrl() for navigation
- Fix server routes: use c.get("isSubdomain") for redirects and
JSON response URLs
- Fix OAuth callbacks (notion, google, clickup): subdomain-aware redirects
- Fix email notification URLs (rvote): use {space}.rspace.online format
- Fix webhook registration (rtasks/clickup): subdomain-aware endpoint URL
- Replace broken #getSpaceSlug() methods in folk-feed, folk-splat
- Replace NODE_ENV checks with proper isSubdomain checks (rdata, rnetwork)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SyncServer.setDoc() was not calling onDocChange, so documents created
via setDoc (including payment requests) were only stored in memory and
lost on container restart. This caused "Payment request not found"
errors after deploys. Now setDoc triggers the same persistence callback
as changeDoc.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a logged-in user visits a private space they don't have access to,
the gate now shows a "Request Access" button (calls POST /api/spaces/:slug/access-requests)
and a "Go to {username}'s Space" secondary link. Handles already-pending (409) gracefully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Landing, module-landing, and sub-page-info pages showed a stale "Spaces"
dropdown. Now checks encryptid_session and sets the switcher to
{username}'s Space (logged in) or demo (logged out).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pin encrypted backups and AI-generated files to Kubo (ipfs.jeffemmett.com)
as fire-and-forget redundancy. Filesystem remains primary storage — IPFS
failures are logged and swallowed. Adds /api/ipfs routes for status,
pin/unpin, and gateway proxy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ImapFlow clients were created without .on('error') handlers. Socket
timeouts emitted unhandled errors that crashed the entire process,
taking down all 32 modules. Added error handlers to all 3 ImapFlow
instantiation sites and a process-level uncaughtException/unhandledRejection
safety net.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Modules now declare their canvas shapes and AI tools (canvasShapes/canvasToolIds
on RSpaceModule), creating a single source of truth that the canvas enforces:
- Phase 1: Extended RSpaceModule + ModuleInfo, added moduleId to CanvasToolDefinition
with getToolsForModules() filter, added moduleOf() to ShapeRegistry, populated
declarations in 9 modules, fixed 8 ungated toolbar buttons (rchoices, rwallet, rsocials)
- Phase 2: AI prompt sends enabledModules, server filters Gemini tool declarations
- Phase 3: folk-commitment-pool and folk-task-request show lock overlay when rtime disabled
- Phase 4: Extracted MODULE_META into shared lib/module-display.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fire commitment_accepted/commitment_declined notifications when solver
results are accepted/rejected in intent-routes.ts
- Fire commitment_declined when a connection is deleted in mod.ts
- Add metadata (resultId, fromCommitmentId) to commitment_requested notify
- Fix actionUrl to use /rtime (subdomain-relative), not /{space}/rtime
- Add Accept/Decline action buttons in notification bell for
commitment_requested events (same pattern as space_invite)
- Add email delivery channel to notification-service: sends from
{space}-agent@rspace.online via SMTP, respects emailEnabled preference,
inline HTML template with dark theme
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Two new FolkShape subclasses enable drag-from-pool-to-task interactions on
the canvas. Orbs dragged from the commitment pool highlight matching skill
slots on task request cards and POST connections via the rTime API. Adds
commitment_requested notification type so commitment owners are notified
when their time is requested.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Authenticated users visiting {space}.rspace.online/ now get a server-side
302 to /rspace instead of rendering the full dashboard then JS-redirecting
(eliminates flash of wrong header + 2-3 redirect chain → single redirect).
Bare domain rspace.online/{space} now 301-redirects to {space}.rspace.online/
so /{space}/ never appears in the URL bar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add folk-mermaid-gen web component: AI-powered diagram generation via
Ollama, client-side SVG preview via mermaid.js, animated GIF export via
mermaid.rspace.online API
- Register in canvas tools, toolbar, and shape registry
- Add role selector dropdown to share panel invite form (backend already
supports role parameter)
- Fix pre-existing TS errors: SankeyNode missing address field,
SpaceMember type mismatch in WebSocket auth fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- App switcher: only show "Manage rApps" when there are actually
disabled modules or active restrictions. Move "Available to Add"
above "Remove" to prioritize adding. Eliminates duplicate module
listing when all modules are enabled.
- Shell: update app switcher on modules-changed event (was only
updating tab bar and folk-rapp, not the sidebar itself).
- SMTP: use space-agent@rspace.online as From for invite/approval
emails with proper envelope sender for DKIM alignment.
- Shell CSS: fix banner z-index, smooth header transition on banner.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rTasks: port backlog-md ordinal algorithm (bisection + rebalance),
fix column detection via bounding-box hit test, add empty-column
drop zones, source column dimming, no-op detection, and optimistic
DOM updates (no flash). New bulk-sort-order rebalance endpoint.
EncryptID: sync claimed invite members to Automerge doc immediately,
redirect to space subdomain after identity claim.
Server: add /api/internal/sync-space-member endpoint, fallback
member check in WebSocket auth for not-yet-synced invites.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add appinstalled event listener so browser-initiated installs also
permanently dismiss the banner
- Ensure only one banner shows at a time (update hides install first)
- Refactor dismiss logic into single helper function
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New module at modules/rsheet/mod.ts using externalApp pattern
- Embedded Y.js-backed spreadsheet grid with real-time sync
- Connects to shared y-websocket server for collaboration
- Registered in server/index.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Connections are per-user, not per-space. Move the platform connections
dashboard from the space settings modal (5th tab) to the My Account
modal as a collapsible section. Add selective sharing: users connect
platforms to their personal data store, then choose which community
spaces to share data into via per-provider space checkboxes.
New endpoints: GET/POST /api/oauth/sharing for per-user sharing config.
Sharing config stored as Automerge doc {userSpace}:oauth:sharing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ollama now starts on API request and stops after 5min idle, saving
~5-6GB RAM when not in use. Part of server-wide resource caps rollout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett