Add modern SvelteKit v2 rewrite with Cloudflare architecture#1
Open
Add modern SvelteKit v2 rewrite with Cloudflare architecture#1
Conversation
Major features: - SvelteKit 2 + Svelte 5 Runes frontend - Cloudflare Workers + Durable Objects for real-time WebSocket - D1 (SQLite) database with full-text search - Ported polished CSS design system from original - Clean abstraction layers for swappable technologies Architecture highlights: - StorageAdapter interface (swap D1/PostgreSQL/MySQL/etc) - MessagingAdapter interface (swap Durable Objects/Redis/etc) - Prepared for WebAuthn auth + SMS verification - MCP server structure ready for AI agent integration - Soft expiration model for ephemeral + durable rooms Next steps: WebSocket UI, auth flows, MCP integration
Features: - Phone SMS verification (Twilio + mock for dev) - WebAuthn/Passkey registration and authentication - JWT session management with secure cookies - Full auth UI with multi-step flow (phone → code → name → passkey) - Session verification in hooks Auth flow: 1. User enters phone number 2. Receives SMS verification code 3. Sets display name (if new user) 4. Optional passkey setup for quick future signin 5. Session token stored in httpOnly cookie API endpoints: - POST /api/auth/verify/send - Send SMS code - POST /api/auth/verify/check - Verify code & create session - PATCH /api/auth/user - Update user profile - GET /api/auth/user - Get current user - WebAuthn registration & authentication endpoints Storage abstraction extended with verification codes Ready for WebSocket integration with authenticated users
Features: - WebSocket Durable Object integration with auth verification - Real-time message broadcasting to all room participants - Message persistence to D1 database - Room creation on first join - Message history loaded on connect (last 50 messages) - Auto-reconnection with 3-second retry - Room URL routing: /r/roomname Frontend: - WebSocket store with Svelte 5 runes - Dynamic room pages with real-time updates - Join room UI on home page - Auto-scroll to new messages - Connection status indicators - System event messages (user joined/left) Backend: - WebSocket endpoint verifies user session - Auto-creates room in DB if doesn't exist - Passes authenticated user info to Durable Object - Updates room timestamp on message (keep-alive) Ready for production testing!
Testing infrastructure: - Vitest configured for unit testing - 13 passing unit tests for auth utilities - Tests cover: phone hashing, code generation, JWT tokens, expiration Tests validate: - Phone number normalization and consistent hashing - 6-digit verification code generation - JWT token creation/verification with jose - Expiration timestamp calculations (seconds/minutes/hours/days) - Token rejection with wrong secret Local development setup: - Configured wrangler for local D1 + Durable Objects - Added nodejs_compat flag for Node.js modules - TESTING.md with comprehensive guide - Local database initialized successfully - Dev server running on localhost:8788 Manual testing verified: - Server builds successfully - HTML served correctly - All environment bindings configured - D1 database connected locally Ready for full manual testing or deployment!
Core Features:
- 19 atomic permissions across 4 categories (room, settings, members, messages)
- Flexible role system with customizable roles per room
- Default roles: Owner (all perms), Moderator, Member, Everyone
- Full customization - create/edit/delete custom roles
- Permission checks with ban/mute support
- Invite system for private rooms
Database Schema:
- permissions table (seeded with all available permissions)
- roles table (customizable roles per room)
- role_permissions junction table
- user_roles (who has which role where)
- room_bans (temporary or permanent)
- room_mutes (read-only mode)
- room_invites (invite codes for private rooms)
TypeScript Types:
- Permission, Role, RoleWithPermissions interfaces
- PermissionsAdapter interface for swappable implementations
- DEFAULT_ROLES configuration
D1 Implementation:
- Full PermissionsAdapter implementation
- Efficient permission checking (union of all user roles)
- Owner bypass (owner has all permissions)
- Ban/mute enforcement
- Auto-role initialization on room creation
API Endpoints:
- GET/POST /api/rooms/{room}/roles - List/create roles
- GET/PATCH/DELETE /api/rooms/{room}/roles/{role} - Manage specific role
- Permission checks before all mutations
- Can't edit/delete system roles
Documentation:
- PERMISSIONS.md with full system explanation
- Permission categories and descriptions
- Default role configurations
- API endpoint documentation
- Usage examples
Next: Member management APIs, WebSocket integration, UI
Implements a complete agent integration system allowing external bots to participate in chat rooms via webhooks and REST API. Features: - API token system for agent authentication (Bearer tokens) - Agent user accounts and registration - Room-specific agent configuration with trigger rules (all/mentions/keywords) - Webhook dispatch from Durable Object on new messages - HMAC-SHA256 webhook signature verification - Comprehensive webhook delivery logging - REST endpoints for agents to post messages API endpoints: - POST /api/agents - Create agent user account - POST/GET /api/tokens - Manage API tokens - POST/GET /api/rooms/:room/agents - Manage room agents - POST /api/rooms/:room/send - Post messages with token auth https://claude.ai/code/session_01VWQrw87aAxZve5zkW3pU21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Major features:
Architecture highlights:
Next steps: WebSocket UI, auth flows, MCP integration