@relay-federation/bridge 0.3.9 → 0.3.10

package/cli.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 
 import { join } from 'node:path'
 import { initConfig, loadConfig, configExists, defaultConfigDir } from './lib/config.js'
@@ -325,7 +325,12 @@ async function cmdStart () {
   peerManager.on('peer:connect', ({ pubkeyHex, endpoint }) => {
     peerHealth.recordSeen(pubkeyHex)
     scorer.setStakeAge(pubkeyHex, 7)
-    if (endpoint) gossipManager.addSeed({ pubkeyHex, endpoint, meshId: config.meshId })
+    if (endpoint) {
+      const updated = gossipManager.updatePeerEndpoint({ pubkeyHex, endpoint, meshId: config.meshId })
+      if (updated) {
+        console.log(`  Endpoint updated: ${pubkeyHex.slice(0, 16)}... → ${endpoint}`)
+      }
+    }
   })
 
   peerManager.on('peer:disconnect', ({ pubkeyHex }) => {
@@ -501,17 +506,23 @@ async function cmdStart () {
         // Tie-break duplicate connections (inbound may have been accepted during handshake)
         const existing = peerManager.peers.get(result.peerPubkey)
         if (existing && existing !== conn) {
-          if (config.pubkeyHex > result.peerPubkey) {
+          // If existing connection is dead, prefer new working connection
+          if (!existing.connected) {
+            console.log(`  Replacing dead connection to ${result.peerPubkey.slice(0, 16)}...`)
+            existing._shouldReconnect = false
+            existing.destroy()
+          } else if (config.pubkeyHex > result.peerPubkey) {
             // Higher pubkey drops outbound — keep existing inbound
             console.log(`  Duplicate: keeping inbound from ${result.peerPubkey.slice(0, 16)}...`)
             conn._shouldReconnect = false
             conn.destroy()
             return
+          } else {
+            // Lower pubkey keeps outbound — drop existing inbound
+            console.log(`  Duplicate: keeping outbound to ${result.peerPubkey.slice(0, 16)}...`)
+            existing._shouldReconnect = false
+            existing.destroy()
           }
-          // Lower pubkey keeps outbound — drop existing inbound
-          console.log(`  Duplicate: keeping outbound to ${result.peerPubkey.slice(0, 16)}...`)
-          existing._shouldReconnect = false
-          existing.destroy()
         }
 
         peerManager.peers.set(result.peerPubkey, conn)

package/lib/gossip.js

@@ -1,266 +1,300 @@
-import { EventEmitter } from 'node:events'
-import { signHash, verifyHash } from '@relay-federation/common/crypto'
-
-/**
- * GossipManager — peer discovery via WebSocket gossip protocol.
- *
- * Replaces HTTP-based registry scanning with pure P2P peer discovery.
- * Three message types:
- *
- *   getpeers   — "tell me who you know"
- *   peers      — response with list of known peers
- *   announce   — "I'm alive" (signed, propagated to all peers)
- *
- * Announcements are signed with the bridge's private key to prevent
- * impersonation. Each announcement includes a timestamp — stale
- * announcements (older than maxAge) are discarded.
- *
- * Events:
- *   'peer:discovered'  — { pubkeyHex, endpoint, meshId }
- *   'peers:response'   — { peers: Array }
- */
-export class GossipManager extends EventEmitter {
-  /**
-   * @param {import('./peer-manager.js').PeerManager} peerManager
-   * @param {object} opts
-   * @param {import('@bsv/sdk').PrivateKey} opts.privKey — Bridge private key for signing
-   * @param {string} opts.pubkeyHex — Our compressed pubkey hex
-   * @param {string} opts.endpoint — Our advertised WSS endpoint
-   * @param {string} [opts.meshId='70016'] — Mesh identifier
-   * @param {number} [opts.announceIntervalMs=60000] — Re-announce interval
-   * @param {number} [opts.maxAge=300000] — Max age for announcements (5 min)
-   * @param {number} [opts.maxPeersResponse=50] — Max peers in a response
-   */
-  constructor (peerManager, opts) {
-    super()
-    this.peerManager = peerManager
-    this._privKey = opts.privKey
-    this._pubkeyHex = opts.pubkeyHex
-    this._endpoint = opts.endpoint
-    this._meshId = opts.meshId || '70016'
-    this._announceIntervalMs = opts.announceIntervalMs || 60000
-    this._maxAge = opts.maxAge || 300000
-    this._maxPeersResponse = opts.maxPeersResponse || 50
-
-    /** @type {Map<string, { pubkeyHex: string, endpoint: string, meshId: string, lastSeen: number }>} */
-    this._directory = new Map()
-
-    /** @type {Set<string>} recently seen announce hashes (dedup) */
-    this._seenAnnounces = new Set()
-
-    this._announceTimer = null
-
-    this.peerManager.on('peer:message', ({ pubkeyHex, message }) => {
-      this._handleMessage(pubkeyHex, message)
-    })
-  }
-
-  /**
-   * Start periodic announcements.
-   */
-  start () {
-    // Announce immediately
-    this._broadcastAnnounce()
-    // Then on interval
-    this._announceTimer = setInterval(() => {
-      this._broadcastAnnounce()
-    }, this._announceIntervalMs)
-    if (this._announceTimer.unref) this._announceTimer.unref()
-  }
-
-  /**
-   * Stop periodic announcements.
-   */
-  stop () {
-    if (this._announceTimer) {
-      clearInterval(this._announceTimer)
-      this._announceTimer = null
-    }
-  }
-
-  /**
-   * Request peer list from a specific peer.
-   * @param {string} pubkeyHex — peer to ask
-   */
-  requestPeers (pubkeyHex) {
-    const conn = this.peerManager.peers.get(pubkeyHex)
-    if (conn) {
-      conn.send({ type: 'getpeers' })
-    }
-  }
-
-  /**
-   * Request peer lists from all connected peers.
-   */
-  requestPeersFromAll () {
-    this.peerManager.broadcast({ type: 'getpeers' })
-  }
-
-  /**
-   * Get the current peer directory.
-   * @returns {Array<{ pubkeyHex: string, endpoint: string, meshId: string, lastSeen: number }>}
-   */
-  getDirectory () {
-    const now = Date.now()
-    const result = []
-    for (const [, entry] of this._directory) {
-      if (now - entry.lastSeen < this._maxAge) {
-        result.push({ ...entry })
-      }
-    }
-    return result
-  }
-
-  /**
-   * Get directory size (excluding stale entries).
-   * @returns {number}
-   */
-  directorySize () {
-    return this.getDirectory().length
-  }
-
-  /**
-   * Manually add a peer to the directory (e.g., seed peers from config).
-   * @param {{ pubkeyHex: string, endpoint: string, meshId?: string }} peer
-   */
-  addSeed (peer) {
-    this._directory.set(peer.pubkeyHex, {
-      pubkeyHex: peer.pubkeyHex,
-      endpoint: peer.endpoint,
-      meshId: peer.meshId || this._meshId,
-      lastSeen: Date.now()
-    })
-  }
-
-  /** @private */
-  _handleMessage (pubkeyHex, message) {
-    switch (message.type) {
-      case 'getpeers':
-        this._onGetPeers(pubkeyHex)
-        break
-      case 'peers':
-        this._onPeers(pubkeyHex, message)
-        break
-      case 'announce':
-        this._onAnnounce(pubkeyHex, message)
-        break
-    }
-  }
-
-  /** @private */
-  _onGetPeers (pubkeyHex) {
-    const peers = this.getDirectory()
-      .filter(p => p.pubkeyHex !== pubkeyHex) // don't send them back to themselves
-      .slice(0, this._maxPeersResponse)
-
-    const conn = this.peerManager.peers.get(pubkeyHex)
-    if (conn) {
-      conn.send({ type: 'peers', peers })
-    }
-  }
-
-  /** @private */
-  _onPeers (pubkeyHex, message) {
-    if (!Array.isArray(message.peers)) return
-
-    for (const peer of message.peers) {
-      if (!peer.pubkeyHex || !peer.endpoint) continue
-      if (peer.pubkeyHex === this._pubkeyHex) continue // skip self
-
-      const isNew = !this._directory.has(peer.pubkeyHex)
-
-      this._directory.set(peer.pubkeyHex, {
-        pubkeyHex: peer.pubkeyHex,
-        endpoint: peer.endpoint,
-        meshId: peer.meshId || 'unknown',
-        lastSeen: Date.now()
-      })
-
-      if (isNew) {
-        this.emit('peer:discovered', {
-          pubkeyHex: peer.pubkeyHex,
-          endpoint: peer.endpoint,
-          meshId: peer.meshId || 'unknown'
-        })
-      }
-    }
-
-    this.emit('peers:response', { peers: message.peers, from: pubkeyHex })
-  }
-
-  /** @private */
-  _onAnnounce (sourcePubkey, message) {
-    if (!message.pubkeyHex || !message.endpoint || !message.timestamp || !message.signature) return
-
-    // Dedup — don't process the same announcement twice
-    const announceId = `${message.pubkeyHex}:${message.timestamp}`
-    if (this._seenAnnounces.has(announceId)) return
-    this._seenAnnounces.add(announceId)
-
-    // Trim dedup set if it gets too large
-    if (this._seenAnnounces.size > 10000) {
-      const arr = [...this._seenAnnounces]
-      this._seenAnnounces = new Set(arr.slice(arr.length - 5000))
-    }
-
-    // Check age
-    const age = Date.now() - message.timestamp
-    if (age > this._maxAge || age < -30000) return // too old or too far in the future
-
-    // Verify signature
-    const payload = `${message.pubkeyHex}:${message.endpoint}:${message.meshId || ''}:${message.timestamp}`
-    const dataHex = Buffer.from(payload, 'utf8').toString('hex')
-
-    try {
-      const valid = verifyHash(dataHex, message.signature, message.pubkeyHex)
-      if (!valid) return
-    } catch {
-      return // invalid signature format
-    }
-
-    // Skip self
-    if (message.pubkeyHex === this._pubkeyHex) return
-
-    const isNew = !this._directory.has(message.pubkeyHex)
-
-    this._directory.set(message.pubkeyHex, {
-      pubkeyHex: message.pubkeyHex,
-      endpoint: message.endpoint,
-      meshId: message.meshId || 'unknown',
-      lastSeen: Date.now()
-    })
-
-    if (isNew) {
-      this.emit('peer:discovered', {
-        pubkeyHex: message.pubkeyHex,
-        endpoint: message.endpoint,
-        meshId: message.meshId || 'unknown'
-      })
-    }
-
-    // Re-broadcast to all peers except source
-    this.peerManager.broadcast(message, sourcePubkey)
-  }
-
-  /** @private */
-  _broadcastAnnounce () {
-    const timestamp = Date.now()
-    const payload = `${this._pubkeyHex}:${this._endpoint}:${this._meshId}:${timestamp}`
-    const dataHex = Buffer.from(payload, 'utf8').toString('hex')
-    const signature = signHash(dataHex, this._privKey)
-
-    const message = {
-      type: 'announce',
-      pubkeyHex: this._pubkeyHex,
-      endpoint: this._endpoint,
-      meshId: this._meshId,
-      timestamp,
-      signature
-    }
-
-    // Add to our own dedup set
-    this._seenAnnounces.add(`${this._pubkeyHex}:${timestamp}`)
-
-    this.peerManager.broadcast(message)
-  }
-}
+import { EventEmitter } from 'node:events'
+import { signHash, verifyHash } from '@relay-federation/common/crypto'
+
+/**
+ * GossipManager — peer discovery via WebSocket gossip protocol.
+ *
+ * Replaces HTTP-based registry scanning with pure P2P peer discovery.
+ * Three message types:
+ *
+ *   getpeers   — "tell me who you know"
+ *   peers      — response with list of known peers
+ *   announce   — "I'm alive" (signed, propagated to all peers)
+ *
+ * Announcements are signed with the bridge's private key to prevent
+ * impersonation. Each announcement includes a timestamp — stale
+ * announcements (older than maxAge) are discarded.
+ *
+ * Events:
+ *   'peer:discovered'  — { pubkeyHex, endpoint, meshId }
+ *   'peers:response'   — { peers: Array }
+ */
+export class GossipManager extends EventEmitter {
+  /**
+   * @param {import('./peer-manager.js').PeerManager} peerManager
+   * @param {object} opts
+   * @param {import('@bsv/sdk').PrivateKey} opts.privKey — Bridge private key for signing
+   * @param {string} opts.pubkeyHex — Our compressed pubkey hex
+   * @param {string} opts.endpoint — Our advertised WSS endpoint
+   * @param {string} [opts.meshId='70016'] — Mesh identifier
+   * @param {number} [opts.announceIntervalMs=60000] — Re-announce interval
+   * @param {number} [opts.maxAge=300000] — Max age for announcements (5 min)
+   * @param {number} [opts.maxPeersResponse=50] — Max peers in a response
+   */
+  constructor (peerManager, opts) {
+    super()
+    this.peerManager = peerManager
+    this._privKey = opts.privKey
+    this._pubkeyHex = opts.pubkeyHex
+    this._endpoint = opts.endpoint
+    this._meshId = opts.meshId || '70016'
+    this._announceIntervalMs = opts.announceIntervalMs || 60000
+    this._maxAge = opts.maxAge || 300000
+    this._maxPeersResponse = opts.maxPeersResponse || 50
+
+    /** @type {Map<string, { pubkeyHex: string, endpoint: string, meshId: string, lastSeen: number }>} */
+    this._directory = new Map()
+
+    /** @type {Set<string>} recently seen announce hashes (dedup) */
+    this._seenAnnounces = new Set()
+
+    this._announceTimer = null
+
+    this.peerManager.on('peer:message', ({ pubkeyHex, message }) => {
+      this._handleMessage(pubkeyHex, message)
+    })
+  }
+
+  /**
+   * Start periodic announcements.
+   */
+  start () {
+    // Announce immediately
+    this._broadcastAnnounce()
+    // Then on interval
+    this._announceTimer = setInterval(() => {
+      this._broadcastAnnounce()
+    }, this._announceIntervalMs)
+    if (this._announceTimer.unref) this._announceTimer.unref()
+  }
+
+  /**
+   * Stop periodic announcements.
+   */
+  stop () {
+    if (this._announceTimer) {
+      clearInterval(this._announceTimer)
+      this._announceTimer = null
+    }
+  }
+
+  /**
+   * Request peer list from a specific peer.
+   * @param {string} pubkeyHex — peer to ask
+   */
+  requestPeers (pubkeyHex) {
+    const conn = this.peerManager.peers.get(pubkeyHex)
+    if (conn) {
+      conn.send({ type: 'getpeers' })
+    }
+  }
+
+  /**
+   * Request peer lists from all connected peers.
+   */
+  requestPeersFromAll () {
+    this.peerManager.broadcast({ type: 'getpeers' })
+  }
+
+  /**
+   * Get the current peer directory.
+   * @returns {Array<{ pubkeyHex: string, endpoint: string, meshId: string, lastSeen: number }>}
+   */
+  getDirectory () {
+    const now = Date.now()
+    const result = []
+    for (const [, entry] of this._directory) {
+      if (now - entry.lastSeen < this._maxAge) {
+        result.push({ ...entry })
+      }
+    }
+    return result
+  }
+
+  /**
+   * Get directory size (excluding stale entries).
+   * @returns {number}
+   */
+  directorySize () {
+    return this.getDirectory().length
+  }
+
+  /**
+   * Manually add a peer to the directory (e.g., seed peers from config).
+   * @param {{ pubkeyHex: string, endpoint: string, meshId?: string }} peer
+   */
+  addSeed (peer) {
+    this._directory.set(peer.pubkeyHex, {
+      pubkeyHex: peer.pubkeyHex,
+      endpoint: peer.endpoint,
+      meshId: peer.meshId || this._meshId,
+      lastSeen: Date.now()
+    })
+  }
+
+  /**
+   * Update a peer's endpoint after successful handshake and broadcast the update.
+   *
+   * This enables self-healing when a peer changes IP: after they complete a
+   * cryptographically verified handshake from their new endpoint, we update
+   * our directory and immediately broadcast the change to all connected peers.
+   *
+   * @param {{ pubkeyHex: string, endpoint: string, meshId?: string }} peer
+   * @returns {boolean} true if the endpoint was updated (changed from cached value)
+   */
+  updatePeerEndpoint (peer) {
+    const existing = this._directory.get(peer.pubkeyHex)
+    const endpointChanged = !existing || existing.endpoint !== peer.endpoint
+
+    // Update the directory entry
+    this._directory.set(peer.pubkeyHex, {
+      pubkeyHex: peer.pubkeyHex,
+      endpoint: peer.endpoint,
+      meshId: peer.meshId || existing?.meshId || this._meshId,
+      lastSeen: Date.now()
+    })
+
+    // If endpoint changed, broadcast the update to all connected peers
+    if (endpointChanged) {
+      const updatedPeer = this._directory.get(peer.pubkeyHex)
+      this.peerManager.broadcast({
+        type: 'peers',
+        peers: [updatedPeer]
+      }, peer.pubkeyHex) // exclude the peer we just updated
+    }
+
+    return endpointChanged
+  }
+
+  /** @private */
+  _handleMessage (pubkeyHex, message) {
+    switch (message.type) {
+      case 'getpeers':
+        this._onGetPeers(pubkeyHex)
+        break
+      case 'peers':
+        this._onPeers(pubkeyHex, message)
+        break
+      case 'announce':
+        this._onAnnounce(pubkeyHex, message)
+        break
+    }
+  }
+
+  /** @private */
+  _onGetPeers (pubkeyHex) {
+    const peers = this.getDirectory()
+      .filter(p => p.pubkeyHex !== pubkeyHex) // don't send them back to themselves
+      .slice(0, this._maxPeersResponse)
+
+    const conn = this.peerManager.peers.get(pubkeyHex)
+    if (conn) {
+      conn.send({ type: 'peers', peers })
+    }
+  }
+
+  /** @private */
+  _onPeers (pubkeyHex, message) {
+    if (!Array.isArray(message.peers)) return
+
+    for (const peer of message.peers) {
+      if (!peer.pubkeyHex || !peer.endpoint) continue
+      if (peer.pubkeyHex === this._pubkeyHex) continue // skip self
+
+      const isNew = !this._directory.has(peer.pubkeyHex)
+
+      this._directory.set(peer.pubkeyHex, {
+        pubkeyHex: peer.pubkeyHex,
+        endpoint: peer.endpoint,
+        meshId: peer.meshId || 'unknown',
+        lastSeen: Date.now()
+      })
+
+      if (isNew) {
+        this.emit('peer:discovered', {
+          pubkeyHex: peer.pubkeyHex,
+          endpoint: peer.endpoint,
+          meshId: peer.meshId || 'unknown'
+        })
+      }
+    }
+
+    this.emit('peers:response', { peers: message.peers, from: pubkeyHex })
+  }
+
+  /** @private */
+  _onAnnounce (sourcePubkey, message) {
+    if (!message.pubkeyHex || !message.endpoint || !message.timestamp || !message.signature) return
+
+    // Dedup — don't process the same announcement twice
+    const announceId = `${message.pubkeyHex}:${message.timestamp}`
+    if (this._seenAnnounces.has(announceId)) return
+    this._seenAnnounces.add(announceId)
+
+    // Trim dedup set if it gets too large
+    if (this._seenAnnounces.size > 10000) {
+      const arr = [...this._seenAnnounces]
+      this._seenAnnounces = new Set(arr.slice(arr.length - 5000))
+    }
+
+    // Check age
+    const age = Date.now() - message.timestamp
+    if (age > this._maxAge || age < -30000) return // too old or too far in the future
+
+    // Verify signature
+    const payload = `${message.pubkeyHex}:${message.endpoint}:${message.meshId || ''}:${message.timestamp}`
+    const dataHex = Buffer.from(payload, 'utf8').toString('hex')
+
+    try {
+      const valid = verifyHash(dataHex, message.signature, message.pubkeyHex)
+      if (!valid) return
+    } catch {
+      return // invalid signature format
+    }
+
+    // Skip self
+    if (message.pubkeyHex === this._pubkeyHex) return
+
+    const isNew = !this._directory.has(message.pubkeyHex)
+
+    this._directory.set(message.pubkeyHex, {
+      pubkeyHex: message.pubkeyHex,
+      endpoint: message.endpoint,
+      meshId: message.meshId || 'unknown',
+      lastSeen: Date.now()
+    })
+
+    if (isNew) {
+      this.emit('peer:discovered', {
+        pubkeyHex: message.pubkeyHex,
+        endpoint: message.endpoint,
+        meshId: message.meshId || 'unknown'
+      })
+    }
+
+    // Re-broadcast to all peers except source
+    this.peerManager.broadcast(message, sourcePubkey)
+  }
+
+  /** @private */
+  _broadcastAnnounce () {
+    const timestamp = Date.now()
+    const payload = `${this._pubkeyHex}:${this._endpoint}:${this._meshId}:${timestamp}`
+    const dataHex = Buffer.from(payload, 'utf8').toString('hex')
+    const signature = signHash(dataHex, this._privKey)
+
+    const message = {
+      type: 'announce',
+      pubkeyHex: this._pubkeyHex,
+      endpoint: this._endpoint,
+      meshId: this._meshId,
+      timestamp,
+      signature
+    }
+
+    // Add to our own dedup set
+    this._seenAnnounces.add(`${this._pubkeyHex}:${timestamp}`)
+
+    this.peerManager.broadcast(message)
+  }
+}

package/lib/peer-manager.js

@@ -1,272 +1,278 @@
-import { EventEmitter } from 'node:events'
-import { WebSocketServer } from 'ws'
-import { PeerConnection } from './peer-connection.js'
-
-/**
- * PeerManager — manages multiple peer connections.
- *
- * Handles:
- * - Outbound connections to discovered peers
- * - Inbound connections from other bridges (via WSS server)
- * - Broadcasting messages to all connected peers
- * - Peer lifecycle (connect, disconnect, reconnect)
- *
- * Events:
- *   'peer:connect'    — { pubkeyHex, endpoint }
- *   'peer:disconnect' — { pubkeyHex, endpoint }
- *   'peer:message'    — { pubkeyHex, message }
- *   'peer:error'      — { pubkeyHex, error }
- */
-export class PeerManager extends EventEmitter {
-  /**
-   * @param {object} [opts]
-   */
-  constructor () {
-    super()
-    /** @type {Map<string, PeerConnection>} pubkeyHex → PeerConnection */
-    this.peers = new Map()
-    this._server = null
-  }
-
-  /**
-   * Connect to a discovered peer (outbound).
-   *
-   * @param {object} peer - Peer from buildPeerList()
-   * @param {string} peer.pubkeyHex
-   * @param {string} peer.endpoint
-   * @returns {PeerConnection|null} The connection, or null if already connected
-   */
-  connectToPeer (peer) {
-    if (this.peers.has(peer.pubkeyHex)) {
-      return this.peers.get(peer.pubkeyHex)
-    }
-
-    const conn = new PeerConnection({
-      endpoint: peer.endpoint,
-      pubkeyHex: peer.pubkeyHex
-    })
-
-    this._attachPeerEvents(conn)
-    this.peers.set(peer.pubkeyHex, conn)
-    conn.connect()
-
-    return conn
-  }
-
-  /**
-   * Accept an inbound peer connection.
-   *
-   * @param {WebSocket} socket - Incoming WebSocket
-   * @param {string} pubkeyHex - Peer's pubkey (from handshake)
-   * @param {string} endpoint - Peer's advertised endpoint
-   * @returns {PeerConnection|null}
-   */
-  acceptPeer (socket, pubkeyHex, endpoint) {
-    if (this.peers.has(pubkeyHex)) {
-      // Already connected — close the duplicate
-      socket.close()
-      return null
-    }
-
-    const conn = new PeerConnection({
-      endpoint,
-      pubkeyHex,
-      socket
-    })
-
-    this._attachPeerEvents(conn)
-    this.peers.set(pubkeyHex, conn)
-
-    return conn
-  }
-
-  /**
-   * Disconnect a specific peer.
-   *
-   * @param {string} pubkeyHex
-   */
-  disconnectPeer (pubkeyHex) {
-    const conn = this.peers.get(pubkeyHex)
-    if (conn) {
-      conn.destroy()
-      this.peers.delete(pubkeyHex)
-    }
-  }
-
-  /**
-   * Broadcast a message to all connected peers.
-   *
-   * @param {object} msg - JSON message with `type` field
-   * @param {string} [excludePubkey] - Optional pubkey to exclude (e.g. message source)
-   * @returns {number} Number of peers the message was sent to
-   */
-  broadcast (msg, excludePubkey) {
-    let sent = 0
-    for (const [pubkeyHex, conn] of this.peers) {
-      if (pubkeyHex === excludePubkey) continue
-      if (conn.send(msg)) sent++
-    }
-    return sent
-  }
-
-  /**
-   * Get count of currently connected peers.
-   * @returns {number}
-   */
-  connectedCount () {
-    let count = 0
-    for (const conn of this.peers.values()) {
-      if (conn.connected) count++
-    }
-    return count
-  }
-
-  /**
-   * Start a WebSocket server for inbound connections.
-   *
-   * @param {object} opts
-   * @param {number} opts.port - Port to listen on
-   * @param {string} [opts.host='0.0.0.0'] - Host to bind to
-   * @returns {Promise<void>}
-   */
-  startServer (opts) {
-    return new Promise((resolve, reject) => {
-      this._server = new WebSocketServer({
-        port: opts.port,
-        host: opts.host || '0.0.0.0'
-      })
-
-      this._server.on('listening', () => resolve())
-      this._server.on('error', (err) => reject(err))
-
-      this._server.on('connection', (ws) => {
-        // Inbound connections: full challenge-response handshake if available,
-        // otherwise fall back to basic hello exchange.
-        const timeout = setTimeout(() => {
-          ws.close() // No hello within 10 seconds
-        }, 10000)
-
-        ws.once('message', (data) => {
-          clearTimeout(timeout)
-          try {
-            const msg = JSON.parse(data.toString())
-            if (msg.type !== 'hello' || !msg.pubkey || !msg.endpoint) {
-              ws.close()
-              return
-            }
-
-            // If cryptographic handshake is available, use it
-            if (opts.handshake && msg.nonce && Array.isArray(msg.versions)) {
-              const isSeed = opts.seedEndpoints && opts.seedEndpoints.has(msg.endpoint)
-              const result = opts.handshake.handleHello(msg, isSeed ? null : opts.registeredPubkeys)
-              if (result.error) {
-                ws.send(JSON.stringify({ type: 'error', error: result.error }))
-                ws.close()
-                return
-              }
-
-              // Send challenge_response
-              ws.send(JSON.stringify(result.message))
-
-              // Wait for verify
-              const verifyTimeout = setTimeout(() => { ws.close() }, 10000)
-              ws.once('message', (data2) => {
-                clearTimeout(verifyTimeout)
-                try {
-                  const verifyMsg = JSON.parse(data2.toString())
-                  const verifyResult = opts.handshake.handleVerify(verifyMsg, result.nonce, result.peerPubkey)
-                  if (verifyResult.error) {
-                    ws.send(JSON.stringify({ type: 'error', error: verifyResult.error }))
-                    ws.close()
-                    return
-                  }
-
-                  // Tie-break duplicate connections by pubkey
-                  const existing = this.peers.get(result.peerPubkey)
-                  if (existing) {
-                    if (opts.pubkeyHex < result.peerPubkey) {
-                      // Lower pubkey keeps outbound — reject this inbound
-                      ws.close()
-                      return
-                    }
-                    // Higher pubkey keeps inbound — drop existing outbound
-                    existing._shouldReconnect = false
-                    existing.destroy()
-                    this.peers.delete(result.peerPubkey)
-                  }
-
-                  // Handshake complete — accept peer
-                  // Learn seed pubkeys so they pass registry check on future connections
-                  if (isSeed && opts.registeredPubkeys && !opts.registeredPubkeys.has(result.peerPubkey)) {
-                    opts.registeredPubkeys.add(result.peerPubkey)
-                  }
-                  const conn = this.acceptPeer(ws, result.peerPubkey, msg.endpoint)
-                  if (conn) {
-                    this.emit('peer:connect', { pubkeyHex: result.peerPubkey, endpoint: msg.endpoint })
-                    conn.emit('message', msg)
-                  }
-                } catch {
-                  ws.close()
-                }
-              })
-            } else {
-              // Legacy hello — accept without crypto verification
-              const conn = this.acceptPeer(ws, msg.pubkey, msg.endpoint)
-              if (conn) {
-                if (opts.pubkeyHex && opts.endpoint) {
-                  ws.send(JSON.stringify({
-                    type: 'hello',
-                    pubkey: opts.pubkeyHex,
-                    endpoint: opts.endpoint
-                  }))
-                }
-                this.emit('peer:connect', { pubkeyHex: msg.pubkey, endpoint: msg.endpoint })
-                conn.emit('message', msg)
-              }
-            }
-          } catch {
-            ws.close()
-          }
-        })
-      })
-    })
-  }
-
-  /**
-   * Stop the WebSocket server and disconnect all peers.
-   */
-  async shutdown () {
-    for (const [pubkeyHex, conn] of this.peers) {
-      conn.destroy()
-    }
-    this.peers.clear()
-
-    if (this._server) {
-      await new Promise(resolve => this._server.close(resolve))
-      this._server = null
-    }
-  }
-
-  _attachPeerEvents (conn) {
-    conn.on('message', (msg) => {
-      this.emit('peer:message', { pubkeyHex: conn.pubkeyHex, message: msg })
-    })
-
-    conn.on('close', () => {
-      // Only remove from map if the connection won't auto-reconnect.
-      // Keeping reconnecting peers in the map prevents gossip from
-      // creating duplicate PeerConnections for the same pubkey.
-      if (!conn._shouldReconnect || conn._destroyed) {
-        // Only delete if the map still holds THIS connection (not a replacement)
-        if (this.peers.get(conn.pubkeyHex) === conn) {
-          this.peers.delete(conn.pubkeyHex)
-        }
-      }
-      this.emit('peer:disconnect', { pubkeyHex: conn.pubkeyHex, endpoint: conn.endpoint })
-    })
-
-    conn.on('error', (err) => {
-      this.emit('peer:error', { pubkeyHex: conn.pubkeyHex, error: err })
-    })
-  }
-}
+import { EventEmitter } from 'node:events'
+import { WebSocketServer } from 'ws'
+import { PeerConnection } from './peer-connection.js'
+
+/**
+ * PeerManager — manages multiple peer connections.
+ *
+ * Handles:
+ * - Outbound connections to discovered peers
+ * - Inbound connections from other bridges (via WSS server)
+ * - Broadcasting messages to all connected peers
+ * - Peer lifecycle (connect, disconnect, reconnect)
+ *
+ * Events:
+ *   'peer:connect'    — { pubkeyHex, endpoint }
+ *   'peer:disconnect' — { pubkeyHex, endpoint }
+ *   'peer:message'    — { pubkeyHex, message }
+ *   'peer:error'      — { pubkeyHex, error }
+ */
+export class PeerManager extends EventEmitter {
+  /**
+   * @param {object} [opts]
+   */
+  constructor () {
+    super()
+    /** @type {Map<string, PeerConnection>} pubkeyHex → PeerConnection */
+    this.peers = new Map()
+    this._server = null
+  }
+
+  /**
+   * Connect to a discovered peer (outbound).
+   *
+   * @param {object} peer - Peer from buildPeerList()
+   * @param {string} peer.pubkeyHex
+   * @param {string} peer.endpoint
+   * @returns {PeerConnection|null} The connection, or null if already connected
+   */
+  connectToPeer (peer) {
+    if (this.peers.has(peer.pubkeyHex)) {
+      return this.peers.get(peer.pubkeyHex)
+    }
+
+    const conn = new PeerConnection({
+      endpoint: peer.endpoint,
+      pubkeyHex: peer.pubkeyHex
+    })
+
+    this._attachPeerEvents(conn)
+    this.peers.set(peer.pubkeyHex, conn)
+    conn.connect()
+
+    return conn
+  }
+
+  /**
+   * Accept an inbound peer connection.
+   *
+   * @param {WebSocket} socket - Incoming WebSocket
+   * @param {string} pubkeyHex - Peer's pubkey (from handshake)
+   * @param {string} endpoint - Peer's advertised endpoint
+   * @returns {PeerConnection|null}
+   */
+  acceptPeer (socket, pubkeyHex, endpoint) {
+    if (this.peers.has(pubkeyHex)) {
+      // Already connected — close the duplicate
+      socket.close()
+      return null
+    }
+
+    const conn = new PeerConnection({
+      endpoint,
+      pubkeyHex,
+      socket
+    })
+
+    this._attachPeerEvents(conn)
+    this.peers.set(pubkeyHex, conn)
+
+    return conn
+  }
+
+  /**
+   * Disconnect a specific peer.
+   *
+   * @param {string} pubkeyHex
+   */
+  disconnectPeer (pubkeyHex) {
+    const conn = this.peers.get(pubkeyHex)
+    if (conn) {
+      conn.destroy()
+      this.peers.delete(pubkeyHex)
+    }
+  }
+
+  /**
+   * Broadcast a message to all connected peers.
+   *
+   * @param {object} msg - JSON message with `type` field
+   * @param {string} [excludePubkey] - Optional pubkey to exclude (e.g. message source)
+   * @returns {number} Number of peers the message was sent to
+   */
+  broadcast (msg, excludePubkey) {
+    let sent = 0
+    for (const [pubkeyHex, conn] of this.peers) {
+      if (pubkeyHex === excludePubkey) continue
+      if (conn.send(msg)) sent++
+    }
+    return sent
+  }
+
+  /**
+   * Get count of currently connected peers.
+   * @returns {number}
+   */
+  connectedCount () {
+    let count = 0
+    for (const conn of this.peers.values()) {
+      if (conn.connected) count++
+    }
+    return count
+  }
+
+  /**
+   * Start a WebSocket server for inbound connections.
+   *
+   * @param {object} opts
+   * @param {number} opts.port - Port to listen on
+   * @param {string} [opts.host='0.0.0.0'] - Host to bind to
+   * @returns {Promise<void>}
+   */
+  startServer (opts) {
+    return new Promise((resolve, reject) => {
+      this._server = new WebSocketServer({
+        port: opts.port,
+        host: opts.host || '0.0.0.0'
+      })
+
+      this._server.on('listening', () => resolve())
+      this._server.on('error', (err) => reject(err))
+
+      this._server.on('connection', (ws) => {
+        // Inbound connections: full challenge-response handshake if available,
+        // otherwise fall back to basic hello exchange.
+        const timeout = setTimeout(() => {
+          ws.close() // No hello within 10 seconds
+        }, 10000)
+
+        ws.once('message', (data) => {
+          clearTimeout(timeout)
+          try {
+            const msg = JSON.parse(data.toString())
+            if (msg.type !== 'hello' || !msg.pubkey || !msg.endpoint) {
+              ws.close()
+              return
+            }
+
+            // If cryptographic handshake is available, use it
+            if (opts.handshake && msg.nonce && Array.isArray(msg.versions)) {
+              const isSeed = opts.seedEndpoints && opts.seedEndpoints.has(msg.endpoint)
+              const result = opts.handshake.handleHello(msg, isSeed ? null : opts.registeredPubkeys)
+              if (result.error) {
+                ws.send(JSON.stringify({ type: 'error', error: result.error }))
+                ws.close()
+                return
+              }
+
+              // Send challenge_response
+              ws.send(JSON.stringify(result.message))
+
+              // Wait for verify
+              const verifyTimeout = setTimeout(() => { ws.close() }, 10000)
+              ws.once('message', (data2) => {
+                clearTimeout(verifyTimeout)
+                try {
+                  const verifyMsg = JSON.parse(data2.toString())
+                  const verifyResult = opts.handshake.handleVerify(verifyMsg, result.nonce, result.peerPubkey)
+                  if (verifyResult.error) {
+                    ws.send(JSON.stringify({ type: 'error', error: verifyResult.error }))
+                    ws.close()
+                    return
+                  }
+
+                  // Tie-break duplicate connections by pubkey
+                  const existing = this.peers.get(result.peerPubkey)
+                  if (existing) {
+                    // If existing connection is dead (reconnecting), prefer new working connection
+                    if (!existing.connected) {
+                      existing._shouldReconnect = false
+                      existing.destroy()
+                      this.peers.delete(result.peerPubkey)
+                    } else if (opts.pubkeyHex < result.peerPubkey) {
+                      // Lower pubkey keeps outbound — reject this inbound
+                      ws.close()
+                      return
+                    } else {
+                      // Higher pubkey keeps inbound — drop existing outbound
+                      existing._shouldReconnect = false
+                      existing.destroy()
+                      this.peers.delete(result.peerPubkey)
+                    }
+                  }
+
+                  // Handshake complete — accept peer
+                  // Learn seed pubkeys so they pass registry check on future connections
+                  if (isSeed && opts.registeredPubkeys && !opts.registeredPubkeys.has(result.peerPubkey)) {
+                    opts.registeredPubkeys.add(result.peerPubkey)
+                  }
+                  const conn = this.acceptPeer(ws, result.peerPubkey, msg.endpoint)
+                  if (conn) {
+                    this.emit('peer:connect', { pubkeyHex: result.peerPubkey, endpoint: msg.endpoint })
+                    conn.emit('message', msg)
+                  }
+                } catch {
+                  ws.close()
+                }
+              })
+            } else {
+              // Legacy hello — accept without crypto verification
+              const conn = this.acceptPeer(ws, msg.pubkey, msg.endpoint)
+              if (conn) {
+                if (opts.pubkeyHex && opts.endpoint) {
+                  ws.send(JSON.stringify({
+                    type: 'hello',
+                    pubkey: opts.pubkeyHex,
+                    endpoint: opts.endpoint
+                  }))
+                }
+                this.emit('peer:connect', { pubkeyHex: msg.pubkey, endpoint: msg.endpoint })
+                conn.emit('message', msg)
+              }
+            }
+          } catch {
+            ws.close()
+          }
+        })
+      })
+    })
+  }
+
+  /**
+   * Stop the WebSocket server and disconnect all peers.
+   */
+  async shutdown () {
+    for (const [pubkeyHex, conn] of this.peers) {
+      conn.destroy()
+    }
+    this.peers.clear()
+
+    if (this._server) {
+      await new Promise(resolve => this._server.close(resolve))
+      this._server = null
+    }
+  }
+
+  _attachPeerEvents (conn) {
+    conn.on('message', (msg) => {
+      this.emit('peer:message', { pubkeyHex: conn.pubkeyHex, message: msg })
+    })
+
+    conn.on('close', () => {
+      // Only remove from map if the connection won't auto-reconnect.
+      // Keeping reconnecting peers in the map prevents gossip from
+      // creating duplicate PeerConnections for the same pubkey.
+      if (!conn._shouldReconnect || conn._destroyed) {
+        // Only delete if the map still holds THIS connection (not a replacement)
+        if (this.peers.get(conn.pubkeyHex) === conn) {
+          this.peers.delete(conn.pubkeyHex)
+        }
+      }
+      this.emit('peer:disconnect', { pubkeyHex: conn.pubkeyHex, endpoint: conn.endpoint })
+    })
+
+    conn.on('error', (err) => {
+      this.emit('peer:error', { pubkeyHex: conn.pubkeyHex, error: err })
+    })
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@relay-federation/bridge",
-  "version": "0.3.9",
+  "version": "0.3.10",
   "description": "Bridge server — WebSocket peering, header sync, tx relay, CLI",
   "type": "module",
   "bin": {