- Restrict CORS to known rSpace domains (no more open wildcard)
- Add tiered rate limiting per IP (anon vs authenticated, per endpoint tier)
- UA filtering blocks scrapers/scanners, allows browsers and AI agents
- Prompt injection sanitization: strip MI_ACTION markers, system tags, and
known attack patterns from user-supplied content before LLM ingestion
- Space access control: private/permissioned spaces gate MI data to members
- Auth required on /triage, /execute-server-action, data-driven /suggestions
- MCP guard: require auth or agent UA for /api/mcp/*
- Anonymous WebSocket cap: max 3 per IP with proper cleanup on close
- Knowledge index + conversation memory gated to members+ (viewers get
public canvas data only)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Office documents dropped onto canvas or imported via rDocs are now converted
to Markdown using Microsoft's markitdown CLI. Canvas drops trigger triage;
rDocs imports create rich notes with the original file kept as an attachment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the 265-line data dump (35 modules × 3 items) in MI system prompts
with a trigram-ranked knowledge index that surfaces only the top-18 most
relevant entries per query. Adds per-space conversation memory persisted
to disk for cross-session context.
New files:
- server/mi-trigrams.ts — trigram + Jaccard similarity utilities
- server/space-knowledge.ts — SpaceKnowledgeIndex with 5-min TTL cache
- server/space-memory.ts — SpaceMemory with debounced disk persistence
Changes:
- mi-routes.ts: ~280 lines removed, replaced with ranked index call
- sync-instance.ts: cache invalidation on doc changes
- rauctions/mod.ts: fix ModuleScoping type (defaultScope, userConfigurable)
- mcp-tools/ragents.ts: fix AccessResult property access (claims.username, claims.sub)
~80% token reduction per MI request (~6,300 → ~1,320 tokens).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 2-3 of the rNotes/rDocs split. Rewrites rNotes from a full TipTap
editor (~1800 lines) into a lightweight Obsidian/Logseq vault sync and
browse module (~560 lines). Rich editing features remain in rDocs.
rNotes vault browser:
- VaultDoc schema: metadata-only in Automerge (title, tags, hash, wikilinks)
- ZIP vault uploads stored on disk at /data/files/uploads/vaults/
- File tree browser, search, read-only markdown preview
- Wikilink graph data endpoint for visualization
- 5 MCP tools: list_vaults, browse_vault, search_vault, get_vault_note, sync_status
- Browser extension compat shim redirects old API calls to rDocs
Cleanup:
- Removed dead editor files from rnotes (converters, components, local-first-client)
- Updated MI integration to use getRecentVaultNotesForMI
- Updated ONTOLOGY.md with new module descriptions
- Bumped JS cache versions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The rsheet→rsheets rename was partially applied - server/index.ts
imported rsheets/mod but the files still lived at rsheet/. This
caused a crash on startup: "Cannot find module '../modules/rsheets/mod'".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Audit and fix ~60 violations across 47 files where URLs were constructed
as /{space}/moduleId instead of /moduleId (subdomain provides the space).
- Add getModuleApiBase() helper to shared/url-helpers.ts
- Fix client components: use getModuleApiBase() for fetch URLs,
rspaceNavUrl() for navigation
- Fix server routes: use c.get("isSubdomain") for redirects and
JSON response URLs
- Fix OAuth callbacks (notion, google, clickup): subdomain-aware redirects
- Fix email notification URLs (rvote): use {space}.rspace.online format
- Fix webhook registration (rtasks/clickup): subdomain-aware endpoint URL
- Replace broken #getSpaceSlug() methods in folk-feed, folk-splat
- Replace NODE_ENV checks with proper isSubdomain checks (rdata, rnetwork)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Expand MI system prompt "Available shape types" from 20 → 48 shapes,
organized by category (Core, AI, Creative, Social, Decisions, Travel,
Tokens, Geo, Video)
- Expand Shape Mapping Rules from 12 → 30 triage rules covering all
shape types with prop hints
- Expand KNOWN_TRIAGE_SHAPES from 15 → 48 so Gemini triage no longer
silently downgrades unknown shapes to folk-markdown
- Add 22 missing TOOL_HINTS to mi-tool-schema.ts (travel, tokens, CAD,
creative, geo, meta shapes) for keyword-based chip suggestions
- Add all 48 shapes to SHAPE_ICONS in mi-triage-panel.ts (was 13)
- Register folk-image-studio and folk-transaction-builder in canvas.html
(were ghost shapes — imported but never defined/registered)
- Add SHAPE_DEFAULTS for folk-social-thread/campaign/newsletter,
folk-design-agent, folk-image-studio
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add GET /api/threads, /api/threads/:id, /api/campaigns, /api/campaigns/:id
REST endpoints so other rApps can fetch rsocials data
- Register folk-social-thread/campaign/newsletter in MI triage panel,
tool schema, system prompt, and KNOWN_TRIAGE_SHAPES
- Add rsocials MODULE_PORTS (threads-out, campaigns-out, post-published,
campaign-data) and WIDGET_API to folk-rapp for embed/widget mode
- Add rsocials to folk-feed FEED_ENDPOINTS (threads, campaigns, newsletter)
and normalize response arrays (threads, campaigns, drafts)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
MI now loads space doc to filter module list, capabilities, and fallback
by enabledModules. Canvas fetches /api/modules and space modules in
parallel via Promise.all, calling setModules once with filtered list.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transform MI from single-shot chat into an agentic system:
- LiteLLM provider with Claude Sonnet/Haiku models via proxy
- Agentic loop (max 5 turns): stream → parse actions → execute server-side → feed results back
- Server-side media generation (fal.ai + Gemini) as first-class MI actions
- Module data queries (rnotes, rtasks, rcal) read directly from Automerge
- System prompt enriched with recent notes, open tasks, and calendar events
- Client handles new NDJSON types (turn, action-start, action-result)
- Extracted shared media helpers, refactored image/video endpoints
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 1: MI now knows the current date/time and upcoming events (14-day
lookahead, 5 events max) via direct Automerge read — no HTTP overhead.
Phase 2: Tags (string[] | null) on CalendarEvent for first-class filtering.
Saved views (named filter presets) with full CRUD API. Tag filter on
GET /api/events via comma-separated AND logic. Demo events seeded with tags.
Phase 3: Calendar MCP server (5 tools: cal_list_events, cal_get_event,
cal_list_sources, cal_list_views, cal_create_event) registered in .mcp.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidates token verification into server/auth.ts, removing the
external SDK dependency. All modules now import from the local module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Progressive approval workflow: paste brief → AI extracts structure →
AI generates per-platform posts → review with per-post regen →
commit (saves campaign, creates threads, drafts newsletters, builds workflow DAG).
Includes MI integration for Cmd+K campaign creation and vite build entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Space creation was broken because the canvas module has id "rspace" but
all navigation URLs used "/canvas". On production subdomain routing this
resulted in 404s after creating a space.
- Switch create-space form from deprecated /api/communities to /api/spaces
- Replace all /canvas navigation URLs with /rspace to match module ID
- Fix DID matching in space listing to check both sub and did:key formats
- Add proper client DID support in EncryptID registration flow
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett