@xtr-dev/rondevu-server 0.5.1 → 0.5.6

package/.github/workflows/claude-code-review.yml

@@ -0,0 +1,57 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request and provide feedback on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Performance considerations
+            - Security concerns
+            - Test coverage
+
+            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
+
+            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+

package/.github/workflows/claude.yml

@@ -0,0 +1,50 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
+

package/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/rondevu-server.iml" filepath="$PROJECT_DIR$/.idea/rondevu-server.iml" />
+    </modules>
+  </component>
+</project>

package/.idea/rondevu-server.iml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

package/.idea/workspace.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PropertiesComponent">{
+  &quot;keyToString&quot;: {
+    &quot;settings.editor.selected.configurable&quot;: &quot;org.jetbrains.plugins.github.ui.GithubSettingsConfigurable&quot;
+  }
+}</component>
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <created>1767281720486</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1767281720486</updated>
+    </task>
+    <servers />
+  </component>
+</project>

package/README.md

@@ -2,55 +2,35 @@
 
 [![npm version](https://img.shields.io/npm/v/@xtr-dev/rondevu-server)](https://www.npmjs.com/package/@xtr-dev/rondevu-server)
 
-🌐 **Simple WebRTC signaling with RPC interface**
+**WebRTC signaling server with tags-based discovery**
 
-Scalable WebRTC signaling server with cryptographic username claiming, service publishing with semantic versioning, and efficient offer/answer exchange via JSON-RPC interface.
+HTTP signaling server with credential-based authentication, tag-based offer discovery, and JSON-RPC interface. Multiple storage backends supported.
 
-**Related repositories:**
-- [@xtr-dev/rondevu-client](https://github.com/xtr-dev/rondevu-client) - TypeScript client library ([npm](https://www.npmjs.com/package/@xtr-dev/rondevu-client))
-- [@xtr-dev/rondevu-server](https://github.com/xtr-dev/rondevu-server) - HTTP signaling server ([npm](https://www.npmjs.com/package/@xtr-dev/rondevu-server), [live](https://api.ronde.vu))
-- [@xtr-dev/rondevu-demo](https://github.com/xtr-dev/rondevu-demo) - Interactive demo ([live](https://ronde.vu))
-
----
-
-## Features
-
-- **RPC Interface**: Single endpoint for all operations with batching support
-- **Username Claiming**: Cryptographic username ownership with Ed25519 signatures (365-day validity, auto-renewed on use)
-- **Service Publishing**: Service:version@username naming (e.g., `chat:1.0.0@alice`)
-- **Service Discovery**: Random and paginated discovery for finding services without knowing usernames
-- **Semantic Versioning**: Compatible version matching (chat:1.0.0 matches any 1.x.x)
-- **Signature-Based Authentication**: All authenticated requests use Ed25519 signatures
-- **Complete WebRTC Signaling**: Offer/answer exchange and ICE candidate relay
-- **Batch Operations**: Execute multiple operations in a single HTTP request
-- **Dual Storage**: SQLite (Node.js/Docker) and Cloudflare D1 (Workers) backends
-
-## Architecture
+## Quick Start
 
+**In-memory (default, zero dependencies):**
+```bash
+npm install && npm start
 ```
-Username Claiming → Service Publishing → Service Discovery → WebRTC Connection
-
-alice claims "alice" with Ed25519 signature
-  ↓
-alice publishes chat:1.0.0@alice with offers
-  ↓
-bob queries chat:1.0.0@alice (direct) or chat:1.0.0 (discovery) → gets offer SDP
-  ↓
-bob posts answer SDP → WebRTC connection established
-  ↓
-ICE candidates exchanged via server relay
+
+**SQLite (persistent):**
+```bash
+STORAGE_TYPE=sqlite STORAGE_PATH=./rondevu.db npm start
 ```
 
-## Quick Start
+**MySQL:**
+```bash
+STORAGE_TYPE=mysql DATABASE_URL=mysql://user:pass@localhost:3306/rondevu npm start
+```
 
-**Node.js:**
+**PostgreSQL:**
 ```bash
-npm install && npm start
+STORAGE_TYPE=postgres DATABASE_URL=postgres://user:pass@localhost:5432/rondevu npm start
 ```
 
 **Docker:**
 ```bash
-docker build -t rondevu . && docker run -p 3000:3000 -e STORAGE_PATH=:memory: rondevu
+docker build -t rondevu . && docker run -p 3000:3000 rondevu
 ```
 
 **Cloudflare Workers:**
@@ -58,201 +38,102 @@ docker build -t rondevu . && docker run -p 3000:3000 -e STORAGE_PATH=:memory: ro
 npx wrangler deploy
 ```
 
+## Storage Backends
+
+| Backend | Use Case | Persistence |
+|---------|----------|-------------|
+| `memory` | Zero-config, ephemeral workloads | No |
+| `sqlite` | Single-instance VPS | Yes |
+| `mysql` | Production, multi-instance | Yes |
+| `postgres` | Production, multi-instance | Yes |
+
+For MySQL/PostgreSQL, install optional dependencies:
+```bash
+npm install mysql2  # for MySQL
+npm install pg      # for PostgreSQL
+```
+
 ## RPC Interface
 
-All API calls are made to `POST /rpc` with JSON-RPC format.
+All API calls go to `POST /rpc` with JSON-RPC format. Requests must be arrays.
 
-### Request Format
+### Generate Credentials
 
-**Single method call:**
 ```json
-{
-  "method": "getUser",
-  "message": "getUser:alice:1733404800000",
-  "signature": "base64-encoded-signature",
-  "params": {
-    "username": "alice"
-  }
-}
+[{ "method": "generateCredentials", "params": { "name": "alice" } }]
 ```
 
-**Batch calls:**
+Response:
 ```json
-[
-  {
-    "method": "getUser",
-    "message": "getUser:alice:1733404800000",
-    "signature": "base64-encoded-signature",
-    "params": { "username": "alice" }
-  },
-  {
-    "method": "claimUsername",
-    "message": "claim:bob:1733404800000",
-    "signature": "base64-encoded-signature",
-    "params": {
-      "username": "bob",
-      "publicKey": "base64-encoded-public-key"
-    }
-  }
-]
+[{ "success": true, "result": { "name": "alice", "secret": "5a7f3e..." } }]
 ```
 
-### Response Format
+### Publish Offer (authenticated)
 
-**Single response:**
-```json
-{
-  "success": true,
-  "result": { /* method-specific data */ }
-}
+```
+Headers: X-Name, X-Timestamp, X-Nonce, X-Signature
 ```
 
-**Error response:**
 ```json
-{
-  "success": false,
-  "error": "Error message"
-}
+[{
+  "method": "publishOffer",
+  "params": { "tags": ["chat"], "offers": [{ "sdp": "..." }], "ttl": 300000 }
+}]
 ```
 
-**Batch responses:** Array of responses matching request array order.
-
-## Core Methods
-
-### Username Management
-
-```typescript
-// Check username availability
-POST /rpc
-{
-  "method": "getUser",
-  "params": { "username": "alice" }
-}
-
-// Claim username (requires signature)
-POST /rpc
-{
-  "method": "claimUsername",
-  "message": "claim:alice:1733404800000",
-  "signature": "base64-signature",
-  "params": {
-    "username": "alice",
-    "publicKey": "base64-public-key"
-  }
-}
-```
+### Discover Offers
 
-### Service Publishing
-
-```typescript
-// Publish service (requires signature)
-POST /rpc
-{
-  "method": "publishService",
-  "message": "publishService:alice:chat:1.0.0@alice:1733404800000",
-  "signature": "base64-signature",
-  "params": {
-    "serviceFqn": "chat:1.0.0@alice",
-    "offers": [{ "sdp": "webrtc-offer-sdp" }],
-    "ttl": 300000
-  }
-}
+```json
+[{ "method": "discover", "params": { "tags": ["chat"], "limit": 10 } }]
 ```
 
-### Service Discovery
-
-```typescript
-// Get specific service
-POST /rpc
-{
-  "method": "getService",
-  "params": { "serviceFqn": "chat:1.0.0@alice" }
-}
-
-// Random discovery
-POST /rpc
-{
-  "method": "getService",
-  "params": { "serviceFqn": "chat:1.0.0" }
-}
-
-// Paginated discovery
-POST /rpc
-{
-  "method": "getService",
-  "params": {
-    "serviceFqn": "chat:1.0.0",
-    "limit": 10,
-    "offset": 0
-  }
-}
+### Answer Offer (authenticated)
+
+```json
+[{ "method": "answerOffer", "params": { "offerId": "abc...", "sdp": "..." } }]
 ```
 
-### WebRTC Signaling
-
-```typescript
-// Answer offer (requires signature)
-POST /rpc
-{
-  "method": "answerOffer",
-  "message": "answer:bob:offer-id:1733404800000",
-  "signature": "base64-signature",
-  "params": {
-    "serviceFqn": "chat:1.0.0@alice",
-    "offerId": "offer-id",
-    "sdp": "webrtc-answer-sdp"
-  }
-}
-
-// Add ICE candidates (requires signature)
-POST /rpc
-{
-  "method": "addIceCandidates",
-  "params": {
-    "serviceFqn": "chat:1.0.0@alice",
-    "offerId": "offer-id",
-    "candidates": [{ /* RTCIceCandidateInit */ }]
-  }
-}
-
-// Poll for answers and ICE candidates (requires signature)
-POST /rpc
-{
-  "method": "poll",
-  "params": { "since": 1733404800000 }
-}
+### Other Methods (authenticated)
+
+- `addIceCandidates` - Add ICE candidates
+- `getIceCandidates` - Get ICE candidates
+- `poll` - Poll for answers
+- `deleteOffer` - Delete an offer
+
+## Authentication
+
+Authenticated methods require HMAC-SHA256 signatures:
+
+```
+Message: timestamp:nonce:method:JSON.stringify(params)
+Headers: X-Name, X-Timestamp, X-Nonce, X-Signature (base64 HMAC)
 ```
 
 ## Configuration
 
-Quick reference for common environment variables:
-
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `PORT` | `3000` | Server port (Node.js/Docker) |
-| `CORS_ORIGINS` | `*` | Comma-separated allowed origins |
-| `STORAGE_PATH` | `./rondevu.db` | SQLite database path (use `:memory:` for in-memory) |
+| `PORT` | `3000` | Server port |
+| `STORAGE_TYPE` | `memory` | Storage backend: `memory`, `sqlite`, `mysql`, `postgres` |
+| `STORAGE_PATH` | `:memory:` | SQLite path (only for `sqlite` backend) |
+| `DATABASE_URL` | - | Connection string (for `mysql`/`postgres`) |
+| `DB_POOL_SIZE` | `10` | Connection pool size (for `mysql`/`postgres`) |
+| `CORS_ORIGINS` | `*` | Allowed origins |
+| `MASTER_ENCRYPTION_KEY` | - | 64-char hex for secret encryption |
+| `OFFER_DEFAULT_TTL` | `60000` | Default offer TTL (ms) |
+| `OFFER_MAX_TTL` | `86400000` | Max offer TTL (24h) |
 
-📚 See [ADVANCED.md](./ADVANCED.md#configuration) for complete configuration reference.
+Generate encryption key: `openssl rand -hex 32`
 
-## Documentation
+## Tag Validation
 
-📚 **[ADVANCED.md](./ADVANCED.md)** - Comprehensive guide including:
-- Complete RPC method reference with examples
-- Full configuration options
-- Database schema documentation
-- Security implementation details
-- Migration guides
+Tags: 1-64 chars, lowercase alphanumeric with dots/dashes.
 
-## Security
+Valid: `chat`, `video-call`, `com.example.service`
 
-All authenticated operations require Ed25519 signatures:
-- **Message Format**: `{method}:{username}:{context}:{timestamp}`
-- **Signature**: Base64-encoded Ed25519 signature of the message
-- **Replay Protection**: Timestamps must be within 5 minutes
-- **Username Ownership**: Verified via public key signature
+## Links
 
-See [ADVANCED.md](./ADVANCED.md#security) for detailed security documentation.
+- [Client Library](https://github.com/xtr-dev/rondevu-client) | [Demo](https://ronde.vu) | [API](https://api.ronde.vu)
 
 ## License
 

package/build.js

@@ -20,7 +20,10 @@ esbuild.build({
   external: [
     'better-sqlite3',
     '@hono/node-server',
-    'hono'
+    'hono',
+    'mysql2',
+    'mysql2/promise',
+    'pg'
   ],
   sourcemap: true,
   define: {