CoinGecko free tier now limits to 1 contract address per request.
Process in batches of 3 concurrent single-address requests with 1.5s delay.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ERC-20 tokens not recognized by CoinGecko and valued < $1 by Safe API
are now stripped from balance responses, removing fake ETH and airdrop spam.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove internal view-tabs from folk-wallet-viewer — navigation now handled
entirely by shell subnav outputPaths: Budget (default), Token Balances, Flows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transfers: handle ETHEREUM_TRANSACTION txType as inflows (was only scanning
tx.transfers), exclude self-transfers from embedded transfers loop.
Balances: hide unpriced ERC-20s (airdrop spam) while keeping native tokens,
CRDT tokens, and CoinGecko-priced tokens. Filter zero balances on single-chain
Safe endpoint. Bump JS cache to v=20.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify rWallet from 5 internal tabs to 3: Token Balances, Budget Visualization
(default), and Flows (Sankey + timeline scrubber with play/pause). Remove Yield
shell-level outputPath and route. Budget view auto-loads transfer data on entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Harmonize the two disconnected presence systems into one:
- New shared/collab-presence.ts utility (broadcastPresence, startPresenceHeartbeat)
- Collab overlay now listens to custom presence messages, shows module context in people panel
- Fixed Shadow DOM focus tracking using composedPath() for focus rings through shadow boundaries
- Replaced rNotes custom presence with shared utility (kept sidebar dots)
- Added presence heartbeat to all 27 rApp components with dynamic context strings
- Bumped cache versions in all modified mod.ts files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix USD estimation: add NATIVE_APPROX_USD price table for ETH, MATIC,
BNB, AVAX, xDAI, CELO, GNO; unknown tokens fall back to $0 instead of
raw token amounts (fixes wildly wrong river widths)
- Fix scroll hijacking: only intercept Ctrl+wheel (pinch-to-zoom) on
timeline, flow chart, and sankey; normal two-finger scroll passes through
- Collapse address bar to compact chip after wallet loads with Save/Change
- Promote watchlist as horizontal chip selector above dashboard; merge
example wallets as dashed "suggested" chips when watchlist is empty
- Default to timeline view after wallet detection (auto-loads transfers)
- Move balance/transaction tables to Details modal (pill button, overlay
with backdrop blur) — stats cards hidden in viz views since D3 shows them
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Client-side sandbox for "what-if" yield projections — enter any amount,
pick asset/chain, scrub a time slider, and compare all protocol APYs
instantly. Uses live DeFi Llama rates when available, mock fallbacks offline.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidates token verification into server/auth.ts, removing the
external SDK dependency. All modules now import from the local module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add transferTokens() and getAllTransfers() to token service
- Seed DAO ecosystem: cUSDC + BFT tokens, 3 treasuries, 6 participants,
~30 transactions spread over 60 days
- Add /api/crdt-tokens/transfers endpoint for ledger history
- Wire CRDT transfers into loadTransfers() with DID→pseudo-address mapping
- Update data transforms (timeline, sankey, multichain) to support
_fromLabel/_toLabel for human-readable CRDT participant names
- Show viz tabs (Timeline, Flow Map, Sankey) when CRDT tokens exist
- Add "local"/"CRDT" chain to color and name maps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Show the visualizer view directly without the top-level tab switcher,
keeping the sub-tab header (Balances, Yield, Timeline, etc.) intact.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Paginated transfers endpoint (up to 3000 txs with exponential backoff),
collapsible incoming/outgoing transaction tables below visualizations,
and Reset View buttons on all three D3 charts (Timeline, Flow, Sankey).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shared wallet address watchlist syncs across space members. Click
watched address to load it in the visualizer. Transaction annotations
and dashboard config schema ready for future use.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use table-layout:fixed with colgroup for consistent APY/30d Avg/TVL
column alignment. Dedicated yield-rates-table class with right-aligned
monospace numeric columns. Bump JS cache v=12.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix DeFi Llama field mapping: use apyMean30d + apyPct7D (apyMean7d
doesn't exist in their API)
- Add apyBase, apy30d fields to YieldOpportunity type
- Deduplicate rates table (best APY per protocol+chain+asset)
- Hide "My Wallets / Wallet Visualizer" top tab bar on yield page
- Color-code APY values, better TVL formatting (B/M)
- Bump JS cache to v=11
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Force topTab=visualizer and skip hero/address/features/examples when
activeView is yield. Works for both authenticated and anonymous users.
Yield rates auto-load on page init without requiring a wallet address.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Yield tab now auto-loads rates on page init and renders independently
of wallet detection — no longer gated behind hasData(). Shows rates
comparison table, header with description, and back button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds yield-generating capability for idle stablecoins (USDC/USDT/DAI)
on Ethereum and Base via Aave V3 and Morpho Blue vaults, using the
existing Safe multisig proposal flow for governance.
New lib files: yield-protocols (constants/ABIs), yield-rates (DeFi Llama
+ Morpho GraphQL with 5min cache), yield-positions (on-chain queries),
yield-tx-builder (MultiSend calldata for Safe proposals),
yield-strategy (idle detection + allocation suggestions).
5 API routes, "Yield" view tab with rates table, position cards, and
advisory strategy suggestions. Zero new dependencies.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Arbitrum Sepolia, Optimism Sepolia, Polygon Amoy, Avalanche Fuji,
and BSC Testnet with RPC URLs, native tokens, popular ERC-20s, and
Alchemy slug mappings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add intermediate breakpoints (960px, 1024px, 900px, 640px, 600px) for tablets and fold
devices across all 12 rApp components. Add touch-action: manipulation and
-webkit-tap-highlight-color to eliminate 300ms tap delay. Fix undersized tap targets
(<36px) in rtasks, rfiles, rinbox, and rcart. Replace HTML5 drag API with pointer events
in rtasks kanban and rchoices ranking for touch/pen/mouse parity. Replace mouseenter/
mouseleave with pointerenter/pointerleave in rchoices spider chart with click toggle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Payment pages (folk-payment-page, folk-payment-request, folk-group-buy-page)
had zero or minimal media queries — now stack headers, reduce padding, and
resize iframes for 375px viewports. Other rApp dashboards (rchoices, rwallet,
rnotes, rfiles, rinbox, rforum, rtasks, rvote) gain consistent 768px/480px
breakpoints: collapsing grids to 1-column, shrinking fonts and padding, and
stacking flex rows on mobile. Also adds folk-payments-dashboard to the flex
centering rule in cart.css.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every EncryptID identity has two wallets: a CRDT wallet (DID-based for
local tokens) and an EVM wallet (passkey-derived for on-chain tokens).
The My Wallets tab now always shows both in a dedicated EncryptID card
with distinct sections, rather than burying CRDT tokens as a subsection
that only appears when balances are non-empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure rWallet with a top-level tab system: "My Wallets" (default
for authenticated users) shows wallet cards with on-chain balances and
CRDT tokens, while "Wallet Visualizer" preserves existing explore-any-
address functionality. View Flows button bridges the two tabs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix z-index (9000 → 10001) so popup renders above header and tab bar
- Center popup as a proper modal with blurred backdrop overlay
- Header now shows module emoji icon + name (fetched from API)
- Bigger, bolder CTA buttons with gradient fills and hover effects
- Tour/guide links auto-promoted to prominent purple-accent buttons
- Loading spinner animation, Escape key to dismiss, click-outside-to-close
- Mobile: slides up from bottom instead of top-right corner
- Also: rcart/rwallet subnav route support, rcart tour simplification
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POPULAR_TOKENS map (USDC, USDT, DAI, WETH) for 7 chains
- Add ERC-20 balanceOf scanning to EOA balance endpoint
- Add /api/eoa/:address/all-balances and /api/safe/:address/all-balances
endpoints that fan out to all chains in parallel
- Replace single-chain view with unified multi-chain balance table
- Add Chain column with colored dots, "All" filter button
- Merge CRDT tokens into unified table (chainId="local")
- Enable testnets by default
- Chain buttons now act as filters (no extra API call)
- Stats aggregate across all chains regardless of filter
- Bump JS cache version to v=6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
JWT sub contains the userId (not the DID). The DID is in claims.did.
Without this fix, my-balances never matches any token holder.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instead of showing an empty form, rWallet now automatically detects and
loads the user's EncryptID wallet address, or Vitalik.eth as a demo if
not logged in. URL ?address= param still takes priority.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces CRDT-native token infrastructure stored as Automerge documents.
Seeds 5 cUSDC to user jeff on startup. Adds token API routes and a
"Local Tokens" section in the rWallet viewer.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add shared ViewHistory<V> utility class that provides a proper navigation
stack for rApps with hierarchical views. Replaces hardcoded data-back
targets with stack-based back navigation across 10 rApps: rtrips, rmaps,
rtasks, rforum, rphotos, rvote, rnotes, rinbox, rschedule, rcart.
Rename rWork module to rTasks — directory, component (folk-tasks-board),
CSS, exports, domains, and all cross-module references updated.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 3 interactive D3 visualizations (Balance River Timeline, Multi-Chain
Flow Map, Single-Chain Sankey) as tabbed views alongside the existing
balance table. D3 loaded lazily from CDN on first viz tab click. Demo
mode shows all visualizations with mock TEC Commons Fund data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- L-1: Remove internal error details from SIWE verify response
- L-2: Stop forwarding raw Safe API error bodies to clients (log server-side)
- L-3: Evict stale keys from nonce rate limiter to prevent memory leak
- L-4: Add input length/type guards on wallet-link verify body fields
- L-5: Sanitize and cap limit query param on Safe transfers route (max 200)
- L-6: Server recomputes addressHash from SIWE address instead of trusting
client-supplied value for dedup
- L-7: Reset LinkedWalletStore singleton on logout to clear cached keys
- I-1: Add X-Content-Type-Options, X-Frame-Options, Referrer-Policy headers
- I-9: Build EIP712Domain type array dynamically from domain fields in
ExternalSigner.signTypedData (was hardcoded to empty, dropping fields)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- H-3: Rate limit wallet-link nonce to 5 per user per 5 minutes (429)
- H-4: Verify sender address matches JWT walletAddress in add-owner-proposal;
also include walletAddress in JWT eid claims
- M-1: Sanitize EIP-6963 provider icons — only allow https: and safe
data:image/(png|jpeg|gif|webp), block SVG and javascript: URIs
- M-2: Validate threshold is a positive integer ≤ newOwnerCount, fetch
actual Safe owner list for bounds checking
- M-3: Add VALID_ETH_ADDR regex validation to all 9 routes that accept
address params (Safe proxy, EOA proxy, propose, confirm, execute,
add-owner-proposal) to prevent SSRF via path traversal
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- C-1: Replace Base64 fake encryption with real AES-256-GCM server-side
encryption for linked wallet data (HKDF-derived key from JWT_SECRET)
- H-1: Escape token name/symbol in balance table to prevent XSS
- H-2: Salt address hash with user ID to prevent cross-user correlation
- M-4: Remove cleartext sessionStorage cache for linked wallets
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett