HiveTalk May 15, 2026 Release: Room Lock & Lobby System
- HiveTalk May 15, 2026 Release: Room Lock & Lobby System
HiveTalk May 15, 2026 Release: Room Lock & Lobby System
A three-month journey from concept to production
We’re excited to announce the May 15, 2026 release of HiveTalk, featuring a comprehensive Room Lock and Lobby System that gives you real control over who joins your video calls. This release represents three months of intensive development, multiple design iterations, and a complete commitment to building features the right way—with proper testing, security, and long-term maintainability.
The Journey: February to May
While this release ships on May 15, the development cycle actually began back in February. We revised the code and refined our process multiple times before landing on the final implementation. What started as a simple feature request evolved into a comprehensive redesign of how HiveTalk handles room access, guest identity, and moderator permissions.
This wasn’t just about adding a lock button—it was about building the foundation for sustainable, secure growth.
What’s New: Lock and Lobby Features
Room Lock: Simple Access Control
The Room Lock feature works exactly how you’d expect: flip the switch, and new arrivals can’t enter. But everyone already in the room stays connected, and you (the owner) and your moderators can always come back in, even while it’s locked.
Think of it like a nightclub at capacity—the bouncer stops letting new people in, but nobody inside gets kicked out, and the VIPs can still enter.
Lobby (Waiting Room): Selective Admission
When you enable the Lobby alongside the lock, would-be joiners don’t get turned away—they land on a friendly “Waiting for host to let you in” screen. You get a real-time notification showing who’s waiting, and you can:
- Approve them—they enter immediately, and their access stays valid for 24 hours
- Deny them with a 15-minute cooldown (improved from permanent deny based on user feedback)
The lobby works for both authenticated Nostr users and guests without accounts. For guests, we generate a temporary cryptographic identity behind the scenes, so approvals and denials work reliably even across page refreshes.
Moderator Management: In-Meeting Controls
Room owners can now promote and demote moderators directly from within an active call. No need to leave the meeting or navigate to settings—just open the participants panel and manage permissions on the fly.
Moderators get:
- A blue star badge next to their name
- The ability to kick and mute regular participants
- Automatic bypass of room locks
- Proper permission boundaries (moderators can’t kick other moderators or the owner)
Active Rooms Polling
The dashboard now shows real-time active rooms with a 60-second refresh interval and manual refresh button. Room cards pulse with a subtle animation when they’re live, making it easy to see where the action is.
Under the Hood: How We Built It
The Iceberg Principle
If you’ve been following our development, you know we talk a lot about the “iceberg”—the idea that what you see (the lock switch, the lobby screen) is maybe 10% of what’s actually there. The other 90% is the code that decides who gets in, the database that remembers their status, the tests that prove it all still works, and the security patches that keep everything safe.
We could have shipped a quick-and-dirty lock feature in a week. But that approach creates technical debt that eventually collapses under its own weight. Instead, we invested in:
- Product Requirement Documents (PRDs) written in plain English before any code
- Test-Driven Development (TDD) with 50+ test cases written upfront
- End-to-end testing with automated robots clicking through the app like real users
- Comprehensive security reviews and continuous dependency updates
The Technical Stack
Dashboard (Frontend):
- Ephemeral keypair generation for guests (replacing empty pubkey paths)
- NIP-98 event signing for authentication
- Real-time lobby notifications via LiveKit data channels
- Component testing infrastructure with React Testing Library
- 87 tests passing for ephemeral key generation alone
Hiverelay (Backend):
- NIP-98 validation module with strict signature verification
- Database schema migrations with Row-Level Security (RLS) policies
- 6 new lobby endpoints for request management
- Lock gate enforcement with automatic moderator bypass
- Per-IP rate limiting to prevent abuse
Planning Infrastructure:
- Created unified
honeyrepository for cross-repo planning - Comprehensive UI-SPEC documents with mobile responsiveness sections
- E2E UAT checklist with 85+ test cases (special thanks to buttercupRoberts and Yeghro for helping us build this out and squash bugs faster)
- Code-review-graph integration for impact analysis
Design Iterations
The first working version shipped in early April, but we immediately stepped back to ask: “Is this the right long-term design?” Some early choices—especially around guest identity and how “locked” vs “private” rooms should behave—needed sharper definitions.
So we spent a full week on design work:
- A complete design spec covering every user type and room type
- Plain-English rulesets (the kind you’ve been reading in this post)
- Flow diagrams showing every decision the system makes
- A test plan with 50+ specific scenarios
Key decisions that emerged:
- “Locked” and “private” are different things. Private means the room isn’t listed publicly. Locked means new arrivals are paused. They can be combined, but they answer different questions.
- Every user gets a proper cryptographic identity. For logged-in users it’s their Nostr key; for guests it’s a temporary one generated automatically.
- Moderators can always get back into a locked room. No more getting stuck outside your own call.
The Numbers
Across the three-month development cycle:
- Total commits: 318 (honey: 37, dashboard: 173, hiverelay: 73, other: 35)
- Phases shipped: 6 major phases across both repositories
- Test cases: 85+ end-to-end UAT scenarios
- Build optimization: 87% reduction in largest chunk size (696KB → 87KB)
- Security alerts resolved: All Dependabot alerts cleared, Astro upgraded to v6
What We Fixed Along the Way
Security & Stability
- Patched security vulnerabilities in error message handling
- Hardened authentication token validation
- Removed accidentally committed credentials and rotated secrets
- Upgraded to Astro 6, clearing outstanding security alerts
- Continuous dependency updates instead of letting them accumulate
Bug Fixes
- Fixed guest token polling issues that could leave joiners stuck
- Corrected React and TypeScript configuration problems
- Fixed Node.js 22 build issues
- Resolved gRPC/LiveKit SDK version conflicts
- Fixed moderator list publishing (7 critical issues)
- Improved profile resolution and event normalization
Infrastructure
- Reorganized database migrations and edge functions
- Fixed broken database indexes
- Standardized API error handling with
isRetriable()method - Added URL encoding and input validation
- Polished testing setup with Playwright artifacts
- Created comprehensive codebase documentation
Community Contributions
A special shoutout to buttercupRoberts and Yeghro for their invaluable help with the E2E-UAT-Checklist in our planning docs. Their systematic approach to testing helped us catch edge cases and squash bugs faster than we could have alone. This kind of community collaboration is what makes open-source projects thrive.
We also received contributions from Devin AI for lobby signing fixes and moderator API improvements, demonstrating the power of human-AI collaboration in modern software development.
The Process: How We Work Now
This release marks a turning point in how we build HiveTalk. We’ve formalized our development process:
- Requirements First — Write down what a feature should do in plain English before touching code
- Design Specs — Create comprehensive UI-SPEC documents with flow diagrams and edge cases
- Test-Driven Development — Write tests before implementation
- Incremental Shipping — Break large features into phases and ship them independently
- Continuous Integration — Automated tests run on every change
- Security by Default — Regular dependency updates and code reviews
This isn’t the fastest way to ship a feature next week. But it’s the way to build a product that’s still healthy and growing a year from now.
What’s Next
With the lobby and lock system in production, we’re turning our attention to:
- Monitoring and refinement based on real-world usage
- Performance optimizations for large rooms
- Additional moderator tools based on user feedback
- Enhanced analytics for room owners
- Mobile app improvements leveraging the new infrastructure
Try It Today
The Room Lock and Lobby features are live on HiveTalk right now. If you have a permanent room:
- Open your room settings
- Toggle “Lock Room” to control new entries
- Enable “Lobby” to review arrivals one by one
- Manage moderators directly from the participants panel
Everything behaves exactly the way you’d expect—no surprises, no jargon, no “wait, why did that person get in?”
Thank You
This release wouldn’t have been possible without the HiveTalk community sending us feedback, testing early versions, and helping us understand what you actually need from a video calling platform. The lobby and lock work is a direct response to what you’ve been asking for.
Special thanks again to buttercupRoberts and Yeghro for their testing contributions, and to everyone who reported bugs, suggested improvements, and stuck with us through the iterations.
Here’s to building software the right way—one solid foundation at a time.
— Bitkarrot and The HiveTalk Team
May 15, 2026
Write a comment