Phase 5 — EncryptID → DocCrypto bridge:
- Add EncryptedDocBridge connecting WebAuthn PRF to document encryption
- Add per-doc relay mode to SyncServer (encrypted spaces bypass participant mode)
- Wire encryption toggle to syncServer.setRelayOnly() on PATCH /:slug/encryption
- Restore relay mode for encrypted spaces on server startup
- Initialize DocBridge from PRF on login, clear on sign-out (both login-button + identity)
- Use bridge helpers for encrypted backup toggle in My Account
Phase 6 — Space scoping UI:
- Add "Modules" tab to Edit Space modal (enable/disable modules, scope toggles, encryption)
- Auto-filter app switcher by space's enabledModules via renderShell()
- Show "G" badge on global-scoped modules in app switcher
- Show lock icon in header for encrypted spaces
- Add getSpaceShellMeta() helper for auto-populating shell options
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate rNotes from PostgreSQL to Automerge local-first stack with
dual-write support. Reads go Automerge-first with PG fallback; writes
go to both backends during the migration window.
- Add Automerge schemas for NotebookDoc (schemas.ts)
- Add lifecycle hooks (onInit, onSpaceCreate) to rnotes module
- Dual-write all 8 API routes (notebooks + notes CRUD)
- Add NotesLocalFirstClient wrapping DocSyncManager + EncryptedDocStore
- Enhance migration runner with --dry-run, --module, --verify flags
- Add listDocs() to SyncServer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove hardcoded encryption fallback and Postgres password defaults
flagged by GitGuardian. ENCRYPTION_SECRET and DATABASE_URL are now
required env vars that throw on missing rather than falling back to
insecure defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added run-migration.ts script and getDocIds() method on SyncServer.
All 11 module adapters ran successfully against live demo data.
Docs persisted to /data/docs/, backups to /data/docs-backup/.
Idempotent: re-runs skip existing docs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
dry-run.ts validates all 11 adapters against live DB (19 docs, 292 rows,
0 errors). Standardized rwork slug rspace-dev→demo and rvote slug
community→demo so all seeded data uses consistent space identifier.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Notes/work/cal/vote adapters had wrong table names and missing fields.
Now match actual PG schemas. Added books, cart, providers, files, trips,
inbox, splat adapters. Engine gains idempotency, dry-run, disk backup,
per-row error recovery, and progress logging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett