Flow Service expects source to be wallet|card|bank, not 'transak'.
funnelId falls back to FUNNEL_ID env var when not in partnerOrderId.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace bare contenteditable divs with a full Tiptap editor (vanilla JS,
no React) inside the <folk-notes-app> web component. Adds formatting
toolbar (bold/italic/underline/strike/code, heading dropdown, lists,
blockquote, code block, link/image insert, undo/redo), slash command
menu (/ at start of empty block), syntax-highlighted code blocks via
lowlight, and task list checkboxes.
Zone-based rendering keeps the editor DOM persistent across re-renders.
Content stored as Tiptap JSON in the existing Automerge content field
with a new contentFormat discriminator. Legacy HTML notes auto-migrate
on first edit. Remote sync updates applied without cursor disruption.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hono consumes the request body upstream, so c.req.raw.clone().text()
returns empty. Use c.req.json() directly and re-serialize for HMAC.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Transak widget integration so users can fund flows with a credit card.
Server receives webhook on order completion and deposits USDC into the flow
via the existing Flow Service API. Includes HMAC signature verification
when TRANSAK_WEBHOOK_SECRET is configured.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement the 4-layer data model (device → encrypted backup → shared sync → federated):
- Extract shared encryption-utils from community-store (deriveSpaceKey, AES-256-GCM, rSEN format)
- Encrypt module docs at rest when space has meta.encrypted === true
- Fix relay mode persistence: relay-backup/relay-restore wire protocol + .automerge.enc blob storage
- Add backup store + REST API (PUT/GET/DELETE /api/backup/:space/:docId) with JWT auth
- Add client BackupSyncManager with delta-only push, full restore, auto-backup
- Wire backup stubs in encryptid-bridge to BackupSyncManager
- Add rspace-backups Docker volume
- Create docs/DATA-ARCHITECTURE.md design doc with threat model and data flow diagrams
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
login-button.ts imports encryptid-bridge from shared/local-first/
which was missing from the Dockerfile.encryptid COPY steps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The guardian page and auth.rspace.online login page were using the
client-side authenticatePasskey()/registerPasskey() SDK functions which
generate their own challenge and return AuthenticationResult — but then
tried to send result.challenge and result.credential (both undefined)
to the server. This caused postgres to throw "UNDEFINED_VALUE" resulting
in a 500 "Internal Server Error" that the client couldn't parse as JSON.
Fix: use the proper server-initiated flow matching rstack-identity.ts:
1. POST /api/auth/start (or /register/start) to get server challenge
2. navigator.credentials.get/create with that challenge
3. POST /api/auth/complete (or /register/complete) with challenge + credential
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate rForum provisioning metadata from shared PG pool to Automerge.
rForum was the last module using PostgreSQL; shared/db/pool.ts is now archived.
- Create modules/rforum/schemas.ts (ForumDoc, ForumInstance, ProvisionLog)
- Rewrite mod.ts: replace sql with Automerge getDoc/changeDoc, add onInit
- Rewrite provisioner.ts: pass SyncServer, logStep/updateInstance via changeDoc
- Fix dashboard snake_case → camelCase field references
- Archive schema.sql and shared/db/pool.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace all sql.unsafe() calls with Automerge document operations
across rfunds, rbooks, rsplat, rnotes, rwork, rvote, rcal, rfiles,
rcart, rtrips, and rinbox. Only rforum retains PG (Discourse provisioning).
