TASK-13: rApp frontends now inject EncryptID bearer tokens via authFetch()
and gate mutations behind requireAuth() — rvote, rfiles, rmaps all protected.
Demo mode unaffected.
TASK-41: Dynamic shape registry replaces 300-line switch in canvas.html and
165-line if-chain in community-sync.ts. All 41 shape classes now co-locate
fromData()/applyData() with their existing toJSON(), making shape creation
and sync fully data-driven.
TASK-42: Data pipes between shapes via typed ports. Shapes declare
input/output PortDescriptors, arrows connect ports with type checking,
100ms debounce, and color tinting. AI shapes (prompt, image-gen, video-gen,
transcription) have initial port descriptors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
WebSocket clients were connecting without auth tokens, causing 401
rejections for authenticated/members_only spaces. Now reads the
encryptid_session from localStorage and appends ?token= to WS URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Shape drag now accounts for canvas CSS transform scale so elements
track the cursor correctly at all zoom levels
- Collision resolution uses minimum penetration depth algorithm instead
of movement-direction bias, preventing elements from flipping sides
- Replaced all \uD83D surrogate pair escapes and \u00D7/\u276E/\u276F/
\u2022 escapes with actual Unicode characters across 60+ files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3: folk-canvas nested space renderer with live WS connection,
auto-scaling viewport, collapsed/expanded views, permission badges.
Phase 4: WS cascade permission enforcement — nest filter on broadcasts,
addShapes/deleteShapes checks, readOnly enforcement for nested connections.
Phase 5: AES-256-GCM at-rest encryption for Automerge documents with
transparent encrypt-on-save/decrypt-on-load and API toggle endpoints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett