RunPod was hard-gated — returned 503 when RUNPOD_API_KEY missing,
blocking even LLM script generation. Now generates script via Ollama
regardless, only attempts RunPod render if key is configured. Health
check returns warnings (non-blocking) vs issues (blocking). Default
model switched to qwen2.5:14b (available on server). Regex also
handles non-python-tagged code blocks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Space Settings section in dropdown with visibility (public/permissioned/private)
and description fields, matching the full edit space modal
- GET /api/spaces/:slug now includes description field
- listSpaceInvites merges both space_invites and identity_invites tables
so email invites appear in Pending Invites
- revokeSpaceInvite falls through to identity_invites table
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Increase .rapp-subnav top from 92px to 93px so pill buttons
don't clip under the fixed header + tab-row border.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Abort previous in-flight fetch when switchTo() is called again, and
guard the shell's fallback navigation against stale callbacks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix server-side redirect to always use canonical rspace.online as base
domain instead of deriving from hostClean (prevents demo.rspace.rspace.online)
- Fix bare-domain check to exact match instead of .includes() (prevents
stacked subdomains from triggering bare-domain routing)
- Fix client-side rspaceNavUrl to guard against reserved subdomain names
being used as space subdomains (e.g. rspace.rspace.online)
- Fix identity component _navUrl with same canonical domain guards
- Remove "Try Demo" header button from all shell rendering functions
- Remove demo-btn CSS styles
- Fix pre-existing SchemaType error in Gemini tool declarations
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transform MI from single-shot chat into an agentic system:
- LiteLLM provider with Claude Sonnet/Haiku models via proxy
- Agentic loop (max 5 turns): stream → parse actions → execute server-side → feed results back
- Server-side media generation (fal.ai + Gemini) as first-class MI actions
- Module data queries (rnotes, rtasks, rcal) read directly from Automerge
- System prompt enriched with recent notes, open tasks, and calendar events
- Client handles new NDJSON types (turn, action-start, action-result)
- Extracted shared media helpers, refactored image/video endpoints
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The IIFE raced with doc loading so listCommunities returned empty.
Moved into the .then() callback to ensure all docs are loaded first.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On subdomain routing (e.g. demo.rspace.online), the space slug belongs
only in the subdomain — never in the URL path. This fixes all server
and client code that was generating /{space}/module paths on subdomains.
Server fixes:
- index.ts: notification actionUrls, template/disabled-module redirects,
subdomain passthrough (now redirects HTML, rewrites API), WS notifications
- output-list.ts: subdomain-aware path prefix for hrefs and fetch URLs
- shell.ts: dashboard pushState URL
Client fixes (basePath getter pattern):
- folk-book-shelf.ts, folk-splat-viewer.ts: _basePath getter
- folk-campaign-wizard.ts: basePath subdomain check
- folk-trips-planner.ts: use __rspaceNavUrl for canvas export
- rschedule/landing.ts: onclick handlers use __rspaceNavUrl
- rsplat/mod.ts: legacy view redirect subdomain check
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Provision {space}@rspace.online forwarding aliases that route to
opted-in members' personal emails. Admins/mods opted in by default;
regular members can opt in via PUT /api/spaces/:slug/email-forwarding/me.
New: space-alias-service.ts, schema tables, 8 DB functions, 6 API routes.
Hooks: rinbox onSpaceCreate/Delete, spaces.ts member lifecycle, startup migration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add bidirectional sync between rTasks and ClickUp:
- API client with 100 req/min rate limiter
- OAuth2 + personal API token connection flows
- Import wizard (workspace → space → list picker)
- Outbound push queue (5s intervals, 10-item batches)
- Inbound webhook with HMAC-SHA256 validation
- Field-level conflict detection (rTasks wins)
- Source badges (purple CU) with sync status dots on task cards
- Sync status indicator in board header for connected boards
Also fix 6 pre-existing TS errors across crowdsurf, rcal, rnotes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds diagnostic console.log to layer-switch handler, TabCache.switchTo,
fetchAndInject, and reconcileRemoteLayers to identify why clicking the
rspace tab closes all tabs and shows the dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
reconcileRemoteLayers() could wipe all local tabs when Automerge sync
or BroadcastChannel delivered empty layer data (CRDT initial state,
sync race). This caused clicking tabs to show an infinite-loading
dashboard. Now: empty remote layers are rejected when an active module
exists, and the current module always stays in the tab list.
