javascript-solid-server 0.0.2 → 0.0.3

package/.claude/settings.local.json

@@ -9,7 +9,11 @@
       "Bash(npm install:*)",
       "Bash(timeout 3 node:*)",
       "Bash(PORT=3030 timeout 3 node:*)",
-      "Bash(git commit:*)"
+      "Bash(git commit:*)",
+      "Bash(pkill:*)",
+      "Bash(curl:*)",
+      "Bash(npm test:*)",
+      "Bash(git add:*)"
     ]
   }
 }

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
   "scripts": {
     "start": "node src/index.js",
     "dev": "node --watch src/index.js",
-    "test": "node --test"
+    "test": "node --test --test-concurrency=1"
   },
   "dependencies": {
     "fastify": "^4.25.2",

package/src/handlers/container.js

@@ -1,6 +1,10 @@
 import * as storage from '../storage/filesystem.js';
 import { getAllHeaders } from '../ldp/headers.js';
 import { isContainer } from '../utils/url.js';
+import { generateProfile, generatePreferences, generateTypeIndex, serialize } from '../webid/profile.js';
+
+// Content type for profile card
+const PROFILE_CONTENT_TYPE = 'text/html';
 
 /**
  * Handle POST request to container (create new resource)
@@ -69,6 +73,16 @@ export async function handlePost(request, reply) {
 /**
  * Create a pod (container) for a user
  * POST /.pods with { "name": "alice" }
+ *
+ * Creates the following structure:
+ *   /{name}/
+ *   /{name}/profile/card     - WebID profile
+ *   /{name}/inbox/           - Notifications
+ *   /{name}/public/          - Public files
+ *   /{name}/private/         - Private files
+ *   /{name}/settings/prefs   - Preferences
+ *   /{name}/settings/publicTypeIndex
+ *   /{name}/settings/privateTypeIndex
  */
 export async function handleCreatePod(request, reply) {
   const { name } = request.body || {};
@@ -89,22 +103,52 @@ export async function handleCreatePod(request, reply) {
     return reply.code(409).send({ error: 'Pod already exists' });
   }
 
-  // Create pod container
-  const success = await storage.createContainer(podPath);
-  if (!success) {
+  // Build URIs
+  // WebID is at pod root: /alice/#me
+  const baseUri = `${request.protocol}://${request.hostname}`;
+  const podUri = `${baseUri}${podPath}`;
+  const webId = `${podUri}#me`;
+  const issuer = baseUri;
+
+  try {
+    // Create pod directory structure
+    await storage.createContainer(podPath);
+    await storage.createContainer(`${podPath}inbox/`);
+    await storage.createContainer(`${podPath}public/`);
+    await storage.createContainer(`${podPath}private/`);
+    await storage.createContainer(`${podPath}settings/`);
+
+    // Generate and write WebID profile as index.html at pod root
+    const profileHtml = generateProfile({ webId, name, podUri, issuer });
+    await storage.write(`${podPath}index.html`, profileHtml);
+
+    // Generate and write preferences
+    const prefs = generatePreferences({ webId, podUri });
+    await storage.write(`${podPath}settings/prefs`, serialize(prefs));
+
+    // Generate and write type indexes
+    const publicTypeIndex = generateTypeIndex(`${podUri}settings/publicTypeIndex`);
+    await storage.write(`${podPath}settings/publicTypeIndex`, serialize(publicTypeIndex));
+
+    const privateTypeIndex = generateTypeIndex(`${podUri}settings/privateTypeIndex`);
+    await storage.write(`${podPath}settings/privateTypeIndex`, serialize(privateTypeIndex));
+
+  } catch (err) {
+    console.error('Pod creation error:', err);
+    // Cleanup on failure
+    await storage.remove(podPath);
     return reply.code(500).send({ error: 'Failed to create pod' });
   }
 
-  const location = `${request.protocol}://${request.hostname}${podPath}`;
   const origin = request.headers.origin;
-
   const headers = getAllHeaders({ isContainer: true, origin });
-  headers['Location'] = location;
+  headers['Location'] = podUri;
 
   Object.entries(headers).forEach(([k, v]) => reply.header(k, v));
 
   return reply.code(201).send({
     name,
-    url: location
+    webId,
+    podUri
   });
 }

package/src/handlers/resource.js

@@ -18,6 +18,27 @@ export async function handleGet(request, reply) {
 
   // Handle container
   if (stats.isDirectory) {
+    // Check for index.html (serves as both profile and container representation)
+    const indexPath = urlPath.endsWith('/') ? `${urlPath}index.html` : `${urlPath}/index.html`;
+    const indexExists = await storage.exists(indexPath);
+
+    if (indexExists) {
+      // Serve index.html (contains JSON-LD structured data)
+      const content = await storage.read(indexPath);
+      const indexStats = await storage.stat(indexPath);
+
+      const headers = getAllHeaders({
+        isContainer: true,
+        etag: indexStats?.etag || stats.etag,
+        contentType: 'text/html',
+        origin
+      });
+
+      Object.entries(headers).forEach(([k, v]) => reply.header(k, v));
+      return reply.send(content);
+    }
+
+    // No index.html, return JSON-LD container listing
     const entries = await storage.listContainer(urlPath);
     const baseUrl = `${request.protocol}://${request.hostname}${urlPath}`;
     const jsonLd = generateContainerJsonLd(baseUrl, entries || []);

package/src/server.js

@@ -25,8 +25,10 @@ export function createServer(options = {}) {
     const corsHeaders = getCorsHeaders(request.headers.origin);
     Object.entries(corsHeaders).forEach(([k, v]) => reply.header(k, v));
 
-    // Handle preflight
+    // Handle preflight OPTIONS
     if (request.method === 'OPTIONS') {
+      // Add Allow header for LDP compliance
+      reply.header('Allow', 'GET, HEAD, POST, PUT, DELETE, PATCH, OPTIONS');
       reply.code(204).send();
       return reply;
     }

package/src/webid/profile.js

@@ -0,0 +1,161 @@
+/**
+ * WebID Profile generation
+ * Creates profile documents following Solid conventions
+ * Profile is HTML with embedded JSON-LD structured data
+ */
+
+const FOAF = 'http://xmlns.com/foaf/0.1/';
+const SOLID = 'http://www.w3.org/ns/solid/terms#';
+const SCHEMA = 'http://schema.org/';
+const LDP = 'http://www.w3.org/ns/ldp#';
+const PIM = 'http://www.w3.org/ns/pim/space#';
+
+/**
+ * Generate JSON-LD data for a WebID profile
+ * @param {object} options
+ * @param {string} options.webId - Full WebID URI (e.g., https://example.com/alice/profile/card#me)
+ * @param {string} options.name - Display name
+ * @param {string} options.podUri - Pod root URI (e.g., https://example.com/alice/)
+ * @param {string} options.issuer - OIDC issuer URI
+ * @returns {object} JSON-LD profile data
+ */
+export function generateProfileJsonLd({ webId, name, podUri, issuer }) {
+  const pod = podUri.endsWith('/') ? podUri : podUri + '/';
+  const profileDoc = webId.split('#')[0];
+
+  return {
+    '@context': {
+      'foaf': FOAF,
+      'solid': SOLID,
+      'schema': SCHEMA,
+      'pim': PIM,
+      'ldp': LDP,
+      'inbox': { '@id': 'ldp:inbox', '@type': '@id' },
+      'storage': { '@id': 'pim:storage', '@type': '@id' },
+      'oidcIssuer': { '@id': 'solid:oidcIssuer', '@type': '@id' },
+      'preferencesFile': { '@id': 'pim:preferencesFile', '@type': '@id' }
+    },
+    '@graph': [
+      {
+        '@id': profileDoc,
+        '@type': 'foaf:PersonalProfileDocument',
+        'foaf:maker': { '@id': webId },
+        'foaf:primaryTopic': { '@id': webId }
+      },
+      {
+        '@id': webId,
+        '@type': ['foaf:Person', 'schema:Person'],
+        'foaf:name': name,
+        'inbox': `${pod}inbox/`,
+        'storage': pod,
+        'oidcIssuer': issuer,
+        'preferencesFile': `${pod}settings/prefs`
+      }
+    ]
+  };
+}
+
+/**
+ * Generate HTML profile with embedded JSON-LD
+ * @param {object} options
+ * @param {string} options.webId - Full WebID URI
+ * @param {string} options.name - Display name
+ * @param {string} options.podUri - Pod root URI
+ * @param {string} options.issuer - OIDC issuer URI
+ * @returns {string} HTML document with JSON-LD
+ */
+export function generateProfile({ webId, name, podUri, issuer }) {
+  const jsonLd = generateProfileJsonLd({ webId, name, podUri, issuer });
+  const pod = podUri.endsWith('/') ? podUri : podUri + '/';
+
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>${escapeHtml(name)}'s Profile</title>
+  <script type="application/ld+json">
+${JSON.stringify(jsonLd, null, 2)}
+  </script>
+  <style>
+    body { font-family: system-ui, sans-serif; max-width: 600px; margin: 2rem auto; padding: 0 1rem; }
+    h1 { color: #333; }
+    .card { background: #f5f5f5; padding: 1.5rem; border-radius: 8px; }
+    dt { font-weight: bold; margin-top: 1rem; }
+    dd { margin-left: 0; color: #666; }
+    a { color: #7c4dff; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <h1>${escapeHtml(name)}</h1>
+    <dl>
+      <dt>WebID</dt>
+      <dd><a href="${escapeHtml(webId)}">${escapeHtml(webId)}</a></dd>
+      <dt>Storage</dt>
+      <dd><a href="${escapeHtml(pod)}">${escapeHtml(pod)}</a></dd>
+      <dt>Inbox</dt>
+      <dd><a href="${escapeHtml(pod)}inbox/">${escapeHtml(pod)}inbox/</a></dd>
+    </dl>
+  </div>
+</body>
+</html>`;
+}
+
+/**
+ * Escape HTML entities
+ */
+function escapeHtml(str) {
+  return str
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;');
+}
+
+/**
+ * Generate preferences file as JSON-LD
+ * @param {object} options
+ * @param {string} options.webId - Full WebID URI
+ * @param {string} options.podUri - Pod root URI
+ * @returns {object} JSON-LD preferences document
+ */
+export function generatePreferences({ webId, podUri }) {
+  const pod = podUri.endsWith('/') ? podUri : podUri + '/';
+
+  return {
+    '@context': {
+      'solid': SOLID,
+      'pim': PIM,
+      'publicTypeIndex': { '@id': 'solid:publicTypeIndex', '@type': '@id' },
+      'privateTypeIndex': { '@id': 'solid:privateTypeIndex', '@type': '@id' }
+    },
+    '@id': `${pod}settings/prefs`,
+    'publicTypeIndex': `${pod}settings/publicTypeIndex`,
+    'privateTypeIndex': `${pod}settings/privateTypeIndex`
+  };
+}
+
+/**
+ * Generate an empty type index
+ * @param {string} uri - URI of the type index
+ * @returns {object} JSON-LD type index document
+ */
+export function generateTypeIndex(uri) {
+  return {
+    '@context': {
+      'solid': SOLID
+    },
+    '@id': uri,
+    '@type': 'solid:TypeIndex'
+  };
+}
+
+/**
+ * Serialize JSON-LD to string
+ * @param {object} jsonLd
+ * @returns {string}
+ */
+export function serialize(jsonLd) {
+  return JSON.stringify(jsonLd, null, 2);
+}

package/test/helpers.js

@@ -0,0 +1,124 @@
+/**
+ * Test helpers for JavaScript Solid Server
+ */
+
+import { createServer } from '../src/server.js';
+import fs from 'fs-extra';
+import path from 'path';
+
+const TEST_DATA_DIR = './data';
+
+let server = null;
+let baseUrl = null;
+
+/**
+ * Start a test server on a random available port
+ * @returns {Promise<{server: object, baseUrl: string}>}
+ */
+export async function startTestServer() {
+  // Clean up any existing test data
+  await fs.emptyDir(TEST_DATA_DIR);
+
+  server = createServer({ logger: false });
+  // Use port 0 to let OS assign available port
+  await server.listen({ port: 0, host: '127.0.0.1' });
+
+  const address = server.server.address();
+  baseUrl = `http://127.0.0.1:${address.port}`;
+
+  return { server, baseUrl };
+}
+
+/**
+ * Stop the test server
+ */
+export async function stopTestServer() {
+  if (server) {
+    await server.close();
+    server = null;
+  }
+  // Clean up test data
+  await fs.emptyDir(TEST_DATA_DIR);
+}
+
+/**
+ * Get the base URL
+ */
+export function getBaseUrl() {
+  return baseUrl;
+}
+
+/**
+ * Create a pod for testing
+ * @param {string} name - Pod name
+ * @returns {Promise<{webId: string, podUri: string}>}
+ */
+export async function createTestPod(name) {
+  const res = await fetch(`${baseUrl}/.pods`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ name })
+  });
+
+  if (!res.ok) {
+    throw new Error(`Failed to create pod: ${res.status}`);
+  }
+
+  return res.json();
+}
+
+/**
+ * Make a request to the test server
+ * @param {string} path - URL path
+ * @param {object} options - fetch options
+ * @returns {Promise<Response>}
+ */
+export async function request(urlPath, options = {}) {
+  const url = urlPath.startsWith('http') ? urlPath : `${baseUrl}${urlPath}`;
+  return fetch(url, options);
+}
+
+/**
+ * Assert response status
+ */
+export function assertStatus(res, expected, message = '') {
+  if (res.status !== expected) {
+    throw new Error(`Expected status ${expected}, got ${res.status}. ${message}`);
+  }
+}
+
+/**
+ * Assert response header exists
+ */
+export function assertHeader(res, header, expected = undefined) {
+  const value = res.headers.get(header);
+  if (value === null) {
+    throw new Error(`Expected header ${header} to exist`);
+  }
+  if (expected !== undefined && value !== expected) {
+    throw new Error(`Expected header ${header} to be "${expected}", got "${value}"`);
+  }
+  return value;
+}
+
+/**
+ * Assert response header contains value
+ */
+export function assertHeaderContains(res, header, substring) {
+  const value = res.headers.get(header);
+  if (value === null || !value.includes(substring)) {
+    throw new Error(`Expected header ${header} to contain "${substring}", got "${value}"`);
+  }
+  return value;
+}
+
+/**
+ * Parse JSON-LD from HTML (extracts from script tag)
+ */
+export function extractJsonLdFromHtml(html) {
+  const match = html.match(/<script type="application\/ld\+json">([\s\S]*?)<\/script>/);
+  if (!match) {
+    throw new Error('No JSON-LD found in HTML');
+  }
+  return JSON.parse(match[1]);
+}

package/test/ldp.test.js

@@ -0,0 +1,322 @@
+/**
+ * LDP (Linked Data Platform) CRUD tests
+ */
+
+import { describe, it, before, after, beforeEach } from 'node:test';
+import assert from 'node:assert';
+import {
+  startTestServer,
+  stopTestServer,
+  request,
+  createTestPod,
+  assertStatus,
+  assertHeader,
+  assertHeaderContains
+} from './helpers.js';
+
+describe('LDP CRUD Operations', () => {
+  let baseUrl;
+
+  before(async () => {
+    const result = await startTestServer();
+    baseUrl = result.baseUrl;
+    await createTestPod('ldptest');
+  });
+
+  after(async () => {
+    await stopTestServer();
+  });
+
+  describe('GET', () => {
+    it('should return 404 for non-existent resource', async () => {
+      const res = await request('/ldptest/nonexistent.json');
+      assertStatus(res, 404);
+    });
+
+    it('should return container listing for empty container', async () => {
+      const res = await request('/ldptest/public/');
+
+      assertStatus(res, 200);
+      assertHeaderContains(res, 'Link', 'Container');
+    });
+
+    it('should return resource content', async () => {
+      // Create resource first
+      await request('/ldptest/public/test.json', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ hello: 'world' })
+      });
+
+      const res = await request('/ldptest/public/test.json');
+
+      assertStatus(res, 200);
+      const data = await res.json();
+      assert.strictEqual(data.hello, 'world');
+    });
+
+    it('should return ETag header', async () => {
+      await request('/ldptest/public/etag-test.txt', {
+        method: 'PUT',
+        body: 'test content'
+      });
+
+      const res = await request('/ldptest/public/etag-test.txt');
+
+      assertStatus(res, 200);
+      assertHeader(res, 'ETag');
+    });
+  });
+
+  describe('HEAD', () => {
+    it('should return headers without body', async () => {
+      await request('/ldptest/public/head-test.txt', {
+        method: 'PUT',
+        body: 'test content'
+      });
+
+      const res = await request('/ldptest/public/head-test.txt', {
+        method: 'HEAD'
+      });
+
+      assertStatus(res, 200);
+      assertHeader(res, 'Content-Type');
+      assertHeader(res, 'ETag');
+
+      const body = await res.text();
+      assert.strictEqual(body, '');
+    });
+
+    it('should return 404 for non-existent', async () => {
+      const res = await request('/ldptest/public/no-such-file.txt', {
+        method: 'HEAD'
+      });
+
+      assertStatus(res, 404);
+    });
+  });
+
+  describe('PUT', () => {
+    it('should create new resource', async () => {
+      const res = await request('/ldptest/public/new-resource.json', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ created: true })
+      });
+
+      assertStatus(res, 201);
+      assertHeader(res, 'Location');
+    });
+
+    it('should update existing resource', async () => {
+      // Create
+      await request('/ldptest/public/update-me.txt', {
+        method: 'PUT',
+        body: 'original'
+      });
+
+      // Update
+      const res = await request('/ldptest/public/update-me.txt', {
+        method: 'PUT',
+        body: 'updated'
+      });
+
+      assertStatus(res, 204);
+
+      // Verify
+      const verify = await request('/ldptest/public/update-me.txt');
+      const content = await verify.text();
+      assert.strictEqual(content, 'updated');
+    });
+
+    it('should create parent containers', async () => {
+      const res = await request('/ldptest/public/nested/deep/file.txt', {
+        method: 'PUT',
+        body: 'nested content'
+      });
+
+      assertStatus(res, 201);
+
+      // Verify parent exists
+      const parent = await request('/ldptest/public/nested/deep/');
+      assertStatus(parent, 200);
+    });
+
+    it('should reject PUT to container path', async () => {
+      const res = await request('/ldptest/public/invalid/', {
+        method: 'PUT',
+        body: 'cannot put to container'
+      });
+
+      assertStatus(res, 409);
+    });
+  });
+
+  describe('POST', () => {
+    it('should create resource in container', async () => {
+      const res = await request('/ldptest/public/', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Slug': 'posted-resource'
+        },
+        body: JSON.stringify({ posted: true })
+      });
+
+      assertStatus(res, 201);
+      assertHeader(res, 'Location');
+
+      // Verify created
+      const location = res.headers.get('Location');
+      const verify = await request(location);
+      assertStatus(verify, 200);
+    });
+
+    it('should use Slug header for filename', async () => {
+      const res = await request('/ldptest/public/', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'text/plain',
+          'Slug': 'my-custom-name.txt'
+        },
+        body: 'slug test'
+      });
+
+      const location = res.headers.get('Location');
+      assert.ok(location.includes('my-custom-name'), 'Should use slug in filename');
+    });
+
+    it('should create container with Link header', async () => {
+      const res = await request('/ldptest/public/', {
+        method: 'POST',
+        headers: {
+          'Slug': 'new-container',
+          'Link': '<http://www.w3.org/ns/ldp#BasicContainer>; rel="type"'
+        }
+      });
+
+      assertStatus(res, 201);
+
+      const location = res.headers.get('Location');
+      assert.ok(location.endsWith('/'), 'Container location should end with /');
+
+      // Verify it's a container
+      const verify = await request(location);
+      assertHeaderContains(verify, 'Link', 'Container');
+    });
+
+    it('should reject POST to non-container', async () => {
+      await request('/ldptest/public/file-not-container.txt', {
+        method: 'PUT',
+        body: 'just a file'
+      });
+
+      const res = await request('/ldptest/public/file-not-container.txt', {
+        method: 'POST',
+        body: 'trying to post'
+      });
+
+      assertStatus(res, 405);
+    });
+  });
+
+  describe('DELETE', () => {
+    it('should delete resource', async () => {
+      await request('/ldptest/public/to-delete.txt', {
+        method: 'PUT',
+        body: 'delete me'
+      });
+
+      const res = await request('/ldptest/public/to-delete.txt', {
+        method: 'DELETE'
+      });
+
+      assertStatus(res, 204);
+
+      // Verify deleted
+      const verify = await request('/ldptest/public/to-delete.txt');
+      assertStatus(verify, 404);
+    });
+
+    it('should return 404 for non-existent', async () => {
+      const res = await request('/ldptest/public/never-existed.txt', {
+        method: 'DELETE'
+      });
+
+      assertStatus(res, 404);
+    });
+
+    it('should delete container', async () => {
+      // Create container
+      await request('/ldptest/public/', {
+        method: 'POST',
+        headers: {
+          'Slug': 'container-to-delete',
+          'Link': '<http://www.w3.org/ns/ldp#BasicContainer>; rel="type"'
+        }
+      });
+
+      const res = await request('/ldptest/public/container-to-delete/', {
+        method: 'DELETE'
+      });
+
+      assertStatus(res, 204);
+    });
+  });
+
+  describe('OPTIONS', () => {
+    it('should return allowed methods', async () => {
+      const res = await request('/ldptest/public/', {
+        method: 'OPTIONS'
+      });
+
+      assertStatus(res, 204);
+      const allow = assertHeader(res, 'Allow');
+      assert.ok(allow.includes('GET'), 'Should allow GET');
+      assert.ok(allow.includes('POST'), 'Should allow POST');
+    });
+
+    it('should return CORS headers', async () => {
+      const res = await request('/ldptest/public/', {
+        method: 'OPTIONS',
+        headers: { 'Origin': 'https://app.example.com' }
+      });
+
+      assertHeader(res, 'Access-Control-Allow-Origin');
+      assertHeader(res, 'Access-Control-Allow-Methods');
+    });
+  });
+
+  describe('LDP Headers', () => {
+    it('should return Link type header for resource', async () => {
+      await request('/ldptest/public/resource-link.txt', {
+        method: 'PUT',
+        body: 'test'
+      });
+
+      const res = await request('/ldptest/public/resource-link.txt');
+
+      assertHeaderContains(res, 'Link', 'ldp#Resource');
+    });
+
+    it('should return Link type headers for container', async () => {
+      const res = await request('/ldptest/public/');
+
+      const link = res.headers.get('Link');
+      assert.ok(link.includes('ldp#Resource'), 'Should be LDP Resource');
+      assert.ok(link.includes('ldp#Container'), 'Should be LDP Container');
+    });
+
+    it('should return WAC-Allow header', async () => {
+      const res = await request('/ldptest/public/');
+
+      assertHeader(res, 'WAC-Allow');
+    });
+
+    it('should return Accept-Post for containers', async () => {
+      const res = await request('/ldptest/public/');
+
+      assertHeader(res, 'Accept-Post');
+    });
+  });
+});

package/test/pod.test.js

@@ -0,0 +1,126 @@
+/**
+ * Pod lifecycle tests
+ */
+
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import {
+  startTestServer,
+  stopTestServer,
+  request,
+  assertStatus,
+  assertHeader,
+  assertHeaderContains
+} from './helpers.js';
+
+describe('Pod Lifecycle', () => {
+  before(async () => {
+    await startTestServer();
+  });
+
+  after(async () => {
+    await stopTestServer();
+  });
+
+  describe('POST /.pods', () => {
+    it('should create a new pod', async () => {
+      const res = await request('/.pods', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: 'alice' })
+      });
+
+      assertStatus(res, 201);
+      assertHeader(res, 'Location');
+
+      const data = await res.json();
+      assert.strictEqual(data.name, 'alice');
+      assert.ok(data.webId.endsWith('/alice/#me'));
+      assert.ok(data.podUri.endsWith('/alice/'));
+    });
+
+    it('should reject duplicate pod names', async () => {
+      // First create
+      await request('/.pods', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: 'bob' })
+      });
+
+      // Duplicate attempt
+      const res = await request('/.pods', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: 'bob' })
+      });
+
+      assertStatus(res, 409);
+    });
+
+    it('should reject invalid pod names', async () => {
+      const res = await request('/.pods', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: '../evil' })
+      });
+
+      assertStatus(res, 400);
+    });
+
+    it('should reject empty pod name', async () => {
+      const res = await request('/.pods', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({})
+      });
+
+      assertStatus(res, 400);
+    });
+  });
+
+  describe('Pod Structure', () => {
+    it('should create standard folders', async () => {
+      await request('/.pods', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: 'carol' })
+      });
+
+      // Check inbox exists
+      const inbox = await request('/carol/inbox/');
+      assertStatus(inbox, 200);
+
+      // Check public exists
+      const pub = await request('/carol/public/');
+      assertStatus(pub, 200);
+
+      // Check private exists
+      const priv = await request('/carol/private/');
+      assertStatus(priv, 200);
+
+      // Check settings exists
+      const settings = await request('/carol/settings/');
+      assertStatus(settings, 200);
+    });
+
+    it('should create settings files', async () => {
+      await request('/.pods', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: 'dan' })
+      });
+
+      // Check prefs
+      const prefs = await request('/dan/settings/prefs');
+      assertStatus(prefs, 200);
+
+      // Check public type index
+      const pubIndex = await request('/dan/settings/publicTypeIndex');
+      assertStatus(pubIndex, 200);
+
+      // Check private type index
+      const privIndex = await request('/dan/settings/privateTypeIndex');
+      assertStatus(privIndex, 200);
+    });
+  });
+});

package/test/webid.test.js

@@ -0,0 +1,152 @@
+/**
+ * WebID Profile tests
+ */
+
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import {
+  startTestServer,
+  stopTestServer,
+  request,
+  createTestPod,
+  assertStatus,
+  assertHeader,
+  assertHeaderContains,
+  extractJsonLdFromHtml
+} from './helpers.js';
+
+describe('WebID Profile', () => {
+  let baseUrl;
+  let podInfo;
+
+  before(async () => {
+    const result = await startTestServer();
+    baseUrl = result.baseUrl;
+    podInfo = await createTestPod('webidtest');
+  });
+
+  after(async () => {
+    await stopTestServer();
+  });
+
+  describe('Profile Document', () => {
+    it('should serve profile as HTML at pod root', async () => {
+      const res = await request('/webidtest/');
+
+      assertStatus(res, 200);
+      assertHeaderContains(res, 'Content-Type', 'text/html');
+    });
+
+    it('should contain JSON-LD structured data', async () => {
+      const res = await request('/webidtest/');
+      const html = await res.text();
+
+      const jsonLd = extractJsonLdFromHtml(html);
+      assert.ok(jsonLd['@context'], 'Should have @context');
+      assert.ok(jsonLd['@graph'], 'Should have @graph');
+    });
+
+    it('should have correct WebID URI', async () => {
+      const res = await request('/webidtest/');
+      const html = await res.text();
+      const jsonLd = extractJsonLdFromHtml(html);
+
+      // Find the Person in the graph
+      const person = jsonLd['@graph'].find(node =>
+        Array.isArray(node['@type'])
+          ? node['@type'].includes('foaf:Person')
+          : node['@type'] === 'foaf:Person'
+      );
+
+      assert.ok(person, 'Should have a foaf:Person');
+      assert.ok(person['@id'].endsWith('/webidtest/#me'), 'WebID should end with /#me');
+    });
+
+    it('should have foaf:name', async () => {
+      const res = await request('/webidtest/');
+      const html = await res.text();
+      const jsonLd = extractJsonLdFromHtml(html);
+
+      const person = jsonLd['@graph'].find(node =>
+        Array.isArray(node['@type'])
+          ? node['@type'].includes('foaf:Person')
+          : node['@type'] === 'foaf:Person'
+      );
+
+      assert.strictEqual(person['foaf:name'], 'webidtest');
+    });
+
+    it('should have solid:oidcIssuer', async () => {
+      const res = await request('/webidtest/');
+      const html = await res.text();
+      const jsonLd = extractJsonLdFromHtml(html);
+
+      const person = jsonLd['@graph'].find(node =>
+        Array.isArray(node['@type'])
+          ? node['@type'].includes('foaf:Person')
+          : node['@type'] === 'foaf:Person'
+      );
+
+      assert.ok(person['oidcIssuer'], 'Should have oidcIssuer');
+    });
+
+    it('should have pim:storage pointing to pod', async () => {
+      const res = await request('/webidtest/');
+      const html = await res.text();
+      const jsonLd = extractJsonLdFromHtml(html);
+
+      const person = jsonLd['@graph'].find(node =>
+        Array.isArray(node['@type'])
+          ? node['@type'].includes('foaf:Person')
+          : node['@type'] === 'foaf:Person'
+      );
+
+      assert.ok(person['storage'].endsWith('/webidtest/'), 'Storage should point to pod');
+    });
+
+    it('should have ldp:inbox', async () => {
+      const res = await request('/webidtest/');
+      const html = await res.text();
+      const jsonLd = extractJsonLdFromHtml(html);
+
+      const person = jsonLd['@graph'].find(node =>
+        Array.isArray(node['@type'])
+          ? node['@type'].includes('foaf:Person')
+          : node['@type'] === 'foaf:Person'
+      );
+
+      assert.ok(person['inbox'].endsWith('/webidtest/inbox/'), 'Should have inbox');
+    });
+
+    it('should have PersonalProfileDocument', async () => {
+      const res = await request('/webidtest/');
+      const html = await res.text();
+      const jsonLd = extractJsonLdFromHtml(html);
+
+      const doc = jsonLd['@graph'].find(node =>
+        node['@type'] === 'foaf:PersonalProfileDocument'
+      );
+
+      assert.ok(doc, 'Should have PersonalProfileDocument');
+      assert.ok(doc['foaf:maker'], 'Should have foaf:maker');
+      assert.ok(doc['foaf:primaryTopic'], 'Should have foaf:primaryTopic');
+    });
+  });
+
+  describe('WebID Resolution', () => {
+    it('should return LDP headers', async () => {
+      const res = await request('/webidtest/');
+
+      assertHeaderContains(res, 'Link', 'ldp#Resource');
+      assertHeader(res, 'WAC-Allow');
+    });
+
+    it('should return CORS headers', async () => {
+      const res = await request('/webidtest/', {
+        headers: { 'Origin': 'https://example.com' }
+      });
+
+      assertHeader(res, 'Access-Control-Allow-Origin');
+    });
+  });
+});