Require DATABASE_URL and JWT_SECRET via env vars instead of falling back
to hardcoded defaults. Removes insecure fallback passwords from compose
file as well. Production was already using strong .env secrets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements BFT-CRDT token infrastructure as FolkShape components that
live in the existing Automerge document — no new server or database needed.
Admins can create token types (mint) and issue them to participants by
DID or email (ledger), with real-time sync across all connected peers.
- folk-token-mint: token definition (name, symbol, supply, color, icon)
- folk-token-ledger: distribution tracker with issuance form, email escrow
- Canvas toolbar "Token" button creates mint+ledger+arrow pair
- Demo seeds: GOV (equal governance) and CRED (contribution credits)
- community-sync: remote property updates for both token shapes
- EncryptID: add rTube, rStack to allowed origins and landing page
- rSpace landing page: add EncryptID and interoperability sections
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add lightweight JSON WebSocket protocol (?mode=json) that bridges
Automerge to JSON for demo pages, avoiding the ~500KB Automerge bundle.
Includes GET /api/communities/:slug/shapes endpoint, POST demo reset
with rate limiting, Alpine Explorer 2026 seed data (~40 shapes), and
the useDemoSync React hook for real-time demo page connectivity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix CSS position:absolute missing for 5 trip planning shapes
- Expand arrow connection mode to all 21 shape types (was only 2)
- Center new shapes in viewport instead of clustering top-left
- Extract createAndAddShape() utility, eliminating ~270 lines of duplication
- Add missing Google Item toolbar button
- Add error handling on remote shape creation (try-catch-finally)
- Implement actual WebSocket keep-alive ping (was a no-op)
- Use shape.toJSON() in sync layer to capture all shape properties (was only 3 types)
- Add index signature to ShapeData for arbitrary shape-specific properties
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Build context changed to parent directory so the encryptid-sdk
(referenced as file:../encryptid-sdk) is accessible during build.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Allows trusted internal services (e.g. rnotes) to push shapes
without EncryptID auth by passing X-Internal-Key header.
Key is set via INTERNAL_API_KEY env var.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix duplicate property in addShapes object literal
- Exclude src/encryptid/ from tsc (pre-existing errors, separate module)
- Add ambient type declaration for @encryptid/sdk/server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use parent context (context: ..) so the SDK at file:../encryptid-sdk
resolves correctly during Docker build. Same pattern as rnotes-online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enables external apps (e.g. rNotes) to push shapes to a canvas via REST API.
Shapes are added in a single Automerge change and broadcast to connected
WebSocket clients for real-time sync.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add rnotes.online, rfunds.online, rtrips.online, rnetwork.online to
allowedOrigins for cross-r* authentication support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New folk-* web components for collaborative trip planning:
- folk-itinerary: timeline with day grouping and category icons
- folk-destination: location card with editable notes
- folk-budget: expense tracker with progress bar
- folk-packing-list: collaborative checklist with progress
- folk-booking: booking card with type/status badges
Also adds postMessage broadcasting in community-sync for iframe
embedding in rtrips.online, and toolbar buttons in canvas.html.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Protect POST /api/communities, GET /api/communities/:slug, and WebSocket
upgrade with token verification. Add visibility (public/public_read/
authenticated/members_only) and ownerDID to community metadata. Block
writes from read-only connections.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace in-memory Maps with persistent PostgreSQL storage:
- Add db.ts with typed query functions for users, credentials, challenges
- Add schema.sql with users/credentials/challenges tables
- Update server.ts to use async DB queries
- Add postgres service to docker-compose
- Health endpoint now reports database connectivity
- Auto-cleanup of expired challenges every 10 minutes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add global AbortController for conditional UI requests
- Call abortConditionalUI() at start of registerPasskey and authenticatePasskey
- Export abortConditionalUI from index for manual use if needed
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add bun build step to create browser-compatible JS from TypeScript
- Update demo.html to import from /dist/index.js
- Update server to serve /dist/* for bundled modules
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change Traefik entrypoint from websecure to web (Cloudflare terminates TLS)
- Replace curl with bun-based healthcheck (curl not in slim image)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Bun no longer accepts --production=false syntax. DevDependencies
are included by default during install.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements the EncryptID identity system for the r-ecosystem:
- WebAuthn/Passkey authentication with PRF extension for key derivation
- Client-side cryptographic key derivation (AES-256, ECDSA P-256, Ed25519)
- Social recovery system with guardians (no seed phrases!)
- Session management with authentication levels
- Cross-app SSO via Related Origin Requests
- Web components: login button and guardian setup panel
- Hono server for authentication endpoints
- Docker deployment configuration
Domain: encryptid.jeffemmett.com
RP ID: jeffemmett.com (for cross-subdomain passkey usage)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The :scope selector may not work correctly when querying from a ShadowRoot.
Use slot.parentElement to reliably find the container div to replace.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix activeElement undefined error by guarding against missing shadowRoot
- Fix replaceChild "parameter 2 is not of type Node" error in all 15 child
components by using :scope > div selector to find container div directly
instead of incorrectly searching inside slot.parentElement
The bug was caused by looking for a nested div that doesn't exist - the slot's
parent IS the container div that needs to be replaced.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- folk-video-chat: WebRTC video chat with room joining, mute/video toggle
- folk-obs-note: Rich markdown editor with edit/preview/split modes
- folk-workflow-block: Visual workflow nodes with typed ports
All components integrated into canvas.html with toolbar buttons.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- folk-image-gen: Image generation with style selection
- folk-video-gen: Video generation with I2V/T2V modes
- folk-prompt: LLM chat interface with model selection
- folk-transcription: Real-time transcription via Web Speech API
All shapes integrated into canvas.html with toolbar buttons.
Backend API endpoints are placeholders to be implemented.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- folk-embed: URL embeds for YouTube, Twitter/X, Google Maps
- folk-calendar: Month view calendar with events
- folk-map: MapLibre GL integration with OSM tiles and markers
Integrated all shapes into canvas.html with toolbar buttons.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- PresenceManager class tracks remote users' cursors and selections
- SVG cursor with username label and auto-assigned colors
- CommunitySync.sendPresence() broadcasts cursor/selection updates
- Throttled to 50ms to prevent flooding
- Auto-fade after 5s inactivity, auto-remove after 15s
- Selection highlight shows which shape each user has selected
Completes task-7: Real-time presence cursors
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- folk-slide: Presentation slide container with dashed border
- folk-chat: Real-time chat with username persistence
- folk-google-item: Data card for Google services with visibility toggle
- folk-piano: Chrome Music Lab Shared Piano iframe embed
All components extend FolkShape, implement toJSON(), and support
drag via data-drag attribute. Toolbar buttons added for each.
Completes task-2: Phase 1 - Port Simple Shapes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- maximize.ts: maximizeShape(), restoreShape(), toggleMaximize()
- pinned-view.ts: PinnedViewManager class for viewport-fixed shapes
- folk-shape.ts: Base toJSON() method for Automerge sync
- Updated exports in lib/index.ts
Completes task-8: Port shared hooks as FolkJS utilities
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Serve static assets (js, wasm, css) before subdomain routing
- Add WASM and image content types
- Reserve 'create', 'new', 'start' subdomains for community creation form
- Fixes canvas not loading on subdomains
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use unique router name 'rspace-canvas' to avoid conflict with rspace-prod
- Only match subdomains, explicitly exclude main domain
- rspace-prod handles rspace.online landing page
- rspace-online handles *.rspace.online canvas
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Implement folk-arrow web component using perfect-arrows
- Curved bezier arrows with perfect-freehand stroke styling
- Dynamic position tracking via requestAnimationFrame
- Connection mode: click source then target to create arrow
- Sync arrow properties (sourceId, targetId, color) via Automerge
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Port StandardizedWrapper from React to web component
- Header with title, icon, color theming
- Pin, minimize, close action buttons
- Tags footer with add/remove functionality
- Integrate into canvas with "Card" toolbar button
- Sync wrapper properties via Automerge CRDT
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CommunitySync class bridges FolkJS shapes with Automerge documents
- Server stores Automerge binary format with debounced persistence
- Per-peer sync state for efficient delta synchronization
- WebSocket messages carry Automerge sync protocol
- Automatic migration from JSON to Automerge format
- WASM plugin for Vite to handle Automerge bundle
Enables true CRDT-based collaboration with:
- Conflict-free concurrent editing
- Efficient delta sync (only changed data)
- Offline-capable local documents
- Automatic peer reconnection
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed from websecure to web entrypoint
- Removed obsolete version attribute
- Cloudflare tunnel connects to port 80, so no TLS config needed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Jeff Emmett