- Key derivation: replace random crypto.subtle.generateKey with deterministic
P-256 via @noble/curves/p256 and real Ed25519 did:key generation via
@noble/curves/ed25519 with multicodec prefix + base58btc encoding
- Guardian recovery: wire RecoveryManager to server API (GET/POST/DELETE
/api/guardians) instead of localStorage-only persistence. Server handles
invite emails, client syncs guardian list on load and merges with local
type metadata. verifyGuardian checks actual server acceptance status.
- Notifications dispatch CustomEvents on document for UI integration
- GuardianSetupElement awaits server sync before first render
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Port HolonShapeUtil from canvas-website to rSpace web components.
Replaces dead HoloSphere/GunDB stub with local-first CRDT storage
via window.__rspaceOfflineRuntime. H3 geospatial hierarchy via pure
h3-js. Data model designed for future AD4M Perspective bridging.
- lib/holon-service.ts: Automerge-backed holon registry + lens docs
- lib/folk-holon.ts: Main holon shape (ID entry → connected view with 16 lenses)
- lib/folk-holon-browser.ts: Search/browse shape with open-holon event
- Registered in canvas.html: imports, define, registry, CSS, toolbar, sizes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive smoke tests covering every module, landing pages, auth flows,
navigation, API endpoints, and shell UI — across Chromium, Firefox, and
mobile Chrome. 147 tests, all green against production.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add POPULAR_TOKENS map (USDC, USDT, DAI, WETH) for 7 chains
- Add ERC-20 balanceOf scanning to EOA balance endpoint
- Add /api/eoa/:address/all-balances and /api/safe/:address/all-balances
endpoints that fan out to all chains in parallel
- Replace single-chain view with unified multi-chain balance table
- Add Chain column with colored dots, "All" filter button
- Merge CRDT tokens into unified table (chainId="local")
- Enable testnets by default
- Chain buttons now act as filters (no extra API call)
- Stats aggregate across all chains regardless of filter
- Bump JS cache version to v=6
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
JWT sub contains the userId (not the DID). The DID is in claims.did.
Without this fix, my-balances never matches any token holder.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instead of showing an empty form, rWallet now automatically detects and
loads the user's EncryptID wallet address, or Vitalik.eth as a demo if
not logged in. URL ?address= param still takes priority.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3d-force-graph imports from three/examples/jsm/controls/DragControls.js
but only three/addons/ was mapped. Add the three/examples/jsm/ prefix
so the browser can resolve it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The directory API only returns space members, and jeff isn't in demo space.
Hardcode the known DID with SEED_JEFF_DID env var override support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The rspace container doesn't have DATABASE_URL for the encryptid DB.
Use the /api/users/directory endpoint via HTTP to resolve jeff's DID,
with retry-on-restart if encryptid isn't reachable yet.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces CRDT-native token infrastructure stored as Automerge documents.
Seeds 5 cUSDC to user jeff on startup. Adds token API routes and a
"Local Tokens" section in the rWallet viewer.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
checkExistingSession() required a derived wallet address to set
authenticated=true, causing a re-login prompt even with a valid session.
Now authenticates on valid session and derives wallet lazily at payment
generation time. Also extracts claims.username for display instead of
showing raw did:key identifiers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The old constraint rejected new values during UPDATE. Must drop first,
migrate data, then add new constraint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server-rendered tab bar via renderShell tabs option. Tabs use ?tab= query
params with history.replaceState and dispatch rapp-tab-change events.
Migrated rNetwork CRM from internal Shadow DOM tabs to the shared system.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add secondary pill navigation bar between tab-row and <main> showing
each module's outputPaths + subPageInfos as navigable links with
client-side active highlighting
- Rename rcart /buy/:id route to /group-buy/:id, add payments and
group-buys outputPaths, rename products → catalog
- Add outputPaths (mailboxes) to rinbox module
- Polish group buy page: hero stat cards, fill-up liquid progress
visual with tier markers, warm amber→green gradient, pledge avatars,
green CTA button, price box, responsive improvements
- Fix centering for narrow rcart form pages (flex layout in cart.css)
- Fix TS error: add walletAddress to rstack-identity SessionState type
- Fix TS errors: add ambient type declarations for 3d-force-graph and
three (dynamically imported in folk-graph-viewer)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Transak gateway session API consistently returns 401 despite valid
access tokens. Switch to direct URL construction (query params on
global.transak.com) which Transak still supports and is simpler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace custom SVG force-directed layout with 3d-force-graph (Three.js)
loaded via CDN importmap. Left-drag pans, scroll zooms, right-drag orbits.
Nodes rendered as colored spheres with sprite labels and trust badges.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
folk-payment-request now triggers the rstack-identity auth modal
instead of its own passkey flow. This ensures the username displays
correctly in the identity badge and avoids duplicate session management.
Also checks both session sources for wallet address and access token.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ensures the traditional Twenty CRM interface is always accessible
via a header link alongside the rNetwork CRM tabs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rNetwork declares defaultScope='global' for CRM data, but trust/
delegation data is per-space. The effectiveSpace middleware resolved
to 'global' causing all EncryptID queries to pass space=global,
returning empty results. Fixed by using URL space param directly
for trust-related endpoints.
Also fixed delegations proxy to use /api/delegations/space endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After generating a payment request, push ?id=<paymentId> into the URL.
On page load, if ?id= is present, fetch the payment from the API and
display the QR/share view directly. Reset clears the URL param.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Restructure graph API so trust enrichment runs regardless of whether
Twenty CRM token is configured (demo space has no CRM token)
- Add missing listActiveDelegations import in encryptid server
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove Coinbase and Ramp Network from onramp registry, keeping
Transak as the sole payment gateway. Add TRANSAK_* env vars to
docker-compose for .env override of Infisical values.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix graph cache keying: include trust/authority params so cached
non-trust responses don't shadow trust-enriched requests
- Add /api/delegations/space endpoint to EncryptID for space-level
delegation listing (no auth required, for graph/sankey)
- Fetch and include delegates_to edges in graph API response
- Pass auth-url attribute to delegation manager and sankey components
- Rewrite sankey loadData to use space-level delegation endpoint
instead of per-user endpoints (shows all flows, not just current user)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add AI zine generator section to rPubs landing page with style showcase
and links to /rpubs/zine and zine.mycofi.earth. Add /zine sub-route that
redirects to canvas with ?tool=folk-zine-gen. Add ?tool= URL param
support to canvas for auto-spawning any registered shape on load.
Also adds folk-image and folk-bookmark shape components.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Person-to-person delegation within spaces across 5 authority verticals
(voting, moderation, curation, treasury, membership). Trust engine
recomputes scores every 5 min with time decay, transitive BFS, and
50% per-hop discount. Graph viewer shows trust-weighted node sizing
with authority selector. New Delegations tab in CRM with management
UI and Sankey flow visualization.
Schema: delegations, trust_events, trust_scores tables
API: delegation CRUD, trust scores, events, user directory
Frontend: folk-delegation-manager, folk-trust-sankey, graph trust mode
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ecosystem manifest protocol, EcosystemBridge class, server proxy
routes, port/event integration for folk-rapp, sandboxed iframe mode
with origin-validated postMessage, and SW caching for ecosystem modules.
Security: no allow-same-origin on sandboxed iframes, redirect: error
on proxy fetches, origin validation on all postMessage handlers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Group Buys tab to the shop nav with listing of all ongoing group buys,
showing progress bars, tier chips, and clickable cards that navigate to the
full group buy page. Add "What If" simulator to the group buy page with
slider-driven pledge projection, dynamic tier highlighting, and a commons
revenue calculator with adjustable share percentage.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add card background, glow effect, and contextual hint explaining
the empty state. Rename "Get Started" to "Load Sample Data" with
+ icon for clarity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When accessing demo.rspace.online/demo/rcart/pay/123, the subdomain
router was prepending the space again, creating /demo/demo/rcart/pay/123
which returned 404. Now detects when first path segment matches the
subdomain and passes through without double-prefixing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add folk-group-buy-page.ts: public shareable group buy component
with tier progress, pledge panel, and demo mode
- Add vite build block for folk-group-buy-page
- Wire rSwag "Send to rCart" to navigate to /demo/rcart?tab=catalog
- Add multi-scale calendar demo events: planetary (equinoxes, Earth Day),
continental (Europe Day, Mobility Week), country (Unity Day), region
(Brandenburg festivals), and multi-continent (Tokyo, Nairobi, Bogota)
- Add season-scale and year-scale events for temporal zoom demo
- Fix pre-existing TS errors: add missing likelihood field to CalendarEvent
creation in rcal/mod.ts and rschedule/mod.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add catalog-detail view with quantity selector and order queue
- Add group buy creation flow
- Add ?tab=catalog URL param support
- Expand catalog item schema with inventory fields
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- email → emails (composite Emails type)
- phone → phones (composite Phones type)
- company name is String, not FullName (no subfields)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ${VAR:-default} syntax caused shell quoting errors inside the
bun -e argument. Instead, skip Infisical values for vars already
set via docker-compose environment.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Uses ${VAR:-default} pattern so pre-set env vars (from .env or
docker-compose) are not overwritten by Infisical values. Useful
when a secret needs regeneration but Infisical can't be updated
via the read-only machine identity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Uses ${TWENTY_API_TOKEN:-} so it won't override Infisical when
.env doesn't define it, but allows .env to provide the value
when Infisical's stored token needs regeneration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
8 AI-generated product images (fal.ai Flux Dev) for the demo rCart catalog:
books, posters, tees, sticker sheets, zines, and patches.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The docker-compose env var override was setting an empty string,
preventing the Infisical-injected value from being used.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Session manager now calls EncryptID /api/auth/start + /api/auth/complete
to get a properly signed JWT instead of creating unsigned local tokens.
This fixes 401 errors on /api/payments, /api/notifications, and other
authenticated endpoints that verify tokens via EncryptID server.
- Token refresh calls /api/session/refresh instead of extending unsigned tokens
- Server generateSessionToken now includes authTime, jti, recoveryConfigured
- rNetwork: /crm route renders folk-crm-view instead of iframe
- rNetwork: ?view=app redirects 301 to /crm (backward compat)
- rNetwork: graph viewer always uses API (removed hardcoded demo data)
- docker-compose: pass through TWENTY_API_TOKEN from Infisical
- rcart: add catalog product images
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett