@xtr-dev/rondevu-client 0.18.9 → 0.20.1

package/dist/{api.js → api/client.js}

@@ -1,8 +1,8 @@
 /**
  * Rondevu API Client - RPC interface
  */
-import { WebCryptoAdapter } from './web-crypto-adapter.js';
-import { RpcBatcher } from './rpc-batcher.js';
+import { WebCryptoAdapter } from '../crypto/web.js';
+import { RpcBatcher } from './batcher.js';
 /**
  * RondevuAPI - RPC-based API client for Rondevu signaling server
  */
@@ -20,34 +20,90 @@ export class RondevuAPI {
         }
     }
     /**
-     * Generate authentication parameters for RPC calls
+     * Create canonical JSON string with sorted keys for deterministic signing
      */
-    async generateAuth(method, params = '') {
+    canonicalJSON(obj) {
+        if (obj === null || obj === undefined) {
+            return JSON.stringify(obj);
+        }
+        if (typeof obj !== 'object') {
+            return JSON.stringify(obj);
+        }
+        if (Array.isArray(obj)) {
+            return '[' + obj.map(item => this.canonicalJSON(item)).join(',') + ']';
+        }
+        const sortedKeys = Object.keys(obj).sort();
+        const pairs = sortedKeys.map(key => {
+            return JSON.stringify(key) + ':' + this.canonicalJSON(obj[key]);
+        });
+        return '{' + pairs.join(',') + '}';
+    }
+    /**
+     * Generate authentication headers for RPC request
+     * Signs the payload (method + params + timestamp + username)
+     */
+    async generateAuthHeaders(request, includePublicKey = false) {
         const timestamp = Date.now();
-        const message = params
-            ? `${method}:${this.username}:${params}:${timestamp}`
-            : `${method}:${this.username}:${timestamp}`;
-        const signature = await this.crypto.signMessage(message, this.keypair.privateKey);
-        return { message, signature };
+        // Create payload with timestamp and username for signing: { method, params, timestamp, username }
+        const payload = { ...request, timestamp, username: this.username };
+        // Create canonical JSON representation for signing
+        const canonical = this.canonicalJSON(payload);
+        // Sign the canonical representation
+        const signature = await this.crypto.signMessage(canonical, this.keypair.privateKey);
+        const headers = {
+            'X-Signature': signature,
+            'X-Timestamp': timestamp.toString(),
+            'X-Username': this.username,
+        };
+        if (includePublicKey) {
+            headers['X-Public-Key'] = this.keypair.publicKey;
+        }
+        return headers;
+    }
+    /**
+     * Generate authentication fields embedded in request body (for batch requests)
+     * Signs the payload (method + params + timestamp + username)
+     */
+    async generateAuthForRequest(request, includePublicKey = false) {
+        const timestamp = Date.now();
+        // Create payload with timestamp and username for signing: { method, params, timestamp, username }
+        const payload = { ...request, timestamp, username: this.username };
+        // Create canonical JSON representation for signing
+        const canonical = this.canonicalJSON(payload);
+        // Sign the canonical representation
+        const signature = await this.crypto.signMessage(canonical, this.keypair.privateKey);
+        const authRequest = {
+            ...request,
+            signature,
+            timestamp,
+            username: this.username,
+        };
+        if (includePublicKey) {
+            authRequest.publicKey = this.keypair.publicKey;
+        }
+        return authRequest;
     }
     /**
      * Execute RPC call with optional batching
      */
-    async rpc(request) {
+    async rpc(request, authHeaders) {
         // Use batcher if enabled
         if (this.batcher) {
             return await this.batcher.add(request);
         }
         // Direct call without batching
-        return await this.rpcDirect(request);
+        return await this.rpcDirect(request, authHeaders);
     }
     /**
      * Execute single RPC call directly (bypasses batcher)
      */
-    async rpcDirect(request) {
+    async rpcDirect(request, authHeaders) {
         const response = await fetch(`${this.baseUrl}/rpc`, {
             method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
+            headers: {
+                'Content-Type': 'application/json',
+                ...authHeaders,
+            },
             body: JSON.stringify(request),
         });
         if (!response.ok) {
@@ -61,30 +117,25 @@ export class RondevuAPI {
     }
     /**
      * Execute batch RPC calls directly (bypasses batcher)
+     * Each request in the batch has its own embedded authentication (signature, timestamp, username, publicKey)
      */
     async rpcBatchDirect(requests) {
+        // Add auth to each request in the batch
+        const requestsWithAuth = await Promise.all(requests.map(req => this.generateAuthForRequest(req, true)));
         const response = await fetch(`${this.baseUrl}/rpc`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify(requests),
+            body: JSON.stringify(requestsWithAuth),
         });
         if (!response.ok) {
             throw new Error(`HTTP ${response.status}: ${response.statusText}`);
         }
         const results = await response.json();
-        // Validate response is an array
         if (!Array.isArray(results)) {
-            console.error('Invalid RPC batch response:', results);
             throw new Error('Server returned invalid batch response (not an array)');
         }
-        // Check response length matches request length
-        if (results.length !== requests.length) {
-            console.error(`Response length mismatch: expected ${requests.length}, got ${results.length}`);
-        }
+        // Map results, throwing error for any failed request
         return results.map((result, i) => {
-            if (!result || typeof result !== 'object') {
-                throw new Error(`Invalid response at index ${i}`);
-            }
             if (!result.success) {
                 throw new Error(result.error || `RPC call ${i} failed`);
             }
@@ -125,26 +176,24 @@ export class RondevuAPI {
      * Check if a username is available
      */
     async isUsernameAvailable(username) {
-        const auth = await this.generateAuth('getUser', username);
-        const result = await this.rpc({
+        const request = {
             method: 'getUser',
-            message: auth.message,
-            signature: auth.signature,
             params: { username },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, false);
+        const result = await this.rpc(request, authHeaders);
         return result.available;
     }
     /**
      * Check if current username is claimed
      */
     async isUsernameClaimed() {
-        const auth = await this.generateAuth('getUser', this.username);
-        const result = await this.rpc({
+        const request = {
             method: 'getUser',
-            message: auth.message,
-            signature: auth.signature,
             params: { username: this.username },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, false);
+        const result = await this.rpc(request, authHeaders);
         return !result.available;
     }
     // ============================================
@@ -154,47 +203,41 @@ export class RondevuAPI {
      * Publish a service
      */
     async publishService(service) {
-        const auth = await this.generateAuth('publishService', service.serviceFqn);
-        return await this.rpc({
+        const request = {
             method: 'publishService',
-            message: auth.message,
-            signature: auth.signature,
-            publicKey: this.keypair.publicKey,
             params: {
                 serviceFqn: service.serviceFqn,
                 offers: service.offers,
                 ttl: service.ttl,
             },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, true);
+        return await this.rpc(request, authHeaders);
     }
     /**
      * Get service by FQN (direct lookup, random, or paginated)
      */
     async getService(serviceFqn, options) {
-        const auth = await this.generateAuth('getService', serviceFqn);
-        return await this.rpc({
+        const request = {
             method: 'getService',
-            message: auth.message,
-            signature: auth.signature,
-            publicKey: this.keypair.publicKey,
             params: {
                 serviceFqn,
                 ...options,
             },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, true);
+        return await this.rpc(request, authHeaders);
     }
     /**
      * Delete a service
      */
     async deleteService(serviceFqn) {
-        const auth = await this.generateAuth('deleteService', serviceFqn);
-        await this.rpc({
+        const request = {
             method: 'deleteService',
-            message: auth.message,
-            signature: auth.signature,
-            publicKey: this.keypair.publicKey,
             params: { serviceFqn },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, true);
+        await this.rpc(request, authHeaders);
     }
     // ============================================
     // WebRTC Signaling
@@ -203,28 +246,24 @@ export class RondevuAPI {
      * Answer an offer
      */
     async answerOffer(serviceFqn, offerId, sdp) {
-        const auth = await this.generateAuth('answerOffer', offerId);
-        await this.rpc({
+        const request = {
             method: 'answerOffer',
-            message: auth.message,
-            signature: auth.signature,
-            publicKey: this.keypair.publicKey,
             params: { serviceFqn, offerId, sdp },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, true);
+        await this.rpc(request, authHeaders);
     }
     /**
      * Get answer for a specific offer (offerer polls this)
      */
     async getOfferAnswer(serviceFqn, offerId) {
         try {
-            const auth = await this.generateAuth('getOfferAnswer', offerId);
-            return await this.rpc({
+            const request = {
                 method: 'getOfferAnswer',
-                message: auth.message,
-                signature: auth.signature,
-                publicKey: this.keypair.publicKey,
                 params: { serviceFqn, offerId },
-            });
+            };
+            const authHeaders = await this.generateAuthHeaders(request, true);
+            return await this.rpc(request, authHeaders);
         }
         catch (err) {
             if (err.message.includes('not yet answered')) {
@@ -237,40 +276,34 @@ export class RondevuAPI {
      * Combined polling for answers and ICE candidates
      */
     async poll(since) {
-        const auth = await this.generateAuth('poll');
-        return await this.rpc({
+        const request = {
             method: 'poll',
-            message: auth.message,
-            signature: auth.signature,
-            publicKey: this.keypair.publicKey,
             params: { since },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, true);
+        return await this.rpc(request, authHeaders);
     }
     /**
      * Add ICE candidates to a specific offer
      */
     async addOfferIceCandidates(serviceFqn, offerId, candidates) {
-        const auth = await this.generateAuth('addIceCandidates', offerId);
-        return await this.rpc({
+        const request = {
             method: 'addIceCandidates',
-            message: auth.message,
-            signature: auth.signature,
-            publicKey: this.keypair.publicKey,
             params: { serviceFqn, offerId, candidates },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, true);
+        return await this.rpc(request, authHeaders);
     }
     /**
      * Get ICE candidates for a specific offer
      */
     async getOfferIceCandidates(serviceFqn, offerId, since = 0) {
-        const auth = await this.generateAuth('getIceCandidates', `${offerId}:${since}`);
-        const result = await this.rpc({
+        const request = {
             method: 'getIceCandidates',
-            message: auth.message,
-            signature: auth.signature,
-            publicKey: this.keypair.publicKey,
             params: { serviceFqn, offerId, since },
-        });
+        };
+        const authHeaders = await this.generateAuthHeaders(request, true);
+        const result = await this.rpc(request, authHeaders);
         return {
             candidates: result.candidates || [],
             offerId: result.offerId,

package/dist/{answerer-connection.d.ts → connections/answerer.d.ts}

@@ -1,9 +1,9 @@
 /**
  * Answerer-side WebRTC connection with answer creation and offer processing
  */
-import { RondevuConnection } from './connection.js';
-import { RondevuAPI } from './api.js';
-import { ConnectionConfig } from './connection-config.js';
+import { RondevuConnection } from './base.js';
+import { RondevuAPI } from '../api/client.js';
+import { ConnectionConfig } from './config.js';
 export interface AnswererOptions {
     api: RondevuAPI;
     serviceFqn: string;
@@ -30,9 +30,17 @@ export declare class AnswererConnection extends RondevuConnection {
      */
     protected onLocalIceCandidate(candidate: RTCIceCandidate): void;
     /**
-     * Poll for remote ICE candidates (from offerer)
+     * Get the API instance
      */
-    protected pollIceCandidates(): void;
+    protected getApi(): any;
+    /**
+     * Get the service FQN
+     */
+    protected getServiceFqn(): string;
+    /**
+     * Answerers accept ICE candidates from offerers only
+     */
+    protected getIceCandidateRole(): 'offerer' | null;
     /**
      * Attempt to reconnect
      */

package/dist/{answerer-connection.js → connections/answerer.js}

@@ -1,8 +1,8 @@
 /**
  * Answerer-side WebRTC connection with answer creation and offer processing
  */
-import { RondevuConnection } from './connection.js';
-import { ConnectionState } from './connection-events.js';
+import { RondevuConnection } from './base.js';
+import { ConnectionState } from './events.js';
 /**
  * Answerer connection - processes offers and creates answers
  */
@@ -66,37 +66,22 @@ export class AnswererConnection extends RondevuConnection {
         });
     }
     /**
-     * Poll for remote ICE candidates (from offerer)
+     * Get the API instance
      */
-    pollIceCandidates() {
-        this.api
-            .getOfferIceCandidates(this.serviceFqn, this.offerId, this.lastIcePollTime)
-            .then((result) => {
-            if (result.candidates.length > 0) {
-                this.debug(`Received ${result.candidates.length} remote ICE candidates`);
-                for (const iceCandidate of result.candidates) {
-                    // Only process ICE candidates from the offerer
-                    if (iceCandidate.role === 'offerer' && iceCandidate.candidate && this.pc) {
-                        const candidate = iceCandidate.candidate;
-                        this.pc
-                            .addIceCandidate(new RTCIceCandidate(candidate))
-                            .then(() => {
-                            this.emit('ice:candidate:remote', new RTCIceCandidate(candidate));
-                        })
-                            .catch((error) => {
-                            this.debug('Failed to add ICE candidate:', error);
-                        });
-                    }
-                    // Update last poll time
-                    if (iceCandidate.createdAt > this.lastIcePollTime) {
-                        this.lastIcePollTime = iceCandidate.createdAt;
-                    }
-                }
-            }
-        })
-            .catch((error) => {
-            this.debug('Failed to poll ICE candidates:', error);
-        });
+    getApi() {
+        return this.api;
+    }
+    /**
+     * Get the service FQN
+     */
+    getServiceFqn() {
+        return this.serviceFqn;
+    }
+    /**
+     * Answerers accept ICE candidates from offerers only
+     */
+    getIceCandidateRole() {
+        return 'offerer';
     }
     /**
      * Attempt to reconnect

package/dist/{connection.d.ts → connections/base.d.ts}

@@ -2,10 +2,10 @@
  * Base connection class with state machine, reconnection, and message buffering
  */
 import { EventEmitter } from 'eventemitter3';
-import { ConnectionConfig } from './connection-config.js';
-import { ConnectionState, ConnectionEventMap } from './connection-events.js';
-import { ExponentialBackoff } from './exponential-backoff.js';
-import { MessageBuffer } from './message-buffer.js';
+import { ConnectionConfig } from './config.js';
+import { ConnectionState, ConnectionEventMap } from './events.js';
+import { ExponentialBackoff } from '../utils/exponential-backoff.js';
+import { MessageBuffer } from '../utils/message-buffer.js';
 /**
  * Abstract base class for WebRTC connections with durability features
  */
@@ -82,6 +82,28 @@ export declare abstract class RondevuConnection extends EventEmitter<ConnectionE
      * Stop ICE candidate polling
      */
     protected stopIcePolling(): void;
+    /**
+     * Get the API instance - subclasses must provide
+     */
+    protected abstract getApi(): any;
+    /**
+     * Get the service FQN - subclasses must provide
+     */
+    protected abstract getServiceFqn(): string;
+    /**
+     * Get the offer ID - subclasses must provide
+     */
+    protected abstract getOfferId(): string;
+    /**
+     * Get the ICE candidate role this connection should accept.
+     * Returns null for no filtering (offerer), or specific role (answerer accepts 'offerer').
+     */
+    protected abstract getIceCandidateRole(): 'offerer' | null;
+    /**
+     * Poll for remote ICE candidates (consolidated implementation)
+     * Subclasses implement getIceCandidateRole() to specify filtering
+     */
+    protected pollIceCandidates(): void;
     /**
      * Start connection timeout
      */
@@ -143,6 +165,5 @@ export declare abstract class RondevuConnection extends EventEmitter<ConnectionE
      */
     protected debug(...args: any[]): void;
     protected abstract onLocalIceCandidate(candidate: RTCIceCandidate): void;
-    protected abstract pollIceCandidates(): void;
     protected abstract attemptReconnect(): void;
 }

package/dist/{connection.js → connections/base.js}

@@ -2,10 +2,10 @@
  * Base connection class with state machine, reconnection, and message buffering
  */
 import { EventEmitter } from 'eventemitter3';
-import { mergeConnectionConfig } from './connection-config.js';
-import { ConnectionState, } from './connection-events.js';
-import { ExponentialBackoff } from './exponential-backoff.js';
-import { MessageBuffer } from './message-buffer.js';
+import { mergeConnectionConfig } from './config.js';
+import { ConnectionState, } from './events.js';
+import { ExponentialBackoff } from '../utils/exponential-backoff.js';
+import { MessageBuffer } from '../utils/message-buffer.js';
 /**
  * Abstract base class for WebRTC connections with durability features
  */
@@ -278,6 +278,47 @@ export class RondevuConnection extends EventEmitter {
         this.icePollingInterval = null;
         this.emit('ice:polling:stopped');
     }
+    /**
+     * Poll for remote ICE candidates (consolidated implementation)
+     * Subclasses implement getIceCandidateRole() to specify filtering
+     */
+    pollIceCandidates() {
+        const acceptRole = this.getIceCandidateRole();
+        const api = this.getApi();
+        const serviceFqn = this.getServiceFqn();
+        const offerId = this.getOfferId();
+        api
+            .getOfferIceCandidates(serviceFqn, offerId, this.lastIcePollTime)
+            .then((result) => {
+            if (result.candidates.length > 0) {
+                this.debug(`Received ${result.candidates.length} remote ICE candidates`);
+                for (const iceCandidate of result.candidates) {
+                    // Filter by role if specified (answerer only filters for 'offerer')
+                    if (acceptRole !== null && iceCandidate.role !== acceptRole) {
+                        continue;
+                    }
+                    if (iceCandidate.candidate && this.pc) {
+                        const candidate = iceCandidate.candidate;
+                        this.pc
+                            .addIceCandidate(new RTCIceCandidate(candidate))
+                            .then(() => {
+                            this.emit('ice:candidate:remote', new RTCIceCandidate(candidate));
+                        })
+                            .catch((error) => {
+                            this.debug('Failed to add ICE candidate:', error);
+                        });
+                    }
+                    // Update last poll time
+                    if (iceCandidate.createdAt > this.lastIcePollTime) {
+                        this.lastIcePollTime = iceCandidate.createdAt;
+                    }
+                }
+            }
+        })
+            .catch((error) => {
+            this.debug('Failed to poll ICE candidates:', error);
+        });
+    }
     /**
      * Start connection timeout
      */

package/dist/{offerer-connection.d.ts → connections/offerer.d.ts}

@@ -1,9 +1,9 @@
 /**
  * Offerer-side WebRTC connection with offer creation and answer processing
  */
-import { RondevuConnection } from './connection.js';
-import { RondevuAPI } from './api.js';
-import { ConnectionConfig } from './connection-config.js';
+import { RondevuConnection } from './base.js';
+import { RondevuAPI } from '../api/client.js';
+import { ConnectionConfig } from './config.js';
 export interface OffererOptions {
     api: RondevuAPI;
     serviceFqn: string;
@@ -19,6 +19,10 @@ export declare class OffererConnection extends RondevuConnection {
     private api;
     private serviceFqn;
     private offerId;
+    private rotationLock;
+    private rotating;
+    private rotationAttempts;
+    private static readonly MAX_ROTATION_ATTEMPTS;
     constructor(options: OffererOptions);
     /**
      * Initialize the connection - setup handlers for already-created offer
@@ -28,6 +32,19 @@ export declare class OffererConnection extends RondevuConnection {
      * Process an answer from the answerer
      */
     processAnswer(sdp: string, answererId: string): Promise<void>;
+    /**
+     * Rebind this connection to a new offer (when previous offer failed)
+     * Keeps the same connection object alive but with new underlying WebRTC
+     */
+    rebindToOffer(newOfferId: string, newPc: RTCPeerConnection, newDc?: RTCDataChannel): Promise<void>;
+    /**
+     * Check if connection is currently rotating
+     */
+    isRotating(): boolean;
+    /**
+     * Override onConnected to reset rotation attempts
+     */
+    protected onConnected(): void;
     /**
      * Generate a hash fingerprint of SDP for deduplication
      */
@@ -37,9 +54,17 @@ export declare class OffererConnection extends RondevuConnection {
      */
     protected onLocalIceCandidate(candidate: RTCIceCandidate): void;
     /**
-     * Poll for remote ICE candidates
+     * Get the API instance
+     */
+    protected getApi(): any;
+    /**
+     * Get the service FQN
+     */
+    protected getServiceFqn(): string;
+    /**
+     * Offerers accept all ICE candidates (no filtering)
      */
-    protected pollIceCandidates(): void;
+    protected getIceCandidateRole(): 'offerer' | null;
     /**
      * Attempt to reconnect
      *