Remove the inline Withdraw button (and its props) from
VerifierStatementEditor, and drop the success toast from the onboarding
"Publish your verifier statement" step. Withdrawing now lives in the
top-right of the "How We Verify" card on the user's own profile — gated
on isOwnProfile, mirroring the Edit Profile affordance — with an
AlertDialog confirmation before retracting the kind 14672 statement.
Deduplicate the avatar and banner edit menus into a single ImageEditMenu
in ProfileCard: "Upload file" (replacing "Change avatar"/"Change banner"),
optional "Paste URL", and a generic "Remove" (replacing "Remove avatar").
The banner gains the Remove action via a new onRemoveBanner prop.
Fix the non-working Remove in the organization setup step: the verifier
identity step never passed remove handlers, and its onChange ignored
picture/banner — so removing an image did nothing. Wire onRemoveAvatar /
onRemoveBanner to clear the draft fields directly. Pass onRemoveBanner in
ProfileSettings too.
The org bio textarea now uses the same muted, borderless fill as the
'Your name' field on the identity step, starts at min-h-200, and
auto-grows as the user types. The verifier statement (Milkdown) editor
gets the same muted wrapper and a scoped 200px min-height so the two
steps match. The bio, statement, and how-to steps drop from max-w-3xl
to max-w-xl so the boxes and the tutorial's last step aren't oversized.
A pasted SVG (or any small source) was rasterized by the proxy at its
tiny intrinsic size, so the cropper showed a speck in the preview box.
Request a target width (1500 banner / 1024 avatar) with fit=inside so
small and vector sources are enlarged to a workable crop resolution.
Pasted image URLs were handed to the cropper as a raw remote src, so
encodeImage's canvas fetch hit the origin directly and failed CORS
(e.g. nips.nostr.com SVGs, or any host when the image proxy is off).
Now the paste handler fetches the bytes through the image proxy into an
object URL and feeds them through the same crop -> Blossom-upload flow
as a local file, so the cropper only ever sees a same-origin blob:.
Drop the clickable step buttons that let users scrub/pause the demo.
The animation already auto-advances and wraps around, so the gesture
now replays on an endless loop and users learn purely by watching.
The step list becomes a non-interactive read-out synced to the
animation. Removes the goto/paused reducer state and the
resume-after-scrub timer.
The 'About your organization' sub-header duplicated the step title.
Drop the visible Label and keep it as an aria-label so the textarea
stays accessible. Input text size already matches the verifier
statement editor (1.125rem / text-lg).
The how-to demo card now reflects a real published campaign (the Agora
App Development Fund) instead of invented placeholder copy: real title,
organizer, banner image, and goal/progress. The verified badge is now a
faithful copy of the live overlay CampaignVerificationBadge (dark
translucent pill, ring-bordered avatar, sky-300 check, no count) for a
single verifier, so the preview matches exactly how a verification
surfaces on a real card.
Drops the now-unused demo i18n keys (campaignTitle, campaignOrganizer,
verifiedBadge) across all locales.
The bio step now uses the same wide (max-w-3xl) layout and a large
text surface (min-h-[400px], text-lg) so it visually matches the
markdown statement editor, minus the markdown formatting.
Remove the badge preview from the org bio step and surface it on the
'How to verify a campaign' step instead, where the demo card now shows
the org's own avatar + name in place of the generic 'Verified by you'
label. Shorten the tutorial step descriptions.
Add hideHeader, bare, and stacked props to VerifyTutorial. The how-to step
now renders it borderless with the header hidden (single step header) and
the demo card stacked full-width above the step list so it matches the
button width below. Remove the tutorial from /organizations, leaving just
the 'Start verifying' CTA card.
Drop the 'Become a verifier' publish button: the statement step's primary
Continue button now publishes the kind 14672 statement and advances, with
an inline Withdraw for returning verifiers. Collapse the duplicated prompt /
disclaimer copy into a single header + subtext and make the editor
borderless. Replace the /organizations functional editor with a CTA that
launches the verifier onboarding flow.
Replace the plain avatar+name+website header with a preview that mirrors the
inline verification badge (stacked avatar + check + name), so the user sees
how their logo and name will surface to donors. Drops the website from the
preview.
Add a bioField prop to ProfileCard so the editable slot below the name can
edit the website instead of the bio. The verifier identity step now edits
the website inline (no separate input) and only requires avatar + name;
banner and website are optional, with website still https-validated when
entered.
Replace the placeholder shell with the real how-to step, reusing the
animated VerifyTutorial and a terminal 'View campaigns' CTA that cancels the
overlay and navigates to /campaigns. Widen the captive content wrapper for
the statement and how-to steps to fit the editor and two-column tutorial.
Pull the kind 14672 publish/update/withdraw editor out of OrganizationsPage
into a reusable VerifierStatementEditor with an onPublishedChange callback.
OrganizationsPage now consumes it (logged-out gate and verify tutorial
unchanged), and the captive verifier sub-flow renders it as step 3 with a
Continue button that unlocks once a statement is published.
Add usePublishOrgProfile, which merges the collected org draft (name,
website, picture, banner, about) onto any existing kind-0 via
fetchFreshEvent + prev, guarded by an expectedPubkey check so a failed
signup auto-login can't overwrite another account. The bio step's continue
now publishes the profile before advancing; failure is non-fatal (toast +
proceed).
A required bio textarea (kind-0 about) with a small avatar + name preview
header carried over from the identity step for continuity. The bio is added
to the shared profile draft; publishing of the assembled kind-0 profile is
wired up in the next commit.
Build the organization-identity screen on the shared ProfileCard (circular
avatar, rectangular banner, inline name) plus ImageCropDialog for uploads,
with a dedicated required website field. All four fields are required and
the website must be a valid https URL before continuing. The draft is held
in the captive overlay and published later; nothing is written here.
Add four sub-flow step keys (orgIdentity, orgBio, orgStatement,
orgVerifyHowto) that the verifier role enters instead of navigating away.
Wire the progress bar to the extended verifier step list, branch back/next
navigation through the sub-flow, and render placeholder shells. The
per-step UI lands in following commits.
Extend OnboardingRole and StartSignupOptions to include 'verifier', add a
third RoleCard to the role picker, and wire the pick handler to branch on
the new role. For now the verifier pick routes to the public /organizations
onboarding tool; a later commit replaces this with a captive sub-flow.
Remove Profile, Search, About, and Get the app items from the account
switcher dropdown. Show the active profile at the top of the profile
list (linking to your profile instead of switching), and reorder the
remaining items to Wallet, Notifications, My Dashboard, Settings.
Address two follow-ups from the Tor (arti) MR review.
Supply-chain hardening for the arti-mobile AAR, a native artifact with
network-proxy privileges:
- Pin the gpmaven Maven source to an immutable commit SHA
(guardianproject/gpmaven@b3ee2a6) instead of the mutable `master`
branch, so a force-push or new commit can't silently change what we
resolve.
- Verify the resolved AAR's SHA-256 at build time
(verifyArtiChecksum, wired ahead of assemble/bundle). A mismatch fails
the build before any APK is produced. Scoped to the one privileged
artifact rather than enabling global dependency verification, which
would force-verify every transitive dep.
Reconcile stale "apply on relaunch" / "next app launch" doc comments in
AppContext.ts, tor.ts, useTor.ts, TorController.java, and TorPlugin.java
with the actual behavior: the Advanced Settings toggle activates Tor
live via start/stop (arti starts/stops immediately, relay layer
remounts); the persisted flag only governs cold-launch auto-start.
Adds an opt-in Tor mode that routes all app traffic through a local
SOCKS5 proxy backed by arti (Tor in Rust), bundled via the
org.torproject:arti-mobile:1.7.0.1 AAR.
- TorController starts/stops arti and installs a fail-closed WebView
proxy override (no direct fallback) so traffic can't leak while Tor is
connecting or down. Connectivity is verified against
check.torproject.org (IsTor) and re-checked continuously; the exit IP
is surfaced for verification, and the status isn't latched so a dropped
circuit downgrades honestly.
- TorPlugin bridges enable/disable/status to the Capacitor/JS layer.
Toggling applies live, in place, with no app restart.
- UI: a slim fail-closed status banner (replacing the old full-screen
gate), the Tor toggle in Advanced settings reachable while logged out,
and Settings/Search/About added to the logged-out menu.
- R8 keep rules for org.torproject.arti.** so the JNI native-method
classes aren't stripped/renamed; androidx.webkit on the compile
classpath for the WebView proxy APIs.
The meta description still framed Agora as a generic Nostr social
client. Update it to describe the actual product: peer-to-peer
crowdfunding with an integrated non-custodial on-chain Bitcoin wallet.
Once an organization publishes its verifier statement on /organizations,
show an interactive walkthrough demonstrating how to verify a campaign:
a looping three-step animation on a mock campaign card where a cursor opens
the three-dots menu and selects 'Verify this campaign'. Step list is
clickable to scrub; motion is gated behind prefers-reduced-motion.
The campaign card wraps its contents in a react-router <Link>. The
moderation menu's VerificationDialog and CampaignListMembershipDialog
portal their DOM out of the card, but React synthetic events still
bubble through the component tree to the Link — so clicking anywhere
in either dialog navigated to the campaign page. Wrap both dialogs in
a span that stops click/pointerdown propagation, mirroring the guards
already on the dropdown trigger and content.
The 'Verify this campaign' control was gated on the hardcoded moderator
pack. Extend eligibility to self-declared verifiers (accounts with a
kind 14672 verifier statement): useCampaignVerifications now exposes
canVerify (moderator OR verifier) and its verify mutation accepts
verifiers.
The campaign moderation kebab (ModerationMenu / ModerationOverlay) now
renders for verifiers too, but shows only the verify row — the
moderator-only items (Hide, Add to list) and the Hidden badge stay
gated on moderator status. Pledge and group surfaces are unchanged.
Verifier profiles (accounts with a kind 14672 statement) now get a
'Verified' tab listing the campaigns they have vouched for, resolved
from the account's own agora.verified (kind 1985) labels via the new
useVerifiedCampaigns hook. The tab is surfaced first and becomes the
default on initial load (without overriding a manual tab selection),
on both desktop and mobile. Non-verifiers never see the tab.
Adds ProfileVerifiedTab, the useVerifiedCampaigns hook, and profile.tabs
/ profile.verified i18n keys across all locales.
Restore ProfileVerifierSection to its original spot as the first item in
ProfileOverviewSections (left sidebar on desktop, overview tab on mobile),
reverting the full-width-above-tabs placement. Keeps the 'How We Verify'
heading inside the box and no shield icon.
Surface a verifier's kind 14672 statement as a full-width band above the
profile tabs (below the header) on both desktop and mobile, instead of
tucked into the left identity rail / overview tab.
Drop the shield-check icon and rename the heading to 'How We Verify' —
the statement is a self-authored claim, not a platform endorsement, so
the heading stays neutral with no trust-implying badge. Rename the
verifier.profileSectionTitle key to verifier.howWeVerifyTitle across all
locales.