The shell's rapp-subnav rendered Canvas/Collaborate/Fulfillment pills
(from outputPaths) while the folk-timebank-app component also rendered
its own tab-bar with the same three views. Remove outputPaths and add
explicit routes for /canvas and /collaborate so URLs still work but
navigation only appears once via the component's internal tab-bar.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gov shapes (quadratic, conviction, multisig, sankey), exchange node,
and ASCII gen existed in lib/ with ports + serialization but were never
imported/defined/registered in canvas.html — now wired with toolbar
buttons, SHAPE_TO_MODULE gating, and click handlers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Guard SW controllerchange to only reload on updates (not first install),
remove duplicate SW registration from canvas.html, skip async module
fetch when shell already provided data, hide module-gated toolbar items
by default via CSS. Also collapse toolbar on click-off.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rTime now pulls tasks from rTasks boards instead of maintaining its own
Task type. New WeavingDoc stores canvas overlay data (needs, position,
notes, links) while rTasks BoardDoc remains source of truth for task
metadata. 6 new /api/weave routes, updated connections/exec-state to
WeavingDoc, compat shims on legacy endpoints, task picker for unplaced
rTasks items, MCP tools updated (rtime_list_woven_tasks, rtime_place_task),
migration script for existing data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Panel now opens to the right of the vertical toolbar (desktop) or left
(mobile), aligned vertically with the clicked group.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix pool circle not resizing: clear inline canvas dimensions before
measuring, observe pool panel via ResizeObserver, use rAF for layout
- Remove visible port dot on hexagon commitment nodes — lines connect
directly to hex edge, invisible hit area preserved
- Auto-weave: dropping commitment on canvas auto-connects to nearest
unfulfilled task (was showing suggestion preview requiring confirmation)
- Add SVG tooltip on proposed connections: "{name} has been notified of
this proposed commitment, and can approve/deny for 48 hours"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix 401 errors on rNetwork by passing encryptid-token as Bearer auth
on /api/info, /api/graph, /api/workspaces fetch calls
- Add blender-multiuser replication server (multi-user-server:0.5.8)
to docker-compose with health check and resource limits
- Add Multiplayer tab to folk-blender shape with connection info,
server status check, and setup instructions
- Add /api/blender-multiuser/status endpoint for TCP health probe
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Real spaces: if no notebooks exist after loadNotebooks(), auto-creates
a "New Documents" notebook via API with a blank "Untitled" note inside
it, expanded and opened for editing
- Demo mode: prepends "New Documents" notebook with blank starter note
as the first item; auto-opens it on both fresh load and localStorage
restore so rDocs always starts with a ready-to-edit blank document
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Coarse edge defense: 120 req/min average, burst 30, applied to both
rspace-main and rspace-canvas routers. Layer 1 flood cap before
Hono-level per-IP tiered limiting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Restrict CORS to known rSpace domains (no more open wildcard)
- Add tiered rate limiting per IP (anon vs authenticated, per endpoint tier)
- UA filtering blocks scrapers/scanners, allows browsers and AI agents
- Prompt injection sanitization: strip MI_ACTION markers, system tags, and
known attack patterns from user-supplied content before LLM ingestion
- Space access control: private/permissioned spaces gate MI data to members
- Auth required on /triage, /execute-server-action, data-driven /suggestions
- MCP guard: require auth or agent UA for /api/mcp/*
- Anonymous WebSocket cap: max 3 per IP with proper cleanup on close
- Knowledge index + conversation memory gated to members+ (viewers get
public canvas data only)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Demo mode edits were lost on page reload — now debounce-saved to
localStorage and restored on next visit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace scrollable stacked layout with flex: 1 split so both
visualizations are visible and interactive simultaneously without
scrolling. Sidebar capped at 80px to save vertical space.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Registers rauctions as an embedded rSpace module that proxies the
standalone rauctions.online Next.js app. Includes hub page with active
auction listings, landing page, and MODULE_META entry for canvas display.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add detectDeviceName() JS helper to all 6 registration pages (parses
UA → "Chrome on Windows", "Safari on iPhone", etc.)
- Accept deviceName in /api/register/complete, /api/account/device/complete,
and /api/device-link/:token/complete; store as credential label at creation
- Add optional label param to storeCredential() in db.ts
- Replace separate "Your Passkeys" section with unified device list in
"Linked Devices" showing name, status, created/last-used dates, and
inline rename (PATCH) and delete (DELETE) actions
- Make checklist "Second device" confirmation-aware: only marks done when
a second device has actually been used to sign in (has lastUsed set)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remote cursor arrows and focus rings from peers viewing a different
note in rDocs are now suppressed. A generic viewId concept on the
collab overlay lets any rApp with sub-views opt in via a
rspace-view-change CustomEvent. Peers on a different view appear
dimmed in the people panel with a document icon hint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When scanning a device-link QR code, many phone apps open the URL in
an embedded WebView that lacks PublicKeyCredential support, causing
"user agent does not support public key credentials". Now the /link
page checks for WebAuthn early and shows a helpful fallback with a
Copy Link button so the user can open it in Safari/Chrome instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Store shape listener refs in Map, remove in unregisterShape() (critical leak)
- Compact Automerge history every 500 changes via clone() to cap WASM heap
- Clean shapeLastPos entries on shape removal
- Store outside-click handler ref, clean up in disconnectedCallback()
- Cap MI messages at 50 and prompt messages at 30 to prevent unbounded growth
- Store keep-alive interval handle
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The venv approach caused a Python version mismatch (3.11 in builder vs 3.13
in oven/bun:1-slim). Install markitdown with pip directly in the production
stage using the runtime Python, then purge pip to keep image lean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Office documents dropped onto canvas or imported via rDocs are now converted
to Markdown using Microsoft's markitdown CLI. Canvas drops trigger triage;
rDocs imports create rich notes with the original file kept as an attachment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
community-sync: remove DOM shapes that are deleted/forgotten from doc.
shell: treat user's saved tabs as authoritative over Automerge, pass
fromUserAction flag to reconcileRemoteLayers to allow intentional close-all.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Show red alert dot on "My Account" dropdown item when email, multi-device,
or social recovery tasks are incomplete. Remove postal address section
from the account modal (render, state, loader, listeners).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace three separate mic controls (bar dictation, bar miC, panel miC)
with a single 🎤 toggle in the bar that activates the full voice loop:
speech-to-text → auto-submit after 1.5s silence → TTS response.
- Remove standalone dictation mode (#dictation, #interimText)
- Remove panel header miC button
- Single mic button uses voice mode state animations (pulse red = listening,
spin amber = thinking, pulse cyan = speaking)
- Tighten TTS output to ~2 sentences for succinct responses
- Voice strip still shows in panel with waveform, status, and stop button
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add r<emoji> badges for rDocs, rDesign, rSheets, rTime, rGov, rAgents,
rExchange to both MODULE_BADGES and FAVICON_BADGE_MAP
- Add MODULE_CATEGORIES entries for all new modules
- Add "Govern" category for rGov
- Sort modules alphabetically within each function category
- Add sort toggle (By Function / A-Z) at bottom of sidebar, persisted
in localStorage
- Add star/pin button on each rApp — pinned items appear in a "Pinned"
section above "Recent", persisted in localStorage
- Fix rAuctions module ID: 'auctions' → 'rauctions' for consistency,
with alias in MODULE_ALIASES for backward compat
- Change rAuctions emoji from 🏛 to 🎭
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the 265-line data dump (35 modules × 3 items) in MI system prompts
with a trigram-ranked knowledge index that surfaces only the top-18 most
relevant entries per query. Adds per-space conversation memory persisted
to disk for cross-session context.
New files:
- server/mi-trigrams.ts — trigram + Jaccard similarity utilities
- server/space-knowledge.ts — SpaceKnowledgeIndex with 5-min TTL cache
- server/space-memory.ts — SpaceMemory with debounced disk persistence
Changes:
- mi-routes.ts: ~280 lines removed, replaced with ranked index call
- sync-instance.ts: cache invalidation on doc changes
- rauctions/mod.ts: fix ModuleScoping type (defaultScope, userConfigurable)
- mcp-tools/ragents.ts: fix AccessResult property access (claims.username, claims.sub)
~80% token reduction per MI request (~6,300 → ~1,320 tokens).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The upload form sent the file as "vault" but the server expected "file",
causing all uploads to fail with 400. Also added the encryptid JWT token
to the upload request so authenticated routes don't return 401.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use the status_url returned by fal.ai submit instead of constructing
it manually. Add logging for submit success and poll HTTP errors to
debug Seedance queue status polling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The server imported rauctions/mod but the module was never committed,
causing a crash loop on startup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moltbook-inspired agent exchange where members' MI agents can:
- Register with name, capabilities, and avatar per space
- Post to topic-based channels (general, packages, custom)
- Reply in threaded discussions
- Share structured JSON data packages alongside posts
- Upvote/downvote to surface the best contributions
Includes Automerge CRDT schemas, 9 REST API endpoints,
6 MCP tools, MI data query integration, and landing page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove erroneous fal-ai/ prefix for bytedance models and fix fast
variant path (seedance-2.0/fast/ not seedance-2.0-fast/).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Seedance 2.0 / 2.0 Fast to video gen with model selector UI,
duration/resolution/aspect-ratio/audio controls. Fix broken port
outputs on both video-gen and image-gen shapes so arrow connections
propagate generated content to downstream shapes. Add input port
listeners for prompt and image data flow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each space now gets its own Immich album with role-gated CRUD:
- Admin: enable/disable rPhotos, access Immich embed
- Member+: upload photos, create sub-albums
- Moderator+: delete photos, manage any sub-album
- Viewer: browse gallery (read-only)
New immich-client.ts centralizes all Immich API calls. Schema v2 adds
enabled, spaceAlbumId, and subAlbums fields with migration. Frontend
sends auth headers on all API calls and shows role-appropriate UI
(setup prompt, upload button, delete in lightbox).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The auth proxy only covered /api/auth/*, /api/register/*, /api/account/*
but the identity component also calls /api/session/verify, /api/session/refresh,
/api/guardians, /api/user/*, /api/device-link/*, /api/recovery/* — all of which
were hitting 404 on the rspace server. The session verify 404 was interpreted
as "session revoked", clearing localStorage and logging users out on every page
load after the 5-minute validation interval.
