renatocaliari/cali-starstream
skills/cali-starstream/SKILL.md
Adds real-time broadcasting, multi-user collaboration, and database persistence to StarHTML applications. Use when implementing chat systems, collaborative editors, presence tracking, typing indicators, or any feature requiring synchronized state across clients. Supports core StarStream (broadcasting), PocketBase (persistence), and Loro (CRDT) plugins.
$ install --global
skillsauthnpx skillsauth add renatocaliari/agent-sync-public-skills cali-starstreamInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 15, 2026, 4:02 AM57.0s2 files scanned
SKILL.md
- name:
- cali-starstream
- description:
- Adds real-time broadcasting, multi-user collaboration, and database persistence to StarHTML applications. Use when implementing chat systems, collaborative editors, presence tracking, typing indicators, or any feature requiring synchronized state across clients. Supports core StarStream (broadcasting), PocketBase (persistence), and Loro (CRDT) plugins.
StarStream: Real-time Collaboration for StarHTML
StarStream provides a "convention over configuration" approach to real-time features in StarHTML. Follow these instructions to implement synchronized user experiences.
Core Integration Strategy
When tasked with adding real-time features, always follow this workflow:
- Identify Features: Determine if the app needs simple broadcasting, persistence (PocketBase), or conflict-free editing (Loro).
- Initialize Core: Add
StarStreamPlugin(app)to the main application file. - Enable Modules: Toggle
enable_presence,enable_typing,enable_cursor, orenable_historyas needed. - Register SSE: Ensure a
/streamroute exists to provide the EventSource connection. - Emit Events: Use
yield elements(...)in@sseroutes to auto-broadcast UI updates.
Basic Initialization
from starhtml import *
from starstream import StarStreamPlugin
app, rt = star_app()
# Use defaults for auto-detection of topics via route parameters
stream = StarStreamPlugin(app, enable_presence=True, enable_typing=True)
@rt("/chat/{room_id}")
@sse
async def chat(room_id: str, msg: str):
# Auto-broadcasts to topic "room:{room_id}"
yield elements(Div(msg), "#messages", "append")
Plugin Selection Guide
- StarStreamCore: Simple broadcasting, ephemeral state.
- PocketBase: Persistent data with real-time sync.
- Loro: Multi-user document editing (CRDT).
Implementation Checklist
- [ ]
StarStreamPlugininitialized withapp. - [ ] SSE endpoint
/streamregistered. - [ ] Frontend uses
stream.get_stream_element(topic). - [ ] Route parameters match topic conventions (e.g.,
{room_id}->room:{id}). - [ ] (Optional) Presence/Typing heartbeats implemented in frontend.
Validation & Testing
Always validate the real-time implementation using the provided test suite or by running an example:
# Run core tests
pytest tests/test_core.py tests/test_presence.py
# Verify with a live example
python examples/full_features.py
Broadcasting
Fire-and-forget broadcast to all connected clients:
@rt("/todos/add", methods=["POST"])
@sse
def add_todo(text: str):
todos.append(text)
# Broadcast to all clients
stream.broadcast(
elements(render_todos(), "#todo-list"),
target="todos"
)
# Response to current client
yield elements(render_todos(), "#todo-list")
Targets
# Topic
stream.broadcast(msg, target="chat")
# Room
stream.broadcast(msg, target="room:123")
# User
stream.broadcast(msg, target="user:456")
# Default (global)
stream.broadcast(msg)
Observability
# Metrics
stats = stream.get_metrics("todos")
# Error handling
stream.set_error_hook(lambda topic, msg, err: logger.error(f"{topic}: {err}"))
Resources
- See
REFERENCE.mdfor detailed plugin API and advanced usage. - Full Demo:
examples/full_features.pyshows all features integrated.
Related Skills
renatocaliari/cali-lat-md-seed
tools
VerifiedTrustedCommunity
Auto-initialize structured documentation for any project using lat.md (knowledge graph of markdown files with [[wiki links]], // @lat: code refs, and semantic search). Detects cali-product-workflow artifacts (spec-product.md, spec-tech.md, critiques) and uses them as seed material. Falls back to extracting business rules, architecture, and design decisions directly from the codebase. Use when a project lacks structured documentation or when lat.md/ is missing. After seeding, lat.md extension hooks keep documentation alive automatically.
1SKILL.mdUpdated Jun 2, 2026
renatocaliari/cali-ops-server-security
testing
VerifiedTrustedCommunity
[Cali] Server security audit and hardening for private servers behind Tailscale. Use when: auditing server security, hardening SSH/firewall/Docker, checking for vulnerabilities, setting up fail2ban, reviewing port exposure, or responding to security alerts. Covers 6 layers: CloudFlare, UFW, Tailscale, SSH, Docker, Application. Triggers: "server security", "security audit", "harden server", "SSH hardening", "firewall rules", "UFW config", "fail2ban", "port security", "Docker security", "vulnerability check", "security review".
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-package-audit
tools
VerifiedTrustedCommunity
Run supply chain security scans before installing packages or before releases. Triggers when: user installs a package (npm, pip, go get, brew), user asks to 'scan dependencies', 'check vulnerabilities', 'supply chain', 'security audit', 'run trivy', 'run socket', or before any release/deployment. Also triggers on mentions of: socket.dev, trivy, OSV-scanner, dotenvx, CVE, dependency audit. Covers all four tools with concrete commands.
1SKILL.mdUpdated May 30, 2026
renatocaliari/cali-ops-github-releases
tools
VerifiedTrustedCommunity
Create GitHub releases following project conventions. Triggers when: user says 'release', 'create release', 'push release', 'deploy to main', 'merge to main', user merges a PR to main, or when git push to main is detected. Also triggers on mentions of: gh release, semver, version bump, changelog, release-please. Covers: config-driven (read .release.yml and execute) and fallback (gh CLI) release flows, versioning rules, tag management, and the mandatory release-on-merge convention.
1SKILL.mdUpdated May 30, 2026