Architect Lint

Appearance

Rooms and channels — always namespaced by domain and tenant

Namespace room names with tenant or org scope so realtime events never cross tenants.

NestJSRealtime & StreamingMediumSince 2026-05-01

nestjs-realtime-transport-namespaced-rooms

Why it matters

Failure modes if this rule is ignored
StakeIf ignored
Data leak
  • Without namespacing, a name collision between orgs = a user receives another org's events. Data leak.

How to fix

A room in socket.io or a topic in a message broker must include the tenant. room: doc-123 is wrong. room: org-456:doc-123 is right.

Examples

Bad
ts
client.join(`doc-${docId}`);
this.server.to(`doc-${docId}`).emit('update', data);
Good
ts
// libs/shared/backend-realtime/src/lib/rooms.ts
export function docRoom(orgId: string, docId: string) {
  return `org:${orgId}:doc:${docId}`;
}

client.join(docRoom(user.orgId, docId));
this.server.to(docRoom(user.orgId, docId)).emit('update', data);

Contribute

View sourceSuggest editDiscuss

Released under the MIT License.

Copyright © matipojo/architect-lint

esc