Develop Seed Hypermedia

Develop Seed Hypermedia

How to publish a private document to another node?

Gabo Beaumont

5 June 2026, 16:59
6

To publish a private document to another peer, creating the document locally is not enough. The flow has two separate phases: local publication and private delivery.

First, the publishing node creates the document blobs:

  • Capability — proves the signer can write to the destination account.

  • Change — contains the document operations/content.

  • Ref — points the destination account/path to the document version.

  • For private docs, the Ref must include private visibility metadata.

After those blobs are stored locally, they still need to reach the destination peer. For public documents this is simpler, because public blobs can be announced broadly. For private documents, the sync layer filters blobs before sending them.

The current push path is:

local publisher
→ PublishBlobs / PutMany
→ PushResourcesToPeer
→ GetRelatedMaterial
→ authorization filter
→ AnnounceBlobs to destination peer
→ destination fetches wanted blobs over bitswap
→ destination PutMany/indexes blobs

The important constraint is that private blobs are only announced if the local daemon considers the target peer authorized for that private space. In the current code, this means the target peer must resolve as the official siteUrl server for the destination account, or otherwise pass the private authorization checks.

A successful private publish therefore requires:

  1. The destination account grants a valid write capability to the signer.

  2. The publisher includes that capability CID in the Ref.

  3. The publisher stores/publishes the Capability + Change + Ref locally.

  4. The destination peer address is known.

  5. The publisher daemon knows the destination account’s siteUrl.

  6. That siteUrl resolves to the same peer ID being pushed to.

  7. PushResourcesToPeer announces non-zero blobs.

  8. The destination peer downloads and indexes those blobs.

The key diagnostic is the push progress:

blobsAnnounced > 0

If the logs show:

publishedBlobs: 3
blobsAnnounced: 0

then local publication succeeded, but private delivery did not happen. The document exists only on the publishing node.

For debugging, check:

curl -s https://DESTINATION_SITE/hm/api/config | jq

Confirm the destination peer ID.

Then check whether the publishing node knows the destination account’s siteUrl:

curl -sG 'https://PUBLISHING_SITE/api/Resource' \
  --data-urlencode 'id=hm://DESTINATION_ACCOUNT_UID' \
  | jq '.json.document.metadata.siteUrl'

Expected:

https://DESTINATION_SITE

If the siteUrl is missing or wrong, private push may announce zero blobs.

In short: publishing a private document to another peer means both signing the document correctly and passing the private sync authorization path. The document can be valid locally but still invisible on the destination if private blob delivery fails.

Do you like what you are reading? Subscribe to receive updates.

Unsubscribe anytime

Powered by Seed Hypermedia