Skip to content

Realtime: public live feeds for read:public collections via project id#75

Merged
jwicks31 merged 1 commit into
mainfrom
claude/public-realtime
Jun 13, 2026
Merged

Realtime: public live feeds for read:public collections via project id#75
jwicks31 merged 1 commit into
mainfrom
claude/public-realtime

Conversation

@jwicks31

Copy link
Copy Markdown
Owner

What

Next-roadmap item 1/2 (the API-developer side). Extends the non-secret project-id access to the realtime live feed of a read:public collection, so a published frontend can stream live changes without embedding a secret — closing the gap left when public collections shipped (#72): you could read public data by project id, but not subscribe to its updates.

How

  • Auth hook: when no secret key is presented but a project id is (X-Project-Id / ?project=), allow a read-only realtime request — WS subscribe, or GET …/history / …/presence — on a data:<collection> channel iff that collection's read ACL is public. Writes (POST), the channel list, and non-data: channels still require a key.
  • Read-only socket: for an anonymous (authed === false) connection the WS ignores inbound frames, so a public viewer can't publish or signal typing.
  • SDK: already sends ?project= on the socket, so Zero(base, { project }).data('posts').subscribe(…) works with no change.

The mapping is principled: public data ⇒ public live feed, governed by the same per-collection ACL — no new access surface.

Verification

  • SQLite 62/62 including a new test: the public feed delivers an owner's change to a project-id-only subscriber, that subscriber cannot publish (read-only), and subscribing to a non-public collection's feed by project id is rejected.
  • Postgres 44/44 (Postgres 16); the Redis cross-process test stays green.
  • Docs updated: README (access control + realtime) and /docs.

Next up: Redis-backed rate limiting + presence TTLs (the operator-side hardening of the multi-process path).

https://claude.ai/code/session_018efxvWw3MRjdtvE5xgBqya


Generated by Claude Code

Extend non-secret project-id access (multi-tenant) to the realtime live feed of
a read:public collection, so a published frontend can stream changes without
embedding a secret — closing the gap left when public collections shipped.

- Auth hook: when no key is presented but a project id is, allow a read-only
  realtime request (WS subscribe, or GET history/presence) on a
  `data:<collection>` channel iff that collection's read ACL is public. Writes,
  the channel list, and non-data channels still require a key.
- The WS socket for an anonymous (authed=false) connection is read-only: inbound
  frames (publish/typing) are ignored.
- The SDK already sends ?project= on the socket, so
  `Zero(base, { project }).data('posts').subscribe(...)` just works.

Verification: 62/62 SQLite (+ a new test: public feed delivers changes, the
socket can't publish, and a private collection's feed is rejected), 44/44
Postgres 16, Redis fan-out test green. Docs updated (README, /docs).
@jwicks31 jwicks31 merged commit b7954e1 into main Jun 13, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants