- Add renderDrainKnob() with rotating handle matching source valve style
- Remove rectangular ◁ $/mo ▷ drag bar and split control overlays from canvas
- Add editable range sliders in inline config Allocations tab
- Rewire drag handler for live knob rotation during drain rate adjustment
- Clean up dead split-divider CSS and event listeners
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added safeNum() + migrateNodeData() to sanitize all numeric fields (including
positions and allocation percentages) at every data loading boundary. The nullish
coalescing operator (??) doesn't catch NaN, so corrupted Automerge/localStorage
data cascaded NaN through pipe positions, port coordinates, and edge paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The actual login UI lives in rstack-identity.ts, not login-button.ts.
Added username input to the sign-in modal, pass allowCredentials from
server to WebAuthn so the browser auto-selects the matching passkey.
Shows "No account found" if username not recognized. Enter key support
and auto-focus on the username field.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace 3-step drill-down navigation (notebook grid → note list → editor)
with a persistent sidebar showing collapsible notebook tree alongside the
editor. Sidebar supports search, per-notebook note lists, hover add buttons,
and active note highlighting. Mobile collapses to slide-in overlay <768px.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The access gate and space dashboard redirect scripts checked only
localStorage, which is per-origin. When navigating between subdomains
(e.g. demo → jeff), the session wasn't found. Now both scripts also
check the eid_token cross-subdomain cookie and sync it to localStorage.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move chat input below messages container so conversation flows naturally
top-to-bottom. Add overflow:hidden on html/body to prevent page scrolling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Gemini Flash agentic loop that converts natural language prompts
into real MCP tool call sequences for PCB design (KiCad) and parametric
CAD (FreeCAD). Dynamic schema conversion from MCP tools to Gemini
function declarations, 8-turn/60s loop with real execution and result
feedback.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Automerge docs created before the tags schema don't have the field.
The migration runs 5s after startup (after loadAllDocs completes),
patches missing tags onto events, and assigns known demo event tags.
Also removes debug endpoint and tracing logs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Automerge proxy lists don't serialize to JSON properly via ?? null.
Use Array.from() to materialize them before returning in API responses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 1: MI now knows the current date/time and upcoming events (14-day
lookahead, 5 events max) via direct Automerge read — no HTTP overhead.
Phase 2: Tags (string[] | null) on CalendarEvent for first-class filtering.
Saved views (named filter presets) with full CRUD API. Tag filter on
GET /api/events via comma-separated AND logic. Demo events seeded with tags.
Phase 3: Calendar MCP server (5 tools: cal_list_events, cal_get_event,
cal_list_sources, cal_list_views, cal_create_event) registered in .mcp.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The demo Automerge doc had visibility: "private" from initial creation.
ensureDemoCommunity now forces visibility to "public" on every startup
if it drifted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Was reading `auth_token`, should be `encryptid-token`. Also removes
the premature client-side auth guard that blocked signed-in users.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1. Add GET /rvote/api/* to public endpoint whitelist so proposal
listings work on private/permissioned spaces without auth.
2. Campaign wizard now checks for auth token before POSTing,
showing "Please sign in" instead of a cryptic 401.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The sub-path middleware (/:space/:moduleId/*) already blocked disabled
modules, but the root path (/:space/:moduleId) didn't. Now both paths
consistently check enabledModules before allowing access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1. Remove all rvote/proposals fetching from rstack-user-dashboard.
rApp-specific data (proposals) should stay within the rVote module,
not leak into the space-level dashboard.
2. Fix url.protocol in bare-domain redirects — TLS is terminated by
Cloudflare/Traefik so url.protocol is always http: internally.
Use https: for production domains.
3. Rewrite /{space}/api/... paths internally on bare domain instead
of redirecting to subdomain (avoids CORS + mixed content issues).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Two fixes:
1. Bare-domain routing used url.protocol (always http: behind TLS
termination) for redirects, causing mixed-content blocks. Added
proto helper that uses https: on production domains. Also rewrite
/{space}/api/... calls internally instead of redirecting to the
subdomain.
2. rDesign SSE stream reader now catches QUIC protocol errors on
stream close gracefully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add .catch() to the ReadableStream reader loop so Cloudflare QUIC
protocol resets on stream close don't surface as uncaught errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Scribus --python-script flag requires GUI initialization which
blocks in headless environments. Instead, run the runner as a separate
supervisor-managed Python process (always-on socket server). The bridge
server now simply verifies the socket exists rather than launching
Scribus.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Scribus 1.5 --no-gui mode doesn't execute --python-script properly.
