The oven/bun:1-slim image lacks system CA certs, causing TLS verification
failures on outbound HTTPS for link-preview. Also implements the
/api/design-agent SSE endpoint — Gemini Flash tool loop driving the
Scribus bridge for DTP layout generation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The collab overlay was running a 5s setInterval GC timer on every page
load even with zero peers. Now the timer starts only when the first
peer arrives and stops when all peers are garbage collected.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
HMAC-signed stateless tokens let external respondents vote on rChoices
polls or RSVP to rCal events via a single tap — no account required.
Routes mounted at /respond/:token bypass space auth. Typed EventAttendee
schema replaces unknown[] on CalendarEvent.attendees. Invite endpoints
on both modules generate tokens and optionally send email invitations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When 3+ events land on the same day in month view, individual event
labels collapse into spatial summary chips showing where the user
needs to be (e.g. "Berlin 3", "Amsterdam 2"). Chip granularity
auto-adapts: city → country → continent as location diversity grows.
Virtual events shown separately. ≤2 events still show full labels.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Docker Engine 29.0.4 on Netcup requires minimum API version 1.44,
causing all sidecar starts (Blender, FreeCAD, KiCad, Ollama) to fail
with "client version 1.43 is too old".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three client-side registration flows still had authenticatorAttachment: 'platform'
hardcoded, blocking Samsung Passkey and Linux users:
- lib/rspace-header.ts (main site header registration)
- shared/components/rstack-identity.ts (2 occurrences)
Also added server-side validation for missing userId in register/complete
to return 400 instead of crashing with TypeError.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Registration was hardcoded to authenticatorAttachment: 'platform',
which rejects devices without a platform authenticator (common on
Linux desktops). Now only forces platform when available, otherwise
lets browser offer cross-platform options (security keys, phone as
authenticator). Also relaxed isEncryptIDAvailable() to only require
WebAuthn support, not platform auth specifically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When EncryptID server returns plain text errors (e.g. "Internal Server
Error"), the client's .json() calls threw SyntaxError which surfaced
as an ugly parse error to users. Add .catch() to all unsafe .json()
calls in session.ts, login-button.ts, and recovery.ts so auth
gracefully falls back to unsigned tokens instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Map always shows individual event markers (no clustering). Transit
lines now colored by booking status: green solid = booked, red dashed
= not yet booked. New bookingStatus field on CalendarEvent as
placeholder for the forthcoming booking pipeline. Calendar views
retain semantic zoom (country/city chips at year/season/month levels).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SMTP auth (port 587) credentials are stale, causing 535 auth failures
on startup. Detect internal mailcow/postfix hosts and connect on port
25 without auth, matching the pattern already used in server/spaces.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Load space members via /api/spaces/:slug/members for assignee dropdown
- Detail panel shows <select> with space members when available, falls
back to text input when unauthenticated or no members loaded
- Assignee badge shown on task cards with resolved display names
- Assignee selectable on task creation form
- Server accepts assignee_id on POST /api/spaces/:slug/tasks
- Add _justDragged guard to prevent column click-to-create from
firing after a drag operation ends (100ms debounce)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add sharedvideo and sharedmusic to Jitsi toolbar config in both
the full-screen view and folk-jitsi-room component. Also set
disableThirdPartyRequests to false so the features aren't blocked.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The "Connecting to meeting..." loading div remained visible on top of
the Jitsi iframe in the minimal view. The iframe is created by the
JitsiMeetExternalAPI constructor, so remove the spinner immediately after.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Jitsi server at jeffsi.localvibe.live serves the external API at
/libs/external_api.min.js, not /external_api.min.js (which returns HTML
due to SPA routing). Fixed in both the inline minimal view and the
folk-jitsi-room component's dynamic script loader.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add publicWrite to rtasks module so unauthenticated task creation works
(was blocked by space auth middleware returning 403)
- Click empty column space or "+ Add task" to open create form in that column
- Tasks created in clicked column get that column's status automatically
- Show error message when task creation fails instead of silent failure
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Load kanban board directly on page load instead of showing a workspace
picker first. ClickUp connect button moved into board nav.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The clf space is private, so all API calls were getting 401'd by the
space access middleware before reaching the rtasks routes. Add
/rtasks/api/ to the public endpoint exemption list (like rwallet,
rdesign, rvote already are).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix event listener accumulation (duplicate handlers on every render),
add partial DOM updates for playback/scrubbing/interactions, debounce
config slider recompute via rAF, and add Basic/Advanced mode toggle
that hides advanced controls (tranches, interest, terms, overpayment,
reinvestment) by default. Also fix pre-existing TS Map iteration errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- POST /api/spaces, POST /api/spaces/:slug/tasks, PATCH /api/spaces/:slug
now work without auth (like PATCH /api/tasks/:id already does)
- Frontend retries without auth headers on 401 (stale token recovery)
- Bump JS cache to v6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Workspace creation uses inline text input instead of prompt()
- Task deletion uses inline confirmation bar instead of confirm()
- Better error display when workspace creation fails (shows server error)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Task detail slide-out panel with inline editing of all fields
- Column/status management via gear icon (add, remove, rename, reorder)
- Search & filter bar with text search, priority dropdown, label click filter
- Enhanced task cards with description preview, due date badge, delete hover
- Drag polish with rotation/scale transform on dragging cards
- Empty drop zones always visible with green highlight on drag-over
- Escape key closes detail panel and column editor
- Individual field saves on blur/change (no full re-render flicker)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rtasks fetch calls were missing Authorization Bearer headers, causing 401s
on private/permissioned spaces. Added authHeaders() helper using encryptid-token
from localStorage (matching pattern in folk-feed, folk-multisig-email, etc.).
Also includes: due date field, task detail panel, search/filter, column editor,
board PATCH endpoint, and canvas toolbar repositioned to bottom-right corner
(collapsed wrench icon on all screen sizes, panel opens leftward).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Map markers now aggregate by continent/country/city based on spatial
zoom level instead of always showing individual dots. Calendar views
(year, season, multi-year, month) show zoom-aware spatial labels.
New geo-hierarchy.ts provides offline continent/country lookup from
coordinates with breadcrumb generation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix configOverwrite/interfaceConfigOverwrite property names (were
configOverrides/interfaceConfigOverrides — silently ignored by Jitsi).
Disable pre-join lobby so rooms render immediately. Add error handling
for script load failures. Use external_api.min.js to match component.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett