rspace-online

Author SHA1 Message Date

Author	SHA1	Message	Date
Jeff Emmett	3a614e2866	rename: finish rschedule → rminders migration Complete the rename started in `dda7760` (which removed rschedule/ but left callers unmigrated and the rminders/ dir uncommitted). Updates vite.config.ts build entries, API base fetches in folk-comment-pin, folk-rapp widget map, module-display meta, calendar reminder-drop route, docs comment-panel, e2e fixtures, shell/landing/mcp-server references, and backlog/ONTOLOGY docs. Fixes vite build failure: "Could not resolve entry module modules/rschedule/components/folk-schedule-app.ts". Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-16 17:18:17 -04:00
Jeff Emmett	e78b768f04	feat(security): harden MI endpoints — CORS, rate limiting, prompt sanitization - Restrict CORS to known rSpace domains (no more open wildcard) - Add tiered rate limiting per IP (anon vs authenticated, per endpoint tier) - UA filtering blocks scrapers/scanners, allows browsers and AI agents - Prompt injection sanitization: strip MI_ACTION markers, system tags, and known attack patterns from user-supplied content before LLM ingestion - Space access control: private/permissioned spaces gate MI data to members - Auth required on /triage, /execute-server-action, data-driven /suggestions - MCP guard: require auth or agent UA for /api/mcp/* - Anonymous WebSocket cap: max 3 per IP with proper cleanup on close - Knowledge index + conversation memory gated to members+ (viewers get public canvas data only) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 13:26:53 -04:00
Jeff Emmett	75fd5cf4be	feat(mi): per-space knowledge index with ranked context injection Replace the 265-line data dump (35 modules × 3 items) in MI system prompts with a trigram-ranked knowledge index that surfaces only the top-18 most relevant entries per query. Adds per-space conversation memory persisted to disk for cross-session context. New files: - server/mi-trigrams.ts — trigram + Jaccard similarity utilities - server/space-knowledge.ts — SpaceKnowledgeIndex with 5-min TTL cache - server/space-memory.ts — SpaceMemory with debounced disk persistence Changes: - mi-routes.ts: ~280 lines removed, replaced with ranked index call - sync-instance.ts: cache invalidation on doc changes - rauctions/mod.ts: fix ModuleScoping type (defaultScope, userConfigurable) - mcp-tools/ragents.ts: fix AccessResult property access (claims.username, claims.sub) ~80% token reduction per MI request (~6,300 → ~1,320 tokens). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-12 22:19:07 -04:00

3a614e2866

rename: finish rschedule → rminders migration

Complete the rename started in dda7760 (which removed rschedule/ but
left callers unmigrated and the rminders/ dir uncommitted). Updates
vite.config.ts build entries, API base fetches in folk-comment-pin,
folk-rapp widget map, module-display meta, calendar reminder-drop
route, docs comment-panel, e2e fixtures, shell/landing/mcp-server
references, and backlog/ONTOLOGY docs.

Fixes vite build failure: "Could not resolve entry module
modules/rschedule/components/folk-schedule-app.ts".

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-16 17:18:17 -04:00

Jeff Emmett

e78b768f04

feat(security): harden MI endpoints — CORS, rate limiting, prompt sanitization

- Restrict CORS to known rSpace domains (no more open wildcard)
- Add tiered rate limiting per IP (anon vs authenticated, per endpoint tier)
- UA filtering blocks scrapers/scanners, allows browsers and AI agents
- Prompt injection sanitization: strip MI_ACTION markers, system tags, and
  known attack patterns from user-supplied content before LLM ingestion
- Space access control: private/permissioned spaces gate MI data to members
- Auth required on /triage, /execute-server-action, data-driven /suggestions
- MCP guard: require auth or agent UA for /api/mcp/*
- Anonymous WebSocket cap: max 3 per IP with proper cleanup on close
- Knowledge index + conversation memory gated to members+ (viewers get
  public canvas data only)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-13 13:26:53 -04:00

Jeff Emmett

75fd5cf4be

feat(mi): per-space knowledge index with ranked context injection

Replace the 265-line data dump (35 modules × 3 items) in MI system prompts
with a trigram-ranked knowledge index that surfaces only the top-18 most
relevant entries per query. Adds per-space conversation memory persisted
to disk for cross-session context.

New files:
- server/mi-trigrams.ts — trigram + Jaccard similarity utilities
- server/space-knowledge.ts — SpaceKnowledgeIndex with 5-min TTL cache
- server/space-memory.ts — SpaceMemory with debounced disk persistence

Changes:
- mi-routes.ts: ~280 lines removed, replaced with ranked index call
- sync-instance.ts: cache invalidation on doc changes
- rauctions/mod.ts: fix ModuleScoping type (defaultScope, userConfigurable)
- mcp-tools/ragents.ts: fix AccessResult property access (claims.username, claims.sub)

~80% token reduction per MI request (~6,300 → ~1,320 tokens).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-12 22:19:07 -04:00

3 Commits