Dual-SPA deploy, QE audit, docs rewrite, crypto upgrades#5
Closed
jjohare wants to merge 149 commits intoTheDreamLabUK:mainfrom
Closed
Dual-SPA deploy, QE audit, docs rewrite, crypto upgrades#5jjohare wants to merge 149 commits intoTheDreamLabUK:mainfrom
jjohare wants to merge 149 commits intoTheDreamLabUK:mainfrom
Conversation
Regenerated lockfile to ensure dev dependencies (vite) are properly resolved during npm install. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Authentic 4D mathematical tesseract projection (16 vertices, 32 edges) - W-axis rotations (XW, YW, ZW) for "impossible" 4D transformations - Projection formula: scale = hyperplane / (hyperplane + w) - Canvas bloom effect via shadowBlur (GPU-accelerated) - 25 lightweight particles with gravity well - Color scheme per design experts: blue #3B82F6 primary, cyan #22D3EE (far 4D), orange #F6823B (near 4D) - NO PURPLE - differentiates from generic AI gradient aesthetics - Updated Index.tsx UI elements to match blue/cyan/orange palette Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
TesseractProjection.tsx: - Multi-pass glow rendering (outer/mid/core) for dramatic bloom effect - Increased shadowBlur from 12 to 35, base alpha from 0.35 to 0.6 - Vertex halos with layered glow system - Performance optimizations retained (pre-allocated buffers, cached context) Index.tsx: - Lazy-load 5 below-fold components with React.lazy() - Suspense boundaries with minimal spinner fallbacks - Initial bundle reduced from ~30KB to 15.74KB - Components load progressively on scroll Expected improvements: - Faster Time to Interactive (less main thread blocking) - Reduced Total Blocking Time - Dramatic visual impact from heavy glow effect Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PERFORMANCE FIX: Reduces draw calls from 144 to ~52 (64% reduction) Changes: - Offscreen canvas for glow layer (single composite vs 3 passes per edge) - Batched path drawing (all edges in one stroke, all vertices in one fill) - Single shadowBlur (25) instead of 3 varying passes - CSS filter blur for soft outer glow (hardware accelerated) - Deep gold color palette by default - 50% alpha per user request - Optional 30fps throttle for slower devices Old approach (SLOW): - 32 edges × 3 shadow passes = 96 edge draws - 16 vertices × 3 shadow passes = 48 vertex draws - Total: 144 draw calls per frame New approach (FAST): - 1 batched glow stroke + 1 batched glow fill = 2 offscreen draws - 2 composite drawImage calls - 32 individual edge draws (color variation) - 16 individual vertex draws - Total: ~52 draw calls per frame Expected improvement: Smooth 60fps on most devices Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
DESIGN: - Replaces tesseract with Voronoi tessellation - Golden ratio (φ) seed placement via Vogel's model - Bowyer-Watson Delaunay triangulation for edges - Bronze/gold/bright-gold color palette FEATURES: - Light motes traveling along edges with pulsing glow - Tilt-shift blur effect for scale impression - Mist fade on outer 30% reducing visual noise - Simplex noise for organic animation PALETTE: - Background: #0e0e11 (anthracite) - Bronze: #CD7F32, Gold: #D4A574, Bright: #FFD700 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New /masterclass route with product-lead format - Tighter hero copy: "Build AI agents for your business" - Progressive reveal for advanced agentic platform capabilities - Two pricing tiers: 1-day workshop (£2,995) and 2-day residential - FAQ, guarantee, and clear value proposition sections - Workshop positioned as commodity entry point - Residential reveals multi-agent orchestration platform Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Convert large JPG/PNG images to WebP format - labview2.jpg: 8.6MB → 199KB (97% reduction) - labview3.jpg: 7.4MB → 154KB (98% reduction) - view3.jpeg: 3.1MB → 370KB (88% reduction) - wine.png: 2.2MB → 91KB (96% reduction) - showcase images: ~24MB → ~1.4MB total - Add source files to .gitignore to prevent re-committing originals - Total savings: ~45MB from repository Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Restore residential training images needed by ResidentialTraining.tsx - Generate missing video poster thumbnails from first frames - Update view3.jpeg → view3.webp reference - Update .gitignore to only exclude large converted files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Sync Home page pricing with Masterclass (£2,995/£1,695 pp) - Update Dr John O'Hare bio with LinkedIn-verified info (HP AI Lighthouse Partner) - Fix golden motes rendering order (now visible above mist/vignette) - Update sitemap.xml with correct routes (remove /services, add actual pages) - Add package.json metadata (description, author, repository, license) - Fix ESLint empty interface errors in UI components Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Convert 44 team PNG images to WebP format (6.4MB → 912KB, 86% reduction) - Dynamic import mermaid in WorkshopPage (679KB → loaded on demand) - Cache canvas gradients in VoronoiGoldenHero (created on resize, not every frame) - Pre-allocate Vector3 objects in TorusKnot (reduces GC pressure in useFrame) - Update Team.tsx to prefer WebP with PNG fallback for older browsers Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Homepage CTA now links to /masterclass#content, skipping the redundant hero section. Users landing from the CTA see the valuable content (instructor bio, course details) immediately instead of a near-duplicate of the page they just left. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Rewrite Dr. O'Hare bio: compact, factual (PhD, 25yr R&D, CaVE, IMAX, £8M grants, 42 consultants) - Remove incorrect claims (HP Lighthouse, Unreal CTO) - 1-day workshop: £1,495 pp (up to 6 people) - Residential: from £995/day pp (variable 2-5 days, max 4 people) - Update homepage hero to match new pricing Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Homepage hero now has two CTAs: Workshop (→ /masterclass#pricing) and Advanced Residential (→ /workshops) - Created dedicated /testimonials page with expanded success stories - Changed Masterclass residential card CTA to link to /workshops - Added "Success Stories" to header navigation Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add mouse-aware gravitational effects to Voronoi hero animation - Restructure homepage with 13 focused sections for AI masterclass - Include John's intro, outcomes, AI agent explainer, use cases - Add how it works, target audience, pricing (£2,999+VAT), guarantee - Add about section, 10-item FAQ, final CTA with email signup - Move testimonials to dedicated /testimonials page - Update residential link routing to /residential-training Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The parent HyperdimensionalHeroBackground had pointer-events-none which blocked all mouse events from reaching VoronoiGoldenHero's gravitational effect handlers. Now the Voronoi canvas receives mouse events while overlay elements remain non-interactive. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Scale Voronoi mesh to 150% (extends beyond text boundaries) - Increase node count 30% (80 → 104) with proportional edges - Replace direct position assignment with velocity physics: - Spring force returns nodes to rest position - Mouse attraction applies acceleration toward cursor - Damping (0.92) creates smooth deceleration with residual momentum - Velocity clamping prevents runaway movement - Nodes now smoothly accelerate/decelerate instead of snapping Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Reduce damping to 0.995 (near-zero decay, long momentum trails) - Reduce returnForce to 0.02 for longer drift before return - Increase maxVelocity to 12 for more dynamic movement - Update hero headline: "Learn how to build, deploy, and manage AI agents" - Update subheadline: "In a few hours we'll give you the tools..." Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace placeholder with actual photo of Dr John O'Hare for the bio section on homepage. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Increased damping for faster deceleration, reduced max velocity and force strength for more elegant, slower movement. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Shortened to "Learn how to build and manage AI agents" with warm bronze/gold text-shadow glow effect. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replaced /images/team/jjohare.webp with /data/team/04.webp in both the intro and 'About me' sections on the homepage. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Replace cal.com booking links with /contact (404 fix) - Replace mailto CTAs with /contact navigation - Change /terms to /privacy (missing route) - Change brochure download to Request Brochure button - Remove trailing ? from LinkedIn URLs Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Remove mobile-audit/ directory (2.7MB test screenshots) - Remove test-results/ directory - Remove docs/screenshots/ (VNC development captures) - Remove duplicate docs: AFD-landing-page-architecture.md, PRD-LANDING-PAGE-REDESIGN.md - Completely rewrite README with accurate site information: - 44 team members, 13 pages, 19 components - Tech stack documentation - Content management instructions - Documentation index Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove ~98MB of unused code and artifacts: - brochure/ - abandoned PDF generation system - workshop-builder/ - orphaned Docker-based agent system - Marketing-Material/ - static presentation backdrops - wasm-voronoi/target/ - Rust build artifacts (keep src + pkg) - .claude/, .claude-flow/, .swarm/, .aqe/ - runtime state Update .gitignore to prevent re-addition of: - Runtime state directories - Test outputs (mobile-audit/, test-results/) - Rust build artifacts Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add Community menu item to Header.tsx (opens in new tab) - Update deploy.yml to build Fairfield SvelteKit app with BASE_PATH=/community - Move GCP service workflows to root with fairfield-* prefix - Disable fairfield/.github/workflows to prevent double deployment - Update fairfield/config/sections.yaml defaultPath to /dreamlab/dreamlab-lobby Services deployed to Cloud Run: - nostr-relay: WebSocket relay for Nostr BBS - embedding-api: Python embedding service - image-api: Image upload to GCS Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update public/404.html to detect /community paths and redirect appropriately - Add redirect handler script to fairfield/src/app.html to pick up stored path - Enables deep linking to routes like /community/dreamlab/dreamlab-lobby Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move redirect handling from app.html (history.replaceState) to +layout.svelte (goto) - history.replaceState doesn't trigger SvelteKit router, goto() does - Use sessionStorage.setItem/getItem for consistency - 404.html stores path, +layout.svelte navigates after hydration Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Desktop: - Sidebar now starts expanded by default (zoneNavCollapsed=false) - Users can still collapse/expand as needed Mobile: - Added persistent bottom navigation bar with Zones, Chat, Messages, Admin (if admin), Profile buttons - Added bottom sheet drawer for zones navigation when tapping Zones - Bottom nav is always visible (modern mobile UX pattern) - Added safe-area padding for notched devices - Main content has bottom padding to prevent overlap with nav Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Includes: - Desktop sidebar expanded by default - Mobile bottom navigation bar - Mobile zone drawer
- Add retry mechanism for relay connection (max 3 retries) - Show user-friendly connection error UI with retry button - Initialize isMobile detection earlier for SSR-safe rendering - Improve error messages for timeout and auth failures - Ensure navigation renders regardless of relay connection state Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…entials
1. publishEvent now detects dropped WebSocket and reconnects before retrying,
fixing "not enough relays" when updating username after CF Worker idle.
2. auth-api /auth/login/options returns 404 with NO_CREDENTIAL code when no
passkey is registered for the pubkey, instead of returning null prfSalt.
3. Client passkey login shows actionable error ("use private key login")
instead of the generic "does not have PRF data" message.
Co-Authored-By: claude-flow <ruv@ruv.net>
…njection Relay: - Await ndk.connect() before polling pool (fixes empty pool race condition) - Unify RELAY_URL config (remove localhost:7777 fallback in settings.ts) Android/Mobile: - Add safe-area-inset-top to Navigation sticky navbar - Wrap button hover/active scale transforms in @media (hover: hover) - Constrain app name width on narrow screens (truncate at 140px) - Account for safe-area in sidebar max-height calculation Workers Performance: - Add cron keep-warm (*/5 * * * *) to all 5 CF Workers - Add scheduled() handlers (D1 ping, WASM store preload) - Batch D1 DELETE+INSERT for replaceable events in relay DO Security: - Escape LIKE wildcards in tag filter values (relay-do.ts) - Escape LIKE wildcards in cohort filter (nostr-relay index.ts) Co-Authored-By: claude-flow <ruv@ruv.net>
…nfo leak CRITICAL security fixes: - relay-do: verifyEventId now computes SHA-256 of NIP-01 canonical JSON instead of only checking hex format (was accepting any 64-char hex as valid) - auth-api: handleLoginVerify now performs full verification chain: NIP-98 proof → credential ID match → clientDataJSON (type/challenge/origin) → authenticatorData (rpIdHash/UP+UV flags/sign counter) → replay detection - nostr-relay health: strip event/whitelist counts from unauthenticated endpoint - view/[noteId]: dynamic NDK import for unauthenticated public page viewers Co-Authored-By: claude-flow <ruv@ruv.net>
…DR-012) Security: eliminate localStorage privkey storage, add SSRF DNS resolution with manual redirect following, remove dead hooks.server.ts, secure gen-admin output. Architecture: consolidate dual channel stores, make config reactive, unify session schema v2, add trust boundary documentation across relay-client boundary. Quality: move puppeteer to devDeps, fix pre-commit paths, rename package, fix update_manifest.py missing import. Co-Authored-By: claude-flow <ruv@ruv.net>
- Create onnx-local.ts: WasmEmbedder from ruvector for real 384d transformer embeddings (all-MiniLM-L6-v2) with Cache API model persistence - Upgrade embedQuery() to 3-tier priority: ONNX → server /embed → hash fallback - Wire indexNewMessage() to push embeddings to search-api via NIP-98 auth - Fix storeEmbedding() to use fetchWithNip98 (was unauthenticated fetch) - Add WASM asset handling and ruvector exclusion in vite.config.ts - Document RVF runtime architecture (self-bootstrapping .rvf containers, 28 segment types, two WASM modules, model embedding approaches) Co-Authored-By: claude-flow <ruv@ruv.net>
…broken links - Add mermaid diagrams to 6 key docs: architecture, RVF runtime, auth flow, DDD bounded contexts, deployment pipeline, ADR-010 migration comparison - Deprecate obsolete GCP docs: move EMBEDDING_SERVICE and CLOUD_SERVICES to archive/ with redirect stubs, replace with current CF Workers references - Create docs/api/SEARCH_API.md: full search-api Worker documentation with endpoint specs, WASM reference, architecture diagrams, NIP-98 auth - Fix 12 broken cross-document links across 9 files - Update security docs: Cloud Run → Cloudflare Workers, GCP Secret Manager → wrangler secret, fairfield.community → dreamlab-ai.com - Update docs hub: add ADR-011/012, Search API, RVF architecture links - Validate all ADR cross-references bidirectional (003↔010, 008↔010) 31 files changed across docs/, docs/api/, docs/adr/, docs/security/, docs/deployment/, docs/archive/, docs/features/, docs/reference/ Co-Authored-By: claude-flow <ruv@ruv.net>
…hort Root cause: relay /api/check-whitelist only checked env.ADMIN_PUBKEYS for isAdmin, ignoring the 'admin' cohort in D1 whitelist. User had admin cohort but isAdmin returned false because pubkey wasn't in wrangler.toml. Fixes: - Add a617d210 pubkey to ADMIN_PUBKEYS in wrangler.toml (first position) - handleCheckWhitelist: isAdmin now true if in ADMIN_PUBKEYS OR has 'admin' cohort - isAdmin(): now async, checks env var first then D1 whitelist cohorts - requireNip98Admin: await the now-async isAdmin check Co-Authored-By: claude-flow <ruv@ruv.net>
…rate) 6-phase plan to port 68K lines TypeScript/SvelteKit to Rust/Leptos WASM: - Phase 0: Cargo workspace, nostr-core shared crate, NIP-44/98 in Rust - Phase 1: WASM crypto bridge (hybrid SvelteKit + Rust crypto) - Phase 2: Port all 5 CF Workers to Rust via worker crate - Phase 3: Replace NDK + Svelte stores with rust-nostr + Leptos signals - Phase 4: Port 102 Svelte components to Leptos - Phase 5-6: Routes, PWA, optimization, cutover Targets: <0.5ms NIP-44, 70% memory reduction, zero GC, 90%+ coverage Scope: community-forum + workers ONLY (React main site excluded) Co-Authored-By: claude-flow <ruv@ruv.net>
- Remove 282 legacy docs (TS-era architecture, GCP references, community build artifacts) - Add PRD v2.0.0 (research-validated production Rust port plan, 16 weeks) - Add PRD v2.1.0 (accepted: tranche-based delivery, governance, vertical slices) - Add ADR-013 through ADR-019 (Leptos, hybrid validation, workers strategy, nostr-sdk, passkey-rs, testing, planning governance) - Add DDD set: domain model, bounded contexts, aggregates, domain events, value objects, ubiquitous language (all with Rust type signatures) - Add security docs (overview + authentication/PRF flow) - Add API docs (auth, pod, relay, search endpoints) - Add deployment docs (overview + Cloudflare Workers build/deploy) - Add developer docs (getting started + Rust style guide) ADR-019 and PRD v2.1.0 accepted as delivery baseline. DDD aligned to v2.0.0 technical baseline per governance rules. Co-Authored-By: claude-flow <ruv@ruv.net>
Cargo workspace with 5 crates: - nostr-core: event types, NIP-01 serialization, NIP-44 encryption, NIP-98 auth, key management with HKDF derivation (2,026 lines) - forum-client: minimal Leptos CSR placeholder - auth-worker, pod-worker, preview-worker: CF Worker scaffolds nostr-core highlights: - NIP-44 v2: ECDH + HKDF + ChaCha20-Poly1305 with proper padding - NIP-98: create/verify roundtrip, recomputed event ID (never trust input) - Keys: BIP-340 Schnorr sign/verify, PRF→HKDF derivation matching JS - Event: canonical JSON [0,pk,ts,kind,tags,content], SHA-256 ID - 62 tests including proptest crypto roundtrips CI: rust-ci.yml with fmt, clippy, test-native, test-wasm, check-wasm-client Co-Authored-By: claude-flow <ruv@ruv.net>
- 3 criterion benchmark suites: NIP-44 (encrypt/decrypt/convkey at 1K/10K/100K), keys (keygen, HKDF-PRF, Schnorr sign/verify, pubkey-hex), events (1K deser, ID compute, sign, verify) - wasm_bridge module: 7 wasm-bindgen exports (nip44_encrypt/decrypt, derive_keypair_from_prf, create/verify_nip98_token, compute_event_id, schnorr_sign) — conditional on wasm32 target - All 62 tests passing, all benchmarks compile Tranche 0 exit criteria met: - Cargo workspace: 5 crates compiling (native + wasm32) - nostr-core: NIP-01, NIP-44, NIP-98, BIP-340, HKDF-PRF - CI pipeline: fmt, clippy, test-native, test-wasm, check-wasm-client - Benchmark harness: criterion with 3 suites - WASM bridge: wasm-bindgen JS interop layer ready for SvelteKit integration Co-Authored-By: claude-flow <ruv@ruv.net>
Benchmark results (JS vs WASM, Node.js): NIP-44 encrypt 1KB: 22.0x faster (4.17ms → 190µs) NIP-44 decrypt 1KB: 16.3x faster (4.31ms → 265µs) NIP-98 token: 4.2x faster (3.76ms → 901µs) Schnorr sign: 3.4x faster (3.14ms → 925µs) HKDF-PRF derivation: 0.67x (JS wins — sub-ms, called once/session) Event ID compute: 0.59x (JS wins — 5µs, negligible) Go/No-Go: CONDITIONAL GO — crypto hot paths exceed 3x threshold. WASM bridge (9 exports, 293KB .wasm): - nip44_encrypt, nip44_decrypt - derive_keypair_from_prf, generate_keypair - create_nip98_token (fixed: js_sys::Date::now() replaces SystemTime) - verify_nip98_token - compute_event_id, schnorr_sign, schnorr_verify (new) SvelteKit integration: - src/lib/wasm/init.ts — lazy WASM loader, VITE_USE_WASM_CRYPTO flag - src/lib/crypto/index.ts — 6-fn abstraction (WASM-first, JS fallback) - passkey.ts: deriveKeypairFromPrf() via WASM - nip98-client.ts: createNip98Token() via WASM - vite.config.ts: exclude WASM from optimizeDeps + SSR Parity matrices: - 22-route matrix (6 HIGH, 2 MEDIUM, 5 LOW, 9 N/A priority) - 68-feature matrix (12 full WASM, 29 partial, 27 JS-only) Co-Authored-By: claude-flow <ruv@ruv.net>
…eline
T2.3: Mixed Rust+TS worker deploy pipeline (3-job workflow, wrangler.toml per worker)
T2.4: nostr-core finalized — verify_event_strict (typed EventError), verify_events_batch,
verify_token_at (explicit timestamp), Nip98Token Serialize/Deserialize, clean
lib.rs re-exports, 0 clippy warnings, 71 tests passing (up from 62)
Co-Authored-By: claude-flow <ruv@ruv.net>
T2.1: preview-worker — full port of link-preview-api (530 lines, 35 tests) SSRF protection, OG/Twitter parsing, CF Cache API, HTML entity decoding T2.2: pod-worker — full port of pod-api (3 modules, 22 tests) WAC ACL evaluator (JSON-LD @graph), NIP-98 auth via nostr-core, R2 CRUD (50MB limit), CORS, route parser 128 tests passing across workspace (71 nostr-core + 35 preview + 22 pod) Co-Authored-By: claude-flow <ruv@ruv.net>
auth-worker (4 modules, ~700 lines):
- webauthn.rs: register options/verify, login options/verify (6-step assertion),
credential lookup, base64url encode/decode, constant-time compare
- pod.rs: provision_pod (WAC ACL + profile card + metadata), handle_profile
- auth.rs: NIP-98 wrapper via nostr-core::verify_nip98_token_at
- lib.rs: router (8 routes), CORS, cron keep-warm (D1 ping)
relay-worker: crate scaffold + wrangler.toml (Durable Objects config)
128 tests passing across workspace
Co-Authored-By: claude-flow <ruv@ruv.net>
T3.2: relay-worker — full port of nostr-relay (5 modules, ~1660 lines)
- relay_do.rs: #[durable_object] NIP-01 WebSocket relay (857 lines)
EVENT/REQ/CLOSE handling, event validation, Schnorr via nostr-core,
NIP-16 replaceable/ephemeral/parameterized, D1 storage, broadcasting,
per-IP rate limiting (10 evt/s), connection limits (20/IP)
- whitelist.rs: check/list/add/update-cohorts (351 lines)
- nip11.rs: NIP-11 relay info document
- auth.rs: NIP-98 admin verification
- lib.rs: HTTP router, CORS (multi-origin + Vary), cron keep-warm
API tightening (review feedback):
- sign_event() now validates pubkey matches signing key (PubkeyMismatch error)
- sign_event() uses getrandom for BIP-340 aux nonce (production hardening)
- sign_event_deterministic() added for tests (zero aux, documented)
- 2 new tests: sign_event_rejects_wrong_pubkey, randomized_produces_valid
All 5 backend Workers now ported to Rust:
preview-worker, pod-worker, auth-worker, relay-worker, (search-worker = TS+WASM)
130 tests passing, 0 warnings
Co-Authored-By: claude-flow <ruv@ruv.net>
End-to-end vertical slice: passkey auth → relay → channel browse → messages Auth shell (6 modules, ~1,900 lines): - AuthState reactive signal with Leptos RwSignal + StoredValue for privkey - WebAuthn PRF ceremony: register + login with HKDF key derivation - Session persistence (localStorage pubkey only, privkey in memory) - Pagehide/pageshow listeners to zero privkey on tab close - NIP-98 client token creation + fetch_with_nip98 - Three auth paths: passkey, NIP-07 extension, local key (nsec) Channel browsing (5 modules, ~1,550 lines): - WebSocket relay connection with NIP-01 protocol + auto-reconnect - Channel list page subscribing to kind 40 (NIP-28 creation events) - Channel view with kind 42 messages + compose box + Schnorr signing - ChannelCard and MessageBubble components with Tailwind styling - Section filtering via URL query params App shell: - Leptos router with 5 routes: /, /login, /signup, /chat, /chat/:channel_id - Layout with auth-aware nav (login/signup vs chat/logout) - Auth gate redirecting unauthenticated users to /login - Relay context provided at app root, connects on auth success Doc updates: - PRD v2.1 progress tracker (Tranches 0-3 complete, T4 in progress) - Workspace README with architecture overview 130 tests passing, 0 compilation errors (WASM target). Co-Authored-By: claude-flow <ruv@ruv.net>
- DM store (dm/mod.rs): NIP-44 encrypt/decrypt, kind-4 event processing, conversation list with unread counts, real-time incoming subscription - DM list page (pages/dm_list.rs): conversation list sorted by recency, new conversation by pubkey, connection status, loading skeletons - DM chat page (pages/dm_chat.rs): message bubbles with sender alignment, compose box with NIP-44 encryption, auto-scroll, connection indicator - Admin store (admin/mod.rs): whitelist CRUD via NIP-98 authenticated API, kind-40 channel creation, relay-based stats, admin pubkey guard - Admin panel (pages/admin.rs): tabbed Overview/Channels/Users interface, stat cards, channel creation form, user table with inline cohort editing - Admin components: ChannelForm with section dropdown, UserTable with cohort checkboxes, CohortEditor, stat card skeletons - App router: added /dm, /dm/:pubkey, /admin routes with auth gates - Layout nav: DM link for all users, conditional Admin link for admin pubkey - Trunk scaffold: index.html with Tailwind Play CDN, style.css dark theme - Fixed .cargo/config.toml: removed default wasm target to allow native tests Verification: 0 errors (11 warnings), 130 tests passing, WASM check clean. Co-Authored-By: claude-flow <ruv@ruv.net>
…ode cleanup Design system: CSS custom properties, glassmorphism utilities, shimmer skeletons, Inter font, SVG favicon, animated loading screen, amber glow effects. Pages: glass cards + SVG icons on login/signup, hero glow + feature cards on home, section filter pills + hover lifts on chat, circular send buttons + date separators on channels/DMs, shield/lock icons + NIP-44 badges on DM list, admin table polish. Layout: glass header with backdrop-blur, active route highlighting via use_location(), mobile hamburger menu with slide-down panel, brand icon, 3-column footer, auth gate spinners. Code: extracted shared utils (format_relative_time, pubkey_color, shorten_pubkey, arrow_left_svg, capitalize) to utils.rs, eliminated duplication across 6+ files. 0 warnings, 0 errors. 73 tests pass. Co-Authored-By: claude-flow <ruv@ruv.net>
…c, idle timeout 1. MEMORY LEAK (relay.rs, channel.rs, dm_chat.rs, dm/mod.rs): Replaced all `Closure::once` + `cb.forget()` patterns with a new `set_timeout_once()` utility that stores the closure in an Rc<Cell<>> and drops it after execution. Prevents WASM linear memory accumulation on spotty mobile connections triggering reconnect loops. 2. PRIVATE KEY STACK LEAK (channel.rs, dm/mod.rs): Added `AuthStore::sign_event()` that constructs the SigningKey inside the auth module and zeroizes the key bytes before returning. Channel and DM message signing now delegates to auth.sign_event() so raw privkey bytes never cross module boundaries onto arbitrary WASM stack frames. get_privkey_bytes() retained only for NIP-44 symmetric key derivation with warning doc comment. 3. HEAP ALLOCATION (nostr-core/event.rs): Replaced `serde_json::json!()` macro in compute_event_id with direct tuple-of-references serialization. Eliminates intermediate Value DOM tree per event, preventing memory fragmentation on 1K+ event batches. All 73 existing tests pass — tuple serialization is byte-identical. 4. IDLE TIMEOUT (relay-worker/relay_do.rs): Added 60-second idle alarm to NostrRelayDO. When the last WebSocket session disconnects, an alarm is scheduled. If no new connections arrive within 60s, in-memory state is cleared so Cloudflare can evict the DO and stop per-second billing. 0 warnings, 0 errors. 73 tests pass. Co-Authored-By: claude-flow <ruv@ruv.net>
Canvas2D particle field on the home hero — golden-angle (φ) spiral placement, node-edge constellation connections, concentric ring pulse on mount, ice-blue accent particles. Design motifs drawn subtly from minimoonoir (vinyl grooves, cool glow) and dreamlab hero (constellation nodes, ethereal sparkle). 3-tier graceful fallback wired as tech demo: - Tier 1: WASM Canvas2D particle field (particle_canvas.rs) - Tier 2: CSS ambient orbs + breathing glow (style.css) - Tier 3: Static gray-900 background Animation loop uses Arc<AtomicBool> + Rc<RefCell<Option<Closure>>> self-drop pattern — zero .forget() calls. Respects prefers-reduced-motion (static frame). Mobile-first particle budget: 28 → 50 → 80 → 110 based on viewport width. Co-Authored-By: claude-flow <ruv@ruv.net>
- Rewrite deploy.yml: Rust toolchain + Trunk replaces Node/React/SvelteKit - Inject window.__ENV__ at build time for runtime API URL overrides - Fix DEFAULT_RELAY_URL to use production solitary-paper-764d subdomain - Fix DEFAULT_AUTH_API_URL pointed at relay instead of auth-api worker - Fix admin api_base() to read VITE_AUTH_API_URL from __ENV__ (was VITE_RELAY_URL) - Fix passkey auth_api_base() to use __ENV__ + option_env!() with proper default - Cargo cache + wasm32 target in CI, 404.html SPA fallback, .nojekyll - Tagged main as pre-rust-deploy for rollback safety Co-Authored-By: claude-flow <ruv@ruv.net>
Full Rust port of the DreamLab community forum: - Leptos 0.7 CSR + nostr-sdk 0.44 + 4 CF Worker crates - Canvas2D constellation particle hero + CSS ambient fallback - WebAuthn passkey auth, NIP-44 DMs, admin panel - 130 tests passing, 0 warnings Rollback: git revert this commit or reset to tag pre-rust-deploy
Co-Authored-By: claude-flow <ruv@ruv.net>
…lution Co-Authored-By: claude-flow <ruv@ruv.net>
NIP-59 Gift Wrap (nostr-core): - gift_wrap.rs: Rumor (kind 14) → Seal (kind 13) → Wrap (kind 1059) - Throwaway key for outer wrap hides sender metadata from relay - Timestamps randomized ±48h for both Seal and Wrap - unwrap_gift() peels all 3 layers, returns sender + plaintext - 16 new tests: roundtrip, wrong-key, kind validation, timestamp jitter DM store upgrade (forum-client): - send_message() now creates NIP-59 gift-wrapped events (kind 1059) - Filters subscribe to kind 4 + 1059 for backward compatibility - process_dm_event() dispatches: 1059 → unwrap, 4 → legacy decrypt - Rumor created_at used as real timestamp (wrap timestamp is jittered) Trunk workspace fix: - Move index.html, style.css, Trunk.toml into crates/forum-client/ - CI builds from crate dir (not workspace root) — fixes trunk-rs#909 - Trunk.toml dist points to ../../dist to preserve deploy path Co-Authored-By: claude-flow <ruv@ruv.net>
Deploy fix (critical): - Rewrite deploy.yml: build React + Leptos, merge into dist/ - React at / + Leptos forum at /community/ on GitHub Pages - Smart 404.html routes /community/* to forum SPA, rest to React - Inject window.__ENV__ runtime config into forum index.html - Add SPA redirect pickup to both React and forum index.html Leptos base path support: - Add FORUM_BASE compile-time env via option_env!() - Router base=FORUM_BASE for sub-directory route matching - base_href() helper for programmatic navigation - Forum index.html redirect restore for GitHub Pages deep links Crypto dependency upgrades (NCC-audited RustCrypto): - k256 0.13 → 0.13.4, chacha20poly1305 0.10 → 0.10.1 - hmac 0.12 → 0.12.1, hkdf 0.12 → 0.12.4 - sha2 0.10 → 0.10.9, zeroize 1 → 1.8 Header navigation: - Update community link to /community/ (Leptos forum) - Remove target="_blank" for same-origin navigation QE audit reports (4 new): - nostr-core security audit (crypto, NIP-44/59/98, zeroize) - forum-client code review (architecture, auth, a11y) - workers code review (auth, pod, preview, relay) - test coverage analysis (146 tests, gap recommendations) Documentation rewrite (24 files, 76 Mermaid diagrams): - README.md: project overview with architecture diagram - docs/README.md: documentation hub with navigation - All API docs: sequence diagrams, error flows - All DDD docs: context maps, aggregate lifecycle - All ADR docs: decision flow, supersession chain - Security docs: auth flow, threat model diagrams - Deployment docs: pipeline, infrastructure diagrams - Developer docs: onboarding, style guide with examples - All cross-references validated, back-links added Co-Authored-By: claude-flow <ruv@ruv.net>
Contributor
Author
|
Created against wrong repo — moving to DreamLab-AI/dreamlab-ai-website |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/+ Leptos WASM forum at/community/— both deployed to GitHub Pages from a single workflowFORUM_BASEcompile-time env for sub-directory deploymentDeploy architecture
Changes (41 files, +6,712 / -885)
Critical: Deploy fix
.github/workflows/deploy.yml— Complete rewrite: builds React + Leptos, merges intodist/, smart 404.html routing,window.__ENV__injection, SPA redirect pickupcommunity-forum-rs/crates/forum-client/src/app.rs—FORUM_BASEconst viaoption_env!(),Router base=FORUM_BASE,base_href()helpercommunity-forum-rs/crates/forum-client/index.html— GitHub Pages deep-link restore scriptsrc/components/Header.tsx— Community link →/community/Crypto upgrades
community-forum-rs/Cargo.toml— k256 0.13.4, chacha20poly1305 0.10.1, hmac 0.12.1, hkdf 0.12.4, sha2 0.10.9, zeroize 1.8QE audit reports (new files)
docs/security/QE_AUDIT_NOSTR_CORE.md— 710 lines, crypto + NIP-44/59/98 securitydocs/security/QE_AUDIT_FORUM_CLIENT.md— 640 lines, architecture + auth + a11ydocs/security/QE_AUDIT_WORKERS.md— 801 lines, all 4 worker cratesdocs/security/QE_COVERAGE_REPORT.md— 810 lines, 146 tests + gap analysisDocumentation rewrite (24 files)
README.md— Project overview with Mermaid architecture diagramdocs/README.md— Documentation hub, 7 Mermaid diagramsdocs/api/*.md— All 4 API docs with sequence diagramsdocs/ddd/*.md— All 7 DDD docs with context maps + aggregate lifecyclesdocs/adr/*.md— All 8 ADR docs with decision flow diagramsdocs/security/*.md— Auth flow, threat model, trust boundary diagramsdocs/deployment/*.md— Pipeline, infrastructure diagramsdocs/developer/*.md— Onboarding flow, style guideVerification
cargo test --workspace)npm run build)Test plan
/community//community/channels→ forum SPA handles correctly/team,/contactetc. work after 404 redirectwindow.__ENV__injection provides correct API URLs to forum🤖 Generated with claude-flow