The original post has no comment section, so I’ll leave a note here.

One thing I was wondering while reading: how is security handled? At first glance it almost sounds like the validation happens on the client side—which would mean everyone could potentially see everything.

I think the missing piece is scoping Turbo Streams to the right channels. For example:

ruby <%= turbo_stream_from Current.account, :messages %> <%= turbo_stream_from :messages %>

Then, when publishing:

Broadcast messages that belong to the author’s own account into the scoped stream:

ruby broadcast_append_to [Current.account, :messages], partial: "messages/message", locals: { message: self }

Broadcast messages that should be visible to all into the general :messages stream:

ruby broadcast_append_to :messages, partial: "messages/public_message", locals: { message: self }

That way, confidential data only goes into channels tied to the right account, while shared content still flows into a common stream. The distinction between per-account scope and shared scope is what keeps Turbo Streams safe and predictable.