Docker container networking can take a moment to stabilize even after
depends_on health checks pass. This adds 5 retries with exponential
backoff (2s, 4s, 6s, 8s, 10s) to survive transient CONNECT_TIMEOUT errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every non-demo space gets generic "Getting Started" content (~25 shapes)
covering all rApp modules so users see what each module can do immediately.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a toggle that switches the 2D spatial canvas into a vertical
scrollable feed layout. Shapes flow as a flex-column list, sortable
by position, creation time, type, or alphabetically. Pan/zoom/drag
gestures are suppressed in feed mode while shape editing stays active.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POST /:slug/invite email endpoint (nodemailer via Mailcow SMTP)
- Add share badge + panel UI to canvas whiteboard
- Mark task-77 (encrypted VPS backup) as Done with updated references
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge encryptid + encryptid-db services from separate docker-compose.encryptid.yml
into the main compose file. Update Dockerfile.encryptid to use additional_contexts
for encryptid-sdk (matching main Dockerfile pattern) instead of fragile context: ..
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /api/account/status endpoint returning email, multi-device,
social recovery completion state
- Show red/green status dots on Account modal section headers for
incomplete vs complete steps (email, device, recovery, data storage)
- Highlight Data Storage section with red warning when using local-only
storage so users know they're responsible for their own data
- Fix email verification 500 error: change token type from
'email_verification' to 'email_verify' to match DB check constraint
- Fix service worker: skip non-http(s) schemes to prevent
chrome-extension:// cache put errors
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Logged-in users visiting demo.rspace.online were auto-redirected to
their personal subdomain. Remove this redirect so the demo stays
accessible regardless of auth state.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Flow Service expects source to be wallet|card|bank, not 'transak'.
funnelId falls back to FUNNEL_ID env var when not in partnerOrderId.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace bare contenteditable divs with a full Tiptap editor (vanilla JS,
no React) inside the <folk-notes-app> web component. Adds formatting
toolbar (bold/italic/underline/strike/code, heading dropdown, lists,
blockquote, code block, link/image insert, undo/redo), slash command
menu (/ at start of empty block), syntax-highlighted code blocks via
lowlight, and task list checkboxes.
Zone-based rendering keeps the editor DOM persistent across re-renders.
Content stored as Tiptap JSON in the existing Automerge content field
with a new contentFormat discriminator. Legacy HTML notes auto-migrate
on first edit. Remote sync updates applied without cursor disruption.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hono consumes the request body upstream, so c.req.raw.clone().text()
returns empty. Use c.req.json() directly and re-serialize for HMAC.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Transak widget integration so users can fund flows with a credit card.
Server receives webhook on order completion and deposits USDC into the flow
via the existing Flow Service API. Includes HMAC signature verification
when TRANSAK_WEBHOOK_SECRET is configured.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement the 4-layer data model (device → encrypted backup → shared sync → federated):
- Extract shared encryption-utils from community-store (deriveSpaceKey, AES-256-GCM, rSEN format)
- Encrypt module docs at rest when space has meta.encrypted === true
- Fix relay mode persistence: relay-backup/relay-restore wire protocol + .automerge.enc blob storage
- Add backup store + REST API (PUT/GET/DELETE /api/backup/:space/:docId) with JWT auth
- Add client BackupSyncManager with delta-only push, full restore, auto-backup
- Wire backup stubs in encryptid-bridge to BackupSyncManager
- Add rspace-backups Docker volume
- Create docs/DATA-ARCHITECTURE.md design doc with threat model and data flow diagrams
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
login-button.ts imports encryptid-bridge from shared/local-first/
which was missing from the Dockerfile.encryptid COPY steps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The guardian page and auth.rspace.online login page were using the
client-side authenticatePasskey()/registerPasskey() SDK functions which
generate their own challenge and return AuthenticationResult — but then
tried to send result.challenge and result.credential (both undefined)
to the server. This caused postgres to throw "UNDEFINED_VALUE" resulting
in a 500 "Internal Server Error" that the client couldn't parse as JSON.
Fix: use the proper server-initiated flow matching rstack-identity.ts:
1. POST /api/auth/start (or /register/start) to get server challenge
2. navigator.credentials.get/create with that challenge
3. POST /api/auth/complete (or /register/complete) with challenge + credential
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate rForum provisioning metadata from shared PG pool to Automerge.
rForum was the last module using PostgreSQL; shared/db/pool.ts is now archived.
- Create modules/rforum/schemas.ts (ForumDoc, ForumInstance, ProvisionLog)
- Rewrite mod.ts: replace sql with Automerge getDoc/changeDoc, add onInit
- Rewrite provisioner.ts: pass SyncServer, logStep/updateInstance via changeDoc
- Fix dashboard snake_case → camelCase field references
- Archive schema.sql and shared/db/pool.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace all sql.unsafe() calls with Automerge document operations
across rfunds, rbooks, rsplat, rnotes, rwork, rvote, rcal, rfiles,
rcart, rtrips, and rinbox. Only rforum retains PG (Discourse provisioning).
Each module now uses _syncServer.getDoc/changeDoc/setDoc for all CRUD,
with ensureDoc() helpers for lazy document creation. Schema SQL files
archived to .sql.archived. Adds Automerge round-trip test suite (35 tests).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidates email, device, recovery, postal address, data storage,
and dark mode settings into a single scrollable modal with collapsible
section cards — matching the existing My Spaces modal pattern.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 5 — EncryptID → DocCrypto bridge:
- Add EncryptedDocBridge connecting WebAuthn PRF to document encryption
- Add per-doc relay mode to SyncServer (encrypted spaces bypass participant mode)
- Wire encryption toggle to syncServer.setRelayOnly() on PATCH /:slug/encryption
- Restore relay mode for encrypted spaces on server startup
- Initialize DocBridge from PRF on login, clear on sign-out (both login-button + identity)
- Use bridge helpers for encrypted backup toggle in My Account
Phase 6 — Space scoping UI:
- Add "Modules" tab to Edit Space modal (enable/disable modules, scope toggles, encryption)
- Auto-filter app switcher by space's enabledModules via renderShell()
- Show "G" badge on global-scoped modules in app switcher
- Show lock icon in header for encrypted spaces
- Add getSpaceShellMeta() helper for auto-populating shell options
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds named, colored ports to every node type (source outflow, funnel
inflow/spending/overflow, outcome inflow/overflow) with a full wiring
state machine supporting both click-to-wire and drag-to-wire interaction.
Edges now originate from specific port positions. Outcomes gain overflow
allocations so fully-funded outcomes can cascade surplus onward.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Automerge schemas, lifecycle hooks (onInit, docSchemas), and
local-first client wrappers for all remaining PG modules:
rWork, rVote, rCal, rFiles, rCart, rBooks, rTrips, rInbox, rSplat, rFunds.
Each module now:
- Defines typed Automerge document schemas (schemas.ts)
- Registers docSchemas and onInit hook with SyncServer reference
- Moves initDB() from top-level to onInit for unified startup
- Has a client-side local-first wrapper (local-first-client.ts)
Dual-write route handlers will be wired incrementally per module
following the rNotes pattern established in Phase 2.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate rNotes from PostgreSQL to Automerge local-first stack with
dual-write support. Reads go Automerge-first with PG fallback; writes
go to both backends during the migration window.
- Add Automerge schemas for NotebookDoc (schemas.ts)
- Add lifecycle hooks (onInit, onSpaceCreate) to rnotes module
- Dual-write all 8 API routes (notebooks + notes CRUD)
- Add NotesLocalFirstClient wrapping DocSyncManager + EncryptedDocStore
- Enhance migration runner with --dry-run, --module, --verify flags
- Add listDocs() to SyncServer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extend RSpaceModule with scoping, lifecycle hooks (onInit, onSpaceCreate/Delete
with SpaceLifecycleContext, onSpaceEnable/Disable), and DocSchema support.
Add scoping to all 25 modules (8 space, 11 global-configurable, 6 global-fixed).
Consolidate 4 space creation endpoints into shared createSpace() function.
Add enabledModules enforcement middleware and module configuration API
(GET/PATCH /api/spaces/:slug/modules). Deprecation header on /api/communities.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The regex matched /cal instead of /rcal, so getApiBase() always returned
empty string, causing 404s on api/events, api/lunar, and api/sources.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transform the Diagram tab from a read-only SVG into a full interactive
canvas with draggable nodes, zoom/pan, Sankey-width edges with +/-
allocation controls, slide-in editor panel, live simulation, node CRUD,
keyboard shortcuts, and lz-string URL sharing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents stale WebSocket reconnect loops after sign-out by adding an
intentional-disconnect flag to CommunitySync. Canvas and shell pages
now redirect to homepage when the user signs out.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Standalone test harness for flow tubes, particle animation, and
interactive port wiring with event logging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Right-click shapes (single or multi-selected) to copy them to another
space the user owns or is a member of. Server endpoint handles ID
remapping, arrow reference preservation, and position centering.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace invisible particle-only flow visualization with colored 3D tubes
between layers, spread horizontally to avoid overlap. Particles now travel
along tube paths. Add click-to-wire interaction on I/O port chips with
visual feedback (glow/breathe/dim). Prevent animation restart on Automerge
sync by surgically updating flow elements in-place.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite folk-calendar-view with 5 views (Day/Week/Month/Season/Year),
3 tabs (Temporal/Spatial/Lunar), Leaflet map with event markers and
transit polylines, temporal-spatial zoom coupling, and lunar phase display.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reorganize user dropdown into expandable "My Account" submenu containing
account actions (Add Email, Add Device, Recovery) plus Dark Mode and
Encrypted Backup toggle switches. Move theme toggle from toolbar into
account settings, default to dark mode.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- App-switcher now dispatches module-select event instead of full page navigation
for same-origin links; shell routes through TabCache for instant tab switching
- Tab pane gets height:100% in canvas-layout mode so #canvas fills the viewport
(fixes pan/zoom not working on empty canvas background)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Derive a deterministic secp256k1 EOA from the passkey's PRF output via
HKDF-SHA256, enabling hardware-backed signing for x402 micropayments and
Safe treasury proposals without storing private keys.
Key changes:
- EOA key derivation with domain-separated HKDF (eoa-derivation.ts)
- Key manager integration with PRF-only EOA path (key-derivation.ts)
- Encrypted client-side wallet store for Safe associations (wallet-store.ts)
- Passkey-backed x402 signer replacing EVM_PRIVATE_KEY (passkey-signer.ts)
- Safe propose/confirm/execute proxy routes in rwallet (mod.ts)
- Wallet capability flag in JWT via users.wallet_address (server.ts)
- Payment operation permissions: x402, safe-propose, safe-execute (session.ts)
Privacy: Safe wallet associations stored client-side only (AES-256-GCM
encrypted localStorage). Server only knows user has wallet capability.
108 tests passing across 5 test suites.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch ghost tracking from mousemove to pointermove (fires for touch/pen/mouse)
- Add cancel button (✕) on ghost outline for mobile (no ESC key available)
- Center ghost on viewport for touch devices instead of (0,0)
- Add touch-action: manipulation to all toolbar buttons (eliminates 300ms tap delay)
- Bump mobile touch targets to 44px min-height with larger padding
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add POST /api/x402-test — a standalone payment-gated endpoint with
no auth required, for testing the x402 flow end-to-end.
Add scripts/test-x402.ts using @x402/fetch to automatically handle
the 402 → sign → retry cycle on Base Sepolia.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The bare domain x402.org/facilitator returns a 308 redirect that
breaks payment verification. Use www.x402.org/facilitator instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DATABASE_URL, ADMIN_DIDS, and ENCRYPTID_DEMO_SPACES are now stored
in Infisical and injected via the entrypoint. Remove the last
docker-compose.yml reference that was temporarily re-added.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When loading the rspace canvas directly (not via tab navigation),
#app lacked the canvas-layout class. Without it, #canvas collapses
to 0 height and pointer events for panning miss the canvas element.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The shared/db/pool.ts requires DATABASE_URL but it was missing from
both docker-compose.yml and Infisical, causing the container to
crash-loop on startup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
folk-rapp used class "rapp-header" but the drag detection in
folk-shape checks for ".header" or "[data-drag]". Added both so
the rapp header works as a drag handle like every other shape type.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove DATABASE_URL and ADMIN_DIDS from docker-compose.yml (now
injected via Infisical entrypoint). Add scripts/seed-infisical.sh
to interactively populate 21 module-specific secrets (R2, Immich,
Twenty, Discourse, FAL, RunPod, etc.) into the rspace Infisical
project. Update Dockerfile to include scripts/ in the image.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On touch devices, both pointer and touch events fire. When a second
finger was added, the pointer handler re-captured the interaction,
fighting the touch-based pan/pinch. Now the touch handler releases
pointer captures and sets a flag that blocks the pointer handler
during two-finger gestures. Also cancels shape drag on multi-touch
and closes the context menu on touchstart for reliable mobile dismiss.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett