Shapes that overlap now drift apart gently over ~1 second via an
ambient requestAnimationFrame loop, instead of snapping instantly
when dragged. folk-slide and folk-arrow are exempt.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Root cause: scale/panX/panY were declared with let at line 5014, but
event handlers referencing them were registered before line 2771. Since
the module has top-level awaits (offlineStore.open, sync.initFromCache),
execution yields and events can fire before the let declarations,
causing "Cannot access variable before initialization" TDZ errors.
Fix: hoist scale/panX/panY declarations to before any await statements.
Also add Cache-Control: no-cache for HTML files and immutable for
Vite content-hashed assets to prevent stale bundle caching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When the last tab is closed, a dashboard appears showing the user's
spaces (sorted by most recent visit), notifications, and quick actions.
Clicking any item creates a new tab and hides the dashboard. Browser
back/forward handles dashboard state correctly.
Also adds proper cache headers for HTML and Vite-hashed assets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Labels now appear as floating tags outside the toolbar on hover/open
instead of expanding the button width inside the narrow toolbar.
Toolbar overflow changed to visible so labels aren't clipped.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Mobile toolbar shows compact 48x48 icon grid instead of full-width rows
- Labels hidden on mobile, title shown in popout panel header
- Separators hidden on mobile to save space
- Tap icon to open bottom-sheet panel with title + sub-tools
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add tg-icon + tg-label spans inside toolbar group toggle buttons
- Label hidden by default, revealed on hover/open via CSS
- Panel header uses title attribute instead of emoji-only textContent
- Plus menu headings also use title attribute for group names
- Mobile: labels always visible alongside icons
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add if (!this.shadowRoot) guard in history panel and space settings
connectedCallback to prevent error on element reconnection
- Null-check toggleMemoryBtn before addEventListener since #toggle-memory
element was removed
- Import and register RStackSpaceSettings + RStackHistoryPanel in
canvas.html so settings gear and history panel work on canvas page
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rich landing page for rspace.online/rmeets with sections on self-hosted
infrastructure, data sovereignty, ecosystem integrations, and roadmap
(local transcription, BYOS, data integrations).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace folk-video-chat toolbar button with rMeets (Jitsi) rApp
embed in the Connect group. Add rmeets, rschedule, rsocials to
folk-rapp MODULE_META. Add rMeets entry to MI tool schema.
The old folk-video-chat shape remains available for direct use
but is no longer in the toolbar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds rMeets module with hub page (Quick Meet, Join Room, Jitsi Lobby)
and room pages that embed jeffsi.localvibe.live via renderExternalAppShell.
Jitsi URL configurable via JITSI_URL env var.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix rFlows light/dark theme: change CSS selectors from :root /
[data-theme] to :host / :host([data-theme]) so they work inside
shadow DOM. Mirror data-theme attribute from <html> onto the
folk-flows-app host element via MutationObserver.
- Canvas toolbar: icons only (no text labels), hover opens group
name header + submenu flyout. Minimize button moved to top with
chevron icon, collapses to wrench icon. Mobile gets emoji + text
via ::after pseudo-element for touch accessibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The main server's Related Origins list was stale — it listed 5 generic
r*.online domains instead of the priority domains where passkey ceremonies
actually happen. This caused p2pf socials (socials.p2pfoundation.net) and
other external domains to fail WebAuthn authentication because browsers
couldn't verify them as related origins for RP ID rspace.online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move settings gear to header right (next to identity) on all pages.
Add history clock button in header left that opens a new slide-out
history panel with Activity feed and Time Machine tabs. Embed author
identity (DID, username, timestamp) in Automerge change messages via
JSON envelope, with backward-compatible parsing for old plain strings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Prevent foreignObject HTML clicks from starting node drag (select + inline edit instead)
- New source nodes get personalized "{username}'s stream to {flowName}" label
- Replace source type <select> dropdowns with clickable "Pay by" button grid
in ICP panel, editor panel, and source modal
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- L-1: Remove internal error details from SIWE verify response
- L-2: Stop forwarding raw Safe API error bodies to clients (log server-side)
- L-3: Evict stale keys from nonce rate limiter to prevent memory leak
- L-4: Add input length/type guards on wallet-link verify body fields
- L-5: Sanitize and cap limit query param on Safe transfers route (max 200)
- L-6: Server recomputes addressHash from SIWE address instead of trusting
client-supplied value for dedup
- L-7: Reset LinkedWalletStore singleton on logout to clear cached keys
- I-1: Add X-Content-Type-Options, X-Frame-Options, Referrer-Policy headers
- I-9: Build EIP712Domain type array dynamically from domain fields in
ExternalSigner.signTypedData (was hardcoded to empty, dropping fields)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- H-3: Rate limit wallet-link nonce to 5 per user per 5 minutes (429)
- H-4: Verify sender address matches JWT walletAddress in add-owner-proposal;
also include walletAddress in JWT eid claims
- M-1: Sanitize EIP-6963 provider icons — only allow https: and safe
data:image/(png|jpeg|gif|webp), block SVG and javascript: URIs
- M-2: Validate threshold is a positive integer ≤ newOwnerCount, fetch
actual Safe owner list for bounds checking
- M-3: Add VALID_ETH_ADDR regex validation to all 9 routes that accept
address params (Safe proxy, EOA proxy, propose, confirm, execute,
add-owner-proposal) to prevent SSRF via path traversal
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- C-1: Replace Base64 fake encryption with real AES-256-GCM server-side
encryption for linked wallet data (HKDF-derived key from JWT_SECRET)
- H-1: Escape token name/symbol in balance table to prevent XSS
- H-2: Salt address hash with user ID to prevent cross-user correlation
- M-4: Remove cleartext sessionStorage cache for linked wallets
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The auto-redirect through OIDC authorize fails because the client app
(Postiz) didn't initiate the OAuth flow and has no matching state.
Instead, show a branded success page with a link to the app. The user
signs in with their passkey when they visit the app normally.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Users can now connect browser wallets (MetaMask, Rainbow, etc.) to their
EncryptID identity via SIWE ownership proof, and view linked wallet
balances in the unified rWallet viewer.
New files:
- eip6963.ts: EIP-6963 multi-provider discovery
- external-signer.ts: EIP-1193 provider wrapper for tx signing
- linked-wallets.ts: encrypted client-side store (same AES-256-GCM pattern)
Server: wallet-link nonce/verify/list/delete routes, linked_wallets table,
Safe add-owner-proposal endpoint, new session permissions.
UI: "My Wallets" section with provider picker, SIWE linking flow,
wallet type badges, and click-to-view for linked wallets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Build context was set to parent dir (..) which broke all COPY paths.
Use context: . with additional_contexts for the encryptid-sdk sibling,
matching the pattern in the main docker-compose.yml.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Browsers enforce a 5 eTLD+1 limit on Related Origins. The previous
config dumped all 29 r*.online domains, causing ridentity.online to
be ignored (position 15). Now only lists the 5 domains that actually
need passkey auth: ridentity, rsocials, crypto-commons, p2pfoundation,
rwallet.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Admin UI at /admin/oidc with passkey login, gated by ADMIN_DIDS.
Supports viewing/creating/deleting clients, adding/removing allowed
emails per client, revealing/rotating secrets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move OIDC client seeding into the database init IIFE to prevent
race condition where seeding runs before tables are created.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add full OIDC Authorization Code flow (discovery, authorize, token,
userinfo) so external apps like Postiz can authenticate via EncryptID
passkeys through auth.ridentity.online.
Add "Claim your rSpace" identity invite system — authenticated users
can invite friends by email, who register a passkey and optionally
auto-join a space.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace ~30 hardcoded dark hex colors in folk-wallet-viewer with --rs-*
CSS variables so rWallet adapts to both light and dark themes. Warm up
the global light palette from pure white to off-white tones.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
seedDemoIfEmpty in onInit ran before docs were loaded from disk, causing
duplicate notebooks. Seeding is already handled post-loadAllDocs via
the seedTemplate hook.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add pointer-based gesture handling to the calendar for lateral navigation
(drag/swipe left/right) and pinch-to-zoom between temporal layers. Also
fix dark mode across 30+ canvas shape components by replacing hardcoded
white backgrounds and input styles with --rs-* CSS custom property
references (with light-mode fallbacks).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The rnotes module has defaultScope: 'global' but several code paths
used the raw space slug instead of the resolved scope:
- subscribeNotebook() built docIds with space slug (e.g. jeff🎶...)
instead of resolved scope (global🎶...), breaking Automerge sync
- seedDemoIfEmpty() seeded notebooks under space-scoped paths, orphaning
them when the API queries global-scoped prefix
- onSpaceCreate() created default notebook under space scope
Also migrated 3 orphaned jeff-scoped notebook files to global/ on server.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Safe Global deprecated per-chain subdomains (safe-transaction-*.safe.global)
in favour of api.safe.global/tx-service/{shortcode}. The old URLs now 308
redirect, and the /balances/usd/ endpoint no longer exists.
- Update CHAIN_MAP prefixes to new shortcodes (eth, oeth, gno, etc.)
- Switch all Safe API calls to new base URL
- Use /balances/ instead of /balances/usd/ (fiat data no longer available)
- Normalize balance response with native token info and placeholder fiat fields
- Update client to show tokens with non-zero balance even without fiat data
- Update encryptid/server.ts Safe verify endpoint to new API
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
folk-notes-app was missing Authorization headers on all fetch calls,
causing 403 errors on non-demo spaces. Now uses getAccessToken() from
rstack-identity consistently.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Subdomain routing (demo.rspace.online) already prepends the space,
so links should use /rsocials/... not /demo/rsocials/...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Testnet chains (Sepolia, Base Sepolia) are now always included in
detection results when testnets are toggled on, even if no native
balance is found. This allows viewing ERC-20 tokens on testnets
where native ETH balance may be zero.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Skip the browser prompt() dialog — clicking "+ New Notebook" now
immediately creates an "Untitled Notebook" and opens it for editing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure rSocials landing to a hub with navigation cards for Campaigns,
Threads, and Thread Editor. Rename /thread routes to /thread-editor for
clarity. Render campaigns listing inline instead of redirecting. Also
improve rNotes notebook creation to auto-open first note for editing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 1 — Fix scope system: new scope-resolver.ts resolves global vs
space-scoped docId prefixes. Server middleware sets effectiveSpace on
Hono context. All 18 modules updated to use dataSpace for Automerge
doc access while keeping space for display. Client runtime gets
setModuleScopes() and resolveDocSpace() for local-first scope
resolution.
Phase 2 — Seamless cross-space navigation: TabCache now tracks panes
per space:module key. OfflineRuntime maintains lazy WebSocket
connections per space. Space-switcher dispatches space-switch event
handled client-side with history.pushState instead of full reload.
Phase 3 — Spaces as layers: Layer type extended with spaceSlug and
spaceRole. Tab bar gains "Add Space Layer" picker. Canvas renders
cross-space shapes with visual indicators. Space layers persisted as
SpaceRefs via nesting API. Runtime provides getAllActiveSpaces() and
subscribeModuleAcrossSpaces() for module-level data aggregation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the bare address-only empty state with a full dashboard landing:
hero branding, supported chain chips, feature cards, clickable example
wallets (TEC, Gitcoin, Vitalik), and animated loading spinner.
Adds testnet toggle (off by default) that filters Sepolia/Base Sepolia
from detection endpoints via ?testnets=true query param. Shows Safe
Multisig / EOA Wallet badge when a wallet is loaded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Transak: default env PRODUCTION, fail if API key missing instead of
falling back to STAGING_KEY
- Coinbase: default environment production instead of sandbox
- Openfort: default chain ID 8453 (Base mainnet) instead of 84532 (Sepolia)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- My Wallet: shows linked wallet address with rWallet link, plus any
pending fund claims with "Claim Now" button
- My Spaces: lists communities the user belongs to with role and
treasury wallet links
- New APIs: GET /api/user/spaces, GET /api/user/claims
- New DB function: listSpacesForUser()
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instead of expiring old claims, new deposits add to the existing
pending claim's fiat_amount and extend the expiry. The claim email
shows the updated total.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- OpenfortProvider.findOrCreateWallet() searches by player name before
creating, ensuring the same email always maps to the same wallet
- Fund claims endpoint expires old pending claims before creating new ones
- Added expireFundClaim() to db layer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously rWallet only supported Safe multisig wallets. Now it falls
back to EOA detection via public RPC endpoints when no Safe is found,
allowing any Ethereum address to view native balances across chains.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett