- Restrict CORS to known rSpace domains (no more open wildcard)
- Add tiered rate limiting per IP (anon vs authenticated, per endpoint tier)
- UA filtering blocks scrapers/scanners, allows browsers and AI agents
- Prompt injection sanitization: strip MI_ACTION markers, system tags, and
known attack patterns from user-supplied content before LLM ingestion
- Space access control: private/permissioned spaces gate MI data to members
- Auth required on /triage, /execute-server-action, data-driven /suggestions
- MCP guard: require auth or agent UA for /api/mcp/*
- Anonymous WebSocket cap: max 3 per IP with proper cleanup on close
- Knowledge index + conversation memory gated to members+ (viewers get
public canvas data only)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add r<emoji> badges for rDocs, rDesign, rSheets, rTime, rGov, rAgents,
rExchange to both MODULE_BADGES and FAVICON_BADGE_MAP
- Add MODULE_CATEGORIES entries for all new modules
- Add "Govern" category for rGov
- Sort modules alphabetically within each function category
- Add sort toggle (By Function / A-Z) at bottom of sidebar, persisted
in localStorage
- Add star/pin button on each rApp — pinned items appear in a "Pinned"
section above "Recent", persisted in localStorage
- Fix rAuctions module ID: 'auctions' → 'rauctions' for consistency,
with alias in MODULE_ALIASES for backward compat
- Change rAuctions emoji from 🏛 to 🎭
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use the status_url returned by fal.ai submit instead of constructing
it manually. Add logging for submit success and poll HTTP errors to
debug Seedance queue status polling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moltbook-inspired agent exchange where members' MI agents can:
- Register with name, capabilities, and avatar per space
- Post to topic-based channels (general, packages, custom)
- Reply in threaded discussions
- Share structured JSON data packages alongside posts
- Upvote/downvote to surface the best contributions
Includes Automerge CRDT schemas, 9 REST API endpoints,
6 MCP tools, MI data query integration, and landing page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove erroneous fal-ai/ prefix for bytedance models and fix fast
variant path (seedance-2.0/fast/ not seedance-2.0-fast/).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Seedance 2.0 / 2.0 Fast to video gen with model selector UI,
duration/resolution/aspect-ratio/audio controls. Fix broken port
outputs on both video-gen and image-gen shapes so arrow connections
propagate generated content to downstream shapes. Add input port
listeners for prompt and image data flow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The auth proxy only covered /api/auth/*, /api/register/*, /api/account/*
but the identity component also calls /api/session/verify, /api/session/refresh,
/api/guardians, /api/user/*, /api/device-link/*, /api/recovery/* — all of which
were hitting 404 on the rspace server. The session verify 404 was interpreted
as "session revoked", clearing localStorage and logging users out on every page
load after the 5-minute validation interval.
Also fix profile/recovery links in header that opened empty string (same-origin
root) instead of auth.rspace.online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /api/auth/*, /api/register/*, /api/account/* proxy routes to
rspace-online server, forwarding to encryptid container internally.
This eliminates cross-origin requests that Safari blocks via ITP or
Cloudflare security challenges.
- Change client auth URLs from https://auth.rspace.online to same-origin
in rstack-identity, rspace-header, login-button, and session modules.
- Add PRF extension try/catch fallback in webauthn.ts — Safari throws
TypeError on the unsupported PRF extension, now retries without it.
- Bump SW cache version v7→v8 to bust stale cached bundles.
Fixes passkey login for Safari/macOS users (e.g. christina) who were
getting "Network error when attempting to reach resource".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds always-visible home button in tab bar, toggleable dashboard overlay,
widget card system with 8 widgets (tasks, calendar, activity, members,
tools, quick actions, wallet, flows), customize mode with toggle/reorder,
and dashboard summary API endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New folk-makereal shape converts hand-drawn wireframes into functional
HTML/CSS using Gemini Flash 2.5 vision. Drawing canvas + live iframe
preview with framework selector (HTML/Tailwind/React), code view toggle,
and copy/open-tab actions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Figma-style threaded comment markers anchored to data-collab-id
elements across all module pages. Comments stored in per-space Automerge
doc, synced via existing local-first stack. Bell is now context-aware
(canvas pins on canvas, module pins on module pages). Notifications
route through existing WS/push/email system with new module_comment
and module_mention event types.
New files: module-comment-types, module-comment-schemas,
rstack-module-comments component. Updated: shell, comment bell,
notification routes. Added data-collab-id to crowdsurf, rtime, rmeets.
Fixed pre-existing SKILL_LABELS import error in rtime/mod.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Broadcasts in-app, push, and email notifications to all space members
when a comment pin is created or replied to. @mentioned users get their
specific mention notification instead (no double-notify). Fixes pre-existing
TS error in rtasks local-first-client (missing dueDate default).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a small bug icon (bottom-right) that opens a modal to collect
errors, device info, comments, and optional screenshots, then emails
the report to jeff@jeffemmett.com via the existing SMTP transport.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The oven/bun:1-slim image lacks system CA certs, causing TLS verification
failures on outbound HTTPS for link-preview. Also implements the
/api/design-agent SSE endpoint — Gemini Flash tool loop driving the
Scribus bridge for DTP layout generation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
HMAC-signed stateless tokens let external respondents vote on rChoices
polls or RSVP to rCal events via a single tap — no account required.
Routes mounted at /respond/:token bypass space auth. Typed EventAttendee
schema replaces unknown[] on CalendarEvent.attendees. Invite endpoints
on both modules generate tokens and optionally send email invitations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The clf space is private, so all API calls were getting 401'd by the
space access middleware before reaching the rtasks routes. Add
/rtasks/api/ to the public endpoint exemption list (like rwallet,
rdesign, rvote already are).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Root route now sends no-cache headers to bust stale 301s from the
rcal standaloneDomain mishap. Standalone domain redirects changed from
301 (permanent/browser-cached) to 302 (temporary) so misconfiguration
can never stick in user browsers again.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Ranking: replace broken :hover drop-target with getBoundingClientRect hit testing
- Spider: add #isSliding guard to prevent slider destruction during drag
- Video gen: bump timeout to 10min, show real fal.ai queue position/status
- Fix NotificationCategory type to include 'payment' in db.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Community members post buy/sell intents for CRDT tokens (cUSDC, $MYCO, fUSDC)
against 8 fiat currencies. Bipartite solver matches intents every 60s. Escrow
via token-service burn/mint trio. Reputation scoring with badges. 14 API routes,
canvas shape with physics orbs, and landing page.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Module onInit functions (rvote, rtasks, rcal, etc.) call seedDemoIfEmpty
which checks the sync server for existing docs. Previously onInit ran
as an IIFE before loadAllDocs completed, so it always found empty docs
and re-seeded demo data — overwriting user deletions/changes. Now
onInit runs inside the loadAllDocs .then() chain, ensuring persisted
data is loaded before any seed checks run.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The ascii-art service returns raw HTML, not JSON. Wrap response in
{html, text} JSON envelope and strip tags for plain text version.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add folk-ascii-gen canvas shape with pattern/palette selectors
- Add POST /api/ascii-gen proxy to ascii-art service
- Register create_ascii_art in canvas tools + triage panel
- Fix WAN 2.1 t2v endpoint URL (fal-ai/wan/v2.1 → fal-ai/wan-t2v)
- Convert video gen to async job queue (avoids Cloudflare timeouts)
- Fix Docker API Content-Type bug in sidecar-manager
- Convert scribus-novnc and open-notebook to on-demand sidecars
- Add ensureSidecar("scribus-novnc") to rDesign bridge proxy
- Fix Hono ContextVariableMap and handleTransakMessage type errors
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pin encrypted backups and AI-generated files to Kubo (ipfs.jeffemmett.com)
as fire-and-forget redundancy. Filesystem remains primary storage — IPFS
failures are logged and swallowed. Adds /api/ipfs routes for status,
pin/unpin, and gateway proxy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ImapFlow clients were created without .on('error') handlers. Socket
timeouts emitted unhandled errors that crashed the entire process,
taking down all 32 modules. Added error handlers to all 3 ImapFlow
instantiation sites and a process-level uncaughtException/unhandledRejection
safety net.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Modules now declare their canvas shapes and AI tools (canvasShapes/canvasToolIds
on RSpaceModule), creating a single source of truth that the canvas enforces:
- Phase 1: Extended RSpaceModule + ModuleInfo, added moduleId to CanvasToolDefinition
with getToolsForModules() filter, added moduleOf() to ShapeRegistry, populated
declarations in 9 modules, fixed 8 ungated toolbar buttons (rchoices, rwallet, rsocials)
- Phase 2: AI prompt sends enabledModules, server filters Gemini tool declarations
- Phase 3: folk-commitment-pool and folk-task-request show lock overlay when rtime disabled
- Phase 4: Extracted MODULE_META into shared lib/module-display.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Authenticated users visiting {space}.rspace.online/ now get a server-side
302 to /rspace instead of rendering the full dashboard then JS-redirecting
(eliminates flash of wrong header + 2-3 redirect chain → single redirect).
Bare domain rspace.online/{space} now 301-redirects to {space}.rspace.online/
so /{space}/ never appears in the URL bar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add folk-mermaid-gen web component: AI-powered diagram generation via
Ollama, client-side SVG preview via mermaid.js, animated GIF export via
mermaid.rspace.online API
- Register in canvas tools, toolbar, and shape registry
- Add role selector dropdown to share panel invite form (backend already
supports role parameter)
- Fix pre-existing TS errors: SankeyNode missing address field,
SpaceMember type mismatch in WebSocket auth fallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rTasks: port backlog-md ordinal algorithm (bisection + rebalance),
fix column detection via bounding-box hit test, add empty-column
drop zones, source column dimming, no-op detection, and optimistic
DOM updates (no flash). New bulk-sort-order rebalance endpoint.
EncryptID: sync claimed invite members to Automerge doc immediately,
redirect to space subdomain after identity claim.
Server: add /api/internal/sync-space-member endpoint, fallback
member check in WebSocket auth for not-yet-synced invites.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New module at modules/rsheet/mod.ts using externalApp pattern
- Embedded Y.js-backed spreadsheet grid with real-time sync
- Connects to shared y-websocket server for collaboration
- Registered in server/index.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ollama now starts on API request and stops after 5min idle, saving
~5-6GB RAM when not in use. Part of server-wide resource caps rollout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
KiCad, FreeCAD, and Blender sidecars now start on API request and stop
after 5min idle, saving ~8GB RAM when not in use. Docker socket mounted
into rspace container for container lifecycle control. Memory/CPU limits
added to all services to prevent runaway resource consumption.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New "Connections" tab in space settings with n8n-style visual dashboard
showing platform cards (Google, Notion, ClickUp live + 7 coming soon)
connected via SVG bezier lines to central rSpace hub node. Includes
OAuth connect/disconnect flows and GET /api/oauth/status endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The subdomain canonicalization logic treated "modules" as a space slug,
redirecting /modules/rmeets/... to modules.rspace.online/rmeets/... (503).
Add "modules" to the serverPaths exclusion set so module JS assets
served from /modules/ are handled by Hono instead of redirected.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Port hcc-mem-staging SPA into rSpace as the rTime module. Canvas-based
commitment pool with physics orbs, SVG weaving editor with hex nodes
and bezier wires, execution panel, and optional Cyclos timebank proxy.
Automerge CRDT persistence, demo seeding, and full landing page
explaining community-based ledgers and emergent collaboration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rspace.online/{moduleId} was rewriting to /demo/{moduleId}, serving the
internal nav hub. Now calls renderModuleLanding() with the module's rich
landing page when available, falling back to demo rewrite otherwise.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When switching rApps from the dropdown, TabCache now requests
?fragment=1 which returns a lightweight JSON payload (~200 bytes)
instead of re-rendering the full 2000-line shell HTML template.
This eliminates server-side shell rendering and client-side
DOMParser overhead. Also prefetches fragments on hover.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
One-shot migration to fix visibility for spaces that were changed
by stale client sync. Also imports updateSpaceMeta in index.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cloudflare was caching sw.js for 4 hours (default JS caching),
preventing service worker updates from reaching clients.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Blender: add wrapper with height:100%, min-height:0 for flex shrink,
object-fit:contain on img — render stays within shape bounds.
FreeCAD: update assembleFreecadResult to scan all tool results for file
paths (.step, .stl, .png), not just execute_python_script JSON parsing.
Add preview PNG rendering instruction to system prompt. Add subdirectory
file serving routes for /data/files/generated/:subdir/:filename. Add
STEP/STL/SVG/PDF mime types.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
EEVEE needs GPU; Cycles CPU works headless. Added libegl1, libgl1-mesa-dri,
libglx-mesa0 to Dockerfile. Updated Gemini prompt to specify Cycles engine
with 64 samples.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a module script (e.g. canvas-*.js) fails to load (502 during
deploy, network error), the pane stayed in cache with a blank canvas.
Subsequent tab switches showed the broken cached pane instead of
re-fetching. Now script onerror removes the failed tag and evicts
the pane, so the next switchTo does a fresh fetch.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SSE transport crashes on concurrent connections (supergateway
single-session limit). StreamableHTTP supports multiple sessions.
Also set KICAD_PYTHON=/usr/bin/python3 for existsSync validation
and install missing requests package.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Server now relays presence-leave alongside presence messages for immediate peer removal
- Overlay properly unsubscribes leave listener on disconnectedCallback
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch from broken StdioClientTransport (child process) to
SSEClientTransport (HTTP to sidecar containers via supergateway).
Both sidecars share rspace-files volume so generated CAD files
(STEP, STL, Gerber, SVG) are directly servable without copying.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett