jeffemmett
/
rspace-online
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,803 Commits 3 Branches 0 Tags 27 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Jeff Emmett e78b768f04 feat(security): harden MI endpoints — CORS, rate limiting, prompt sanitization 
- Restrict CORS to known rSpace domains (no more open wildcard)
- Add tiered rate limiting per IP (anon vs authenticated, per endpoint tier)
- UA filtering blocks scrapers/scanners, allows browsers and AI agents
- Prompt injection sanitization: strip MI_ACTION markers, system tags, and
  known attack patterns from user-supplied content before LLM ingestion
- Space access control: private/permissioned spaces gate MI data to members
- Auth required on /triage, /execute-server-action, data-driven /suggestions
- MCP guard: require auth or agent UA for /api/mcp/*
- Anonymous WebSocket cap: max 3 per IP with proper cleanup on close
- Knowledge index + conversation memory gated to members+ (viewers get
  public canvas data only)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-13 13:26:53 -04:00
Jeff Emmett dd46905e12 feat(mi): agentic upgrade — multi-turn loop, LiteLLM, media gen, live data 
Transform MI from single-shot chat into an agentic system:

- LiteLLM provider with Claude Sonnet/Haiku models via proxy
- Agentic loop (max 5 turns): stream → parse actions → execute server-side → feed results back
- Server-side media generation (fal.ai + Gemini) as first-class MI actions
- Module data queries (rnotes, rtasks, rcal) read directly from Automerge
- System prompt enriched with recent notes, open tasks, and calendar events
- Client handles new NDJSON types (turn, action-start, action-result)
- Extracted shared media helpers, refactored image/video endpoints

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-24 19:26:56 -07:00
Jeff Emmett eb00579183 feat(mi): upgrade to community-focused builder with interchangeable AI 
Transform MI from a small Ollama-only chat dropdown into a rich builder
panel with swappable AI backends (Gemini, Ollama, Anthropic/OpenAI stubs),
role-based permission gating, and module-spanning content actions.

- Provider abstraction layer (mi-provider.ts) with stream normalization
- Extracted MI endpoints into mi-routes.ts Hono sub-app
- New action types: create/update/delete-content, scaffold, batch
- Module routing map (mi-module-routes.ts) for rApp API integration
- Redesigned panel: fixed 520px, model selector, textarea, minimize pill
- Action confirmation for destructive ops, scaffold progress bar
- Permission validation endpoint with role-based action gating
- Better markdown rendering (headers, code blocks, links, lists)
- Cmd/Ctrl+K keyboard shortcut, collapsible action details

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 18:29:19 -07:00
Jeff Emmett d850a7615e feat: MI canvas bridge, action executor, and enhanced context 
- Add MiCanvasBridge for deep canvas state awareness (shapes, selection, viewport)
- Add MiActionExecutor to create/update/delete/move/connect shapes from MI responses
- Add MI action parsing (create-shape, connect, update-shape, delete-shape, move-shape, transform)
- Add selection transforms (align, distribute, arrange, match-size)
- Add tool suggestion schema for contextual MI hints
- Enhanced MI system prompt with action markers and transform commands
- Richer canvas context in /api/mi/ask (positions, connections, viewport, shape groups)
- Refactored tab-bar I/O chips for cleaner feed port rendering

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-27 16:08:20 -08:00