Each module now uses _syncServer.getDoc/changeDoc/setDoc for all CRUD,
with ensureDoc() helpers for lazy document creation. Schema SQL files
archived to .sql.archived. Adds Automerge round-trip test suite (35 tests).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidates email, device, recovery, postal address, data storage,
and dark mode settings into a single scrollable modal with collapsible
section cards — matching the existing My Spaces modal pattern.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 5 — EncryptID → DocCrypto bridge:
- Add EncryptedDocBridge connecting WebAuthn PRF to document encryption
- Add per-doc relay mode to SyncServer (encrypted spaces bypass participant mode)
- Wire encryption toggle to syncServer.setRelayOnly() on PATCH /:slug/encryption
- Restore relay mode for encrypted spaces on server startup
- Initialize DocBridge from PRF on login, clear on sign-out (both login-button + identity)
- Use bridge helpers for encrypted backup toggle in My Account
Phase 6 — Space scoping UI:
- Add "Modules" tab to Edit Space modal (enable/disable modules, scope toggles, encryption)
- Auto-filter app switcher by space's enabledModules via renderShell()
- Show "G" badge on global-scoped modules in app switcher
- Show lock icon in header for encrypted spaces
- Add getSpaceShellMeta() helper for auto-populating shell options
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds named, colored ports to every node type (source outflow, funnel
inflow/spending/overflow, outcome inflow/overflow) with a full wiring
state machine supporting both click-to-wire and drag-to-wire interaction.
Edges now originate from specific port positions. Outcomes gain overflow
allocations so fully-funded outcomes can cascade surplus onward.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Automerge schemas, lifecycle hooks (onInit, docSchemas), and
local-first client wrappers for all remaining PG modules:
rWork, rVote, rCal, rFiles, rCart, rBooks, rTrips, rInbox, rSplat, rFunds.
Each module now:
- Defines typed Automerge document schemas (schemas.ts)
- Registers docSchemas and onInit hook with SyncServer reference
- Moves initDB() from top-level to onInit for unified startup
- Has a client-side local-first wrapper (local-first-client.ts)
Dual-write route handlers will be wired incrementally per module
following the rNotes pattern established in Phase 2.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate rNotes from PostgreSQL to Automerge local-first stack with
dual-write support. Reads go Automerge-first with PG fallback; writes
go to both backends during the migration window.
- Add Automerge schemas for NotebookDoc (schemas.ts)
- Add lifecycle hooks (onInit, onSpaceCreate) to rnotes module
- Dual-write all 8 API routes (notebooks + notes CRUD)
- Add NotesLocalFirstClient wrapping DocSyncManager + EncryptedDocStore
- Enhance migration runner with --dry-run, --module, --verify flags
- Add listDocs() to SyncServer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extend RSpaceModule with scoping, lifecycle hooks (onInit, onSpaceCreate/Delete
with SpaceLifecycleContext, onSpaceEnable/Disable), and DocSchema support.
Add scoping to all 25 modules (8 space, 11 global-configurable, 6 global-fixed).
Consolidate 4 space creation endpoints into shared createSpace() function.
Add enabledModules enforcement middleware and module configuration API
(GET/PATCH /api/spaces/:slug/modules). Deprecation header on /api/communities.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All module components were matching URL paths without the 'r' prefix
(e.g., /notes instead of /rnotes), causing API calls to fail when
modules are mounted at /:space/:moduleId. Also adds space attribute
fallback for canvas-embedded usage.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The regex matched /cal instead of /rcal, so getApiBase() always returned
empty string, causing 404s on api/events, api/lunar, and api/sources.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transform the Diagram tab from a read-only SVG into a full interactive
canvas with draggable nodes, zoom/pan, Sankey-width edges with +/-
allocation controls, slide-in editor panel, live simulation, node CRUD,
keyboard shortcuts, and lz-string URL sharing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents stale WebSocket reconnect loops after sign-out by adding an
intentional-disconnect flag to CommunitySync. Canvas and shell pages
now redirect to homepage when the user signs out.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Standalone test harness for flow tubes, particle animation, and
interactive port wiring with event logging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Right-click shapes (single or multi-selected) to copy them to another
space the user owns or is a member of. Server endpoint handles ID
remapping, arrow reference preservation, and position centering.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace invisible particle-only flow visualization with colored 3D tubes
between layers, spread horizontally to avoid overlap. Particles now travel
along tube paths. Add click-to-wire interaction on I/O port chips with
visual feedback (glow/breathe/dim). Prevent animation restart on Automerge
sync by surgically updating flow elements in-place.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite folk-calendar-view with 5 views (Day/Week/Month/Season/Year),
3 tabs (Temporal/Spatial/Lunar), Leaflet map with event markers and
transit polylines, temporal-spatial zoom coupling, and lunar phase display.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett