The old constraint rejected new values during UPDATE. Must drop first,
migrate data, then add new constraint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Person-to-person delegation within spaces across 5 authority verticals
(voting, moderation, curation, treasury, membership). Trust engine
recomputes scores every 5 min with time decay, transitive BFS, and
50% per-hop discount. Graph viewer shows trust-weighted node sizing
with authority selector. New Delegations tab in CRM with management
UI and Sankey flow visualization.
Schema: delegations, trust_events, trust_scores tables
API: delegation CRUD, trust scores, events, user directory
Frontend: folk-delegation-manager, folk-trust-sankey, graph trust mode
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Users can now connect browser wallets (MetaMask, Rainbow, etc.) to their
EncryptID identity via SIWE ownership proof, and view linked wallet
balances in the unified rWallet viewer.
New files:
- eip6963.ts: EIP-6963 multi-provider discovery
- external-signer.ts: EIP-1193 provider wrapper for tx signing
- linked-wallets.ts: encrypted client-side store (same AES-256-GCM pattern)
Server: wallet-link nonce/verify/list/delete routes, linked_wallets table,
Safe add-owner-proposal endpoint, new session permissions.
UI: "My Wallets" section with provider picker, SIWE linking flow,
wallet type badges, and click-to-view for linked wallets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add full OIDC Authorization Code flow (discovery, authorize, token,
userinfo) so external apps like Postiz can authenticate via EncryptID
passkeys through auth.ridentity.online.
Add "Claim your rSpace" identity invite system — authenticated users
can invite friends by email, who register a passkey and optionally
auto-join a space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After payment via Coinbase/Transak, users receive a claim email to link
their funded wallet to their EncryptID account — no keys or seed phrases
needed. Adds fund_claims table, CRUD layer, internal service-to-service
API, public claim page, and post-payment UX showing claim instructions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Pre-populated 4-node workflow template (trigger→action→condition→output) with blue arrows
- Add folk-choice-vote, folk-choice-rank, folk-choice-spider component libraries
- New rstack-space-settings component
- EncryptID encrypted vault schema and server endpoints
- Space management and community store enhancements
- Shell, landing, and module CSS refinements
- Tab bar, app switcher, identity, and MI component updates
- rNotes app improvements
- rFunds diagram adjustments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Email forwarding (EncryptID):
- New mailcow.ts API client for alias CRUD via Mailcow REST API
- Schema: email_forward_enabled + email_forward_mailcow_id columns
- API endpoints: GET/POST email-forward status, enable, disable
- Profile email change hook updates/disables alias automatically
- Docker: rmail-mailcow network + MAILCOW_API_URL/KEY env vars
Private spaces:
- Access gate overlay blocks members_only spaces for unauthenticated users
- Space visibility injected into HTML via middleware
- Auto-provision creates spaces as members_only by default
- Personalized "Create {username}'s Space" CTA in space switcher
- Removed unused /notifications endpoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server-side support for user profile management and zero-knowledge
postal address storage:
Schema:
- ALTER users table: add bio, avatar_url, profile_email,
profile_email_is_recovery, wallet_address, updated_at columns
- CREATE encrypted_addresses table with composite PK (id, user_id),
label CHECK constraint, and cleartext metadata for UI listing
DB layer:
- getUserProfile, updateUserProfile (dynamic column updates)
- getUserAddresses, getAddressById, saveUserAddress (upsert),
deleteUserAddress
- Default-address logic: unsets all others when isDefault=true
API routes:
- GET/PUT /api/user/profile — bio validation (500 chars), email format
- GET/POST /api/user/addresses — max 10 addresses, label validation
- PUT/DELETE /api/user/addresses/:id — 404 if not found
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 2-of-3 guardian recovery system:
- Guardian invite via email or shareable link
- One-click approval page for recovery requests
- Social recovery initiation (anti-enumeration)
- 7-day recovery request expiry
Add second device linking:
- QR code + link for cross-device passkey registration
- 10-minute link expiry, one-time use
Enhanced profile page:
- Account security checklist (email, device, guardians)
- Guardian management (add/remove, max 3)
- Device linking with QR code display
- Recovery initiation form for lost devices
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds space_members table and CRUD endpoints to EncryptID server for
centralized membership management. Extends Automerge CommunityDoc with
members map and PATCH endpoint for module→canvas shape updates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace in-memory Maps with persistent PostgreSQL storage:
- Add db.ts with typed query functions for users, credentials, challenges
- Add schema.sql with users/credentials/challenges tables
- Update server.ts to use async DB queries
- Add postgres service to docker-compose
- Health endpoint now reports database connectivity
- Auto-cleanup of expired challenges every 10 minutes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett