RedwoodSDK unstable APIs

[peterp]

Stability Overview

This issue tracks the current stability of major features in the framework—what’s solid, what’s in progress, and what may need more work.

---

✅ Stable

Rendering

• SSR
• React
• React Server Components
• React Client Components
• Server Functions

Router

• Middleware
• Interruptors
• Route Handlers
• Returning Response objects & Streaming responses
• Returning JSX

---

🚧 Unstable

Prisma Migrations

We've implemented a temporary workaround for Prisma migrations. A proper solution is current in a preview version of Prisma 6.6.0, stable by end of May 2025.

Realtime

We support three main features:

• Changes (via Server Functions)
• Presence
• Broadcast

We haven’t yet run enough experiments to fully validate reliability across these features.

WebAuthn

Setup is currently more complex than we’d like. We're working on ways to simplify the process—likely through improved documentation. The UI feels a bit clunky, I think it could be improved by adding activity indicators, or something along those lines.

The user experience for SDK consumers is expected to remain the same.

[peterp]

RFC: Removing @cloudflare/vite-plugin as a dependency in SDK, and instead adding it to the starters.

The idea is that the user is then in control of upgrading the plugin, as required, and then do something like this in their vite.config.ts file:

// vite.config.mts
import { defineConfig } from "vite";
import { redwood } from "@redwoodjs/sdk/vite";
import { cloudflare } from "@cloudflare/vite-plugin";

export default defineConfig({
  plugins: [cloudflare(), redwood()],
});

Obviously this does not work if we're dependent the plugin's interface remaining stable? @justinvdm

[peterp]

How do we modify headers on JSX responses?

[justinvdm]

How do we modify headers on JSX responses?

@peterp requestInfo (whether imported and consumed as a param for the component or middleware above it) have headers on it. setCommonHeaders() middleware is an example of using it, in a way that'd reply for all responses (since it is first in the chain): https://github.com/redwoodjs/sdk/blob/3d0048030dd4381d5ba1d737caed1e0c5ed4899f/starters/minimal/src/app/headers.ts#L6

Or did you mean something else?

[justinvdm]

RFC: Removing @cloudflare/vite-plugin as a dependency in SDK, and instead adding it to the starters.

The idea is that the user is then in control of upgrading the plugin, as required, and then do something like this in their vite.config.ts file:

// vite.config.mts
import { defineConfig } from "vite";
import { redwood } from "@redwoodjs/sdk/vite";
import { cloudflare } from "@cloudflare/vite-plugin";

export default defineConfig({
  plugins: [cloudflare(), redwood()],
});

Obviously this does not work if we're dependent the plugin's interface remaining stable? @justinvdm

The idea makes sense @peterp, though there's some hurdles and tradeoffs to figure out.

1. User will need to specify these params themselves in config (maybe that's ok):

https://github.com/redwoodjs/sdk/blob/0023972c8cd4503a07f4dc2cc72f07f8ae3d2378/sdk/src/vite/redwoodPlugin.mts#L91-L97

2. We rely on being in control of these params to generate configs for our seed script runner: https://github.com/redwoodjs/sdk/blob/f6c5bd5aed501a0096db4226d3c015ecf3acf642/sdk/src/scripts/worker-run.mts#L53-L58

We'd need to have the user's config take in an env var or something to have it still work with seed script. Or we still use vite plugin internally for seed script case - but then we're back to using it internally

[justinvdm]

WebAuthn Setup is currently more complex than we’d like. We're working on ways to simplify the process—likely through improved documentation. The user experience for SDK consumers is expected to remain the same.

@peterp so that we can make it better, can you help me understand where things break down for auth right now? e.g.

• is it the env var stuff for deploy
• or the fact that we have the auth code in the starters rather than in sdk
• something in particular missing from auth docs
• turnstile bot protection
• something else

[peterp]

@peterp so that we can make it better, can you help me understand where things break down for auth right now? e.g.

@justinvdm This is my nitpicky issue - I think there's an issue with the UI, but haven't had time to look into it. It could also be 1Password being slow and clunky. I'll clarify in the original issue.

[nmn]

The one piece of important information I would like to know is the client-side routing situation. There is a defineLinks() function in the starters, what do they do?

[peterp]

@nmn That's a way to add typesafety for when you're referencing a link. We're working on a way to not require this anymore: https://github.com/redwoodjs/sdk/issues/311

[nmn]

@peterp that sounds great! Thanks for responding. And I assume that rw-SDK does have client side routing as well? (SPA not MPA?)

[Tobbe]

@nmn Redwood SDK does not have client side routing. A lot of web apps do great without any client side routing. Especially now with the new view transitions introduced in browsers last year. https://developer.chrome.com/docs/web-platform/view-transitions

Try it out and see how it feels! And do let us all know if you run into any blocking issues!

[osseonews]

Really excited about this project as I have been looking for a long time for a framework that actually treated the Cloudflare stack as a "first class" citizen. This seems to be the first project that does this very well and I believe this is the future. Anyway, with regards to Auth, the Redwood SDK is quite primitive and not viable for most businesses that require different types of Auth (email/password, Social auth etc). However, there is a great Auth codebase that is built also entirely on Cloudflare Workers, called Melody Auth, https://github.com/ValueMelody/melody-auth which provides everything you need for Auth on Workers. It is really good and way ahead of Redwood SDK in terms of Auth. I recommend you just integrate that Auth into Redwood and/or just use their code base (there are some slight differences in how you structure things - he uses Hono as the router) to implement Auth directly into Redwood. Thanks for your hard work and really looking forward to seeing how Redwood SDK develops.

[nmn]

@Tobbe I understand that MPAs work in many scenarios, but a big reason to use React and RSCs is for all the benefits of using client-side routing. Here are some of the things that are only possible with client-side routing and not with MPAs:

• Optimistic Updates
• Persistent UI components (such as a music player, or video player)

Perhaps there can be some hooks to make it possible to add our own client-side routing? From what I understand the only important thing to do is make it possible to render just RSC output instead of HTML when a request is made via fetch.

[peterp]

@nmn Hey! We can certainly support SPAs, and we built the framework with that flexibility in mind, as described over here: https://rwsdk.com/blog/redwoodsdk-multiple-documents

The idea around creating hooks around rendering is a great one; and this is totally possible. I'm preparing for a talk this week and flying to London, but I would love to work on a proof of concept that shows this off more in-depth. I'm thinking that we could just use tanstack's client side router, or something custom.

[peterp]

The Redwood SDK is quite primitive and not viable for most businesses that require different types of Auth (email/password, Social auth etc).

Thanks for bringing this to our attention. I think it's important for us to "own this part" of the stack. Previously we integrated with a bunch of 3rd party authz/n providers and maintaining all those integrations became a pain. I'm guessing maintain an auth library is even more of a pain, but who knows!

I'll reach out the melody author/ better-auth/ lucide and see if there's something we can do.

[osseonews]

@peterp Yeah, I agree. it's better to own this as part of the stack. But, I believe the two codebases can be easily integrated. It's all just Worker's type code, i.e. JS and the main difference seems to be that that codebase uses Knex as opposed to Prisma. Incidentally, i do think Knex is better to use for cloudflare and I think prisma might cause some difficulties here (personally i haven't had a great experience with Prisma).

[CanRau]

Just stumbled upon this and the discussion about client-side routing, wanted to mention another pro for it

Because we re-render the tree. layout contexts would be blown away on page navigation even if that page was wrapped in the same layout. (https://github.com/redwoodjs/sdk/issues/348)