Also fix profile/recovery links in header that opened empty string (same-origin
root) instead of auth.rspace.online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Generate or load RSA keypair for OIDC token signing (OIDC_RSA_PRIVATE_KEY env)
- Add /oidc/jwks endpoint exposing public key in JWK format
- Update discovery document with jwks_uri and RS256 algorithm
- Sign ID tokens and access tokens with RS256 private key
- Verify access tokens with RS256 public key in userinfo
- Fix OIDC_ISSUER default to auth.rspace.online (was auth.ridentity.online)
- Add POST handler for /oidc/userinfo (RFC compliance)
- Add error logging to userinfo endpoint for debugging
Fixes Cloudflare Access OIDC integration which requires asymmetric
token signing via JWKS for ID token verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add per-object visibility levels (viewer/member/moderator/admin) across
all rSpace modules. Objects default to 'viewer' (open), so existing data
remains visible. Server-side GET handlers resolve caller role and filter;
MCP tools filter lists and check single-item access; frontend components
do defense-in-depth filtering with visibility picker (mod+) and lock badges.
- shared/membrane.ts: types + isVisibleTo, filterByVisibility, filterArrayByVisibility
- 9 schema files: visibility field on TaskItem, NoteItem, CalendarEvent, etc.
- 8 module routes: GET handlers filter by caller role
- 6 MCP tool files: list filtering + single-item visibility checks
- 4 frontend components: client filtering, picker, lock badges
- 18 unit tests (all passing)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- MI bar z-index lowered to 1 so dropdowns render above it; panel
gets z-index 10001 only when open
- SW registration URL bumped to v=8 to match cache version
- rtime: pool and weaving are now two separate scrollable sections
on mobile (50vh/60vh min-heights) with a "Commitment Weaving"
section header visible on constrained screens
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /api/auth/*, /api/register/*, /api/account/* proxy routes to
rspace-online server, forwarding to encryptid container internally.
This eliminates cross-origin requests that Safari blocks via ITP or
Cloudflare security challenges.
- Change client auth URLs from https://auth.rspace.online to same-origin
in rstack-identity, rspace-header, login-button, and session modules.
- Add PRF extension try/catch fallback in webauthn.ts — Safari throws
TypeError on the unsupported PRF extension, now retries without it.
- Bump SW cache version v7→v8 to bust stale cached bundles.
Fixes passkey login for Safari/macOS users (e.g. christina) who were
getting "Network error when attempting to reach resource".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add switchable Holon/Graph views within the same shape instance.
Holon view retains the orbital 220° arc layout; Graph view renders
children as hexagons in a full 360° ring with radial labels. View
preference persists via serialization.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New folk-holon-explorer shape unifying H3 geospatial holons and nested
rSpace spaces into a zoomable circular navigator with appreciation weight
normalization and MetatronGrid sacred geometry background. Endorsements
logged to trust engine via new POST /api/trust/endorse endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Red pulsing alert dot on avatar when social recovery not configured
- SVG puzzle piece visualization for guardian slots (empty/pending/accepted)
- Key assembly animation when 2+ guardians accepted
- Recovery drill system: test the full guardian approval flow without actual recovery
- POST /api/recovery/drill/initiate, GET .../status, POST .../complete
- Drill-specific emails with "TEST ONLY" branding
- Live polling UI with puzzle pieces filling in as guardians approve
- Drill timestamp tracking (last_drill_at on users table)
- Solo walkthrough modal: 5-step animated preview of how recovery works
- Approval page detects drill flag, shows DRILL badge
- Account status now returns acceptedGuardianCount and lastDrillAt
- Recovery section shows emergency override messaging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shapes deleted (forgotten) by a user no longer reappear on reload —
forgottenBy[localDID] filtering in #applyDocToDOM and #applyPatchesToDOM
means one delete = gone permanently for that user while preserving CRDT
data for others.
IntersectionObserver on FolkShape base class defers heavy init (API calls,
iframes, feed polling) until shapes enter viewport (+500px margin),
reducing initial load from 100+ concurrent requests to ~5-10 visible.
Also: folk-rapp #getModulePath always uses subdomain routing (no subpath
fallback), and DID re-syncs on auth-change events.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Sign-in modal: detect email input and send as { email } to auth/start
- Add "Send Magic Link" button alongside passkey sign-in
- Registration: optional email field sent with register/complete
- Enter on username field tabs to email; Enter on email submits
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett