Remove hardcoded encryption fallback and Postgres password defaults
flagged by GitGuardian. ENCRYPTION_SECRET and DATABASE_URL are now
required env vars that throw on missing rather than falling back to
insecure defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3: folk-canvas nested space renderer with live WS connection,
auto-scaling viewport, collapsed/expanded views, permission badges.
Phase 4: WS cascade permission enforcement — nest filter on broadcasts,
addShapes/deleteShapes checks, readOnly enforcement for nested connections.
Phase 5: AES-256-GCM at-rest encryption for Automerge documents with
transparent encrypt-on-save/decrypt-on-load and API toggle endpoints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Spaces are now nestable — any space can embed references to other spaces
via SpaceRef, with a permission cascade model (most-restrictive-wins at
each nesting boundary). Every EncryptID registration auto-provisions a
sovereign space at <username>.rspace.online with consent-based nesting
controls.
Key additions:
- NestPolicy per space (open/members/approval/closed consent levels)
- SpaceRef CRUD with allowlist/blocklist, permission ceiling enforcement
- Approval flow for nest requests with admin review
- Reverse lookup (nested-in) so owners see where their space appears
- Source space admins can always revoke (sovereignty guarantee)
- cascadePermissions() for multi-depth permission intersection
- Client-side types for nested space rendering
- Full spec at docs/SPACE-ARCHITECTURE.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify resolveRpId() to always return 'rspace.online' so passkeys
registered from any r*.online domain share the same RP ID. Browsers
use .well-known/webauthn Related Origins to validate cross-domain
passkey usage. This makes one passkey work everywhere.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Forget (F): Soft-delete shapes — close button sets forgotten:true in
Automerge doc instead of removing. Memory panel (toolbar toggle) lets
users browse and Remember forgotten shapes. Server-side forgetShape()
and rememberShape() with WebSocket handlers.
Update (U): New public updateShape(id, fields) method on CommunitySync
for programmatic field updates. Existing auto-capture unchanged.
New (N): Renamed all create/add vocabulary to new — toolbar buttons,
event names (new-shape, shape-new, shape-removed), internal functions
(newShape, newShapeElement).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds space_members table and CRUD endpoints to EncryptID server for
centralized membership management. Extends Automerge CommunityDoc with
members map and PATCH endpoint for module→canvas shape updates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add lightweight JSON WebSocket protocol (?mode=json) that bridges
Automerge to JSON for demo pages, avoiding the ~500KB Automerge bundle.
Includes GET /api/communities/:slug/shapes endpoint, POST demo reset
with rate limiting, Alpine Explorer 2026 seed data (~40 shapes), and
the useDemoSync React hook for real-time demo page connectivity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix duplicate property in addShapes object literal
- Exclude src/encryptid/ from tsc (pre-existing errors, separate module)
- Add ambient type declaration for @encryptid/sdk/server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enables external apps (e.g. rNotes) to push shapes to a canvas via REST API.
Shapes are added in a single Automerge change and broadcast to connected
WebSocket clients for real-time sync.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Protect POST /api/communities, GET /api/communities/:slug, and WebSocket
upgrade with token verification. Add visibility (public/public_read/
authenticated/members_only) and ownerDID to community metadata. Block
writes from read-only connections.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- CommunitySync class bridges FolkJS shapes with Automerge documents
- Server stores Automerge binary format with debounced persistence
- Per-peer sync state for efficient delta synchronization
- WebSocket messages carry Automerge sync protocol
- Automatic migration from JSON to Automerge format
- WASM plugin for Vite to handle Automerge bundle
Enables true CRDT-based collaboration with:
- Conflict-free concurrent editing
- Efficient delta sync (only changed data)
- Offline-capable local documents
- Automatic peer reconnection
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Pure FolkJS implementation with folk-shape, folk-markdown components
- Bun server with WebSocket sync and Host header subdomain detection
- Community creation API at /api/communities
- Docker setup with Traefik labels for wildcard *.rspace.online routing
- Landing page with community creation form
- Canvas page with basic markdown note creation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett