Replace the global "Your Spaces" grid with a space-centric dashboard showing
members, previously open tools, recent activity, active votes, and quick
actions. Fix layout cut-off by positioning dashboard fixed below header+tab
row (top: 92px) with sidebar-push support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The TabCache fetchAndInject() was sending fetch() without Accept: text/html,
causing the server to treat it as an API request and return 401 on private
spaces. Also adds .catch() fallbacks to shell tab handlers for resilience.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Payment creation, QR codes, and pay pages should be accessible to any
authenticated user regardless of space visibility, since the payment
goes to the creator's wallet. The route handlers enforce their own auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Space visibility defaults to "private", blocking unauthenticated API calls.
The on-ramp and webhook endpoints are designed for unauthenticated users,
so they need to bypass the space-level auth check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move the "Leave Comment" button from the bottom canvas toolbar to the
top header bar as <rstack-comment-bell>, positioned left of the
notification bell. Shows a red badge with unresolved comment pin count.
Wires canvas via comment-pin-activate/comment-pins-changed custom events.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
c.req.path in Hono returns the full path, not the relative path
within the sub-router, causing the /api/notifications prefix to
be doubled.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The rspace container cannot resolve encryptid-db hostname, causing
/api/notifications/count to 524 timeout on every 30s poll. Rewrites
notification-routes.ts as an HTTP proxy to encryptid (which has DB
access), adds notification API endpoints to encryptid server, and
wraps BroadcastChannel.postMessage in try/catch to prevent uncaught
errors during navigation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Store known personas in localStorage, auto-register on login. Dropdown
shows other personas with one-click switch (triggers passkey re-auth),
add/remove persona buttons, and cross-tab sync.
Also fix pre-existing TS errors: non-null assert on filtered functionCall,
add optional VerifyOptions param to authenticateWSUpgrade type declaration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds an intermediate modal when creating a space: name/slug editing with
availability check, description, visibility radio cards, discoverable
toggle, member search with @username lookup and email invites, and a
shareable invite link generated post-creation.
Server: adds discoverable field to CommunityMeta, extends PATCH /:slug,
adds POST /:slug/invites for generic invite token creation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Overlay markers at canvas or shape-relative coords with threaded
comments, @mention notifications, and rSchedule reminder integration.
Toolbar "Leave Comment" button (/) next to Note tool.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
evaluateSpaceAccess and authenticateWSUpgrade were calling the SDK
without the secret option, forcing remote verification. Also adds
auth header to rpubs editor generate fetch (was getting 401 on
private spaces).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
folk-prompt can now spawn shapes on the canvas when Tools mode is
enabled. Gemini calls functions (create_map, create_note, create_embed,
create_image, create_bookmark, create_image_gen) and the client
executes them via window.__canvasApi. Multi-turn loop on server (max 5
rounds) with synthetic success responses. Extensible via registerCanvasTool().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidates token verification into server/auth.ts, removing the
external SDK dependency. All modules now import from the local module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
getSpaceConfig() read stored visibility without the demo override,
so the client-side access gate blocked unauthenticated users from
accessing the demo space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The single quote in "don't" broke the JS string literal inside the
inline script, causing a SyntaxError that killed the entire script
block including tab bar and header initialization.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added shapesSeeded flag to community doc metadata. Once shapes are
seeded (demo, template, or campaign), deleting all shapes no longer
triggers re-seeding on server restart. The demo reset endpoint clears
the flag so it can re-seed intentionally.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Personal space rename only applies when isPersonal flag is set (not all
private spaces). Demo forced to public visibility. Public spaces no
longer filtered out. Sections: Private → Permissioned → Public →
✦ Discover → Create.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server-side HTML gates can't work because auth tokens are in
localStorage, not cookies. Replaced with:
- Client-side gate checks session, then verifies membership via
new /api/space-access/:slug endpoint
- Shows "Sign In" for unauthenticated users
- Shows "no access + return to your space" for non-members
- Server-side gates remain for API/JSON requests and WebSocket
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Non-members of private spaces are now blocked at three layers:
- WebSocket upgrade rejects with 403
- Module middleware shows access denied page (browser) or JSON 403 (API)
- Space root dashboard shows access denied page
Friendly "Private Space" page with link back to user's own space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Both dropdown-wrap buttons now sit in header-left directly after the
space switcher, keeping space-related controls grouped together.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rspace.online/rcal was redirecting to rcal.online (standalone domain) via
the landing page proxy. Now rewrites to /demo/{moduleId} so it loads the
actual app within the rSpace shell with app/space switchers, matching the
behavior of {space}.rspace.online/{moduleId}.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace full-height slide-in panels with compact dropdowns that appear
beneath header icons. Both icons now grouped in header-right with
mutual exclusion and click-outside-to-close behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ensure disabled modules redirect to space root on subdomain routing,
and pre-load community doc before checking enabled modules list.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Force authenticatorAttachment: 'platform' across all WebAuthn registration
flows to prevent USB security key prompts. Redirect browser navigations to
space root when accessing disabled modules instead of returning JSON error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Inject enabledModules into client, tag 25 module-specific toolbar buttons
with data-requires-module, and filter out disabled items (plus empty groups)
at page init. Spaces with all modules enabled are unaffected.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Live spaces with no CRDT data were showing a generic onboarding page
instead of the module's actual UI. Demo always bypassed this check,
causing visual parity issues between demo.rspace.online and live spaces.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
renderSpaceDashboard was showing all modules regardless of space's
enabledModules setting — both in the app cards grid and the app-switcher
dropdown. Now filters using getSpaceShellMeta, same as renderShell.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
renderExternalAppShell was passing the full unfiltered module list to
both the app-switcher and tab-bar dropdowns. Now filters by the space's
enabledModules, matching the existing renderShell behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the "Welcome to rSpace" popup with a 6-step interactive tour
that spotlights key UI features (app switcher, MI bar, spaces, identity,
canvas, tabs/tools). Skippable at any time via button, Escape, or
clicking the backdrop. Navigable with Back/Next buttons and arrow keys.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add POST /api/users/resolve-dids batch endpoint in EncryptID, proxy
/api/users/* through rspace server, and batch-resolve missing displayNames
in the space settings panel so owners and members show usernames not DIDs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds catch-all proxy route so client tab sync requests (saveTabs/syncTabsFromServer)
reach the EncryptID container. Also fixes rstack-mi panel positioning and
Shadow DOM click-outside handling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New users get sent to /join for passkey registration + auto-space-join.
Existing users are directly added with in-app + email notification.
Add-by-username now also sends email notification if email is on file.
- Add id to /api/users/lookup response
- Enhance /api/internal/user-email/:userId with recovery + profile email
- Add GET /api/internal/user-by-email for email→DID resolution
- Rewrite POST /:slug/invite to use identity invite flow
- Add email notification to POST /:slug/members/add
- Add success/error feedback to space settings invite UI
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Spaces with missing/undefined visibility were falling through to "public"
in 7 places: normalizeVisibility fallback, migrateVisibility early return,
renderShell default, getSpaceConfig, space list APIs, and the HTML
injection middleware. All now default to "private". The migrateVisibility
function now writes "private" to docs with missing visibility on load.
Also fixed jeff and hash spaces on production (were undefined → private).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Progressive approval workflow: paste brief → AI extracts structure →
AI generates per-platform posts → review with per-post regen →
commit (saves campaign, creates threads, drafts newsletters, builds workflow DAG).
Includes MI integration for Cmd+K campaign creation and vite build entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Connects x402 (on-chain USDC via Base) and CRDT token system (Automerge cUSDC)
in both directions: on-chain payments auto-mint cUSDC to payer's DID, and users
can pay with cUSDC balance via new "crdt" payment scheme. 402 responses now
return both exact and crdt payment options.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New spaces start with an empty canvas instead of 25+ template shapes.
Each space gets a {slug}@rspace.online team inbox (multi-sig ready)
via the rinbox onSpaceCreate hook. Fix EncryptID auto-provision passing
raw string instead of SpaceLifecycleContext to module hooks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add transferTokens() and getAllTransfers() to token service
- Seed DAO ecosystem: cUSDC + BFT tokens, 3 treasuries, 6 participants,
~30 transactions spread over 60 days
- Add /api/crdt-tokens/transfers endpoint for ledger history
- Wire CRDT transfers into loadTransfers() with DID→pseudo-address mapping
- Update data transforms (timeline, sankey, multichain) to support
_fromLabel/_toLabel for human-readable CRDT participant names
- Show viz tabs (Timeline, Flow Map, Sankey) when CRDT tokens exist
- Add "local"/"CRDT" chain to color and name maps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restore CrowdSurf as standalone module with full integration (server,
app-switcher, shell favicon, rchoices tab, vite build). Add sortition-
based pairwise Elo ranking: users compare two activities head-to-head,
updating Elo ratings. Includes API endpoints (/api/crowdsurf/pair,
/api/crowdsurf/compare), Rank tab with leaderboard, and Elo badges.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Auto-seed calendar sources and events on first visit to any space's
rcal page, and during space creation via seedTemplate hooks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create-space form redirected to /{slug}/rspace which 404s on subdomain
hosts (jeff.rspace.online/mycofi/rspace → rewritten to /jeff/mycofi/rspace).
Now redirects to https://{slug}.rspace.online/rspace.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Declarative onboardingActions on RSpaceModule lets each rApp define its
own onboarding cards (import, upload, link, create). renderOnboarding()
renders them as a responsive card grid with upload handling. Adds ICS
import endpoint to rCal (POST /api/import-ics). 15 modules wired up.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add BroadcastChannel for instant same-browser tab sync — opening/closing
tabs in one window propagates immediately to sibling tabs. Extract
reconcileRemoteLayers() helper shared by BroadcastChannel and Automerge,
which cleans up cached DOM panes on remote removal and handles
active-tab-closed scenarios.
Also adds configurable rApp shortcuts (Ctrl/Alt+1-9), header swipe
gestures for rApp cycling, and body data-module-id attr for swipe context.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix DID mismatch: server now stores and reads proper did🔑z6Mk... DIDs
from database instead of deriving truncated did🔑${slice(0,32)}
- Add PRF extension to WebAuthn create/get flows for client-side key derivation
- Derive DID, signing keys, encryption keys, and EOA wallet from passkey PRF
- Auto-upgrade truncated DIDs to proper format on sign-in
- Add POST /api/account/upgrade-did endpoint for DID migration
- Add 5-step educational registration wizard (identity, passkey, DID, wallet, security)
- Add email/username field to sign-in for scoped passkey selection
- Add magic link email login for external devices without passkeys
- Add POST /api/auth/magic-link and GET /magic-login verification page
- Add mintWelcomeBalance() for 5 fUSDC to new users
- Store EOA wallet address during registration when PRF available
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Space creation was broken because the canvas module has id "rspace" but
all navigation URLs used "/canvas". On production subdomain routing this
resulted in 404s after creating a space.
- Switch create-space form from deprecated /api/communities to /api/spaces
- Replace all /canvas navigation URLs with /rspace to match module ID
- Fix DID matching in space listing to check both sub and did:key formats
- Add proper client DID support in EncryptID registration flow
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add global polyfills for AbortSignal.timeout() (Safari <17, Firefox <122)
and crypto.randomUUID() (Safari <15.4, Firefox <95) in shell HTML templates.
Add -webkit-backdrop-filter prefix across 13 files for older Safari support.
Add Firefox scrollbar (scrollbar-width/scrollbar-color), range input
(::-moz-range-thumb/track), and color-mix() rgba fallbacks. Create shared
compat.ts utility module. Lowers browser floor from Safari 17/Firefox 122
to Safari 15.4/Firefox 95.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mailcow rejects noreply@rspace.online because the authenticated user
is noreply@rmail.online. Updated all SMTP_FROM and SMTP_USER defaults
to use rmail.online consistently: spaces invites, rSplat notifications,
EncryptID auth emails, and rCart payment receipts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extract canvas inline share panel into reusable <rstack-share-panel> web component
and add it to the shell header between notification bell and settings gear. Canvas
now uses the component too, removing ~230 lines of inline HTML/CSS/JS.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The result fetch was constructing its own URL instead of using the
response_url returned by fal.ai's status poll. This caused 422 errors.
Now captures response_url from poll and uses it for result retrieval.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The spaces module was defaulting to http://localhost:3000 for EncryptID
API calls, which resolves to the rspace container itself (both run on
port 3000). Changed to http://encryptid:3000 matching server/index.ts.
Also improved error surfacing in /members/add endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phone photos (3-4MB, 4000px+) were failing with "Invalid image" on
fal.ai Hunyuan3D. Now resizes to max 1024px JPEG with sharp before
submitting, and uses PUBLIC_ORIGIN HTTPS URL instead of data URI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Two race conditions caused closed tabs to resurrect:
1. syncTabsFromServer() fetch completing after a local close, merging
the stale server response back in
2. Debounced PUT killed by page navigation when closing the active tab,
so the server never learned about the close
Fix: track closed moduleIds per session to skip during merge, and flush
server PUT with keepalive:true before navigation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The publicUrl helper was generating http:// URLs (x-forwarded-proto from
Traefik), causing fal.ai to fail with "Invalid image" 422 errors. Now
reads the staged image from disk and sends as base64 data URI for
reliable delivery. Also bumps poll timeout from 5 to 8 minutes and
surfaces actual fal.ai error messages to the client.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Peer-to-peer RV/camper rentals within community trust networks.
Forked from rBnb with vehicle-specific concepts: specs, mileage
policies, pickup/dropoff locations, and dry humor throughout.
4 seed vehicles, full CRUD API, Leaflet map with pickup/dropoff
markers, rental request flow, endorsement tags including
"suspiciously_clean" and "smells_like_adventure".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
currentModuleId was a const that never updated on client-side tab
switches, causing close to either do nothing or switch to the wrong
tab. Now uses tabBar.active as source of truth and picks the nearest
remaining tab on close. Also adds touch long-press (400ms) drag
reorder for mobile tabs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fal.ai needs to download the staged image. Using hardcoded PUBLIC_ORIGIN
(rspace.online) fails because Cloudflare redirects /data/ paths and the
subdomain (jeff.rspace.online) isn't matched. Now derives the public URL
from the request's Host header. Added logging for staged image URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cloudflare/Traefik 301-redirects /data/ paths to data.rspace.online, which
fal.ai can't follow. Staged images now served at /api/files/generated/ which
passes through correctly. Added route alias for backwards compat.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
activeLayerId was being written to the shared Automerge CRDT on every tab
switch, causing all open windows/devices to follow. Now active tab is
local-only. Adds REST API + server-side storage so authenticated users'
tab lists persist across sessions and devices.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GLB models now render inline 3D previews using Google's <model-viewer> web
component with auto-rotate. AI-generated models show source image thumbnails.
Fixed fal.ai result fetch with retry logic and detailed logging for diagnosis.
Save flow now uses save-generated API with thumbnail_url passthrough.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Defer initThreeViewer to next animation frame so the DOM has laid out
before reading container dimensions. Fall back to viewport size instead
of hardcoded 800x600 when container reports zero dimensions. Add proper
MIME types for GLB/GLTF file serving.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements the Crowdsurfing protocol (gospelofchange/Crowdsurfing) as an
rSpace module with full local-first Automerge CRDT sync. Users propose
activities with commitment thresholds, others swipe to join and declare
contributions, and activities trigger when enough people commit.
Module includes schemas, local-first client, swipe UI dashboard with
pointer gesture detection, landing page, seed template data, and
Vite build integration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wrap formData() in try/catch with logging to diagnose Content-Type
issues through Cloudflare tunnel. Also fix client-side error handling
to clear progress timer and show actual error message on failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Default upload tab is now "Generate from Image"
- Entire dotted drop area is clickable to open file browser
- Update process3DGenJob to use Hunyuan3D v2.1 via fal.ai queue API
(was still using old Trellis endpoint)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Make /api/3d-gen async with job queue + email notification on completion
- Add reminder mini-calendar widget to canvas (top-right on shape select)
- Make items draggable across 6 modules (rNotes, rTasks, rFiles, rSplat, rPhotos, rBooks)
- Upgrade rCal drop handler with time-picker popover instead of confirm()
- Show reminder indicators (dots + badges) on calendar days
- Fix subdomain routing: remove space slug from server-rendered sub-nav,
tab bar, and module links in production (/{moduleId} not /{space}/{moduleId})
- Add buildSpaceUrl() helper for correct external URL generation
- Fix rcart payment URLs for subdomain routing
- Fix rSchedule email links to use subdomain format
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Synchronous fal.run endpoint times out for textured mesh generation.
Switch to queue.fal.run submit/poll/result pattern with 5-minute
deadline. Update client progress phases for longer generation time.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SAM 3D was designed for object segmentation, not full-scene
reconstruction — failed on arbitrary images. Hunyuan3D v2.1 produces
high-quality textured GLB meshes from any single image reliably.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Text prompts require Grounding DINO to detect specific objects, which
fails on arbitrary images. Using a full-image bounding box bypasses
text detection entirely and reconstructs the whole scene as a Gaussian
splat.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SAM 3D uses Grounding DINO which needs real noun classes, not abstract
terms. Use broad multi-class prompt with very low threshold (0.05) to
detect objects in any image type.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SAM 3D requires a segmentation prompt — default "car" fails on
non-car images. Use "everything" with low threshold (0.2) to capture
full scenes including people and backgrounds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SAM 3D outputs native Gaussian splat .ply files (rendered via existing
initSplatViewer) instead of GLB meshes, with full-scene support including
people and backgrounds. Faster generation (5-30s vs 45-75s), $0.02/gen.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The bare-domain and subdomain routing intercepted /rtasks/check/* paths,
rewriting them to /demo/rtasks/check/* which didn't match any route.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The checklist check/send endpoints don't need space context — the HMAC
token and API key provide their own auth. Routes are now:
GET /rtasks/check/:token
POST /api/rtasks/send
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POST /api/splats/save-generated so AI-generated 3D models persist
- Add "Save to Gallery" button in viewer after AI generation
- Remove non-functional "Upload Photos/Video" tab (no processing worker)
- Add 120s server-side timeout on fal.ai Trellis 2 fetch
- Fix GLB viewer memory leak (animation loop + resize listener on disconnect)
- Show elapsed time + phase messages during generation progress
- Bump CSS v3, JS v4 cache versions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove apple-mobile-web-app-capable (redundant with manifest.json display),
add AbortController timeout + 524 handling for /api/3d-gen fetch, and
downgrade CommunitySync WS error to console.warn since reconnect is automatic.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Graph performance: seed node positions to prevent NaN geometry warnings,
cache sprite textures, reduce simulation ticks (120→50 warmup, 300→150
cooldown), cap particles at 2, lower sphere segments, halve label canvas
size, add sessionStorage graph data cache with 60s TTL.
Mobile PWA: add both mobile-web-app-capable (Chrome/Android) and
apple-mobile-web-app-capable (iOS), viewport-fit=cover for notch support,
apple-mobile-web-app-title, safe-area CSS insets on header/body, fix
admin.html missing all mobile meta tags.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extends <rstack-app-switcher> with an expandable "Manage rApps" panel
at the bottom of the sidebar. Space owners can:
- See all available modules (enabled + disabled) in one place
- Toggle modules on/off with + / − buttons
- Changes persist via PATCH /api/spaces/:slug/modules
- Local toggle fallback for demo mode
- Busy state disables buttons during API calls
Shell changes:
- renderShell() now builds allModulesJSON with `enabled` flags
- Calls setAllModules() on the app switcher alongside setModules()
- Dispatches 'modules-changed' event for shell reactivity
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mobile photos (12MP+) were causing generation failures due to large base64 payloads.
Now resizes to max 1024px before sending. Server now returns actual fal.ai error
messages instead of generic "3D generation failed".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove standalone "Open CRM" button from graph view body and add
"Open Twenty CRM" as an external link in the module sub-nav bar,
next to Community CRM. Dashed border + margin-left:auto pushes it
to the right edge for visual distinction.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The subnav and tabbar had top: 128px which left a 36px gap below the
tab row. Changed to 92px (56px header + 36px tab row) and removed
extra margin-bottom. Added sibling rule so tabbar stacks below subnav
when both are present.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add types/hono.d.ts declaring effectiveSpace, spaceRole, and isOwner
on Hono's ContextVariableMap. Remove 127 "as any" casts across 18
files. Fix ParticipantStatus type in rmaps SyncMessage union.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The encryptid API routes live on the separate encryptid container, not
rspace. Clients on space subdomains (jeff.rspace.online) fetch
/encryptid/* relative to the rspace server. Add a catch-all proxy that
forwards these requests to the internal encryptid service.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The subnav and tabbar were sticking at top: 92px which overlapped
with the tab row (header 56px + tab row ~36px = 92px). Bumped to
128px so they sit cleanly below the tab row.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Tab row: set top: 0 on mobile (was inheriting top: 56px from desktop
fixed positioning while being sticky on mobile)
- Subnav + tabbar: switch from sticky to relative on mobile so they
scroll naturally instead of fighting with the sticky header
- Smaller pill padding/font on ≤480px screens
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The rspace module's outputPaths caused renderModuleSubNav to render an
unwanted "rspace | Canvases" bar across the canvas. Skip subnav for the
root rspace module since the canvas has its own chrome.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix z-index (9000 → 10001) so popup renders above header and tab bar
- Center popup as a proper modal with blurred backdrop overlay
- Header now shows module emoji icon + name (fetched from API)
- Bigger, bolder CTA buttons with gradient fills and hover effects
- Tour/guide links auto-promoted to prominent purple-accent buttons
- Loading spinner animation, Escape key to dismiss, click-outside-to-close
- Mobile: slides up from bottom instead of top-right corner
- Also: rcart/rwallet subnav route support, rcart tour simplification
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch 3d-force-graph CDN from jsdelivr to esm.sh with bundle-deps
to resolve missing "three-forcegraph" bare specifier error
- Fix storeCredential() to pass displayName and DID to createUser()
(prevents NULL did column for credential-first user creation)
- Fix invite acceptance to use claims.did instead of claims.sub for
space_members.user_did (DID format consistency)
- Fix session refresh to look up username from DB when missing from
old token (prevents empty username after token refresh)
- Fix resolveCallerRole() in spaces.ts to check both claims.sub and
claims.did against ownerDID and member keys (auto-provisioned spaces
store ownerDID as did🔑, API-created as raw userId)
- Refactor CRM route to use URL subpath tabs with renderCrm helper
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Subnav and tabbar were rendered outside <main id="app">, causing them
to be hidden behind the fixed header. Move them inside <main>, add
sticky positioning (top: 92px), and consolidate pill CSS into a shared
.rapp-nav-pill class. Also refactors tabbar to use URL subpaths instead
of ?tab= query params.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett