Added hideExchangeScreen, isAutoFillUserData, and paymentMethod params
to both Transak endpoints. This skips the initial exchange screen (we
already provide all required fields) and auto-fills email for Lite KYC,
reducing friction for small transactions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SMTP auth credentials were stale, causing all payment confirmation
emails to silently fail. Since rspace is on the mailcow Docker network,
use unauthenticated relay on port 25 instead of port 587 with auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a payment request is in a terminal state (paid, confirmed, expired,
cancelled, filled), the /pay/:id route now renders a static HTML page
with a clear message instead of loading the full JS component. Prevents
"corrupted content error" and shows a friendly "already paid" message.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Text inputs were rendering in light mode making text invisible against
the dark background. Added colorMode: 'DARK' to both Transak widget
endpoints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When fiatAmount wasn't explicitly set on a payment request, Transak
defaulted to 300 USD. Now for USDC/USDT/DAI/cUSDC, the fiat amount
is inferred from the crypto amount (1:1 peg) so the widget opens with
the correct payment amount.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Audit and fix ~60 violations across 47 files where URLs were constructed
as /{space}/moduleId instead of /moduleId (subdomain provides the space).
- Add getModuleApiBase() helper to shared/url-helpers.ts
- Fix client components: use getModuleApiBase() for fetch URLs,
rspaceNavUrl() for navigation
- Fix server routes: use c.get("isSubdomain") for redirects and
JSON response URLs
- Fix OAuth callbacks (notion, google, clickup): subdomain-aware redirects
- Fix email notification URLs (rvote): use {space}.rspace.online format
- Fix webhook registration (rtasks/clickup): subdomain-aware endpoint URL
- Replace broken #getSpaceSlug() methods in folk-feed, folk-splat
- Replace NODE_ENV checks with proper isSubdomain checks (rdata, rnetwork)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add MoonPay as the primary card payment provider for rCart. MoonPay
uses HMAC-SHA256 signed URLs (no session API needed, no IP whitelisting).
Falls back to Transak if MoonPay keys aren't configured.
- shared/moonpay.ts: URL builder with HMAC signing, currency mapping
- New /api/payments/:id/card-session endpoint picks provider automatically
- Frontend uses unified startCardPayment() with multi-provider message handling
- Set MOONPAY_API_KEY + MOONPAY_SECRET_KEY to activate
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Transak now requires widget URLs to be generated server-side via their
gateway session API. Direct query-parameter URLs are deprecated.
- Add getAccessToken() with 7-day caching for partner access tokens
- Add createSecureWidgetUrl() that calls the gateway session endpoint
- Falls back to legacy direct URL if gateway returns an error (e.g.
production IP not yet whitelisted)
- Update rCart and rFlows to use the secure API
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Transak rejects `cryptoAmount` when combined with fiatCurrency params.
Use `defaultCryptoAmount` which pre-fills the amount without conflicting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The payment request form button was cut off on mobile because the shell
uses height:100vh with overflow:hidden on #app. Add padding-bottom to
the .page container so the button scrolls into view within the flex
overflow:auto content area.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Payment request URLs (e.g. /rcart/pay/:id) should be accessible without
authentication, even in private spaces. The API endpoints were already
exempted from auth, but the client-side shell gate was redirecting
unauthenticated visitors to the module landing page. Set
spaceVisibility="public" on the payment page render to bypass this.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Transak production also sends X-Frame-Options: SAMEORIGIN, blocking
iframe embeds. Switch to popup window for all environments, not just
staging. Show "payment opened in new window" status with re-open button.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Make #app a flex column with height:100vh so all rApps fill the viewport
exactly. Wrap module body in .rapp-content flex child. Replace all
hardcoded calc(100vh - Npx) with height:100% across 20+ components.
Remove sticky positioning from subnav/tabbar (now flex items).
Generalize mobile body-flex to all pages (not just canvas-layout).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transak staging sets X-Frame-Options: sameorigin, blocking iframe embedding.
Server now uses x-forwarded-host header for correct referrerDomain behind
Traefik, and returns env (STAGING/PRODUCTION) in transak-session response.
Client opens a popup window for staging instead of iframe.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Harmonize the two disconnected presence systems into one:
- New shared/collab-presence.ts utility (broadcastPresence, startPresenceHeartbeat)
- Collab overlay now listens to custom presence messages, shows module context in people panel
- Fixed Shadow DOM focus tracking using composedPath() for focus rings through shadow boundaries
- Replaced rNotes custom presence with shared utility (kept sidebar dots)
- Added presence heartbeat to all 27 rApp components with dynamic context strings
- Bumped cache versions in all modified mod.ts files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidates token verification into server/auth.ts, removing the
external SDK dependency. All modules now import from the local module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Declarative onboardingActions on RSpaceModule lets each rApp define its
own onboarding cards (import, upload, link, create). renderOnboarding()
renders them as a responsive card grid with upload handling. Adds ICS
import endpoint to rCal (POST /api/import-ics). 15 modules wired up.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mailcow rejects noreply@rspace.online because the authenticated user
is noreply@rmail.online. Updated all SMTP_FROM and SMTP_USER defaults
to use rmail.online consistently: spaces invites, rSplat notifications,
EncryptID auth emails, and rCart payment receipts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Make /api/3d-gen async with job queue + email notification on completion
- Add reminder mini-calendar widget to canvas (top-right on shape select)
- Make items draggable across 6 modules (rNotes, rTasks, rFiles, rSplat, rPhotos, rBooks)
- Upgrade rCal drop handler with time-picker popover instead of confirm()
- Show reminder indicators (dots + badges) on calendar days
- Fix subdomain routing: remove space slug from server-rendered sub-nav,
tab bar, and module links in production (/{moduleId} not /{space}/{moduleId})
- Add buildSpaceUrl() helper for correct external URL generation
- Fix rcart payment URLs for subdomain routing
- Fix rSchedule email links to use subdomain format
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add EncryptID internal endpoint for email lookup by userId
- rcart: send "Payment Sent" to payer and "Payment Received" to recipient
- rcart: resolve emails via EncryptID when not provided in request
- rsplat: add GLB/GLTF 3D viewer using Three.js GLTFLoader
- rsplat: enable publicWrite for photo uploads without space membership
- docker-compose: add SITE_URL and SPLAT_NOTIFY_EMAIL env vars
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contribute button now offers "Pay Now" (creates a PaymentRequest linked
to the cart, navigates to the existing payment page) alongside "Record
Manual". When the payment completes, the server auto-records a
contribution on the cart with amount, method, and txHash.
- Add recipientAddress to ShoppingCartDoc, linkedCartId to PaymentRequestMeta
- New POST /api/shopping-carts/:cartId/contribute-pay route
- Payment status handler propagates paid → cart contribution
- Payment page shows "Return to Cart" link for linked payments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enrich 5 demo orders with items, buyer, payment, provider, and timeline.
Order cards show thumbnails and item counts; clicking opens a detail view
with payment info, buyer, provider, and timeline using the existing
catalog-detail 2-column layout. Demo payments expanded to 5 (3 linked).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The flex centering on main:has() was causing the subnav to shrink-wrap
and the page content to left-align on desktop. Use margin: 0 auto on
the components directly so the subnav stays full-width.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
demo.rspace.online subdomain already identifies the space, so paths
should not redundantly include /demo/. Replaced 7 occurrences across
rcart, rswag, rpubs, rschedule, and space-switcher with either relative
paths or full demo.rspace.online URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The cart.css had `display:flex; align-items:center` on main:has(folk-payment-page)
which fought with the component's own `width:100%; margin:0 auto` centering:
- flex align-items:center shrunk the subnav to content width
- padding:0 0.5rem overrode shell.css padding-top:92px (desktop)
- Redundant since all components already self-center with margin:auto
Also hide the shop subnav on public-facing pages (/pay/:id, /group-buy/:id)
since payers/pledgers don't need Carts/Catalog/Orders navigation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove duplicate internal nav (.rapp-nav tabs) from folk-cart-shop —
the shell subnav pills already provide this navigation
- Read initial-view attribute so shell subnav routing works correctly
- Add margin: 0 auto centering to all narrow page components
(payment-page, payment-request, payments-dashboard, group-buy-page)
- Add overflow-wrap: break-word to prevent text/address overflow
- Comprehensive mobile breakpoints across all components:
- folk-cart-shop: 600px + 400px (grid stacking, card sizing, forms)
- folk-payments-dashboard: 600px + 480px (header, cards, tabs)
- folk-group-buy-page: already had good breakpoints, added centering
- cart.css: remove justify-content:center (bad for long pages),
add horizontal padding for mobile
- Fix share-input overflow with min-width:0 + text-overflow
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add margin: 0 auto to center the page instead of left-aligning
- Add overflow-wrap/word-break on wallet addresses, tx hashes, URLs
- Add min-width: 0 + text-overflow on share input to prevent flex overflow
- Comprehensive mobile breakpoints at 600px and 380px for all sections
(staging banner, recipient info, header, amount, tabs, footer)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add comprehensive responsive breakpoints at 600px and 380px:
- Stack step card, form field rows, share rows vertically
- Scale down typography (title, amount, hints)
- Reduce padding and QR code size for narrow screens
- Make toggle buttons and method toggles compact
- Full-width action buttons on mobile
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Recurring Executor (new module):
- Server-managed relayer keypair derived deterministically via HKDF
- Checks on-chain ERC-20 allowance before pulling funds
- Executes transferFrom when subscriptions are due
- Supports Base, Base Sepolia, and Ethereum mainnet
New API Endpoints:
- GET /api/payments/:id/subscription-info — returns relayer address and
approve calldata for the client to authorize recurring pulls
- POST /api/payments/:id/subscribe — registers a subscription after
payer approves on-chain allowance, verifies allowance exists
Scheduler Upgrade:
- Attempts automated pull first for subscriptions with approved allowance
- Falls back to email reminder if auto-pull fails or is not configured
- Sends branded receipt email after successful automated payments
- Extracted email templates into reusable helper functions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Layer 1 — Schema & History:
- Added PaymentRecord type for individual payment tracking
- Added interval (weekly/biweekly/monthly/quarterly/yearly), nextDueAt,
subscriberEmail, and paymentHistory[] to PaymentRequestMeta
- Payment history records txHash, method, amount, paidAt for each payment
Layer 2 — Server-Side Scheduler:
- Hourly subscription reminder scheduler sends email notifications
when recurring payments are due (based on nextDueAt)
- nextDueAt auto-computed after each successful subscription payment
- Grace period prevents duplicate reminders
- Branded HTML reminder emails with "Pay Now" button
UI Updates:
- Billing interval selector (weekly through yearly) shown for
subscription and payer_choice payment types
- Payment page shows subscription badge with interval and history count
- Next due date displayed for active subscriptions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace parseFloat * 10^decimals with string-based decimal parsing to
avoid precision loss for 18-decimal tokens (ETH). Affects both MetaMask
and EncryptID payment paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Payment schema now includes creatorUsername, displayed alongside the
truncated wallet address on the payer-facing payment page
- New "Share by email" feature on the payment request page: enter
comma-separated emails to send branded payment links via email
- New POST /api/payments/:id/share-email endpoint with HTML email template
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add intermediate breakpoints (960px, 1024px, 900px, 640px, 600px) for tablets and fold
devices across all 12 rApp components. Add touch-action: manipulation and
-webkit-tap-highlight-color to eliminate 300ms tap delay. Fix undersized tap targets
(<36px) in rtasks, rfiles, rinbox, and rcart. Replace HTML5 drag API with pointer events
in rtasks kanban and rchoices ranking for touch/pen/mouse parity. Replace mouseenter/
mouseleave with pointerenter/pointerleave in rchoices spider chart with click toggle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add intermediate breakpoints (960px, 1024px, 900px, 640px, 600px) for tablets and fold
devices across all 12 rApp components. Add touch-action: manipulation and
-webkit-tap-highlight-color to eliminate 300ms tap delay. Fix undersized tap targets
(<36px) in rtasks, rfiles, rinbox, and rcart. Replace HTML5 drag API with pointer events
in rtasks kanban and rchoices ranking for touch/pen/mouse parity. Replace mouseenter/
mouseleave with pointerenter/pointerleave in rchoices spider chart with click toggle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Payment page now shows recipient info and available payment methods
- Testnet chains show staging environment disclaimer
- Transak widget receives effective amount for editable-amount payments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
WebAuthn PRF extension is unsupported on most mobile browsers, causing
"Could not derive wallet address" error. Added 3-layer fallback:
1. Client-side PRF derivation (desktop)
2. Server-side wallet lookup via session API
3. DID-based deterministic address provisioning
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sends an HTML email with payment details, rFlows CTA, and resource links
when a card/Transak payment completes. Fire-and-forget (never blocks response).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Payment pages (folk-payment-page, folk-payment-request, folk-group-buy-page)
had zero or minimal media queries — now stack headers, reduce padding, and
resize iframes for 375px viewports. Other rApp dashboards (rchoices, rwallet,
rnotes, rfiles, rinbox, rforum, rtasks, rvote) gain consistent 768px/480px
breakpoints: collapsing grids to 1-column, shrinking fonts and padding, and
stacking flex rows on mobile. Also adds folk-payments-dashboard to the flex
centering rule in cart.css.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pass fiatAmount, defaultFiatAmount, fiatCurrency, and defaultFiatCurrency
to the Transak widget URL so users see the transaction total immediately
without manual entry. Applied to both rcart payment sessions and rflows
onramp adapter.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add getTransakApiKey() and getTransakWebhookSecret() helpers that
resolve TRANSAK_API_KEY_STAGING or TRANSAK_API_KEY_PRODUCTION based
on TRANSAK_ENV, with fallback to legacy TRANSAK_API_KEY. All consumers
(rcart, rflows, transak-onramp) now use the shared helpers instead of
reading env vars directly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix z-index (9000 → 10001) so popup renders above header and tab bar
- Center popup as a proper modal with blurred backdrop overlay
- Header now shows module emoji icon + name (fetched from API)
- Bigger, bolder CTA buttons with gradient fills and hover effects
- Tour/guide links auto-promoted to prominent purple-accent buttons
- Loading spinner animation, Escape key to dismiss, click-outside-to-close
- Mobile: slides up from bottom instead of top-right corner
- Also: rcart/rwallet subnav route support, rcart tour simplification
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New folk-payments-dashboard component shows payment requests in/out with
status badges, links to pay pages, and a create button. Resolves 404 on
the existing Payments outputPath.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolves T-INF-101 Access Denied when accessing payment links from
subdomains like demo.rspace.online. Adds extractRootDomain() helper
to shared/transak.ts, used by both rcart and rflows onramp adapters.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
checkExistingSession() required a derived wallet address to set
authenticated=true, causing a re-login prompt even with a valid session.
Now authenticates on valid session and derives wallet lazily at payment
generation time. Also extracts claims.username for display instead of
showing raw did:key identifiers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add secondary pill navigation bar between tab-row and <main> showing
each module's outputPaths + subPageInfos as navigable links with
client-side active highlighting
- Rename rcart /buy/:id route to /group-buy/:id, add payments and
group-buys outputPaths, rename products → catalog
- Add outputPaths (mailboxes) to rinbox module
- Polish group buy page: hero stat cards, fill-up liquid progress
visual with tier markers, warm amber→green gradient, pledge avatars,
green CTA button, price box, responsive improvements
- Fix centering for narrow rcart form pages (flex layout in cart.css)
- Fix TS error: add walletAddress to rstack-identity SessionState type
- Fix TS errors: add ambient type declarations for 3d-force-graph and
three (dynamically imported in folk-graph-viewer)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Transak gateway session API consistently returns 401 despite valid
access tokens. Switch to direct URL construction (query params on
global.transak.com) which Transak still supports and is simpler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett