Server (src/encryptid/server.ts):
- POST /api/account/email/start — send 6-digit verification code via SMTP
- POST /api/account/email/verify — verify code and set email on account
- POST /api/account/device/start — WebAuthn creation options for same-device
passkey registration (authenticated, reuses existing userId)
- POST /api/account/device/complete — store additional credential under
existing account
DB (src/encryptid/db.ts):
- Add 'device_registration' to StoredChallenge.type union
- Add 'email_verification' to StoredRecoveryToken.type union
Client (shared/components/rstack-identity.ts):
- Rewrite social recovery modal to use existing guardian API:
GET /api/guardians, POST /api/guardians, DELETE /api/guardians/:id
- Loads existing guardians on open, adds/removes in real-time
- Shows guardian status (accepted/pending), invite emails sent on add
- Two name+email inputs (max 3 guardians, server-enforced)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Auth modal: unified "Sign up / Sign in" landing with stacked passkey buttons,
close X button, and "Powered by EncryptID" link to ridentity.online
- Logged-in dropdown: replace Profile/Recovery (auth.ridentity.online) with
Add Email, Add Second Device, Add Social Recovery settings modals
- Add Email: two-step flow (enter email → verify code)
- Add Second Device: WebAuthn credential registration for backup access
- Add Social Recovery: trusted contacts with configurable threshold
- Space switcher: emoji visibility badges (🔓 green / 🔑 yellow / 🔒 red),
remove slash prefix, match app-switcher button styling
- Add rdata.online to standalone domain list
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement the rSpace module architecture that enables all r-suite apps
to run as modules within a single-origin platform at rspace.online,
while each module can still deploy standalone at its own domain.
Phase 0 — Shell + Module System:
- RSpaceModule interface (shared/module.ts) with routes, metadata, hooks
- Shell HTML renderer (server/shell.ts) for wrapping module content
- Three header web components: rstack-app-switcher, rstack-space-switcher,
rstack-identity (refactored from rspace-header.ts into Shadow DOM)
- Space registry API (server/spaces.ts) — /api/spaces CRUD
- Hono-based server (server/index.ts) replacing raw Bun.serve fetch handler
while preserving all WebSocket, API, and subdomain backward compat
- Shared PostgreSQL with per-module schema isolation (rbooks, rcart, etc.)
- Vite multi-entry build: shell.js + shell.css built alongside existing entries
- Module info API: GET /api/modules returns registered module metadata
Phase 1 — Canvas Module:
- modules/canvas/mod.ts exports canvasModule as first RSpaceModule
- Canvas routes mounted at /:space/canvas with shell wrapper
- Fallback serves existing canvas.html for backward compatibility
- /:space redirects to /:space/canvas
URL structure: rspace.online/{space}/{module} (e.g. /demo/canvas)
All existing subdomain routing (*.rspace.online) preserved.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett