Add Seedance 2.0 / 2.0 Fast to video gen with model selector UI,
duration/resolution/aspect-ratio/audio controls. Fix broken port
outputs on both video-gen and image-gen shapes so arrow connections
propagate generated content to downstream shapes. Add input port
listeners for prompt and image data flow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each space now gets its own Immich album with role-gated CRUD:
- Admin: enable/disable rPhotos, access Immich embed
- Member+: upload photos, create sub-albums
- Moderator+: delete photos, manage any sub-album
- Viewer: browse gallery (read-only)
New immich-client.ts centralizes all Immich API calls. Schema v2 adds
enabled, spaceAlbumId, and subAlbums fields with migration. Frontend
sends auth headers on all API calls and shows role-appropriate UI
(setup prompt, upload button, delete in lightbox).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The auth proxy only covered /api/auth/*, /api/register/*, /api/account/*
but the identity component also calls /api/session/verify, /api/session/refresh,
/api/guardians, /api/user/*, /api/device-link/*, /api/recovery/* — all of which
were hitting 404 on the rspace server. The session verify 404 was interpreted
as "session revoked", clearing localStorage and logging users out on every page
load after the 5-minute validation interval.
Also fix profile/recovery links in header that opened empty string (same-origin
root) instead of auth.rspace.online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Generate or load RSA keypair for OIDC token signing (OIDC_RSA_PRIVATE_KEY env)
- Add /oidc/jwks endpoint exposing public key in JWK format
- Update discovery document with jwks_uri and RS256 algorithm
- Sign ID tokens and access tokens with RS256 private key
- Verify access tokens with RS256 public key in userinfo
- Fix OIDC_ISSUER default to auth.rspace.online (was auth.ridentity.online)
- Add POST handler for /oidc/userinfo (RFC compliance)
- Add error logging to userinfo endpoint for debugging
Fixes Cloudflare Access OIDC integration which requires asymmetric
token signing via JWKS for ID token verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add per-object visibility levels (viewer/member/moderator/admin) across
all rSpace modules. Objects default to 'viewer' (open), so existing data
remains visible. Server-side GET handlers resolve caller role and filter;
MCP tools filter lists and check single-item access; frontend components
do defense-in-depth filtering with visibility picker (mod+) and lock badges.
- shared/membrane.ts: types + isVisibleTo, filterByVisibility, filterArrayByVisibility
- 9 schema files: visibility field on TaskItem, NoteItem, CalendarEvent, etc.
- 8 module routes: GET handlers filter by caller role
- 6 MCP tool files: list filtering + single-item visibility checks
- 4 frontend components: client filtering, picker, lock badges
- 18 unit tests (all passing)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add per-object visibility levels (viewer/member/moderator/admin) across
all rSpace modules. Objects default to 'viewer' (open), so existing data
remains visible. Server-side GET handlers resolve caller role and filter;
MCP tools filter lists and check single-item access; frontend components
do defense-in-depth filtering with visibility picker (mod+) and lock badges.
- shared/membrane.ts: types + isVisibleTo, filterByVisibility, filterArrayByVisibility
- 9 schema files: visibility field on TaskItem, NoteItem, CalendarEvent, etc.
- 8 module routes: GET handlers filter by caller role
- 6 MCP tool files: list filtering + single-item visibility checks
- 4 frontend components: client filtering, picker, lock badges
- 18 unit tests (all passing)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- MI bar z-index lowered to 1 so dropdowns render above it; panel
gets z-index 10001 only when open
- SW registration URL bumped to v=8 to match cache version
- rtime: pool and weaving are now two separate scrollable sections
on mobile (50vh/60vh min-heights) with a "Commitment Weaving"
section header visible on constrained screens
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /api/auth/*, /api/register/*, /api/account/* proxy routes to
rspace-online server, forwarding to encryptid container internally.
This eliminates cross-origin requests that Safari blocks via ITP or
Cloudflare security challenges.
- Change client auth URLs from https://auth.rspace.online to same-origin
in rstack-identity, rspace-header, login-button, and session modules.
- Add PRF extension try/catch fallback in webauthn.ts — Safari throws
TypeError on the unsupported PRF extension, now retries without it.
- Bump SW cache version v7→v8 to bust stale cached bundles.
Fixes passkey login for Safari/macOS users (e.g. christina) who were
getting "Network error when attempting to reach resource".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add switchable Holon/Graph views within the same shape instance.
Holon view retains the orbital 220° arc layout; Graph view renders
children as hexagons in a full 360° ring with radial labels. View
preference persists via serialization.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New folk-holon-explorer shape unifying H3 geospatial holons and nested
rSpace spaces into a zoomable circular navigator with appreciation weight
normalization and MetatronGrid sacred geometry background. Endorsements
logged to trust engine via new POST /api/trust/endorse endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Red pulsing alert dot on avatar when social recovery not configured
- SVG puzzle piece visualization for guardian slots (empty/pending/accepted)
- Key assembly animation when 2+ guardians accepted
- Recovery drill system: test the full guardian approval flow without actual recovery
- POST /api/recovery/drill/initiate, GET .../status, POST .../complete
- Drill-specific emails with "TEST ONLY" branding
- Live polling UI with puzzle pieces filling in as guardians approve
- Drill timestamp tracking (last_drill_at on users table)
- Solo walkthrough modal: 5-step animated preview of how recovery works
- Approval page detects drill flag, shows DRILL badge
- Account status now returns acceptedGuardianCount and lastDrillAt
- Recovery section shows emergency override messaging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shapes deleted (forgotten) by a user no longer reappear on reload —
forgottenBy[localDID] filtering in #applyDocToDOM and #applyPatchesToDOM
means one delete = gone permanently for that user while preserving CRDT
data for others.
IntersectionObserver on FolkShape base class defers heavy init (API calls,
iframes, feed polling) until shapes enter viewport (+500px margin),
reducing initial load from 100+ concurrent requests to ~5-10 visible.
Also: folk-rapp #getModulePath always uses subdomain routing (no subpath
fallback), and DID re-syncs on auth-change events.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Sign-in modal: detect email input and send as { email } to auth/start
- Add "Send Magic Link" button alongside passkey sign-in
- Registration: optional email field sent with register/complete
- Enter on username field tabs to email; Enter on email submits
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, visiting a private space on *.rspace.online without a session
redirected to rspace.online, causing a redirect loop after login. Now shows
the sign-in gate in-place so the user logs in and stays on the same page.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- getAllKnownUsernames() now pulls from 4 sources: current session,
rspace-username cache, known-personas list, and encryptid-known-accounts
- On specific space: stay on that page (reload only, no redirect away)
- On landing: go straight to dashboard (hardcode "rspace" module)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Differentiate spending (blue) and overflow (amber) edges from inflow (green),
increase fill opacity, add approaching-overflow pulse animation and status badge.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Display known accounts as clickable buttons in the sign-in modal so users
pick their username rather than typing it — prevents accidental new passkey
creation from typos. Falls back to manual input via "Use a different account".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Repositions the vertical shape-add toolbar (Write, Embed, AI, etc.) from
the fixed bottom-right corner to sit immediately right of the centered
bottom drawing toolbar. Prevents overlap with the bug report button.
JS dynamically positions on load/resize; mobile retains bottom-right.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds always-visible home button in tab bar, toggleable dashboard overlay,
widget card system with 8 widgets (tasks, calendar, activity, members,
tools, quick actions, wallet, flows), customize mode with toggle/reorder,
and dashboard summary API endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Browser-side:
- Fix switchSpace() to LRU-evict idle space WebSocket connections (cap: 3)
- Add runtime.unsubscribe() to disconnectedCallback in 24 components
- Fix DocSyncManager.unsubscribe() to clean up syncStates, timers, listeners
- Fix 14 components leaking RAF loops, ResizeObservers, MutationObservers,
document/window listeners, setIntervals, MapLibre WebGL contexts, and
AbortControllers on disconnect
- Deduplicate Automerge WASM: module builds now use global shim from
shell-offline instead of bundling ~2.5MB each (8 modules affected)
Server-side:
- Add LRU eviction to SyncServer.#docs (cap: 500, evicts idle docs with
no subscribers, persists to disk before eviction)
- registerWatcher() now returns unsubscribe function
Data:
- Cap unbounded CRDT arrays: rexchange chatMessages (200), rcart events (200)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett