javascript-solid-server 0.0.106 → 0.0.108

package/src/webrtc/index.js

@@ -0,0 +1,159 @@
+/**
+ * WebRTC Signaling Server Plugin
+ *
+ * Lightweight signaling server for WebRTC peer-to-peer connections.
+ * Relays SDP offers/answers and ICE candidates between authenticated users.
+ * The actual media/data flow directly between peers — JSS just introduces them.
+ *
+ * Usage: jss start --webrtc
+ * Endpoint: wss://your.pod/.webrtc
+ *
+ * Protocol (JSON over WebSocket):
+ *   → { type: "offer",     to: "<webid>", sdp: "..." }
+ *   → { type: "answer",    to: "<webid>", sdp: "..." }
+ *   → { type: "candidate", to: "<webid>", candidate: {...} }
+ *   → { type: "hangup",    to: "<webid>" }
+ *   ← { type: "offer",     from: "<webid>", sdp: "..." }
+ *   ← { type: "answer",    from: "<webid>", sdp: "..." }
+ *   ← { type: "candidate", from: "<webid>", candidate: {...} }
+ *   ← { type: "hangup",    from: "<webid>" }
+ *   ← { type: "error",     message: "..." }
+ *   ← { type: "peers",     you: "<webid>", peers: ["<webid>", ...] }
+ *   ← { type: "peer-joined", webId: "<webid>" }
+ *   ← { type: "peer-left",   webId: "<webid>" }
+ */
+
+import websocket from '@fastify/websocket';
+import { getWebIdFromRequestAsync } from '../auth/token.js';
+
+const ALLOWED_TYPES = new Set(['offer', 'answer', 'candidate', 'hangup']);
+const MAX_MESSAGE_SIZE = 64 * 1024; // 64KB
+
+/**
+ * Register WebRTC signaling routes on Fastify instance
+ *
+ * @param {object} fastify - Fastify instance
+ * @param {object} options - Options
+ * @param {string} options.path - WebSocket path (default: '/.webrtc')
+ */
+export async function webrtcPlugin(fastify, options = {}) {
+  const path = options.path || '/.webrtc';
+
+  // Instance-scoped peer state
+  const peers = new Map();
+
+  // Only register @fastify/websocket if not already registered
+  if (!fastify.websocketServer) {
+    await fastify.register(websocket);
+  }
+
+  // Clean up all connections on server close
+  fastify.addHook('onClose', async () => {
+    for (const [, socket] of peers) {
+      socket.close();
+    }
+    peers.clear();
+  });
+
+  function broadcast(senderWebId, msg) {
+    const data = JSON.stringify(msg);
+    for (const [id, socket] of peers) {
+      if (id !== senderWebId && socket.readyState === 1) {
+        try { socket.send(data); } catch { /* socket closed between check and send */ }
+      }
+    }
+  }
+
+  fastify.get(path, { websocket: true }, async (connection, request) => {
+    const socket = connection.socket;
+
+    // Authenticate the connection
+    const { webId } = await getWebIdFromRequestAsync(request);
+    if (!webId) {
+      socket.send(JSON.stringify({ type: 'error', message: 'Authentication required' }));
+      socket.close();
+      return;
+    }
+
+    // Register this peer (close old connection if reconnecting)
+    const existing = peers.get(webId);
+    const isReconnect = !!existing;
+    if (existing) {
+      peers.delete(webId);
+      existing.close();
+    }
+    peers.set(webId, socket);
+    socket.webId = webId;
+
+    // Notify the peer of their identity and online peers
+    socket.send(JSON.stringify({
+      type: 'peers',
+      you: webId,
+      peers: [...peers.keys()].filter(id => id !== webId)
+    }));
+
+    // Only broadcast peer-joined for new connections, not reconnects
+    if (!isReconnect) {
+      broadcast(webId, { type: 'peer-joined', webId });
+    }
+
+    socket.on('message', (data) => {
+      // Enforce max message size (Buffer.byteLength for reliable byte count)
+      const raw = Buffer.isBuffer(data) ? data : Buffer.from(data);
+      if (raw.byteLength > MAX_MESSAGE_SIZE) {
+        socket.send(JSON.stringify({ type: 'error', message: 'Message too large' }));
+        return;
+      }
+
+      let msg;
+      try {
+        msg = JSON.parse(raw.toString());
+      } catch {
+        socket.send(JSON.stringify({ type: 'error', message: 'Invalid JSON' }));
+        return;
+      }
+
+      if (!msg.to || !msg.type) {
+        socket.send(JSON.stringify({ type: 'error', message: 'Missing "to" or "type" field' }));
+        return;
+      }
+
+      // Only relay known signaling types
+      if (!ALLOWED_TYPES.has(msg.type)) {
+        socket.send(JSON.stringify({ type: 'error', message: `Unknown type "${msg.type}"` }));
+        return;
+      }
+
+      const target = peers.get(msg.to);
+      if (!target || target.readyState !== 1) {
+        socket.send(JSON.stringify({ type: 'error', message: 'Peer not online', peer: msg.to }));
+        return;
+      }
+
+      // Build relay payload with whitelisted fields only (prevent prototype pollution)
+      const relay = Object.create(null);
+      relay.type = msg.type;
+      relay.from = webId;
+      if (typeof msg.sdp === 'string') relay.sdp = msg.sdp;
+      if (msg.candidate != null && typeof msg.candidate === 'object' && !Array.isArray(msg.candidate)) {
+        relay.candidate = msg.candidate;
+      }
+      try { target.send(JSON.stringify(relay)); } catch {
+        socket.send(JSON.stringify({ type: 'error', message: 'Peer not online', peer: msg.to }));
+      }
+    });
+
+    socket.on('close', () => {
+      // Only remove if this socket is still the registered one (not replaced by reconnect)
+      if (peers.get(webId) === socket) {
+        peers.delete(webId);
+        broadcast(webId, { type: 'peer-left', webId });
+      }
+    });
+
+    // Error handler: close event will follow and handle cleanup
+    socket.on('error', () => {});
+  });
+}
+
+export default webrtcPlugin;

package/test/pay.test.js

@@ -546,6 +546,151 @@ describe('HTTP 402 Pay Middleware', () => {
     });
   });
 
+  describe('AMM with multi-chain', () => {
+    let ammServer;
+    let ammUrl;
+    const ammPrivkey = crypto.randomBytes(32);
+    const ammPubkey = Buffer.from(schnorr.getPublicKey(ammPrivkey)).toString('hex');
+    const ammPrivkey2 = crypto.randomBytes(32);
+    const ammPubkey2 = Buffer.from(schnorr.getPublicKey(ammPrivkey2)).toString('hex');
+
+    function ammNip98(pk, url, method = 'GET') {
+      const event = {
+        pubkey: Buffer.from(schnorr.getPublicKey(pk)).toString('hex'),
+        created_at: Math.floor(Date.now() / 1000),
+        kind: 27235,
+        tags: [['u', url], ['method', method]],
+        content: ''
+      };
+      const serialized = JSON.stringify([0, event.pubkey, event.created_at, event.kind, event.tags, event.content]);
+      event.id = crypto.createHash('sha256').update(serialized).digest('hex');
+      event.sig = Buffer.from(schnorr.sign(event.id, pk)).toString('hex');
+      return `Nostr ${Buffer.from(JSON.stringify(event)).toString('base64')}`;
+    }
+
+    before(async () => {
+      const { createServer } = await import('../src/server.js');
+      ammServer = createServer({
+        logger: false,
+        forceCloseConnections: true,
+        pay: true,
+        payCost: 1,
+        payChains: 'tbtc3,tbtc4'
+      });
+      await ammServer.listen({ port: 0, host: '127.0.0.1' });
+      const addr = ammServer.server.address();
+      ammUrl = `http://127.0.0.1:${addr.port}`;
+    });
+
+    after(async () => {
+      if (ammServer) await ammServer.close();
+    });
+
+    it('GET /pay/.info should include chains and pool', async () => {
+      const res = await fetch(`${ammUrl}/pay/.info`);
+      assertStatus(res, 200);
+      const body = await res.json();
+      assert.ok(body.chains);
+      assert.strictEqual(body.chains.length, 2);
+      assert.strictEqual(body.chains[0].id, 'tbtc3');
+      assert.strictEqual(body.chains[1].id, 'tbtc4');
+      assert.strictEqual(body.pool, '/pay/.pool');
+    });
+
+    it('GET /pay/.pool should return empty pool', async () => {
+      const res = await fetch(`${ammUrl}/pay/.pool`);
+      assertStatus(res, 200);
+      const body = await res.json();
+      assert.strictEqual(body.reserves.tbtc3, 0);
+      assert.strictEqual(body.reserves.tbtc4, 0);
+      assert.strictEqual(body.k, 0);
+      assert.strictEqual(body.totalShares, 0);
+    });
+
+    it('GET /pay/.balance should include per-chain balances', async () => {
+      const url = `${ammUrl}/pay/.balance`;
+      const res = await fetch(url, {
+        headers: { 'Authorization': ammNip98(ammPrivkey, url) }
+      });
+      assertStatus(res, 200);
+      const body = await res.json();
+      assert.ok(body.balances);
+      assert.strictEqual(body.balances.tbtc3, 0);
+      assert.strictEqual(body.balances.tbtc4, 0);
+    });
+
+    it('POST /pay/.pool swap should fail with no liquidity', async () => {
+      const url = `${ammUrl}/pay/.pool`;
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Authorization': ammNip98(ammPrivkey, url, 'POST'),
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({ action: 'swap', sell: 'tbtc3', amount: 100 })
+      });
+      assertStatus(res, 400);
+      const body = await res.json();
+      assert.ok(body.error.includes('no liquidity'));
+    });
+
+    it('POST /pay/.pool add-liquidity should fail with zero balance', async () => {
+      const url = `${ammUrl}/pay/.pool`;
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Authorization': ammNip98(ammPrivkey, url, 'POST'),
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({ action: 'add-liquidity', tbtc3: 1000, tbtc4: 5000 })
+      });
+      assertStatus(res, 402);
+    });
+
+    it('POST /pay/.pool should reject unknown action', async () => {
+      const url = `${ammUrl}/pay/.pool`;
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Authorization': ammNip98(ammPrivkey, url, 'POST'),
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({ action: 'invalid' })
+      });
+      assertStatus(res, 400);
+      const body = await res.json();
+      assert.ok(body.error.includes('Unknown action'));
+    });
+
+    it('POST /pay/.pool swap should reject invalid sell unit', async () => {
+      const url = `${ammUrl}/pay/.pool`;
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Authorization': ammNip98(ammPrivkey, url, 'POST'),
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({ action: 'swap', sell: 'invalid', amount: 100 })
+      });
+      assertStatus(res, 400);
+    });
+
+    it('POST /pay/.pool remove-liquidity should fail with no pool', async () => {
+      const url = `${ammUrl}/pay/.pool`;
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Authorization': ammNip98(ammPrivkey, url, 'POST'),
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({ action: 'remove-liquidity', shares: 10 })
+      });
+      assertStatus(res, 400);
+      const body = await res.json();
+      assert.ok(body.error.includes('no liquidity'));
+    });
+  });
+
   describe('Pay disabled', () => {
     let noPayServer;
     let noPayUrl;

package/test/webledger.test.js

@@ -152,6 +152,68 @@ describe('Web Ledger', () => {
     });
   });
 
+  describe('multi-currency', () => {
+    it('should credit and debit with specific currency', () => {
+      const ledger = createLedger();
+      const bal = credit(ledger, 'did:nostr:user1', 1000, 'tbtc3');
+      assert.strictEqual(bal, 1000);
+      assert.strictEqual(getBalance(ledger, 'did:nostr:user1', 'tbtc3'), 1000);
+      // Default balance should be 0 (no satoshi credits)
+      assert.strictEqual(getBalance(ledger, 'did:nostr:user1'), 0);
+    });
+
+    it('should track multiple currencies independently', () => {
+      const ledger = createLedger();
+      credit(ledger, 'did:nostr:user1', 1000, 'tbtc3');
+      credit(ledger, 'did:nostr:user1', 5000, 'tbtc4');
+      assert.strictEqual(getBalance(ledger, 'did:nostr:user1', 'tbtc3'), 1000);
+      assert.strictEqual(getBalance(ledger, 'did:nostr:user1', 'tbtc4'), 5000);
+    });
+
+    it('should debit specific currency', () => {
+      const ledger = createLedger();
+      credit(ledger, 'did:nostr:user1', 1000, 'tbtc3');
+      credit(ledger, 'did:nostr:user1', 5000, 'tbtc4');
+      const result = debit(ledger, 'did:nostr:user1', 300, 'tbtc3');
+      assert.strictEqual(result.success, true);
+      assert.strictEqual(result.balance, 700);
+      // tbtc4 unchanged
+      assert.strictEqual(getBalance(ledger, 'did:nostr:user1', 'tbtc4'), 5000);
+    });
+
+    it('should fail debit when currency balance insufficient', () => {
+      const ledger = createLedger();
+      credit(ledger, 'did:nostr:user1', 100, 'tbtc3');
+      const result = debit(ledger, 'did:nostr:user1', 200, 'tbtc3');
+      assert.strictEqual(result.success, false);
+      assert.strictEqual(result.balance, 100);
+    });
+
+    it('should migrate simple string to array on currency credit', () => {
+      const ledger = createLedger();
+      // First set a simple balance
+      setBalance(ledger, 'did:nostr:user1', 500);
+      assert.strictEqual(getBalance(ledger, 'did:nostr:user1'), 500);
+      // Now add a currency-specific balance — should migrate to array
+      credit(ledger, 'did:nostr:user1', 1000, 'tbtc3');
+      assert.strictEqual(getBalance(ledger, 'did:nostr:user1', 'tbtc3'), 1000);
+      // Old satoshi balance should be preserved in array
+      const entry = ledger.entries.find(e => e.url === 'did:nostr:user1');
+      assert.ok(Array.isArray(entry.amount));
+      const satEntry = entry.amount.find(a => a.currency === 'satoshi');
+      assert.strictEqual(parseInt(satEntry.value), 500);
+    });
+
+    it('should use array format in entries', () => {
+      const ledger = createLedger();
+      credit(ledger, 'did:nostr:user1', 1000, 'tbtc3');
+      const entry = ledger.entries.find(e => e.url === 'did:nostr:user1');
+      assert.ok(Array.isArray(entry.amount));
+      assert.strictEqual(entry.amount[0].currency, 'tbtc3');
+      assert.strictEqual(entry.amount[0].value, '1000');
+    });
+  });
+
   describe('URI format support', () => {
     it('should work with did:nostr URIs', () => {
       const ledger = createLedger();

package/test/webrtc.test.js

@@ -0,0 +1,212 @@
+/**
+ * WebRTC Signaling Server Tests
+ */
+
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import { WebSocket } from 'ws';
+import {
+  startTestServer,
+  stopTestServer,
+  createTestPod,
+  getBaseUrl,
+  getPodToken
+} from './helpers.js';
+
+describe('WebRTC Signaling', () => {
+  let wsUrl;
+
+  before(async () => {
+    await startTestServer({ webrtc: true });
+    await createTestPod('alice');
+    await createTestPod('bob');
+    const base = getBaseUrl();
+    wsUrl = base.replace('http', 'ws') + '/.webrtc';
+  });
+
+  after(async () => {
+    await stopTestServer();
+  });
+
+  /** Create an authenticated WebSocket for a pod user */
+  function connectPeer(podName) {
+    const token = getPodToken(podName);
+    const ws = new WebSocket(wsUrl, {
+      headers: { 'Authorization': `Bearer ${token}` }
+    });
+    return ws;
+  }
+
+  /** Connect a peer and wait for the 'peers' welcome message */
+  async function connectAndWait(podName) {
+    const ws = connectPeer(podName);
+    const msg = await waitForMessage(ws, 'peers');
+    return { ws, ...msg };
+  }
+
+  /** Wait for a specific message type from a WebSocket */
+  function waitForMessage(ws, type, timeout = 3000) {
+    return new Promise((resolve, reject) => {
+      function handler(data) {
+        const msg = JSON.parse(data.toString());
+        if (msg.type === type) {
+          clearTimeout(timer);
+          ws.removeListener('message', handler);
+          ws.removeListener('close', onClose);
+          resolve(msg);
+        }
+      }
+      function onClose() {
+        clearTimeout(timer);
+        ws.removeListener('message', handler);
+        reject(new Error(`WebSocket closed while waiting for "${type}"`));
+      }
+      const timer = setTimeout(() => {
+        ws.removeListener('message', handler);
+        ws.removeListener('close', onClose);
+        reject(new Error(`Timeout waiting for "${type}"`));
+      }, timeout);
+      ws.on('message', handler);
+      ws.on('close', onClose);
+    });
+  }
+
+  /** Collect messages from a WebSocket for a duration */
+  function collectMessages(ws, duration = 500) {
+    return new Promise((resolve) => {
+      const msgs = [];
+      const handler = (data) => msgs.push(JSON.parse(data.toString()));
+      ws.on('message', handler);
+      setTimeout(() => {
+        ws.removeListener('message', handler);
+        resolve(msgs);
+      }, duration);
+    });
+  }
+
+  describe('Authentication', () => {
+    it('should reject unauthenticated connections', async () => {
+      const ws = new WebSocket(wsUrl);
+
+      const msg = await waitForMessage(ws, 'error');
+      assert.strictEqual(msg.type, 'error');
+      assert.ok(msg.message.includes('Authentication'));
+      ws.close();
+    });
+
+    it('should accept authenticated connections', async () => {
+      const ws = connectPeer('alice');
+
+      const msg = await waitForMessage(ws, 'peers');
+      assert.strictEqual(msg.type, 'peers');
+      assert.ok(msg.you, 'Should include own WebID');
+      assert.ok(Array.isArray(msg.peers), 'Should include peers list');
+      ws.close();
+    });
+  });
+
+  describe('Peer Presence and Signaling Relay', () => {
+    it('should handle full signaling lifecycle', async () => {
+      // Alice connects first — should see no peers
+      const { ws: alice, you: aliceId } = await connectAndWait('alice');
+
+      // Bob joins — set up listener for peer-joined before bob connects
+      const joinPromise = waitForMessage(alice, 'peer-joined');
+      const { ws: bob, you: bobId, peers: bobPeerList } = await connectAndWait('bob');
+
+      // Bob should see alice in the peer list
+      assert.strictEqual(bobPeerList.length, 1, 'Bob should see Alice');
+
+      // Alice should get peer-joined notification
+      const joinMsg = await joinPromise;
+      assert.strictEqual(joinMsg.type, 'peer-joined');
+
+      // 1. Alice sends offer to Bob
+      const offerPromise = waitForMessage(bob, 'offer');
+      alice.send(JSON.stringify({ type: 'offer', to: bobId, sdp: 'v=0\r\n' }));
+
+      const offer = await offerPromise;
+      assert.strictEqual(offer.type, 'offer');
+      assert.strictEqual(offer.from, aliceId);
+      assert.ok(offer.sdp, 'Should include SDP');
+      assert.strictEqual(offer.to, undefined, 'Should strip "to" field');
+
+      // 2. Bob sends answer to Alice
+      const answerPromise = waitForMessage(alice, 'answer');
+      bob.send(JSON.stringify({ type: 'answer', to: aliceId, sdp: 'v=0\r\n' }));
+
+      const answer = await answerPromise;
+      assert.strictEqual(answer.type, 'answer');
+      assert.strictEqual(answer.from, bobId);
+
+      // 3. Alice sends ICE candidate to Bob
+      const candidatePromise = waitForMessage(bob, 'candidate');
+      alice.send(JSON.stringify({
+        type: 'candidate', to: bobId,
+        candidate: { candidate: 'candidate:1 1 UDP 2122252543 192.168.1.1 12345 typ host', sdpMid: '0' }
+      }));
+
+      const candidate = await candidatePromise;
+      assert.strictEqual(candidate.type, 'candidate');
+      assert.ok(candidate.candidate.candidate);
+
+      // 4. Alice sends hangup to Bob
+      const hangupPromise = waitForMessage(bob, 'hangup');
+      alice.send(JSON.stringify({ type: 'hangup', to: bobId }));
+
+      const hangup = await hangupPromise;
+      assert.strictEqual(hangup.type, 'hangup');
+      assert.strictEqual(hangup.from, aliceId);
+
+      // 5. Bob leaves — alice should get notified
+      const leavePromise = waitForMessage(alice, 'peer-left');
+      bob.close();
+
+      const leaveMsg = await leavePromise;
+      assert.strictEqual(leaveMsg.type, 'peer-left');
+
+      alice.close();
+      await new Promise(r => setTimeout(r, 100));
+    });
+  });
+
+  describe('Error Handling', () => {
+    it('should reject invalid JSON', async () => {
+      const alice = connectPeer('alice');
+      await waitForMessage(alice, 'peers');
+
+      alice.send('not json');
+      const err = await waitForMessage(alice, 'error');
+      assert.strictEqual(err.message, 'Invalid JSON');
+
+      alice.close();
+    });
+
+    it('should reject messages without "to" field', async () => {
+      const alice = connectPeer('alice');
+      await waitForMessage(alice, 'peers');
+
+      alice.send(JSON.stringify({ type: 'offer', sdp: '...' }));
+      const err = await waitForMessage(alice, 'error');
+      assert.ok(err.message.includes('Missing'));
+
+      alice.close();
+    });
+
+    it('should error when target peer is not online', async () => {
+      const alice = connectPeer('alice');
+      await waitForMessage(alice, 'peers');
+
+      alice.send(JSON.stringify({
+        type: 'offer',
+        to: 'https://nobody.example/profile/card#me',
+        sdp: '...'
+      }));
+      const err = await waitForMessage(alice, 'error');
+      assert.ok(err.message.includes('not online'));
+
+      alice.close();
+      await new Promise(r => setTimeout(r, 50));
+    });
+  });
+});

package/test-webrtc-smoke.mjs

@@ -0,0 +1,90 @@
+import { createServer } from './src/server.js';
+import { WebSocket } from 'ws';
+
+const PORT = 9877;
+const BASE = `http://127.0.0.1:${PORT}`;
+
+// Start server
+const server = createServer({ logger: false, webrtc: true, forceCloseConnections: true });
+await server.listen({ port: PORT, host: '127.0.0.1' });
+console.log(`Server running on port ${PORT}`);
+
+// Create two pods and get tokens
+const aliceRes = await (await fetch(`${BASE}/.pods`, {
+  method: 'POST', headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({ name: 'alice' })
+})).json();
+
+const bobRes = await (await fetch(`${BASE}/.pods`, {
+  method: 'POST', headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({ name: 'bob' })
+})).json();
+
+console.log(`Alice WebID: ${aliceRes.webId}`);
+console.log(`Bob WebID: ${bobRes.webId}`);
+
+function connectWs(token) {
+  return new WebSocket(`ws://127.0.0.1:${PORT}/.webrtc`, {
+    headers: { 'Authorization': `Bearer ${token}` }
+  });
+}
+
+function waitMsg(ws, type) {
+  return new Promise((resolve, reject) => {
+    const timer = setTimeout(() => { ws.removeListener('message', h); reject(new Error(`Timeout: ${type}`)); }, 5000);
+    function h(data) {
+      const msg = JSON.parse(data.toString());
+      if (msg.type === type) { clearTimeout(timer); ws.removeListener('message', h); resolve(msg); }
+    }
+    ws.on('message', h);
+  });
+}
+
+// 1. Alice connects
+const alice = connectWs(aliceRes.token);
+const alicePeers = await waitMsg(alice, 'peers');
+console.log(`\n1. Alice connected — you: ${alicePeers.you}, peers: [${alicePeers.peers}]`);
+
+// 2. Bob connects — alice should get peer-joined
+const joinPromise = waitMsg(alice, 'peer-joined');
+const bob = connectWs(bobRes.token);
+const bobPeers = await waitMsg(bob, 'peers');
+console.log(`2. Bob connected — you: ${bobPeers.you}, peers: [${bobPeers.peers}]`);
+
+const joined = await joinPromise;
+console.log(`   Alice got peer-joined: ${joined.webId}`);
+
+// 3. Alice sends offer to Bob
+const offerPromise = waitMsg(bob, 'offer');
+alice.send(JSON.stringify({ type: 'offer', to: bobPeers.you, sdp: 'v=0\r\nfake-sdp-offer' }));
+const offer = await offerPromise;
+console.log(`3. Bob received offer from ${offer.from} — sdp: "${offer.sdp}"`);
+
+// 4. Bob sends answer to Alice
+const answerPromise = waitMsg(alice, 'answer');
+bob.send(JSON.stringify({ type: 'answer', to: alicePeers.you, sdp: 'v=0\r\nfake-sdp-answer' }));
+const answer = await answerPromise;
+console.log(`4. Alice received answer from ${answer.from} — sdp: "${answer.sdp}"`);
+
+// 5. Alice sends ICE candidate to Bob
+const candPromise = waitMsg(bob, 'candidate');
+alice.send(JSON.stringify({ type: 'candidate', to: bobPeers.you, candidate: { candidate: 'candidate:1 1 UDP 12345 192.168.1.1 9999 typ host' } }));
+const cand = await candPromise;
+console.log(`5. Bob received ICE candidate from ${cand.from}`);
+
+// 6. Alice sends hangup
+const hangPromise = waitMsg(bob, 'hangup');
+alice.send(JSON.stringify({ type: 'hangup', to: bobPeers.you }));
+const hang = await hangPromise;
+console.log(`6. Bob received hangup from ${hang.from}`);
+
+// 7. Bob disconnects — alice gets peer-left
+const leftPromise = waitMsg(alice, 'peer-left');
+bob.close();
+const left = await leftPromise;
+console.log(`7. Alice got peer-left: ${left.webId}`);
+
+alice.close();
+await server.close();
+console.log(`\n✅ All signaling steps passed!`);
+process.exit(0);