fedbox 0.0.2 → 0.0.5

package/QUICKSTART.md

@@ -0,0 +1,90 @@
+# Fedbox Quickstart
+
+Clean slate setup with ngrok federation.
+
+## 1. Clean existing data
+
+```bash
+# Remove database only
+fedbox clean
+
+# Remove everything (database + config + keys)
+fedbox clean --all
+```
+
+## 2. Initialize
+
+```bash
+fedbox init
+```
+
+Prompts for: username, display name, bio, port (default 3000).
+
+Creates `fedbox.json` with generated keypair.
+
+## 3. Start server
+
+```bash
+fedbox start
+```
+
+Server runs at `http://localhost:3000/{username}`
+
+## 4. Expose with ngrok
+
+In another terminal:
+
+```bash
+ngrok http 3000
+```
+
+Copy the https URL (e.g., `https://abc123.ngrok-free.app`)
+
+## 5. Configure domain
+
+Edit `fedbox.json`, add domain (without https://):
+
+```json
+{
+  "domain": "abc123.ngrok-free.app",
+  ...
+}
+```
+
+Restart server (`Ctrl+C`, then `fedbox start`).
+
+## 6. Test federation
+
+From Mastodon, search for `@{username}@{domain}`
+
+## 7. Post something
+
+```bash
+fedbox post "Hello, Fediverse!"
+```
+
+## URI Structure (Solid-compatible)
+
+| URI | Purpose |
+|-----|---------|
+| `/{username}` | Profile (HTML + JSON-LD) |
+| `/{username}#me` | WebID (Actor ID) |
+| `/{username}/inbox` | Inbox |
+| `/{username}/outbox` | Outbox |
+| `/{username}/posts/{id}` | Individual post |
+| `/{username}#main-key` | Public key |
+
+## All Commands
+
+```
+fedbox init              # Setup identity
+fedbox start             # Start server
+fedbox status            # Show config
+fedbox post "text"       # Post to followers
+fedbox follow @user@dom  # Follow someone
+fedbox timeline          # View feed
+fedbox reply <url> "text"# Reply to post
+fedbox posts             # View own posts
+fedbox clean             # Remove database
+fedbox clean --all       # Remove everything
+```

package/bin/cli.js

@@ -6,7 +6,7 @@
  */
 
 import { createInterface } from 'readline'
-import { existsSync, writeFileSync, mkdirSync, readFileSync } from 'fs'
+import { existsSync, writeFileSync, mkdirSync, readFileSync, unlinkSync, rmSync } from 'fs'
 import { generateKeypair } from 'microfed/auth'
 
 const rl = createInterface({
@@ -34,6 +34,7 @@ const COMMANDS = {
   timeline: runTimeline,
   reply: runReply,
   posts: runPosts,
+  clean: runClean,
   help: runHelp
 }
 
@@ -328,6 +329,42 @@ Create a post with: fedbox post "Hello, Fediverse!"
   rl.close()
 }
 
+async function runClean() {
+  const all = process.argv[3] === '--all'
+
+  console.log('🧹 Cleaning up...\n')
+
+  // Remove database
+  if (existsSync('data/fedbox.db')) {
+    unlinkSync('data/fedbox.db')
+    console.log('   ✓ Removed data/fedbox.db')
+  }
+
+  // Remove data directory if empty
+  if (existsSync('data')) {
+    try {
+      rmSync('data', { recursive: false })
+      console.log('   ✓ Removed data/')
+    } catch {
+      // Directory not empty, that's ok
+    }
+  }
+
+  // Remove config if --all
+  if (all && existsSync('fedbox.json')) {
+    unlinkSync('fedbox.json')
+    console.log('   ✓ Removed fedbox.json')
+  }
+
+  console.log('\n✅ Clean complete!')
+
+  if (!all) {
+    console.log('\n   Tip: Use "fedbox clean --all" to also remove config')
+  }
+
+  rl.close()
+}
+
 function runHelp() {
   console.log(`
 ${BANNER}
@@ -346,6 +383,7 @@ Social:
   posts             View your own posts
 
 Other:
+  clean             Remove database (add --all to also remove config)
   help              Show this help
 
 Quick start:

package/lib/actions.js

@@ -29,12 +29,26 @@ function loadConfig() {
 }
 
 /**
- * Get actor URL
+ * Get base URL
  */
-function getActorUrl() {
+function getBaseUrl() {
   const domain = config.domain || `localhost:${config.port}`
   const protocol = config.domain ? 'https' : 'http'
-  return `${protocol}://${domain}/users/${config.username}`
+  return `${protocol}://${domain}`
+}
+
+/**
+ * Get profile URL (the document)
+ */
+function getProfileUrl() {
+  return `${getBaseUrl()}/${config.username}`
+}
+
+/**
+ * Get actor URL (WebID with #me fragment)
+ */
+function getActorUrl() {
+  return `${getProfileUrl()}#me`
 }
 
 /**
@@ -65,14 +79,15 @@ export async function post(content, inReplyTo = null) {
   initStore()
 
   const actorUrl = getActorUrl()
-  const noteId = `${actorUrl}/posts/${Date.now()}`
+  const profileUrl = getProfileUrl()
+  const noteId = `${profileUrl}/posts/${Date.now()}`
 
   // Create the Note
   const note = outbox.createNote(actorUrl, content, {
     id: noteId,
     inReplyTo,
     to: ['https://www.w3.org/ns/activitystreams#Public'],
-    cc: [`${actorUrl}/followers`]
+    cc: [`${profileUrl}/followers`]
   })
 
   // Wrap in Create activity
@@ -101,7 +116,7 @@ export async function post(content, inReplyTo = null) {
         activity: create,
         inbox: follower.inbox,
         privateKey: config.privateKey,
-        keyId: `${actorUrl}#main-key`
+        keyId: `${profileUrl}#main-key`
       })
       results.success++
     } catch (err) {
@@ -144,6 +159,7 @@ export async function follow(handle) {
   }
 
   const actorUrl = getActorUrl()
+  const profileUrl = getProfileUrl()
   const inbox = remoteActor.inbox
 
   // Create Follow activity
@@ -155,7 +171,7 @@ export async function follow(handle) {
     activity: followActivity,
     inbox,
     privateKey: config.privateKey,
-    keyId: `${actorUrl}#main-key`
+    keyId: `${profileUrl}#main-key`
   })
 
   // Save to following (pending acceptance)
@@ -189,14 +205,15 @@ export async function reply(postUrl, content) {
   }
 
   const actorUrl = getActorUrl()
-  const noteId = `${actorUrl}/posts/${Date.now()}`
+  const profileUrl = getProfileUrl()
+  const noteId = `${profileUrl}/posts/${Date.now()}`
 
   // Create the reply Note
   const note = outbox.createNote(actorUrl, content, {
     id: noteId,
     inReplyTo: postUrl,
     to: ['https://www.w3.org/ns/activitystreams#Public'],
-    cc: [`${actorUrl}/followers`, originalAuthor].filter(Boolean)
+    cc: [`${profileUrl}/followers`, originalAuthor].filter(Boolean)
   })
 
   // Wrap in Create activity
@@ -239,7 +256,7 @@ export async function reply(postUrl, content) {
         activity: create,
         inbox,
         privateKey: config.privateKey,
-        keyId: `${actorUrl}#main-key`
+        keyId: `${profileUrl}#main-key`
       })
       results.success++
     } catch {

package/lib/server.js

@@ -1,6 +1,7 @@
 /**
  * Fedbox Server
  * ActivityPub server using microfed
+ * Solid-compatible URI structure
  */
 
 import { createServer } from 'http'
@@ -58,21 +59,47 @@ function getProtocol() {
 }
 
 /**
- * Build actor object
+ * Get base URL
  */
-function buildActor() {
-  const domain = getDomain()
-  const protocol = getProtocol()
-  const baseUrl = `${protocol}://${domain}`
+function getBaseUrl() {
+  return `${getProtocol()}://${getDomain()}`
+}
 
-  return profile.createActor({
-    id: `${baseUrl}/users/${config.username}`,
-    username: config.username,
+/**
+ * Build actor object with Solid-compatible URIs
+ * /alice is the profile document
+ * /alice#me is the WebID (the Person)
+ */
+function buildActor() {
+  const baseUrl = getBaseUrl()
+  const profileUrl = `${baseUrl}/${config.username}`
+  const actorId = `${profileUrl}#me`
+
+  // Build actor manually for more control over structure
+  return {
+    '@context': [
+      'https://www.w3.org/ns/activitystreams',
+      'https://w3id.org/security/v1'
+    ],
+    type: 'Person',
+    id: actorId,
+    url: profileUrl,
+    preferredUsername: config.username,
     name: config.displayName,
     summary: config.summary ? `<p>${config.summary}</p>` : '',
-    publicKey: config.publicKey,
-    sharedInbox: `${baseUrl}/inbox`
-  })
+    inbox: `${profileUrl}/inbox`,
+    outbox: `${profileUrl}/outbox`,
+    followers: `${profileUrl}/followers`,
+    following: `${profileUrl}/following`,
+    endpoints: {
+      sharedInbox: `${baseUrl}/inbox`
+    },
+    publicKey: {
+      id: `${profileUrl}#main-key`,
+      owner: actorId,
+      publicKeyPem: config.publicKey
+    }
+  }
 }
 
 /**
@@ -114,11 +141,13 @@ setInterval(cleanRateLimits, RATE_LIMIT_WINDOW)
  * Fetch remote actor (with caching)
  */
 async function fetchActor(id) {
+  // Strip fragment for fetching
+  const fetchUrl = id.replace(/#.*$/, '')
   const cached = getCachedActor(id)
   if (cached) return cached
 
   try {
-    const response = await fetch(id, {
+    const response = await fetch(fetchUrl, {
       headers: { 'Accept': 'application/activity+json' }
     })
     if (!response.ok) return null
@@ -152,13 +181,13 @@ async function verifySignature(req, body) {
     return { valid: false, reason: 'No keyId in signature' }
   }
 
-  // Extract actor ID from keyId (usually actorId#main-key)
-  const actorId = keyId.replace(/#.*$/, '')
+  // Extract actor URL from keyId (strip fragment like #main-key)
+  const actorUrl = keyId.replace(/#.*$/, '')
 
   // Fetch the actor to get their public key
-  const remoteActor = await fetchActor(actorId)
+  const remoteActor = await fetchActor(actorUrl)
   if (!remoteActor) {
-    return { valid: false, reason: `Could not fetch actor: ${actorId}` }
+    return { valid: false, reason: `Could not fetch actor: ${actorUrl}` }
   }
 
   const publicKeyPem = remoteActor.publicKey?.publicKeyPem
@@ -173,8 +202,7 @@ async function verifySignature(req, body) {
       return `(request-target): ${req.method.toLowerCase()} ${req.url}`
     }
     if (header === 'digest' && body) {
-      // Recalculate digest for comparison
-      const crypto = await import('crypto')
+      const crypto = require('crypto')
       const digest = crypto.createHash('sha256').update(body).digest('base64')
       return `digest: SHA-256=${digest}`
     }
@@ -242,7 +270,7 @@ async function handleFollow(activity) {
       activity: accept,
       inbox: followerActor.inbox,
       privateKey: config.privateKey,
-      keyId: `${actor.id}#main-key`
+      keyId: `${getBaseUrl()}/${config.username}#main-key`
     })
     console.log(`   📤 Sent Accept to ${followerActor.inbox}`)
   } catch (err) {
@@ -286,7 +314,7 @@ async function handleRequest(req, res) {
     return res.end('Too many requests')
   }
 
-  const url = new URL(req.url, `${getProtocol()}://${getDomain()}`)
+  const url = new URL(req.url, getBaseUrl())
   const path = url.pathname
   const accept = req.headers.accept || ''
   const isAP = accept.includes('activity+json') || accept.includes('ld+json')
@@ -313,102 +341,111 @@ async function handleRequest(req, res) {
       return res.end('Not found')
     }
 
-    const response = webfinger.createResponse(
-      `${config.username}@${getDomain()}`,
-      actor.id,
-      { profileUrl: `${getProtocol()}://${getDomain()}/@${config.username}` }
-    )
+    // Return /alice#me as the actor (Solid-compatible WebID)
+    const profileUrl = `${getBaseUrl()}/${config.username}`
+    const response = {
+      subject: `acct:${config.username}@${getDomain()}`,
+      links: [
+        {
+          rel: 'self',
+          type: 'application/activity+json',
+          href: `${profileUrl}#me`
+        },
+        {
+          rel: 'http://webfinger.net/rel/profile-page',
+          type: 'text/html',
+          href: profileUrl
+        }
+      ]
+    }
 
     res.setHeader('Content-Type', 'application/jrd+json')
     return res.end(JSON.stringify(response, null, 2))
   }
 
-  // Actor
-  if (path === `/users/${config.username}`) {
-    res.setHeader('Content-Type', 'application/activity+json')
-    return res.end(JSON.stringify(actor, null, 2))
-  }
-
-  // Individual post
-  const postMatch = path.match(/^\/users\/[^/]+\/posts\/(\d+)$/)
-  if (postMatch) {
-    const postId = `${getProtocol()}://${getDomain()}${path}`
-    const post = getPost(postId)
-    if (!post) {
-      res.writeHead(404)
-      return res.end('Not found')
-    }
-
-    const note = {
-      '@context': 'https://www.w3.org/ns/activitystreams',
-      type: 'Note',
-      id: post.id,
-      attributedTo: actor.id,
-      content: post.content,
-      published: post.published,
-      to: ['https://www.w3.org/ns/activitystreams#Public'],
-      cc: [`${actor.id}/followers`]
-    }
-    if (post.in_reply_to) {
-      note.inReplyTo = post.in_reply_to
+  // Nodeinfo discovery
+  if (path === '/.well-known/nodeinfo') {
+    const response = {
+      links: [
+        {
+          rel: 'http://nodeinfo.diaspora.software/ns/schema/2.1',
+          href: `${getBaseUrl()}/nodeinfo/2.1`
+        }
+      ]
     }
-
-    res.setHeader('Content-Type', 'application/activity+json')
-    return res.end(JSON.stringify(note, null, 2))
+    res.setHeader('Content-Type', 'application/json')
+    return res.end(JSON.stringify(response, null, 2))
   }
 
-  // Inbox
-  if (path === `/users/${config.username}/inbox` || path === '/inbox') {
-    if (req.method !== 'POST') {
-      res.writeHead(405)
-      return res.end('Method not allowed')
+  // Nodeinfo 2.1
+  if (path === '/nodeinfo/2.1') {
+    const response = {
+      version: '2.1',
+      software: {
+        name: 'fedbox',
+        version: '0.0.5',
+        repository: 'https://github.com/micro-fed/fedbox'
+      },
+      protocols: ['activitypub'],
+      services: { inbound: [], outbound: [] },
+      usage: {
+        users: { total: 1, activeMonth: 1, activeHalfyear: 1 },
+        localPosts: getPosts(1000).length
+      },
+      openRegistrations: false,
+      metadata: {
+        nodeName: config.displayName || config.username,
+        nodeDescription: config.summary || 'A Fedbox instance'
+      }
     }
+    res.setHeader('Content-Type', 'application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.1#"')
+    return res.end(JSON.stringify(response, null, 2))
+  }
 
-    const chunks = []
-    for await (const chunk of req) chunks.push(chunk)
-    const body = Buffer.concat(chunks).toString()
+  // Shared inbox
+  if (path === '/inbox') {
+    return handleInbox(req, res)
+  }
 
-    // Verify signature (log warning but don't reject for now - some servers don't sign)
-    const sigResult = await verifySignature(req, body)
-    if (!sigResult.valid) {
-      console.log(`   ⚠️  Signature: ${sigResult.reason}`)
-      // Continue anyway - strict mode would return 401 here
+  // Profile routes: /alice, /alice/inbox, /alice/outbox, etc.
+  if (path === `/${config.username}`) {
+    if (isAP) {
+      // Return Actor JSON-LD
+      res.setHeader('Content-Type', 'application/activity+json')
+      return res.end(JSON.stringify(actor, null, 2))
     } else {
-      console.log(`   🔐 Signature verified`)
+      // Return HTML with embedded JSON-LD
+      res.setHeader('Content-Type', 'text/html')
+      return res.end(renderProfile())
     }
+  }
 
-    try {
-      const activity = JSON.parse(body)
-      await handleActivity(activity)
-      res.writeHead(202)
-      return res.end()
-    } catch (err) {
-      console.error('Inbox error:', err)
-      res.writeHead(400)
-      return res.end('Bad request')
-    }
+  // Inbox
+  if (path === `/${config.username}/inbox`) {
+    return handleInbox(req, res)
   }
 
   // Outbox
-  if (path === `/users/${config.username}/outbox`) {
+  if (path === `/${config.username}/outbox`) {
     const posts = getPosts(20)
+    const profileUrl = `${getBaseUrl()}/${config.username}`
     const collection = {
       '@context': 'https://www.w3.org/ns/activitystreams',
       type: 'OrderedCollection',
-      id: `${actor.id}/outbox`,
+      id: `${profileUrl}/outbox`,
       totalItems: posts.length,
       orderedItems: posts.map(p => ({
         type: 'Create',
-        actor: actor.id,
+        actor: `${profileUrl}#me`,
         published: p.published,
         object: {
           type: 'Note',
           id: p.id,
           content: p.content,
           published: p.published,
-          attributedTo: actor.id,
+          attributedTo: `${profileUrl}#me`,
           to: ['https://www.w3.org/ns/activitystreams#Public'],
-          cc: [`${actor.id}/followers`],
+          cc: [`${profileUrl}/followers`],
           ...(p.in_reply_to ? { inReplyTo: p.in_reply_to } : {})
         }
       }))
@@ -418,12 +455,13 @@ async function handleRequest(req, res) {
   }
 
   // Followers
-  if (path === `/users/${config.username}/followers`) {
+  if (path === `/${config.username}/followers`) {
     const followers = getFollowers()
+    const profileUrl = `${getBaseUrl()}/${config.username}`
     const collection = {
       '@context': 'https://www.w3.org/ns/activitystreams',
       type: 'OrderedCollection',
-      id: `${actor.id}/followers`,
+      id: `${profileUrl}/followers`,
       totalItems: followers.length,
       orderedItems: followers.map(f => f.actor)
     }
@@ -432,11 +470,12 @@ async function handleRequest(req, res) {
   }
 
   // Following
-  if (path === `/users/${config.username}/following`) {
+  if (path === `/${config.username}/following`) {
+    const profileUrl = `${getBaseUrl()}/${config.username}`
     const collection = {
       '@context': 'https://www.w3.org/ns/activitystreams',
       type: 'OrderedCollection',
-      id: `${actor.id}/following`,
+      id: `${profileUrl}/following`,
       totalItems: getFollowingCount(),
       orderedItems: []
     }
@@ -444,10 +483,38 @@ async function handleRequest(req, res) {
     return res.end(JSON.stringify(collection, null, 2))
   }
 
-  // HTML Profile
-  if (path === `/@${config.username}` || (path === `/users/${config.username}` && !isAP)) {
-    res.setHeader('Content-Type', 'text/html')
-    return res.end(renderProfile())
+  // Individual post: /alice/posts/123
+  const postMatch = path.match(new RegExp(`^/${config.username}/posts/(\\d+)$`))
+  if (postMatch) {
+    const postId = `${getBaseUrl()}${path}`
+    const post = getPost(postId)
+    if (!post) {
+      res.writeHead(404)
+      return res.end('Not found')
+    }
+
+    const profileUrl = `${getBaseUrl()}/${config.username}`
+    const note = {
+      '@context': 'https://www.w3.org/ns/activitystreams',
+      type: 'Note',
+      id: post.id,
+      attributedTo: `${profileUrl}#me`,
+      content: post.content,
+      published: post.published,
+      to: ['https://www.w3.org/ns/activitystreams#Public'],
+      cc: [`${profileUrl}/followers`]
+    }
+    if (post.in_reply_to) {
+      note.inReplyTo = post.in_reply_to
+    }
+
+    if (isAP) {
+      res.setHeader('Content-Type', 'application/activity+json')
+      return res.end(JSON.stringify(note, null, 2))
+    } else {
+      res.setHeader('Content-Type', 'text/html')
+      return res.end(renderPost(post, note))
+    }
   }
 
   // Home
@@ -461,12 +528,46 @@ async function handleRequest(req, res) {
 }
 
 /**
- * Render HTML profile
+ * Handle inbox POST
+ */
+async function handleInbox(req, res) {
+  if (req.method !== 'POST') {
+    res.writeHead(405)
+    return res.end('Method not allowed')
+  }
+
+  const chunks = []
+  for await (const chunk of req) chunks.push(chunk)
+  const body = Buffer.concat(chunks).toString()
+
+  // Verify signature
+  const sigResult = await verifySignature(req, body)
+  if (!sigResult.valid) {
+    console.log(`   ⚠️  Signature: ${sigResult.reason}`)
+  } else {
+    console.log(`   🔐 Signature verified`)
+  }
+
+  try {
+    const activity = JSON.parse(body)
+    await handleActivity(activity)
+    res.writeHead(202)
+    return res.end()
+  } catch (err) {
+    console.error('Inbox error:', err)
+    res.writeHead(400)
+    return res.end('Bad request')
+  }
+}
+
+/**
+ * Render HTML profile with embedded JSON-LD
  */
 function renderProfile() {
   const followers = getFollowerCount()
   const following = getFollowingCount()
   const posts = getPosts(10)
+  const profileUrl = `${getBaseUrl()}/${config.username}`
 
   return `<!DOCTYPE html>
 <html>
@@ -474,6 +575,10 @@ function renderProfile() {
   <meta charset="utf-8">
   <title>${config.displayName} (@${config.username}@${getDomain()})</title>
   <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link rel="alternate" type="application/activity+json" href="${profileUrl}">
+  <script type="application/ld+json">
+${JSON.stringify(actor, null, 2)}
+  </script>
   <style>
     * { box-sizing: border-box; }
     body {
@@ -528,6 +633,7 @@ function renderProfile() {
     }
     .post-content { margin-bottom: 0.5rem; }
     .post-meta { color: #666; font-size: 0.8rem; }
+    .post a { color: #667eea; text-decoration: none; }
   </style>
 </head>
 <body>
@@ -558,7 +664,9 @@ function renderProfile() {
     ${posts.map(p => `
     <div class="post">
       <div class="post-content">${p.content}</div>
-      <div class="post-meta">${new Date(p.published).toLocaleString()}</div>
+      <div class="post-meta">
+        <a href="${p.id}">${new Date(p.published).toLocaleString()}</a>
+      </div>
     </div>
     `).join('')}
   </div>
@@ -567,10 +675,79 @@ function renderProfile() {
 </html>`
 }
 
+/**
+ * Render individual post with embedded JSON-LD
+ */
+function renderPost(post, note) {
+  return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Post by ${config.displayName}</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link rel="alternate" type="application/activity+json" href="${post.id}">
+  <script type="application/ld+json">
+${JSON.stringify(note, null, 2)}
+  </script>
+  <style>
+    * { box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      max-width: 600px;
+      margin: 0 auto;
+      padding: 2rem;
+      background: #1a1a2e;
+      color: #eee;
+      min-height: 100vh;
+    }
+    .post {
+      background: #16213e;
+      border-radius: 16px;
+      padding: 2rem;
+    }
+    .author {
+      display: flex;
+      align-items: center;
+      gap: 1rem;
+      margin-bottom: 1rem;
+    }
+    .avatar {
+      width: 48px;
+      height: 48px;
+      border-radius: 50%;
+      background: linear-gradient(135deg, #667eea, #764ba2);
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      font-size: 1.5rem;
+    }
+    .author-info a { color: #667eea; text-decoration: none; }
+    .author-info p { margin: 0; color: #888; font-size: 0.9rem; }
+    .content { font-size: 1.2rem; line-height: 1.6; margin: 1rem 0; }
+    .meta { color: #666; font-size: 0.9rem; }
+  </style>
+</head>
+<body>
+  <div class="post">
+    <div class="author">
+      <div class="avatar">📦</div>
+      <div class="author-info">
+        <a href="/${config.username}">${config.displayName}</a>
+        <p>@${config.username}@${getDomain()}</p>
+      </div>
+    </div>
+    <div class="content">${post.content}</div>
+    <div class="meta">${new Date(post.published).toLocaleString()}</div>
+  </div>
+</body>
+</html>`
+}
+
 /**
  * Render home page
  */
 function renderHome() {
+  const profileUrl = `${getBaseUrl()}/${config.username}`
   return `<!DOCTYPE html>
 <html>
 <head>
@@ -598,15 +775,16 @@ function renderHome() {
   <p>Your Fediverse server is running!</p>
 
   <h2>Your Profile</h2>
-  <p><a href="/@${config.username}">@${config.username}@${getDomain()}</a></p>
+  <p><a href="/${config.username}">@${config.username}@${getDomain()}</a></p>
 
   <h2>Endpoints</h2>
   <ul class="endpoints">
     <li><code>/.well-known/webfinger</code> - Discovery</li>
-    <li><code>/users/${config.username}</code> - Actor</li>
-    <li><code>/users/${config.username}/inbox</code> - Inbox</li>
-    <li><code>/users/${config.username}/outbox</code> - Outbox</li>
-    <li><code>/users/${config.username}/followers</code> - Followers</li>
+    <li><code>/${config.username}</code> - Profile (HTML + JSON-LD)</li>
+    <li><code>/${config.username}#me</code> - WebID (Actor)</li>
+    <li><code>/${config.username}/inbox</code> - Inbox</li>
+    <li><code>/${config.username}/outbox</code> - Outbox</li>
+    <li><code>/${config.username}/followers</code> - Followers</li>
   </ul>
 
   <h2>Federation</h2>
@@ -631,10 +809,10 @@ export async function startServer() {
     console.log(`
 📦 Fedbox is running!
 
-   Profile: http://localhost:${config.port}/@${config.username}
-   Actor:   http://localhost:${config.port}/users/${config.username}
+   Profile: http://localhost:${config.port}/${config.username}
+   WebID:   http://localhost:${config.port}/${config.username}#me
 
-${config.domain ? `   Federated: https://${config.domain}/@${config.username}` : '   ⚠️  Set "domain" in fedbox.json for federation'}
+${config.domain ? `   Federated: https://${config.domain}/${config.username}` : '   ⚠️  Set "domain" in fedbox.json for federation'}
 
    Press Ctrl+C to stop
 `)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fedbox",
-  "version": "0.0.2",
+  "version": "0.0.5",
   "description": "Zero to Fediverse in 60 seconds",
   "type": "module",
   "main": "lib/server.js",
@@ -9,7 +9,7 @@
   },
   "scripts": {
     "start": "node lib/server.js",
-    "test": "node --test test/"
+    "test": "node --test 'test/*.test.js'"
   },
   "dependencies": {
     "microfed": "^0.0.13",

package/test/actions.test.js

@@ -0,0 +1,78 @@
+/**
+ * Actions tests
+ */
+
+import { test, describe, before, after } from 'node:test'
+import assert from 'node:assert'
+import { writeFileSync, unlinkSync, existsSync, mkdirSync, rmSync } from 'fs'
+import { generateKeypair } from 'microfed/auth'
+
+function setupConfig(domain = null) {
+  const { publicKey, privateKey } = generateKeypair()
+  const config = {
+    username: 'alice',
+    displayName: 'Alice',
+    summary: 'Test user',
+    port: 3000,
+    publicKey,
+    privateKey
+  }
+  if (domain) config.domain = domain
+  writeFileSync('fedbox.json', JSON.stringify(config, null, 2))
+}
+
+function cleanup() {
+  if (existsSync('fedbox.json')) unlinkSync('fedbox.json')
+  if (existsSync('data/fedbox.db')) unlinkSync('data/fedbox.db')
+  try { rmSync('data', { recursive: true }) } catch {}
+}
+
+describe('Actions', () => {
+  before(() => {
+    cleanup()
+    if (!existsSync('data')) mkdirSync('data')
+    setupConfig()
+  })
+
+  after(() => {
+    cleanup()
+  })
+
+  test('post creates note with Solid-compatible noteId', async () => {
+    const { post } = await import('../lib/actions.js')
+    const result = await post('Hello world!')
+
+    // noteId should be /alice/posts/xxx (not /alice#me/posts/xxx)
+    assert.ok(result.noteId.includes('/alice/posts/'), 'noteId should include /alice/posts/')
+    assert.ok(!result.noteId.includes('#me/posts'), 'noteId should not have #me before /posts')
+    assert.ok(!result.noteId.includes('#me'), 'noteId should not contain #me at all')
+  })
+
+  test('post returns delivery results', async () => {
+    const { post } = await import('../lib/actions.js')
+    const result = await post('Test delivery')
+
+    assert.ok('delivered' in result, 'result should have delivered stats')
+    assert.ok('success' in result.delivered)
+    assert.ok('failed' in result.delivered)
+  })
+
+  test('myPosts returns saved posts', async () => {
+    const { myPosts } = await import('../lib/actions.js')
+    const posts = myPosts(10)
+    // Should have posts from previous tests
+    assert.ok(posts.length >= 1, 'should have at least 1 post')
+    assert.ok(posts[0].content, 'post should have content')
+    assert.ok(posts[0].id, 'post should have id')
+  })
+
+  test('myPosts posts have Solid-compatible URLs', async () => {
+    const { myPosts } = await import('../lib/actions.js')
+    const posts = myPosts(10)
+
+    for (const post of posts) {
+      assert.ok(post.id.includes('/alice/posts/'), 'post id should include /alice/posts/')
+      assert.ok(!post.id.includes('#me'), 'post id should not contain #me')
+    }
+  })
+})

package/test/store.test.js

@@ -0,0 +1,233 @@
+/**
+ * Store tests
+ */
+
+import { test, describe, beforeEach, afterEach } from 'node:test'
+import assert from 'node:assert'
+import { unlinkSync, existsSync, mkdirSync } from 'fs'
+import {
+  initStore,
+  getStore,
+  addFollower,
+  removeFollower,
+  getFollowers,
+  getFollowerCount,
+  addFollowing,
+  acceptFollowing,
+  getFollowing,
+  getFollowingCount,
+  savePost,
+  getPosts,
+  getPost,
+  cacheActor,
+  getCachedActor,
+  saveActivity,
+  getActivities
+} from '../lib/store.js'
+
+const TEST_DB = 'test/test.db'
+
+function cleanup() {
+  if (existsSync(TEST_DB)) {
+    unlinkSync(TEST_DB)
+  }
+}
+
+describe('Store', () => {
+  beforeEach(() => {
+    cleanup()
+    if (!existsSync('test')) mkdirSync('test', { recursive: true })
+    initStore(TEST_DB)
+  })
+
+  afterEach(() => {
+    const db = getStore()
+    db.close()
+    cleanup()
+  })
+
+  test('initStore creates database', () => {
+    assert.ok(existsSync(TEST_DB))
+  })
+
+  test('getStore returns database instance', () => {
+    const db = getStore()
+    assert.ok(db)
+  })
+})
+
+describe('Followers', () => {
+  beforeEach(() => {
+    cleanup()
+    initStore(TEST_DB)
+  })
+
+  afterEach(() => {
+    const db = getStore()
+    db.close()
+    cleanup()
+  })
+
+  test('addFollower and getFollowers', () => {
+    addFollower('https://example.com/user/alice', 'https://example.com/user/alice/inbox')
+    const followers = getFollowers()
+    assert.strictEqual(followers.length, 1)
+    assert.strictEqual(followers[0].actor, 'https://example.com/user/alice')
+    assert.strictEqual(followers[0].inbox, 'https://example.com/user/alice/inbox')
+  })
+
+  test('getFollowerCount', () => {
+    assert.strictEqual(getFollowerCount(), 0)
+    addFollower('https://example.com/user/alice', 'https://example.com/inbox')
+    assert.strictEqual(getFollowerCount(), 1)
+    addFollower('https://example.com/user/bob', 'https://example.com/inbox')
+    assert.strictEqual(getFollowerCount(), 2)
+  })
+
+  test('removeFollower', () => {
+    addFollower('https://example.com/user/alice', 'https://example.com/inbox')
+    assert.strictEqual(getFollowerCount(), 1)
+    removeFollower('https://example.com/user/alice')
+    assert.strictEqual(getFollowerCount(), 0)
+  })
+})
+
+describe('Following', () => {
+  beforeEach(() => {
+    cleanup()
+    initStore(TEST_DB)
+  })
+
+  afterEach(() => {
+    const db = getStore()
+    db.close()
+    cleanup()
+  })
+
+  test('addFollowing with pending status', () => {
+    addFollowing('https://example.com/user/bob', false)
+    assert.strictEqual(getFollowingCount(), 0) // Not accepted yet
+  })
+
+  test('acceptFollowing', () => {
+    addFollowing('https://example.com/user/bob', false)
+    assert.strictEqual(getFollowingCount(), 0)
+    acceptFollowing('https://example.com/user/bob')
+    assert.strictEqual(getFollowingCount(), 1)
+  })
+
+  test('getFollowing returns only accepted', () => {
+    addFollowing('https://example.com/user/bob', false)
+    addFollowing('https://example.com/user/charlie', true)
+    const following = getFollowing()
+    assert.strictEqual(following.length, 1)
+    assert.strictEqual(following[0].actor, 'https://example.com/user/charlie')
+  })
+})
+
+describe('Posts', () => {
+  beforeEach(() => {
+    cleanup()
+    initStore(TEST_DB)
+  })
+
+  afterEach(() => {
+    const db = getStore()
+    db.close()
+    cleanup()
+  })
+
+  test('savePost and getPost', () => {
+    const id = 'https://example.com/alice/posts/123'
+    savePost(id, 'Hello world!')
+    const post = getPost(id)
+    assert.ok(post)
+    assert.strictEqual(post.id, id)
+    assert.strictEqual(post.content, 'Hello world!')
+  })
+
+  test('savePost with inReplyTo', () => {
+    const id = 'https://example.com/alice/posts/456'
+    const replyTo = 'https://other.com/posts/789'
+    savePost(id, 'This is a reply', replyTo)
+    const post = getPost(id)
+    assert.strictEqual(post.in_reply_to, replyTo)
+  })
+
+  test('getPosts returns posts', () => {
+    savePost('https://example.com/posts/1', 'First')
+    savePost('https://example.com/posts/2', 'Second')
+    savePost('https://example.com/posts/3', 'Third')
+    const posts = getPosts(10)
+    assert.strictEqual(posts.length, 3)
+    // All posts should be present
+    const contents = posts.map(p => p.content)
+    assert.ok(contents.includes('First'))
+    assert.ok(contents.includes('Second'))
+    assert.ok(contents.includes('Third'))
+  })
+
+  test('getPosts respects limit', () => {
+    for (let i = 0; i < 10; i++) {
+      savePost(`https://example.com/posts/${i}`, `Post ${i}`)
+    }
+    const posts = getPosts(5)
+    assert.strictEqual(posts.length, 5)
+  })
+})
+
+describe('Actor Cache', () => {
+  beforeEach(() => {
+    cleanup()
+    initStore(TEST_DB)
+  })
+
+  afterEach(() => {
+    const db = getStore()
+    db.close()
+    cleanup()
+  })
+
+  test('cacheActor and getCachedActor', () => {
+    const actor = {
+      id: 'https://example.com/user/alice',
+      type: 'Person',
+      preferredUsername: 'alice'
+    }
+    cacheActor(actor)
+    const cached = getCachedActor(actor.id)
+    assert.deepStrictEqual(cached, actor)
+  })
+
+  test('getCachedActor returns null for unknown', () => {
+    const cached = getCachedActor('https://example.com/unknown')
+    assert.strictEqual(cached, null)
+  })
+})
+
+describe('Activities', () => {
+  beforeEach(() => {
+    cleanup()
+    initStore(TEST_DB)
+  })
+
+  afterEach(() => {
+    const db = getStore()
+    db.close()
+    cleanup()
+  })
+
+  test('saveActivity and getActivities', () => {
+    const activity = {
+      id: 'https://example.com/activity/1',
+      type: 'Create',
+      actor: 'https://example.com/user/alice',
+      object: { type: 'Note', content: 'Hello' }
+    }
+    saveActivity(activity)
+    const activities = getActivities(10)
+    assert.strictEqual(activities.length, 1)
+    assert.strictEqual(activities[0].type, 'Create')
+    assert.deepStrictEqual(activities[0].raw, activity)
+  })
+})