Remove the flag and let Scribus use the Xvfb display, which also
enables the runner to create the bridge socket.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Canvas now uses the same rstack-collab-overlay component as all other
rApps instead of its own custom #people-online-badge. Header restructured
to match renderShell() layout (history/settings in dropdown-wraps on left).
Bridge API (updatePeer/removePeer/setConnState/clearPeers) lets canvas
feed CommunitySync peers into the shared component.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The bridge's /start endpoint was returning "already running" even when
the runner script had crashed (socket gone). Now kills zombie Scribus
and restarts. Agent route also verifies runner connectivity after start.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When no known accounts exist in localStorage, show a username/email
input field instead of immediately triggering the unscoped passkey
picker. User types their username, then gets a scoped passkey prompt
for only that account's credentials.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Non-demo space dashboards now redirect logged-out visitors to
rspace.online/ instead of showing another user's rApp grid. Private
space module pages redirect to rspace.online/{moduleId} instead of
showing the sign-in gate overlay.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite rDesign UI from cramped textarea+step-log to proper split-screen:
left = chat conversation with bubbles, right = interactive SVG editor
with click-to-select, drag-to-move, and corner-handle resize.
SSE keepalive pings every 15s prevent Cloudflare QUIC stream drops.
Tool calls now show human-readable descriptions in collapsible details.
Gemini reasoning text included in thinking events.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Logout no longer removes the account from the picker — users see
"Sign in as [username]" on next visit. fetchScopedCredentials now
returns full PublicKeyCredentialDescriptor with transports so the
browser can locate the right authenticator without showing a picker.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Scoped passkey prompts via /api/auth/start so the browser only shows
matching credentials for the selected account. Known accounts stored
in localStorage and surfaced as a picker (1 account = named button,
multiple = list). "Use a different account" falls back to unscoped.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify FunnelNodeData from 4-tier thresholds to 2 fields (overflowThreshold + capacity),
replace 3-tier spending multiplier with flat drainRate. Rewrite folk-flow-river.ts as clean
Sankey-style SVG renderer (~580 lines, was ~1043). Add migrateFunnelNodeData() for backward
compat with saved flows. Net -616 lines.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After logout, reload the page so the server re-renders the current rApp
in logged-out/demo mode instead of showing a blank screen. Cross-tab
logout also triggers a reload. Space dashboard now redirects logged-in
users to the rSpace canvas instead of showing the rApp grid.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Changed syncTabsFromServer to replace local tabs with server tabs
instead of merging (union). This prevents tabs closed in browser A
from being resurrected when browser B refreshes. Also added server
sync to the iframe module landing path which was localStorage-only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rstack-identity is the actual sign-out component used in production.
clearSession() now calls /api/session/logout, and connectedCallback
validates the session with the server to detect revocation. Also
updated the auth.rspace.online profile page handleLogout().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The bare-domain router redirects /demo/... paths to demo.rspace.online
with http:// protocol, causing mixed content errors. Use the current
page path as the base URL instead of constructing an absolute path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The actual logout UI is in rspace-header.ts (not the encryptid login
button component). clearSession() now calls /api/session/logout, and
on page load the header validates the session with the server to detect
revocation from another browser session.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The write-method middleware was returning 403 for POST /api/design-agent
because the module lacked publicWrite: true.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a user logs out in one browser, all other sessions are now revoked
on their next page load or token refresh. Adds logged_out_at column to
users table, server-side revocation checks on verify/refresh endpoints,
and a new /api/session/logout endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The demo space auth middleware was blocking POST requests with 403.
Add /rdesign/api/ to isPublicEndpoint list, matching rwallet pattern.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pass encryptid auth token in design-agent API requests. Replace
non-existent --rs-bg-elevated with real theme variables and remove
hardcoded dark fallbacks so the UI works in both light and dark mode.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three fixes for S-curve appearance:
- Constant width throughout each waterfall (no taper between source/river)
- Stack inflow waterfalls side-by-side at funnel top proportionally
- Widen spending drain to 80% of vessel bottom width
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Forward Automerge change that overwrites content fields with snapshot data,
preserving meta and full history. Also fixes pre-existing TS errors in
folk-flow-river (undefined exitX) and test-full-loop (StepResult type).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ZIP import: Google Takeout + generic FeatureCollection ZIP via JSZip
- Route requests: "Ask to navigate" sends WebSocket route_request, toast notification with Navigate/Dismiss in other tab
- Chat: Automerge-backed persistent messages with MapChatMessage schema (v2), sidebar tab toggle, unread badge
- Indoor maps: <map-indoor-view> with c3nav raster tile proxy, level selector, Easter egg on Level 0 triple-click
- Indoor/outdoor toggle in controls bar and mobile FAB
- Cache bust v2→v3
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett