javascript-solid-server 0.0.10 → 0.0.11

package/.claude/settings.local.json

@@ -15,7 +15,12 @@
       "Bash(npm test:*)",
       "Bash(git add:*)",
       "WebFetch(domain:solid.github.io)",
-      "Bash(node:*)"
+      "Bash(node:*)",
+      "WebFetch(domain:solidservers.org)",
+      "WebFetch(domain:solid-contrib.github.io)",
+      "Bash(git clone:*)",
+      "Bash(chmod:*)",
+      "Bash(JSS_PORT=4000 JSS_CONNEG=true node bin/jss.js:*)"
     ]
   }
 }

package/README.md

@@ -54,12 +54,14 @@ npm run benchmark
 
 ## Features
 
-### Implemented (v0.0.10)
+### Implemented (v0.0.11)
 
 - **LDP CRUD Operations** - GET, PUT, POST, DELETE, HEAD
 - **N3 Patch** - Solid's native patch format for RDF updates
 - **SPARQL Update** - Standard SPARQL UPDATE protocol for PATCH
 - **Conditional Requests** - If-Match/If-None-Match headers (304, 412)
+- **CLI & Config** - `jss` command with config file/env var support
+- **SSL/TLS** - HTTPS support with certificate configuration
 - **WebSocket Notifications** - Real-time updates via solid-0.1 protocol (SolidOS compatible)
 - **Container Management** - Create, list, and manage containers
 - **Multi-user Pods** - Create pods at `/<username>/`
@@ -92,18 +94,75 @@ npm run benchmark
 
 ```bash
 npm install
+
+# Or install globally
+npm install -g javascript-solid-server
 ```
 
-### Running
+### Quick Start
 
 ```bash
-# Start server (default port 3000)
-npm start
+# Initialize configuration (interactive)
+jss init
+
+# Start server
+jss start
+
+# Or with options
+jss start --port 8443 --ssl-key ./key.pem --ssl-cert ./cert.pem
+```
+
+### CLI Commands
 
-# Development mode with watch
-npm dev
+```bash
+jss start [options]    # Start the server
+jss init [options]     # Initialize configuration
+jss --help             # Show help
 ```
 
+### Start Options
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-p, --port <n>` | Port to listen on | 3000 |
+| `-h, --host <addr>` | Host to bind to | 0.0.0.0 |
+| `-r, --root <path>` | Data directory | ./data |
+| `-c, --config <file>` | Config file path | - |
+| `--ssl-key <path>` | SSL private key (PEM) | - |
+| `--ssl-cert <path>` | SSL certificate (PEM) | - |
+| `--conneg` | Enable Turtle support | false |
+| `--notifications` | Enable WebSocket | false |
+| `-q, --quiet` | Suppress logs | false |
+
+### Environment Variables
+
+All options can be set via environment variables with `JSS_` prefix:
+
+```bash
+export JSS_PORT=8443
+export JSS_SSL_KEY=/path/to/key.pem
+export JSS_SSL_CERT=/path/to/cert.pem
+export JSS_CONNEG=true
+jss start
+```
+
+### Config File
+
+Create `config.json`:
+
+```json
+{
+  "port": 8443,
+  "root": "./data",
+  "sslKey": "./ssl/key.pem",
+  "sslCert": "./ssl/cert.pem",
+  "conneg": true,
+  "notifications": true
+}
+```
+
+Then: `jss start --config config.json`
+
 ### Creating a Pod
 
 ```bash
@@ -264,7 +323,7 @@ Server: pub http://localhost:3000/alice/public/data.json  (on change)
 npm test
 ```
 
-Currently passing: **136 tests**
+Currently passing: **163 tests** (including 27 conformance tests)
 
 ## Project Structure
 

package/bin/jss.js

@@ -0,0 +1,208 @@
+#!/usr/bin/env node
+
+/**
+ * JavaScript Solid Server CLI
+ *
+ * Usage:
+ *   jss start [options]    Start the server
+ *   jss init               Initialize configuration
+ */
+
+import { Command } from 'commander';
+import { createServer } from '../src/server.js';
+import { loadConfig, saveConfig, printConfig, defaults } from '../src/config.js';
+import fs from 'fs-extra';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import readline from 'readline';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const pkg = JSON.parse(await fs.readFile(path.join(__dirname, '../package.json'), 'utf8'));
+
+const program = new Command();
+
+program
+  .name('jss')
+  .description('JavaScript Solid Server - A minimal, fast, JSON-LD native Solid server')
+  .version(pkg.version);
+
+/**
+ * Start command
+ */
+program
+  .command('start')
+  .description('Start the Solid server')
+  .option('-p, --port <number>', 'Port to listen on', parseInt)
+  .option('-h, --host <address>', 'Host to bind to')
+  .option('-r, --root <path>', 'Data directory')
+  .option('-c, --config <file>', 'Config file path')
+  .option('--ssl-key <path>', 'Path to SSL private key (PEM)')
+  .option('--ssl-cert <path>', 'Path to SSL certificate (PEM)')
+  .option('--multiuser', 'Enable multi-user mode')
+  .option('--no-multiuser', 'Disable multi-user mode')
+  .option('--conneg', 'Enable content negotiation (Turtle support)')
+  .option('--no-conneg', 'Disable content negotiation')
+  .option('--notifications', 'Enable WebSocket notifications')
+  .option('--no-notifications', 'Disable WebSocket notifications')
+  .option('-q, --quiet', 'Suppress log output')
+  .option('--print-config', 'Print configuration and exit')
+  .action(async (options) => {
+    try {
+      const config = await loadConfig(options, options.config);
+
+      if (options.printConfig) {
+        printConfig(config);
+        process.exit(0);
+      }
+
+      // Create and start server
+      const server = createServer({
+        logger: config.logger,
+        conneg: config.conneg,
+        notifications: config.notifications,
+        ssl: config.ssl ? {
+          key: await fs.readFile(config.sslKey),
+          cert: await fs.readFile(config.sslCert),
+        } : null,
+        root: config.root,
+      });
+
+      await server.listen({ port: config.port, host: config.host });
+
+      const protocol = config.ssl ? 'https' : 'http';
+      const address = config.host === '0.0.0.0' ? 'localhost' : config.host;
+
+      if (!config.quiet) {
+        console.log(`\n  JavaScript Solid Server v${pkg.version}`);
+        console.log(`  ${protocol}://${address}:${config.port}/`);
+        console.log(`\n  Data: ${path.resolve(config.root)}`);
+        if (config.ssl) console.log('  SSL:  enabled');
+        if (config.conneg) console.log('  Conneg: enabled');
+        if (config.notifications) console.log('  WebSocket: enabled');
+        console.log('\n  Press Ctrl+C to stop\n');
+      }
+
+      // Handle shutdown
+      const shutdown = async () => {
+        if (!config.quiet) console.log('\n  Shutting down...');
+        await server.close();
+        process.exit(0);
+      };
+
+      process.on('SIGINT', shutdown);
+      process.on('SIGTERM', shutdown);
+
+    } catch (err) {
+      console.error(`Error: ${err.message}`);
+      process.exit(1);
+    }
+  });
+
+/**
+ * Init command - interactive configuration
+ */
+program
+  .command('init')
+  .description('Initialize server configuration')
+  .option('-c, --config <file>', 'Config file path', './config.json')
+  .option('-y, --yes', 'Accept defaults without prompting')
+  .action(async (options) => {
+    const configFile = path.resolve(options.config);
+
+    // Check if config already exists
+    if (await fs.pathExists(configFile)) {
+      console.log(`Config file already exists: ${configFile}`);
+      const overwrite = options.yes ? true : await confirm('Overwrite?');
+      if (!overwrite) {
+        console.log('Aborted.');
+        process.exit(0);
+      }
+    }
+
+    let config;
+
+    if (options.yes) {
+      // Use defaults
+      config = { ...defaults };
+    } else {
+      // Interactive prompts
+      console.log('\n  JavaScript Solid Server Setup\n');
+
+      config = {
+        port: await prompt('Port', defaults.port),
+        root: await prompt('Data directory', defaults.root),
+        conneg: await confirm('Enable content negotiation (Turtle support)?', defaults.conneg),
+        notifications: await confirm('Enable WebSocket notifications?', defaults.notifications),
+      };
+
+      // Ask about SSL
+      const useSSL = await confirm('Configure SSL?', false);
+      if (useSSL) {
+        config.sslKey = await prompt('SSL key path', './ssl/key.pem');
+        config.sslCert = await prompt('SSL certificate path', './ssl/cert.pem');
+      }
+
+      console.log('');
+    }
+
+    // Save config
+    await saveConfig(config, configFile);
+    console.log(`Configuration saved to: ${configFile}`);
+
+    // Create data directory
+    const dataDir = path.resolve(config.root);
+    await fs.ensureDir(dataDir);
+    console.log(`Data directory created: ${dataDir}`);
+
+    console.log('\nRun `jss start` to start the server.\n');
+  });
+
+/**
+ * Helper: Prompt for input
+ */
+async function prompt(question, defaultValue) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+
+  return new Promise((resolve) => {
+    const defaultStr = defaultValue !== undefined ? ` (${defaultValue})` : '';
+    rl.question(`  ${question}${defaultStr}: `, (answer) => {
+      rl.close();
+      const value = answer.trim() || defaultValue;
+      // Parse numbers
+      if (typeof defaultValue === 'number' && !isNaN(value)) {
+        resolve(parseInt(value, 10));
+      } else {
+        resolve(value);
+      }
+    });
+  });
+}
+
+/**
+ * Helper: Confirm yes/no
+ */
+async function confirm(question, defaultValue = false) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+
+  return new Promise((resolve) => {
+    const hint = defaultValue ? '[Y/n]' : '[y/N]';
+    rl.question(`  ${question} ${hint}: `, (answer) => {
+      rl.close();
+      const normalized = answer.trim().toLowerCase();
+      if (normalized === '') {
+        resolve(defaultValue);
+      } else {
+        resolve(normalized === 'y' || normalized === 'yes');
+      }
+    });
+  });
+}
+
+// Parse and run
+program.parse();

package/package.json

@@ -1,9 +1,12 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.10",
+  "version": "0.0.11",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
+  "bin": {
+    "jss": "./bin/jss.js"
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/JavaScriptSolidServer/JavaScriptSolidServer.git"
@@ -13,13 +16,14 @@
   },
   "homepage": "https://github.com/JavaScriptSolidServer/JavaScriptSolidServer#readme",
   "scripts": {
-    "start": "node src/index.js",
-    "dev": "node --watch src/index.js",
+    "start": "node bin/jss.js start",
+    "dev": "node --watch bin/jss.js start",
     "test": "node --test --test-concurrency=1",
     "benchmark": "node benchmark.js"
   },
   "dependencies": {
     "@fastify/websocket": "^8.3.1",
+    "commander": "^14.0.2",
     "fastify": "^4.25.2",
     "fs-extra": "^11.2.0",
     "jose": "^6.1.3",

package/src/config.js

@@ -0,0 +1,185 @@
+/**
+ * Configuration Loading
+ *
+ * Loads config from (in order of precedence):
+ * 1. CLI arguments (highest)
+ * 2. Environment variables (JSS_*)
+ * 3. Config file (config.json)
+ * 4. Defaults (lowest)
+ */
+
+import fs from 'fs-extra';
+import path from 'path';
+
+/**
+ * Default configuration values
+ */
+export const defaults = {
+  // Server
+  port: 3000,
+  host: '0.0.0.0',
+  root: './data',
+
+  // SSL
+  sslKey: null,
+  sslCert: null,
+
+  // Features
+  multiuser: true,
+  conneg: false,
+  notifications: false,
+
+  // Logging
+  logger: true,
+  quiet: false,
+
+  // Paths
+  configPath: './.jss',
+};
+
+/**
+ * Map of environment variable names to config keys
+ */
+const envMap = {
+  JSS_PORT: 'port',
+  JSS_HOST: 'host',
+  JSS_ROOT: 'root',
+  JSS_SSL_KEY: 'sslKey',
+  JSS_SSL_CERT: 'sslCert',
+  JSS_MULTIUSER: 'multiuser',
+  JSS_CONNEG: 'conneg',
+  JSS_NOTIFICATIONS: 'notifications',
+  JSS_QUIET: 'quiet',
+  JSS_CONFIG_PATH: 'configPath',
+};
+
+/**
+ * Parse a value from environment variable string
+ */
+function parseEnvValue(value, key) {
+  if (value === undefined) return undefined;
+
+  // Boolean values
+  if (value.toLowerCase() === 'true') return true;
+  if (value.toLowerCase() === 'false') return false;
+
+  // Numeric values for known numeric keys
+  if (key === 'port' && !isNaN(value)) {
+    return parseInt(value, 10);
+  }
+
+  return value;
+}
+
+/**
+ * Load configuration from environment variables
+ */
+function loadEnvConfig() {
+  const config = {};
+
+  for (const [envVar, configKey] of Object.entries(envMap)) {
+    const value = process.env[envVar];
+    if (value !== undefined) {
+      config[configKey] = parseEnvValue(value, configKey);
+    }
+  }
+
+  return config;
+}
+
+/**
+ * Load configuration from a JSON file
+ */
+async function loadFileConfig(configFile) {
+  if (!configFile) return {};
+
+  try {
+    const fullPath = path.resolve(configFile);
+    if (await fs.pathExists(fullPath)) {
+      const content = await fs.readFile(fullPath, 'utf8');
+      return JSON.parse(content);
+    }
+  } catch (e) {
+    console.error(`Warning: Failed to load config file: ${e.message}`);
+  }
+
+  return {};
+}
+
+/**
+ * Merge configuration sources
+ * @param {object} cliOptions - Options from command line
+ * @param {string} configFile - Path to config file (optional)
+ * @returns {Promise<object>} Merged configuration
+ */
+export async function loadConfig(cliOptions = {}, configFile = null) {
+  // Load from file first
+  const fileConfig = await loadFileConfig(configFile || cliOptions.config);
+
+  // Load from environment
+  const envConfig = loadEnvConfig();
+
+  // Merge in order: defaults < file < env < cli
+  const config = {
+    ...defaults,
+    ...fileConfig,
+    ...envConfig,
+    ...filterUndefined(cliOptions),
+  };
+
+  // Derive additional settings
+  if (config.quiet) {
+    config.logger = false;
+  }
+
+  // Validate SSL config
+  if ((config.sslKey && !config.sslCert) || (!config.sslKey && config.sslCert)) {
+    throw new Error('Both --ssl-key and --ssl-cert must be provided together');
+  }
+
+  config.ssl = !!(config.sslKey && config.sslCert);
+
+  return config;
+}
+
+/**
+ * Filter out undefined values from an object
+ */
+function filterUndefined(obj) {
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (value !== undefined) {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+
+/**
+ * Save configuration to a file
+ */
+export async function saveConfig(config, configFile) {
+  const toSave = { ...config };
+  // Remove derived/runtime values
+  delete toSave.ssl;
+  delete toSave.logger;
+
+  await fs.ensureDir(path.dirname(configFile));
+  await fs.writeFile(configFile, JSON.stringify(toSave, null, 2));
+}
+
+/**
+ * Print configuration (for debugging)
+ */
+export function printConfig(config) {
+  console.log('\nConfiguration:');
+  console.log('─'.repeat(40));
+  console.log(`  Port:          ${config.port}`);
+  console.log(`  Host:          ${config.host}`);
+  console.log(`  Root:          ${path.resolve(config.root)}`);
+  console.log(`  SSL:           ${config.ssl ? 'enabled' : 'disabled'}`);
+  console.log(`  Multi-user:    ${config.multiuser}`);
+  console.log(`  Conneg:        ${config.conneg}`);
+  console.log(`  Notifications: ${config.notifications}`);
+  console.log('─'.repeat(40));
+}

package/src/handlers/resource.js

@@ -315,10 +315,12 @@ export async function handleOptions(request, reply) {
 
   const origin = request.headers.origin;
   const resourceUrl = `${request.protocol}://${request.hostname}${urlPath}`;
+  const connegEnabled = request.connegEnabled || false;
   const headers = getAllHeaders({
     isContainer: stats?.isDirectory || isContainer(urlPath),
     origin,
-    resourceUrl
+    resourceUrl,
+    connegEnabled
   });
 
   Object.entries(headers).forEach(([k, v]) => reply.header(k, v));

package/src/server.js

@@ -11,6 +11,8 @@ import { notificationsPlugin } from './notifications/index.js';
  * @param {boolean} options.logger - Enable logging (default true)
  * @param {boolean} options.conneg - Enable content negotiation for RDF (default false)
  * @param {boolean} options.notifications - Enable WebSocket notifications (default false)
+ * @param {object} options.ssl - SSL configuration { key, cert } (default null)
+ * @param {string} options.root - Data directory path (default from env or ./data)
  */
 export function createServer(options = {}) {
   // Content negotiation is OFF by default - we're a JSON-LD native server
@@ -18,12 +20,28 @@ export function createServer(options = {}) {
   // WebSocket notifications are OFF by default
   const notificationsEnabled = options.notifications ?? false;
 
-  const fastify = Fastify({
+  // Set data root via environment variable if provided
+  if (options.root) {
+    process.env.DATA_ROOT = options.root;
+  }
+
+  // Fastify options
+  const fastifyOptions = {
     logger: options.logger ?? true,
     trustProxy: true,
     // Handle raw body for non-JSON content
     bodyLimit: 10 * 1024 * 1024 // 10MB
-  });
+  };
+
+  // Add HTTPS support if SSL config provided
+  if (options.ssl && options.ssl.key && options.ssl.cert) {
+    fastifyOptions.https = {
+      key: options.ssl.key,
+      cert: options.ssl.cert,
+    };
+  }
+
+  const fastify = Fastify(fastifyOptions);
 
   // Add raw body parser for all content types
   fastify.addContentTypeParser('*', { parseAs: 'buffer' }, (req, body, done) => {
@@ -54,14 +72,7 @@ export function createServer(options = {}) {
       const wsProtocol = request.protocol === 'https' ? 'wss' : 'ws';
       reply.header('Updates-Via', `${wsProtocol}://${request.hostname}/.notifications`);
     }
-
-    // Handle preflight OPTIONS
-    if (request.method === 'OPTIONS') {
-      // Add Allow header for LDP compliance
-      reply.header('Allow', 'GET, HEAD, POST, PUT, DELETE, PATCH, OPTIONS');
-      reply.code(204).send();
-      return reply;
-    }
+    // Note: OPTIONS requests are handled by handleOptions to include Accept-* headers
   });
 
   // Authorization hook - check WAC permissions

package/test/conformance.test.js

@@ -0,0 +1,349 @@
+/**
+ * Solid Conformance Tests (Simplified)
+ *
+ * Tests based on solid/solid-crud-tests but using Bearer token auth.
+ * Covers the same MUST requirements from the Solid Protocol spec.
+ */
+
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import {
+  startTestServer,
+  stopTestServer,
+  request,
+  createTestPod,
+  assertStatus
+} from './helpers.js';
+
+describe('Solid Protocol Conformance', () => {
+  let token;
+
+  before(async () => {
+    // Enable conneg for full Turtle support (required for Solid conformance)
+    await startTestServer({ conneg: true });
+    const pod = await createTestPod('conformance');
+    token = pod.token;
+  });
+
+  after(async () => {
+    await stopTestServer();
+  });
+
+  describe('MUST: Create non-container using POST', () => {
+    it('creates the resource and returns 201', async () => {
+      const res = await request('/conformance/public/', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'text/turtle',
+          'Slug': 'post-created.ttl'
+        },
+        body: '<#hello> <#linked> <#world> .',
+        auth: 'conformance'
+      });
+      assertStatus(res, 201);
+      assert.ok(res.headers.get('Location'), 'Should return Location header');
+    });
+
+    it('adds the resource to container listing', async () => {
+      const res = await request('/conformance/public/');
+      const body = await res.text();
+      assert.ok(body.includes('post-created.ttl'), 'Container should list the resource');
+    });
+  });
+
+  describe('MUST: Create non-container using PUT', () => {
+    it('creates the resource', async () => {
+      const res = await request('/conformance/public/put-created.ttl', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'text/turtle' },
+        body: '<#hello> <#linked> <#world> .',
+        auth: 'conformance'
+      });
+      assert.ok([200, 201, 204].includes(res.status), `Expected 2xx, got ${res.status}`);
+    });
+
+    it('adds the resource to container listing', async () => {
+      const res = await request('/conformance/public/');
+      const body = await res.text();
+      assert.ok(body.includes('put-created.ttl'), 'Container should list the resource');
+    });
+  });
+
+  describe('MUST: Create container using PUT', () => {
+    it('creates container with trailing slash', async () => {
+      // First create a resource inside the new container (creates container implicitly)
+      const res = await request('/conformance/public/new-container/test.ttl', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'text/turtle' },
+        body: '<#test> <#is> <#here> .',
+        auth: 'conformance'
+      });
+      assert.ok([200, 201, 204].includes(res.status));
+
+      // Container should exist
+      const containerRes = await request('/conformance/public/new-container/');
+      assertStatus(containerRes, 200);
+    });
+  });
+
+  describe('MUST: Update using PUT', () => {
+    it('overwrites existing resource', async () => {
+      // Create
+      await request('/conformance/public/update-test.ttl', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'text/turtle' },
+        body: '<#v> <#is> "1" .',
+        auth: 'conformance'
+      });
+
+      // Update
+      const res = await request('/conformance/public/update-test.ttl', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'text/turtle' },
+        body: '<#v> <#is> "2" .',
+        auth: 'conformance'
+      });
+      assertStatus(res, 204);
+
+      // Verify
+      const getRes = await request('/conformance/public/update-test.ttl');
+      const body = await getRes.text();
+      assert.ok(body.includes('"2"'), 'Resource should be updated');
+    });
+  });
+
+  describe('MUST: Update using PATCH (N3)', () => {
+    it('adds triple to existing resource', async () => {
+      // Create resource with context for cleaner patch matching
+      await request('/conformance/public/patch-test.json', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/ld+json' },
+        body: JSON.stringify({
+          '@context': { 'ex': 'http://example.org/' },
+          '@id': '#me',
+          'ex:name': 'Test'
+        }),
+        auth: 'conformance'
+      });
+
+      const patch = `
+        @prefix solid: <http://www.w3.org/ns/solid/terms#>.
+        @prefix ex: <http://example.org/>.
+        _:patch a solid:InsertDeletePatch;
+          solid:inserts { <#me> ex:added "yes" }.
+      `;
+      const res = await request('/conformance/public/patch-test.json', {
+        method: 'PATCH',
+        headers: { 'Content-Type': 'text/n3' },
+        body: patch,
+        auth: 'conformance'
+      });
+      assertStatus(res, 204);
+
+      const getRes = await request('/conformance/public/patch-test.json', {
+        headers: { 'Accept': 'application/ld+json' }
+      });
+      const data = await getRes.json();
+      // Check for either prefixed or full URI form
+      const added = data['ex:added'] || data['http://example.org/added'];
+      assert.strictEqual(added, 'yes');
+    });
+  });
+
+  describe('MUST: Update using PATCH (SPARQL Update)', () => {
+    it('modifies resource with INSERT DATA', async () => {
+      await request('/conformance/public/sparql-test.json', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/ld+json' },
+        body: JSON.stringify({ '@id': '#item' }),
+        auth: 'conformance'
+      });
+
+      const sparql = `
+        PREFIX ex: <http://example.org/>
+        INSERT DATA { <#item> ex:status "active" }
+      `;
+      const res = await request('/conformance/public/sparql-test.json', {
+        method: 'PATCH',
+        headers: { 'Content-Type': 'application/sparql-update' },
+        body: sparql,
+        auth: 'conformance'
+      });
+      assertStatus(res, 204);
+    });
+  });
+
+  describe('MUST: Delete resource', () => {
+    it('deletes and returns 204', async () => {
+      await request('/conformance/public/to-delete.ttl', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'text/turtle' },
+        body: '<#x> <#y> <#z> .',
+        auth: 'conformance'
+      });
+
+      const res = await request('/conformance/public/to-delete.ttl', {
+        method: 'DELETE',
+        auth: 'conformance'
+      });
+      assertStatus(res, 204);
+
+      const getRes = await request('/conformance/public/to-delete.ttl');
+      assertStatus(getRes, 404);
+    });
+
+    it('removes from container listing', async () => {
+      const res = await request('/conformance/public/');
+      const body = await res.text();
+      assert.ok(!body.includes('to-delete.ttl'), 'Should not be in listing');
+    });
+  });
+
+  describe('MUST: LDP Headers', () => {
+    it('includes Link rel=type for containers', async () => {
+      const res = await request('/conformance/public/');
+      const link = res.headers.get('Link');
+      assert.ok(link.includes('ldp#BasicContainer'), 'Should have BasicContainer type');
+      assert.ok(link.includes('ldp#Container'), 'Should have Container type');
+    });
+
+    it('includes Link rel=type for resources', async () => {
+      const res = await request('/conformance/public/put-created.ttl');
+      const link = res.headers.get('Link');
+      assert.ok(link.includes('ldp#Resource'), 'Should have Resource type');
+    });
+
+    it('includes Link rel=acl', async () => {
+      const res = await request('/conformance/public/put-created.ttl');
+      const link = res.headers.get('Link');
+      assert.ok(link.includes('rel="acl"'), 'Should have acl link');
+    });
+
+    it('includes ETag header', async () => {
+      const res = await request('/conformance/public/put-created.ttl');
+      assert.ok(res.headers.get('ETag'), 'Should have ETag');
+    });
+
+    it('includes Allow header on OPTIONS', async () => {
+      const res = await request('/conformance/public/', { method: 'OPTIONS' });
+      const allow = res.headers.get('Allow');
+      assert.ok(allow.includes('GET'), 'Should allow GET');
+      assert.ok(allow.includes('POST'), 'Should allow POST');
+    });
+
+    it('includes Accept-Post for containers', async () => {
+      const res = await request('/conformance/public/', { method: 'OPTIONS' });
+      assert.ok(res.headers.get('Accept-Post'), 'Should have Accept-Post');
+    });
+
+    it('includes Accept-Put for resources', async () => {
+      const res = await request('/conformance/public/put-created.ttl', { method: 'OPTIONS' });
+      assert.ok(res.headers.get('Accept-Put'), 'Should have Accept-Put');
+    });
+
+    it('includes Accept-Patch for resources', async () => {
+      const res = await request('/conformance/public/put-created.ttl', { method: 'OPTIONS' });
+      const acceptPatch = res.headers.get('Accept-Patch');
+      assert.ok(acceptPatch, 'Should have Accept-Patch');
+      assert.ok(acceptPatch.includes('text/n3'), 'Should accept N3');
+    });
+  });
+
+  describe('MUST: WAC Headers', () => {
+    it('includes WAC-Allow header', async () => {
+      const res = await request('/conformance/public/');
+      assert.ok(res.headers.get('WAC-Allow'), 'Should have WAC-Allow');
+    });
+  });
+
+  describe('MUST: Conditional Requests', () => {
+    it('returns 304 for If-None-Match on GET', async () => {
+      const res1 = await request('/conformance/public/put-created.ttl');
+      const etag = res1.headers.get('ETag');
+
+      const res2 = await request('/conformance/public/put-created.ttl', {
+        headers: { 'If-None-Match': etag }
+      });
+      assertStatus(res2, 304);
+    });
+
+    it('returns 412 for If-Match mismatch on PUT', async () => {
+      const res = await request('/conformance/public/put-created.ttl', {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'text/turtle',
+          'If-Match': '"wrong-etag"'
+        },
+        body: '<#new> <#data> <#here> .',
+        auth: 'conformance'
+      });
+      assertStatus(res, 412);
+    });
+
+    it('returns 412 for If-None-Match: * on existing resource', async () => {
+      const res = await request('/conformance/public/put-created.ttl', {
+        method: 'PUT',
+        headers: {
+          'Content-Type': 'text/turtle',
+          'If-None-Match': '*'
+        },
+        body: '<#new> <#data> <#here> .',
+        auth: 'conformance'
+      });
+      assertStatus(res, 412);
+    });
+  });
+
+  describe('MUST: CORS Headers', () => {
+    it('includes Access-Control-Allow-Origin', async () => {
+      const res = await request('/conformance/public/', {
+        headers: { 'Origin': 'https://example.com' }
+      });
+      const acao = res.headers.get('Access-Control-Allow-Origin');
+      assert.ok(acao, 'Should have ACAO header');
+    });
+
+    it('includes Access-Control-Expose-Headers', async () => {
+      const res = await request('/conformance/public/', {
+        headers: { 'Origin': 'https://example.com' }
+      });
+      const expose = res.headers.get('Access-Control-Expose-Headers');
+      assert.ok(expose, 'Should expose headers');
+      assert.ok(expose.includes('Location'), 'Should expose Location');
+      assert.ok(expose.includes('Link'), 'Should expose Link');
+    });
+
+    it('handles preflight OPTIONS', async () => {
+      const res = await request('/conformance/public/', {
+        method: 'OPTIONS',
+        headers: {
+          'Origin': 'https://example.com',
+          'Access-Control-Request-Method': 'PUT'
+        }
+      });
+      assertStatus(res, 204);
+      assert.ok(res.headers.get('Access-Control-Allow-Methods'), 'Should have Allow-Methods');
+    });
+  });
+
+  describe('MUST: Content Negotiation', () => {
+    it('returns JSON-LD by default for RDF resources', async () => {
+      const res = await request('/conformance/public/patch-test.json');
+      const ct = res.headers.get('Content-Type');
+      assert.ok(ct.includes('application/ld+json') || ct.includes('application/json'));
+    });
+  });
+
+  describe('SHOULD: WebSocket Notifications', () => {
+    it('includes Updates-Via header when enabled', async () => {
+      // Note: requires server started with notifications: true
+      // This test documents the expected behavior
+      const res = await request('/conformance/', { method: 'OPTIONS' });
+      // Updates-Via may or may not be present depending on server config
+      const updatesVia = res.headers.get('Updates-Via');
+      if (updatesVia) {
+        assert.ok(updatesVia.includes('ws'), 'Should be WebSocket URL');
+      }
+    });
+  });
+});