@xtr-dev/rondevu-client 0.21.5 → 0.21.8

package/README.md

@@ -8,7 +8,7 @@ TypeScript client for [Rondevu](https://github.com/xtr-dev/rondevu-server), prov
 
 ## Features
 
-- **Simple Peer API**: Connect with `rondevu.peer({ tags, username })`
+- **Ed25519 Identity**: Your public key IS your identity (like Ethereum addresses)
 - **Tags-Based Discovery**: Find peers using tags (e.g., `["chat", "video"]`)
 - **Automatic Reconnection**: Built-in exponential backoff
 - **Message Buffering**: Queues messages during disconnections
@@ -27,10 +27,10 @@ import { Rondevu } from '@xtr-dev/rondevu-client'
 // ============================================
 // ALICE: Host and wait for connections
 // ============================================
-const alice = await Rondevu.connect({ username: 'alice' })
+const alice = await Rondevu.connect()
 
 alice.on('connection:opened', (offerId, connection) => {
-  console.log('Connected to', connection.peerUsername)
+  console.log('Connected to', connection.peerPublicKey)
   connection.on('message', (data) => console.log('Received:', data))
   connection.send('Hello!')
 })
@@ -43,10 +43,7 @@ const offer = await alice.offer({ tags: ['chat'], maxOffers: 5 })
 // ============================================
 const bob = await Rondevu.connect()
 
-const peer = await bob.peer({
-  username: 'alice',
-  tags: ['chat']
-})
+const peer = await bob.peer({ tags: ['chat'] })
 
 peer.on('open', () => peer.send('Hello Alice!'))
 peer.on('message', (data) => console.log('Received:', data))
@@ -59,14 +56,13 @@ peer.on('message', (data) => console.log('Received:', data))
 ```typescript
 const rondevu = await Rondevu.connect({
   apiUrl?: string,         // Default: 'https://api.ronde.vu'
-  credential?: Credential, // Reuse existing credential
-  username?: string,       // Claim username (4-32 chars)
+  keyPair?: KeyPair,       // Reuse existing keypair
   iceServers?: IceServerPreset | RTCIceServer[],  // Default: 'rondevu'
   debug?: boolean
 })
 
-rondevu.getName()       // Get username
-rondevu.getCredential() // Get credential for reuse
+rondevu.getPublicKey()  // Get public key (your identity)
+rondevu.getKeyPair()    // Get keypair for persistence
 ```
 
 **ICE Presets**: `'rondevu'` (default), `'rondevu-relay'`, `'google-stun'`, `'public-stun'`
@@ -76,7 +72,7 @@ rondevu.getCredential() // Get credential for reuse
 ```typescript
 const peer = await rondevu.peer({
   tags: string[],
-  username?: string,
+  publicKey?: string,       // Connect to specific peer
   rtcConfig?: RTCConfiguration
 })
 
@@ -89,7 +85,7 @@ peer.on('reconnecting', (attempt, max) => {})
 
 // Properties & Methods
 peer.state           // 'connecting' | 'connected' | 'reconnecting' | ...
-peer.peerUsername
+peer.peerPublicKey
 peer.send(data)
 peer.close()
 ```
@@ -116,25 +112,25 @@ rondevu.on('connection:opened', (offerId, connection) => {
 
 ```typescript
 const result = await rondevu.discover(['chat'], { limit: 20 })
-result.offers.forEach(o => console.log(o.username, o.tags))
+result.offers.forEach(o => console.log(o.publicKey, o.tags))
 ```
 
-## Credentials
+## Identity (Ed25519 Keypairs)
+
+Your identity is an Ed25519 public key - no usernames, no registration, no claiming conflicts. Generate a keypair locally and start making requests immediately.
 
 ```typescript
-// Auto-generated username
+// Auto-generated keypair
 const rondevu = await Rondevu.connect()
-// rondevu.getName() === 'friendly-panda-a1b2c3'
-
-// Claimed username
-const rondevu = await Rondevu.connect({ username: 'alice' })
+console.log(rondevu.getPublicKey())  // '5a7f3e2d...' (64 hex chars)
 
-// Save and restore credentials
-const credential = rondevu.getCredential()
-localStorage.setItem('cred', JSON.stringify(credential))
+// Save and restore keypair for persistent identity
+const keyPair = rondevu.getKeyPair()
+localStorage.setItem('keypair', JSON.stringify(keyPair))
 
-const saved = JSON.parse(localStorage.getItem('cred'))
-const rondevu = await Rondevu.connect({ credential: saved })
+// Later: restore
+const saved = JSON.parse(localStorage.getItem('keypair'))
+const rondevu = await Rondevu.connect({ keyPair: saved })
 ```
 
 ## Tag Validation

package/dist/api/client.d.ts

@@ -1,9 +1,9 @@
 /**
  * Rondevu API Client - RPC interface
  */
-import { CryptoAdapter, Credential } from '../crypto/adapter.js';
+import { CryptoAdapter, KeyPair } from '../crypto/adapter.js';
 import { BatcherOptions } from './batcher.js';
-export type { Credential } from '../crypto/adapter.js';
+export type { KeyPair } from '../crypto/adapter.js';
 export type { BatcherOptions } from './batcher.js';
 export interface OfferRequest {
     sdp: string;
@@ -20,7 +20,7 @@ export interface DiscoverRequest {
 }
 export interface TaggedOffer {
     offerId: string;
-    username: string;
+    publicKey: string;
     tags: string[];
     sdp: string;
     createdAt: number;
@@ -33,7 +33,7 @@ export interface DiscoverResponse {
     offset: number;
 }
 export interface PublishResponse {
-    username: string;
+    publicKey: string;
     tags: string[];
     offers: Array<{
         offerId: string;
@@ -51,19 +51,19 @@ export interface IceCandidate {
 }
 /**
  * RondevuAPI - RPC-based API client for Rondevu signaling server
+ *
+ * Uses Ed25519 public key cryptography for authentication.
+ * The public key IS the identity (like Ethereum addresses).
  */
 export declare class RondevuAPI {
     private baseUrl;
-    private credential;
-    private static readonly DEFAULT_MAX_RETRIES;
-    private static readonly DEFAULT_TIMEOUT_MS;
-    private static readonly DEFAULT_CREDENTIAL_NAME_MAX_LENGTH;
-    private static readonly DEFAULT_SECRET_MIN_LENGTH;
-    private static readonly MAX_BACKOFF_MS;
+    private keyPair;
+    private static readonly PUBLIC_KEY_LENGTH;
+    private static readonly PRIVATE_KEY_LENGTH;
     private static readonly MAX_CANONICALIZE_DEPTH;
     private crypto;
     private batcher;
-    constructor(baseUrl: string, credential: Credential, cryptoAdapter?: CryptoAdapter, batcherOptions?: BatcherOptions);
+    constructor(baseUrl: string, keyPair: KeyPair, cryptoAdapter?: CryptoAdapter, batcherOptions?: BatcherOptions);
     /**
      * Canonical JSON serialization with sorted keys
      * Ensures deterministic output regardless of property insertion order
@@ -90,7 +90,7 @@ export declare class RondevuAPI {
     private generateNonce;
     /**
      * Generate authentication headers for RPC request
-     * Uses HMAC-SHA256 signature with nonce for replay protection
+     * Uses Ed25519 signature with nonce for replay protection
      *
      * Security notes:
      * - Nonce: Cryptographically secure random value (UUID or 128-bit hex)
@@ -98,7 +98,7 @@ export declare class RondevuAPI {
      *   - Server validates timestamp is within acceptable range (typically ±5 minutes)
      *   - Tolerates reasonable clock skew between client and server
      *   - Requests with stale timestamps are rejected
-     * - Signature: HMAC-SHA256 ensures message integrity and authenticity
+     * - Signature: Ed25519 ensures message integrity and authenticity
      * - Server validates nonce uniqueness to prevent replay within time window
      *   - Each nonce can only be used once within the timestamp validity window
      *   - Server maintains nonce cache with expiration matching timestamp window
@@ -110,31 +110,13 @@ export declare class RondevuAPI {
      */
     private rpc;
     /**
-     * Generate new credentials (name + secret pair)
-     * This is the entry point for new users - no authentication required
-     * Credentials are generated server-side to ensure security and uniqueness
+     * Generate a new Ed25519 keypair locally
+     * This is completely client-side - no server communication
      *
-     * ⚠️ SECURITY NOTE:
-     * - Store the returned credential securely
-     * - The secret provides full access to this identity
-     * - Credentials should be persisted encrypted and never logged
-     *
-     * @param baseUrl - Rondevu server URL
-     * @param expiresAt - Optional custom expiry timestamp (defaults to 1 year)
-     * @param options - Optional: { maxRetries: number, timeout: number }
-     * @returns Generated credential with name and secret
-     */
-    static generateCredentials(baseUrl: string, options?: {
-        name?: string;
-        expiresAt?: number;
-        maxRetries?: number;
-        timeout?: number;
-    }): Promise<Credential>;
-    /**
-     * Generate a random secret locally (for advanced use cases)
-     * @param cryptoAdapter - Optional crypto adapter
+     * @param cryptoAdapter - Optional crypto adapter (defaults to WebCryptoAdapter)
+     * @returns Generated keypair with publicKey and privateKey as hex strings
      */
-    static generateSecret(cryptoAdapter?: CryptoAdapter): string;
+    static generateKeyPair(cryptoAdapter?: CryptoAdapter): Promise<KeyPair>;
     /**
      * Publish offers with tags
      */
@@ -164,7 +146,7 @@ export declare class RondevuAPI {
     getOfferAnswer(offerId: string): Promise<{
         sdp: string;
         offerId: string;
-        answererId: string;
+        answererPublicKey: string;
         answeredAt: number;
         matchedTags?: string[];
     } | null>;
@@ -174,7 +156,7 @@ export declare class RondevuAPI {
     poll(since?: number): Promise<{
         answers: Array<{
             offerId: string;
-            answererId: string;
+            answererPublicKey: string;
             sdp: string;
             answeredAt: number;
             matchedTags?: string[];
@@ -182,7 +164,7 @@ export declare class RondevuAPI {
         iceCandidates: Record<string, Array<{
             candidate: RTCIceCandidateInit | null;
             role: 'offerer' | 'answerer';
-            peerId: string;
+            peerPublicKey: string;
             createdAt: number;
         }>>;
     }>;

package/dist/api/client.js

@@ -5,41 +5,37 @@ import { WebCryptoAdapter } from '../crypto/web.js';
 import { RpcBatcher } from './batcher.js';
 /**
  * RondevuAPI - RPC-based API client for Rondevu signaling server
+ *
+ * Uses Ed25519 public key cryptography for authentication.
+ * The public key IS the identity (like Ethereum addresses).
  */
 export class RondevuAPI {
-    constructor(baseUrl, credential, cryptoAdapter, batcherOptions) {
+    constructor(baseUrl, keyPair, cryptoAdapter, batcherOptions) {
         this.baseUrl = baseUrl;
-        this.credential = credential;
+        this.keyPair = keyPair;
         // Use WebCryptoAdapter by default (browser environment)
         this.crypto = cryptoAdapter || new WebCryptoAdapter();
         // Create batcher for request batching with throttling
         this.batcher = new RpcBatcher(baseUrl, batcherOptions);
-        // Validate credential format early to provide clear error messages
-        if (!credential.name || typeof credential.name !== 'string') {
-            throw new Error('Invalid credential: name must be a non-empty string');
+        // Validate public key format
+        if (!keyPair.publicKey || typeof keyPair.publicKey !== 'string') {
+            throw new Error('Invalid keypair: publicKey must be a non-empty string');
         }
-        // Validate name format (alphanumeric, dots, underscores, hyphens only)
-        // Limit to prevent HTTP header size issues
-        if (credential.name.length > RondevuAPI.DEFAULT_CREDENTIAL_NAME_MAX_LENGTH) {
-            throw new Error(`Invalid credential: name must not exceed ${RondevuAPI.DEFAULT_CREDENTIAL_NAME_MAX_LENGTH} characters`);
+        if (keyPair.publicKey.length !== RondevuAPI.PUBLIC_KEY_LENGTH) {
+            throw new Error(`Invalid keypair: publicKey must be ${RondevuAPI.PUBLIC_KEY_LENGTH} hex characters (32 bytes)`);
         }
-        if (!/^[a-zA-Z0-9._-]+$/.test(credential.name)) {
-            throw new Error('Invalid credential: name must contain only alphanumeric characters, dots, underscores, and hyphens');
+        if (!/^[0-9a-fA-F]+$/.test(keyPair.publicKey)) {
+            throw new Error('Invalid keypair: publicKey must contain only hexadecimal characters');
         }
-        // Validate secret
-        if (!credential.secret || typeof credential.secret !== 'string') {
-            throw new Error('Invalid credential: secret must be a non-empty string');
+        // Validate private key format
+        if (!keyPair.privateKey || typeof keyPair.privateKey !== 'string') {
+            throw new Error('Invalid keypair: privateKey must be a non-empty string');
         }
-        // Minimum 256 bits (64 hex characters) for security
-        if (credential.secret.length < RondevuAPI.DEFAULT_SECRET_MIN_LENGTH) {
-            throw new Error(`Invalid credential: secret must be at least 256 bits (${RondevuAPI.DEFAULT_SECRET_MIN_LENGTH} hex characters)`);
+        if (keyPair.privateKey.length !== RondevuAPI.PRIVATE_KEY_LENGTH) {
+            throw new Error(`Invalid keypair: privateKey must be ${RondevuAPI.PRIVATE_KEY_LENGTH} hex characters (32 bytes)`);
         }
-        // Validate secret is valid hex (even length, only hex characters)
-        if (credential.secret.length % 2 !== 0) {
-            throw new Error('Invalid credential: secret must be a valid hex string (even length)');
-        }
-        if (!/^[0-9a-fA-F]+$/.test(credential.secret)) {
-            throw new Error('Invalid credential: secret must contain only hexadecimal characters');
+        if (!/^[0-9a-fA-F]+$/.test(keyPair.privateKey)) {
+            throw new Error('Invalid keypair: privateKey must contain only hexadecimal characters');
         }
     }
     /**
@@ -133,7 +129,7 @@ export class RondevuAPI {
     }
     /**
      * Generate authentication headers for RPC request
-     * Uses HMAC-SHA256 signature with nonce for replay protection
+     * Uses Ed25519 signature with nonce for replay protection
      *
      * Security notes:
      * - Nonce: Cryptographically secure random value (UUID or 128-bit hex)
@@ -141,7 +137,7 @@ export class RondevuAPI {
      *   - Server validates timestamp is within acceptable range (typically ±5 minutes)
      *   - Tolerates reasonable clock skew between client and server
      *   - Requests with stale timestamps are rejected
-     * - Signature: HMAC-SHA256 ensures message integrity and authenticity
+     * - Signature: Ed25519 ensures message integrity and authenticity
      * - Server validates nonce uniqueness to prevent replay within time window
      *   - Each nonce can only be used once within the timestamp validity window
      *   - Server maintains nonce cache with expiration matching timestamp window
@@ -149,11 +145,11 @@ export class RondevuAPI {
     async generateAuthHeaders(request) {
         const timestamp = Date.now();
         const nonce = this.generateNonce();
-        // Build message and generate signature
+        // Build message and generate Ed25519 signature
         const message = this.buildSignatureMessage(timestamp, nonce, request.method, request.params);
-        const signature = await this.crypto.generateSignature(this.credential.secret, message);
+        const signature = await this.crypto.signMessage(this.keyPair.privateKey, message);
         return {
-            'X-Name': this.credential.name,
+            'X-PublicKey': this.keyPair.publicKey,
             'X-Timestamp': timestamp.toString(),
             'X-Nonce': nonce,
             'X-Signature': signature,
@@ -167,112 +163,18 @@ export class RondevuAPI {
         return this.batcher.add(request, authHeaders);
     }
     // ============================================
-    // Credential Management
+    // Identity Management (Ed25519 Public Key)
     // ============================================
     /**
-     * Generate new credentials (name + secret pair)
-     * This is the entry point for new users - no authentication required
-     * Credentials are generated server-side to ensure security and uniqueness
-     *
-     * ⚠️ SECURITY NOTE:
-     * - Store the returned credential securely
-     * - The secret provides full access to this identity
-     * - Credentials should be persisted encrypted and never logged
+     * Generate a new Ed25519 keypair locally
+     * This is completely client-side - no server communication
      *
-     * @param baseUrl - Rondevu server URL
-     * @param expiresAt - Optional custom expiry timestamp (defaults to 1 year)
-     * @param options - Optional: { maxRetries: number, timeout: number }
-     * @returns Generated credential with name and secret
-     */
-    static async generateCredentials(baseUrl, options) {
-        const maxRetries = options?.maxRetries ?? RondevuAPI.DEFAULT_MAX_RETRIES;
-        const timeout = options?.timeout ?? RondevuAPI.DEFAULT_TIMEOUT_MS;
-        let lastError = null;
-        // Build params object with optional name and expiresAt
-        const params = {};
-        if (options?.name)
-            params.name = options.name;
-        if (options?.expiresAt)
-            params.expiresAt = options.expiresAt;
-        const request = {
-            method: 'generateCredentials',
-            params: Object.keys(params).length > 0 ? params : undefined,
-        };
-        for (let attempt = 0; attempt < maxRetries; attempt++) {
-            // httpStatus is scoped to each iteration intentionally - resets on each retry
-            let httpStatus = null;
-            try {
-                // Create abort controller for timeout
-                if (typeof AbortController === 'undefined') {
-                    throw new Error('AbortController not supported in this environment');
-                }
-                const controller = new AbortController();
-                const timeoutId = setTimeout(() => controller.abort(), timeout);
-                try {
-                    const response = await fetch(`${baseUrl}/rpc`, {
-                        method: 'POST',
-                        headers: {
-                            'Content-Type': 'application/json',
-                        },
-                        body: JSON.stringify([request]), // Server expects array (batch format)
-                        signal: controller.signal,
-                    });
-                    httpStatus = response.status;
-                    if (!response.ok) {
-                        throw new Error(`HTTP ${response.status}: ${response.statusText}`);
-                    }
-                    // Server returns array of responses
-                    const results = await response.json();
-                    const result = results[0];
-                    if (!result || !result.success) {
-                        throw new Error(result?.error || 'Failed to generate credentials');
-                    }
-                    // Validate credential structure
-                    const credential = result.result;
-                    if (!credential || typeof credential !== 'object') {
-                        throw new Error('Invalid credential response: result is not an object');
-                    }
-                    if (typeof credential.name !== 'string' || !credential.name) {
-                        throw new Error('Invalid credential response: missing or invalid name');
-                    }
-                    if (typeof credential.secret !== 'string' || !credential.secret) {
-                        throw new Error('Invalid credential response: missing or invalid secret');
-                    }
-                    return credential;
-                }
-                finally {
-                    // Always clear timeout to prevent memory leaks
-                    clearTimeout(timeoutId);
-                }
-            }
-            catch (error) {
-                lastError = error;
-                // Don't retry on abort (timeout)
-                if (error instanceof Error && error.name === 'AbortError') {
-                    throw new Error(`Credential generation timed out after ${timeout}ms`);
-                }
-                // Don't retry on 4xx errors (client errors) - check actual status
-                if (httpStatus !== null && httpStatus >= 400 && httpStatus < 500) {
-                    throw error;
-                }
-                // Retry with exponential backoff + jitter for network/server errors (5xx or network failures)
-                // Jitter prevents thundering herd when many clients retry simultaneously
-                // Cap backoff to prevent excessive waits
-                if (attempt < maxRetries - 1) {
-                    const backoffMs = Math.min(1000 * Math.pow(2, attempt) + Math.random() * 1000, RondevuAPI.MAX_BACKOFF_MS);
-                    await new Promise(resolve => setTimeout(resolve, backoffMs));
-                }
-            }
-        }
-        throw new Error(`Failed to generate credentials after ${maxRetries} attempts: ${lastError?.message || 'Unknown error'}`);
-    }
-    /**
-     * Generate a random secret locally (for advanced use cases)
-     * @param cryptoAdapter - Optional crypto adapter
+     * @param cryptoAdapter - Optional crypto adapter (defaults to WebCryptoAdapter)
+     * @returns Generated keypair with publicKey and privateKey as hex strings
      */
-    static generateSecret(cryptoAdapter) {
+    static async generateKeyPair(cryptoAdapter) {
         const adapter = cryptoAdapter || new WebCryptoAdapter();
-        return adapter.generateSecret();
+        return adapter.generateKeyPair();
     }
     // ============================================
     // Tags-based Offer Management (v2)
@@ -394,10 +296,7 @@ export class RondevuAPI {
         };
     }
 }
-// Default values for credential generation
-RondevuAPI.DEFAULT_MAX_RETRIES = 3;
-RondevuAPI.DEFAULT_TIMEOUT_MS = 30000; // 30 seconds
-RondevuAPI.DEFAULT_CREDENTIAL_NAME_MAX_LENGTH = 128;
-RondevuAPI.DEFAULT_SECRET_MIN_LENGTH = 64; // 256 bits
-RondevuAPI.MAX_BACKOFF_MS = 60000; // 60 seconds max backoff
+// Key length constants
+RondevuAPI.PUBLIC_KEY_LENGTH = 64; // 32 bytes = 64 hex chars
+RondevuAPI.PRIVATE_KEY_LENGTH = 64; // 32 bytes = 64 hex chars
 RondevuAPI.MAX_CANONICALIZE_DEPTH = 100; // Prevent stack overflow

package/dist/connections/answerer.d.ts

@@ -7,7 +7,7 @@ import { ConnectionConfig } from './config.js';
 import { WebRTCAdapter } from '../webrtc/adapter.js';
 export interface AnswererOptions {
     api: RondevuAPI;
-    ownerUsername: string;
+    ownerPublicKey: string;
     tags: string[];
     offerId: string;
     offerSdp: string;
@@ -21,7 +21,7 @@ export interface AnswererOptions {
  */
 export declare class AnswererConnection extends RondevuConnection {
     private api;
-    private ownerUsername;
+    private ownerPublicKey;
     private tags;
     private offerId;
     private offerSdp;
@@ -40,15 +40,15 @@ export declare class AnswererConnection extends RondevuConnection {
      */
     protected getApi(): any;
     /**
-     * Get the owner username
+     * Get the owner public key (implements abstract method)
      */
-    protected getOwnerUsername(): string;
+    protected getOwnerPublicKey(): string;
     /**
      * Answerers accept ICE candidates from offerers only
      */
     protected getIceCandidateRole(): 'offerer' | null;
     /**
-     * Attempt to reconnect to the same user
+     * Attempt to reconnect to the same peer
      */
     protected attemptReconnect(): void;
     /**

package/dist/connections/answerer.js

@@ -10,7 +10,7 @@ export class AnswererConnection extends RondevuConnection {
     constructor(options) {
         super(options.rtcConfig, options.config, options.webrtcAdapter);
         this.api = options.api;
-        this.ownerUsername = options.ownerUsername;
+        this.ownerPublicKey = options.ownerPublicKey;
         this.tags = options.tags;
         this.offerId = options.offerId;
         this.offerSdp = options.offerSdp;
@@ -76,10 +76,10 @@ export class AnswererConnection extends RondevuConnection {
         return this.api;
     }
     /**
-     * Get the owner username
+     * Get the owner public key (implements abstract method)
      */
-    getOwnerUsername() {
-        return this.ownerUsername;
+    getOwnerPublicKey() {
+        return this.ownerPublicKey;
     }
     /**
      * Answerers accept ICE candidates from offerers only
@@ -88,11 +88,11 @@ export class AnswererConnection extends RondevuConnection {
         return 'offerer';
     }
     /**
-     * Attempt to reconnect to the same user
+     * Attempt to reconnect to the same peer
      */
     attemptReconnect() {
-        this.debug(`Attempting to reconnect to ${this.ownerUsername}`);
-        // For answerer, we need to fetch a new offer from the same user
+        this.debug(`Attempting to reconnect to ${this.ownerPublicKey}`);
+        // For answerer, we need to fetch a new offer from the same peer
         // Clean up old connection
         if (this.pc) {
             this.pc.close();
@@ -110,16 +110,16 @@ export class AnswererConnection extends RondevuConnection {
             if (!response || !response.offers || response.offers.length === 0) {
                 throw new Error('No offers available for reconnection');
             }
-            // Filter for offers from the same user
-            const userOffers = response.offers.filter(o => o.username === this.ownerUsername);
-            if (userOffers.length === 0) {
-                throw new Error(`No offers available from ${this.ownerUsername}`);
+            // Filter for offers from the same peer
+            const peerOffers = response.offers.filter(o => o.publicKey === this.ownerPublicKey);
+            if (peerOffers.length === 0) {
+                throw new Error(`No offers available from ${this.ownerPublicKey}`);
             }
-            // Pick a random offer from the same user
-            const offer = userOffers[Math.floor(Math.random() * userOffers.length)];
+            // Pick a random offer from the same peer
+            const offer = peerOffers[Math.floor(Math.random() * peerOffers.length)];
             this.offerId = offer.offerId;
             this.offerSdp = offer.sdp;
-            this.debug(`Found new offer ${offer.offerId} from ${this.ownerUsername}`);
+            this.debug(`Found new offer ${offer.offerId} from ${this.ownerPublicKey}`);
             // Reinitialize with new offer
             return this.initialize();
         })

package/dist/connections/base.d.ts

@@ -89,9 +89,9 @@ export declare abstract class RondevuConnection extends EventEmitter<ConnectionE
      */
     protected abstract getApi(): any;
     /**
-     * Get the owner username - subclasses must provide
+     * Get the owner public key - subclasses must provide
      */
-    protected abstract getOwnerUsername(): string;
+    protected abstract getOwnerPublicKey(): string;
     /**
      * Get the offer ID - subclasses must provide
      */

package/dist/connections/offerer.d.ts

@@ -7,7 +7,7 @@ import { ConnectionConfig } from './config.js';
 import { WebRTCAdapter } from '../webrtc/adapter.js';
 export interface OffererOptions {
     api: RondevuAPI;
-    ownerUsername: string;
+    ownerPublicKey: string;
     offerId: string;
     pc: RTCPeerConnection;
     dc?: RTCDataChannel;
@@ -19,9 +19,9 @@ export interface OffererOptions {
  */
 export declare class OffererConnection extends RondevuConnection {
     private api;
-    private ownerUsername;
+    private ownerPublicKey;
     private offerId;
-    private _peerUsername;
+    private _peerPublicKey;
     private rotationLock;
     private rotating;
     private rotationAttempts;
@@ -35,7 +35,7 @@ export declare class OffererConnection extends RondevuConnection {
     /**
      * Process an answer from the answerer
      */
-    processAnswer(sdp: string, answererId: string): Promise<void>;
+    processAnswer(sdp: string, answererPublicKey: string): Promise<void>;
     /**
      * Rebind this connection to a new offer (when previous offer failed)
      * Keeps the same connection object alive but with new underlying WebRTC
@@ -62,9 +62,9 @@ export declare class OffererConnection extends RondevuConnection {
      */
     protected getApi(): any;
     /**
-     * Get the owner username
+     * Get the owner public key
      */
-    protected getOwnerUsername(): string;
+    protected getOwnerPublicKey(): string;
     /**
      * Offerers accept all ICE candidates (no filtering)
      */
@@ -92,10 +92,10 @@ export declare class OffererConnection extends RondevuConnection {
      */
     getOfferId(): string;
     /**
-     * Get the peer username (who answered this offer)
+     * Get the peer public key (who answered this offer)
      * Returns null if no answer has been processed yet
      */
-    get peerUsername(): string | null;
+    get peerPublicKey(): string | null;
     /**
      * Handle remote ICE candidates received from polling
      * Called by OfferPool when poll:ice event is received