Introduces bilateral typed inter-space connections (economic, trust,
data, governance, resource) stored in both spaces' Automerge docs.
Includes connection policy, approval flow, membrane permeability
endpoint, and full CRUD API. Also changes default space visibility
from public to private for all user-facing creation paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Align visibility values across server and UI to the canonical set:
public, permissioned, private (replacing public_read, authenticated,
members_only). Add inline space creation form to the space switcher
dropdown and tab bar instead of navigating to /new.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add folk-choice-conviction library and register in lib/index
- Refactor rNotes app layout and interaction
- Space visibility normalization in server/spaces
- Minor canvas.html tweaks
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Pre-populated 4-node workflow template (trigger→action→condition→output) with blue arrows
- Add folk-choice-vote, folk-choice-rank, folk-choice-spider component libraries
- New rstack-space-settings component
- EncryptID encrypted vault schema and server endpoints
- Space management and community store enhancements
- Shell, landing, and module CSS refinements
- Tab bar, app switcher, identity, and MI component updates
- rNotes app improvements
- rFunds diagram adjustments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every non-demo space gets generic "Getting Started" content (~25 shapes)
covering all rApp modules so users see what each module can do immediately.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POST /:slug/invite email endpoint (nodemailer via Mailcow SMTP)
- Add share badge + panel UI to canvas whiteboard
- Mark task-77 (encrypted VPS backup) as Done with updated references
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 5 — EncryptID → DocCrypto bridge:
- Add EncryptedDocBridge connecting WebAuthn PRF to document encryption
- Add per-doc relay mode to SyncServer (encrypted spaces bypass participant mode)
- Wire encryption toggle to syncServer.setRelayOnly() on PATCH /:slug/encryption
- Restore relay mode for encrypted spaces on server startup
- Initialize DocBridge from PRF on login, clear on sign-out (both login-button + identity)
- Use bridge helpers for encrypted backup toggle in My Account
Phase 6 — Space scoping UI:
- Add "Modules" tab to Edit Space modal (enable/disable modules, scope toggles, encryption)
- Auto-filter app switcher by space's enabledModules via renderShell()
- Show "G" badge on global-scoped modules in app switcher
- Show lock icon in header for encrypted spaces
- Add getSpaceShellMeta() helper for auto-populating shell options
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extend RSpaceModule with scoping, lifecycle hooks (onInit, onSpaceCreate/Delete
with SpaceLifecycleContext, onSpaceEnable/Disable), and DocSchema support.
Add scoping to all 25 modules (8 space, 11 global-configurable, 6 global-fixed).
Consolidate 4 space creation endpoints into shared createSpace() function.
Add enabledModules enforcement middleware and module configuration API
(GET/PATCH /api/spaces/:slug/modules). Deprecation header on /api/communities.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Right-click shapes (single or multi-selected) to copy them to another
space the user owns or is a member of. Server endpoint handles ID
remapping, arrow reference preservation, and position centering.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cloudflare has a wildcard rule that redirects any multi-segment path
on rspace.online to a subdomain (e.g. /foo/bar → foo.rspace.online/bar).
This broke both /api/* and /admin/api/* paths.
Replace with single-segment endpoints:
- GET /admin-data — returns spaces + modules (admin-only)
- POST /admin-action — handles mutations like delete-space
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cloudflare has a redirect rule that rewrites rspace.online/api/* to
http://api.rspace.online/*, causing Mixed Content errors in the browser.
Add a separate /admin/api router that serves the same admin data at
paths that don't trigger the redirect rule.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add tabbed admin UI (Spaces | Users) with auth gate
- Add admin API endpoints on EncryptID: list users, delete user, clean space members
- Add admin force-delete space endpoint on rSpace (bypasses owner check)
- Protect all admin endpoints with ADMIN_DIDS env var
- Add ADMIN_DIDS to both Docker Compose configs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hono matches routes in definition order, so /:slug was catching
"notifications" and "admin" as slug params and returning 404.
Static routes must be defined before parameterized routes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Email forwarding (EncryptID):
- New mailcow.ts API client for alias CRUD via Mailcow REST API
- Schema: email_forward_enabled + email_forward_mailcow_id columns
- API endpoints: GET/POST email-forward status, enable, disable
- Profile email change hook updates/disables alias automatically
- Docker: rmail-mailcow network + MAILCOW_API_URL/KEY env vars
Private spaces:
- Access gate overlay blocks members_only spaces for unauthenticated users
- Space visibility injected into HTML via middleware
- Auto-provision creates spaces as members_only by default
- Personalized "Create {username}'s Space" CTA in space switcher
- Removed unused /notifications endpoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend: deleteCommunity(), updateSpaceMeta(), DELETE/PATCH space endpoints,
member CRUD, per-space access-requests GET. UI: gear icon on owned spaces,
3-tab Edit Space modal (Settings, Members, Invitations) in space switcher.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add "Request Access" flow for inaccessible spaces: authenticated users
see all spaces in the dropdown (categorized as Your/Public/Discover),
can request access to restricted spaces, and space owners get in-app
notification badges with inline approve/deny actions.
- API: GET /api/spaces returns accessible/relationship/pendingRequest fields
- API: POST/PATCH /api/spaces/:slug/access-requests + GET /notifications
- Space switcher: 3-section layout with Discover section + Request Access modal
- Identity: notification polling (30s), red badge on avatar, approve/deny in dropdown
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add description to demo space seed for context in the UI
- Sort spaces API: user's own spaces first, then demo, then alphabetical
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3: folk-canvas nested space renderer with live WS connection,
auto-scaling viewport, collapsed/expanded views, permission badges.
Phase 4: WS cascade permission enforcement — nest filter on broadcasts,
addShapes/deleteShapes checks, readOnly enforcement for nested connections.
Phase 5: AES-256-GCM at-rest encryption for Automerge documents with
transparent encrypt-on-save/decrypt-on-load and API toggle endpoints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Spaces are now nestable — any space can embed references to other spaces
via SpaceRef, with a permission cascade model (most-restrictive-wins at
each nesting boundary). Every EncryptID registration auto-provisions a
sovereign space at <username>.rspace.online with consent-based nesting
controls.
Key additions:
- NestPolicy per space (open/members/approval/closed consent levels)
- SpaceRef CRUD with allowlist/blocklist, permission ceiling enforcement
- Approval flow for nest requests with admin review
- Reverse lookup (nested-in) so owners see where their space appears
- Source space admins can always revoke (sovereignty guarantee)
- cascadePermissions() for multi-depth permission intersection
- Client-side types for nested space rendering
- Full spec at docs/SPACE-ARCHITECTURE.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a new /admin page showing all spaces with stats (shape count,
member count, file size, visibility), search/filter/sort controls,
and links to open or export each space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
App switcher:
- Add standaloneDomain to ModuleInfo (exposed via /api/modules)
- Add missing standaloneDomain to 5 modules: funds, files, wallet,
choices, forum (20/21 modules now have standalone domains)
- Show external link arrow on hover for each app's standalone site
Space switcher:
- Pass auth token when fetching /api/spaces so the API returns
private (authenticated/members_only) spaces the user owns or
is a member of
- Group spaces into "Your spaces" (with role badge) and "Public
spaces" sections
- Reload space list on auth-change (sign-in/sign-out)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement the rSpace module architecture that enables all r-suite apps
to run as modules within a single-origin platform at rspace.online,
while each module can still deploy standalone at its own domain.
Phase 0 — Shell + Module System:
- RSpaceModule interface (shared/module.ts) with routes, metadata, hooks
- Shell HTML renderer (server/shell.ts) for wrapping module content
- Three header web components: rstack-app-switcher, rstack-space-switcher,
rstack-identity (refactored from rspace-header.ts into Shadow DOM)
- Space registry API (server/spaces.ts) — /api/spaces CRUD
- Hono-based server (server/index.ts) replacing raw Bun.serve fetch handler
while preserving all WebSocket, API, and subdomain backward compat
- Shared PostgreSQL with per-module schema isolation (rbooks, rcart, etc.)
- Vite multi-entry build: shell.js + shell.css built alongside existing entries
- Module info API: GET /api/modules returns registered module metadata
Phase 1 — Canvas Module:
- modules/canvas/mod.ts exports canvasModule as first RSpaceModule
- Canvas routes mounted at /:space/canvas with shell wrapper
- Fallback serves existing canvas.html for backward compatibility
- /:space redirects to /:space/canvas
URL structure: rspace.online/{space}/{module} (e.g. /demo/canvas)
All existing subdomain routing (*.rspace.online) preserved.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett