Circuit-Forge/snipe
3
0
Fork 0
Code Issues 11 Pull requests 1 Projects Releases 2 Packages Wiki Activity Actions

feature: guest/demo mode — unauthenticated trust scoring with transient session #28

New issue
Closed
opened 2026-04-08 22:49:12 -07:00 by pyr0ball · 0 comments
pyr0ball commented 2026-04-08 22:49:12 -07:00
Owner
Copy link

Concept

Allow unauthenticated users to run trust scores on eBay listings at menagerie.circuitforge.tech/snipe without logging in. Session is transient — no history saved, no account required.

Revenue angle

Affiliate links on flagged listings still fire. Guest users get the full trust score on any listing they paste in; they just cannot save history or set alerts.

Scope decisions (mirrors kiwi#72)

  • Guest token: short-lived UUID cookie (snipe_guest); no JWT/Heimdall
  • TTL: 24h inactivity, then wiped
  • Caddy: remove @no_session gate for /snipe*; pass guest header to FastAPI
  • Tier: guest = Free tier (trust score only, no alerts, no bulk scan)
  • Upgrade prompt: after history/alert attempt → "Create a free account to save your search history"

What does NOT persist for guests

  • Search/scan history
  • Saved listings or watchlist
  • Alert preferences

Implementation notes

  • Same guest middleware pattern as kiwi#72 — synthetic guest:<uuid> user_id, Free tier ceiling
  • Ship alongside kiwi#72 so Caddy changes land in one pass

Related

  • kiwi#72 — same pattern, coordinate Caddy changes
## Concept Allow unauthenticated users to run trust scores on eBay listings at `menagerie.circuitforge.tech/snipe` without logging in. Session is transient — no history saved, no account required. ## Revenue angle Affiliate links on flagged listings still fire. Guest users get the full trust score on any listing they paste in; they just cannot save history or set alerts. ## Scope decisions (mirrors kiwi#72) - **Guest token**: short-lived UUID cookie (`snipe_guest`); no JWT/Heimdall - **TTL**: 24h inactivity, then wiped - **Caddy**: remove `@no_session` gate for `/snipe*`; pass guest header to FastAPI - **Tier**: guest = Free tier (trust score only, no alerts, no bulk scan) - **Upgrade prompt**: after history/alert attempt → "Create a free account to save your search history" ## What does NOT persist for guests - Search/scan history - Saved listings or watchlist - Alert preferences ## Implementation notes - Same guest middleware pattern as kiwi#72 — synthetic `guest:<uuid>` user_id, Free tier ceiling - Ship alongside kiwi#72 so Caddy changes land in one pass ## Related - kiwi#72 — same pattern, coordinate Caddy changes
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/ci-workflows
feature/affiliate-links
feature/feedback-button
feature/shared-task-scheduler
v0.5.1
v0.5.2
v0.5.0
v0.4.0
v0.3.0
v0.2.0
Labels
Clear labels   
accessibility

   
backlog

   
bug

   
cloud

   
enhancement

   
feature

   
infra

   
paid-tier

   
ux
No labels
accessibility
backlog
bug
cloud
enhancement
feature
infra
paid-tier
ux
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Circuit-Forge/snipe#28
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?