Also adds 10s fetch timeout to TabCache.fetchAndInject() to prevent
infinite loading spinners on slow/failed module fetches.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The access gate and space dashboard redirect scripts checked only
localStorage, which is per-origin. When navigating between subdomains
(e.g. demo → jeff), the session wasn't found. Now both scripts also
check the eid_token cross-subdomain cookie and sync it to localStorage.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Gemini Flash agentic loop that converts natural language prompts
into real MCP tool call sequences for PCB design (KiCad) and parametric
CAD (FreeCAD). Dynamic schema conversion from MCP tools to Gemini
function declarations, 8-turn/60s loop with real execution and result
feedback.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Automerge docs created before the tags schema don't have the field.
The migration runs 5s after startup (after loadAllDocs completes),
patches missing tags onto events, and assigns known demo event tags.
Also removes debug endpoint and tracing logs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 1: MI now knows the current date/time and upcoming events (14-day
lookahead, 5 events max) via direct Automerge read — no HTTP overhead.
Phase 2: Tags (string[] | null) on CalendarEvent for first-class filtering.
Saved views (named filter presets) with full CRUD API. Tag filter on
GET /api/events via comma-separated AND logic. Demo events seeded with tags.
Phase 3: Calendar MCP server (5 tools: cal_list_events, cal_get_event,
cal_list_sources, cal_list_views, cal_create_event) registered in .mcp.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The demo Automerge doc had visibility: "private" from initial creation.
ensureDemoCommunity now forces visibility to "public" on every startup
if it drifted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1. Add GET /rvote/api/* to public endpoint whitelist so proposal
listings work on private/permissioned spaces without auth.
2. Campaign wizard now checks for auth token before POSTing,
showing "Please sign in" instead of a cryptic 401.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The sub-path middleware (/:space/:moduleId/*) already blocked disabled
modules, but the root path (/:space/:moduleId) didn't. Now both paths
consistently check enabledModules before allowing access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Two fixes:
1. Bare-domain routing used url.protocol (always http: behind TLS
termination) for redirects, causing mixed-content blocks. Added
proto helper that uses https: on production domains. Also rewrite
/{space}/api/... calls internally instead of redirecting to the
subdomain.
2. rDesign SSE stream reader now catches QUIC protocol errors on
stream close gracefully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Non-demo space dashboards now redirect logged-out visitors to
rspace.online/ instead of showing another user's rApp grid. Private
space module pages redirect to rspace.online/{moduleId} instead of
showing the sign-in gate overlay.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After logout, reload the page so the server re-renders the current rApp
in logged-out/demo mode instead of showing a blank screen. Cross-tab
logout also triggers a reload. Space dashboard now redirects logged-in
users to the rSpace canvas instead of showing the rApp grid.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Changed syncTabsFromServer to replace local tabs with server tabs
instead of merging (union). This prevents tabs closed in browser A
from being resurrected when browser B refreshes. Also added server
sync to the iframe module landing path which was localStorage-only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The demo space auth middleware was blocking POST requests with 403.
Add /rdesign/api/ to isPublicEndpoint list, matching rwallet pattern.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The "N online" collab badge was position:fixed at top:8px, overlapping
the header login area. Move it into the tab bar slot (main shell) or
header-right section (standalone shells) so it flows inline with other
chrome elements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Balance queries, Safe detection, and chain analysis are blockchain
reads that should work for any authenticated user regardless of
space membership. The route handlers enforce their own auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the global "Your Spaces" grid with a space-centric dashboard showing
members, previously open tools, recent activity, active votes, and quick
actions. Fix layout cut-off by positioning dashboard fixed below header+tab
row (top: 92px) with sidebar-push support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The TabCache fetchAndInject() was sending fetch() without Accept: text/html,
causing the server to treat it as an API request and return 401 on private
spaces. Also adds .catch() fallbacks to shell tab handlers for resilience.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Payment creation, QR codes, and pay pages should be accessible to any
authenticated user regardless of space visibility, since the payment
goes to the creator's wallet. The route handlers enforce their own auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Space visibility defaults to "private", blocking unauthenticated API calls.
The on-ramp and webhook endpoints are designed for unauthenticated users,
so they need to bypass the space-level auth check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move the "Leave Comment" button from the bottom canvas toolbar to the
top header bar as <rstack-comment-bell>, positioned left of the
notification bell. Shows a red badge with unresolved comment pin count.
Wires canvas via comment-pin-activate/comment-pins-changed custom events.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
c.req.path in Hono returns the full path, not the relative path
within the sub-router, causing the /api/notifications prefix to
be doubled.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The rspace container cannot resolve encryptid-db hostname, causing
/api/notifications/count to 524 timeout on every 30s poll. Rewrites
notification-routes.ts as an HTTP proxy to encryptid (which has DB
access), adds notification API endpoints to encryptid server, and
wraps BroadcastChannel.postMessage in try/catch to prevent uncaught
errors during navigation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Store known personas in localStorage, auto-register on login. Dropdown
shows other personas with one-click switch (triggers passkey re-auth),
add/remove persona buttons, and cross-tab sync.
Also fix pre-existing TS errors: non-null assert on filtered functionCall,
add optional VerifyOptions param to authenticateWSUpgrade type declaration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds an intermediate modal when creating a space: name/slug editing with
availability check, description, visibility radio cards, discoverable
toggle, member search with @username lookup and email invites, and a
shareable invite link generated post-creation.
Server: adds discoverable field to CommunityMeta, extends PATCH /:slug,
adds POST /:slug/invites for generic invite token creation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Overlay markers at canvas or shape-relative coords with threaded
comments, @mention notifications, and rSchedule reminder integration.
Toolbar "Leave Comment" button (/) next to Note tool.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
evaluateSpaceAccess and authenticateWSUpgrade were calling the SDK
without the secret option, forcing remote verification. Also adds
auth header to rpubs editor generate fetch (was getting 401 on
private spaces).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
folk-prompt can now spawn shapes on the canvas when Tools mode is
enabled. Gemini calls functions (create_map, create_note, create_embed,
create_image, create_bookmark, create_image_gen) and the client
executes them via window.__canvasApi. Multi-turn loop on server (max 5
rounds) with synthetic success responses. Extensible via registerCanvasTool().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidates token verification into server/auth.ts, removing the
external SDK dependency. All modules now import from the local module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
getSpaceConfig() read stored visibility without the demo override,
so the client-side access gate blocked unauthenticated users from
accessing the demo space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The single quote in "don't" broke the JS string literal inside the
inline script, causing a SyntaxError that killed the entire script
block including tab bar and header initialization.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added shapesSeeded flag to community doc metadata. Once shapes are
seeded (demo, template, or campaign), deleting all shapes no longer
triggers re-seeding on server restart. The demo reset endpoint clears
the flag so it can re-seed intentionally.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Personal space rename only applies when isPersonal flag is set (not all
private spaces). Demo forced to public visibility. Public spaces no
longer filtered out. Sections: Private → Permissioned → Public →
✦ Discover → Create.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server-side HTML gates can't work because auth tokens are in
localStorage, not cookies. Replaced with:
- Client-side gate checks session, then verifies membership via
new /api/space-access/:slug endpoint
- Shows "Sign In" for unauthenticated users
- Shows "no access + return to your space" for non-members
- Server-side gates remain for API/JSON requests and WebSocket
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Non-members of private spaces are now blocked at three layers:
- WebSocket upgrade rejects with 403
- Module middleware shows access denied page (browser) or JSON 403 (API)
- Space root dashboard shows access denied page
Friendly "Private Space" page with link back to user's own space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Both dropdown-wrap buttons now sit in header-left directly after the
space switcher, keeping space-related controls grouped together.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rspace.online/rcal was redirecting to rcal.online (standalone domain) via
the landing page proxy. Now rewrites to /demo/{moduleId} so it loads the
actual app within the rSpace shell with app/space switchers, matching the
behavior of {space}.rspace.online/{moduleId}.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett