javascript-solid-server 0.0.85 → 0.0.87

package/.claude/settings.local.json

@@ -323,7 +323,9 @@
       "Bash(npm exec serve:*)",
       "Bash(npm link)",
       "Bash(npm link:*)",
-      "Bash(git push)"
+      "Bash(git push)",
+      "Bash(ulimit:*)",
+      "Bash(gh label:*)"
     ]
   }
 }

package/README.md

@@ -6,8 +6,11 @@ A minimal, fast, JSON-LD native Solid server.
 
 ## Features
 
-### Implemented (v0.0.79)
+### Implemented (v0.0.86)
 
+- **Live Reload** - Auto-refresh browser on file changes (`--live-reload`)
+- **Read-Only Mode** - Disable write operations for static hosting (`--read-only`)
+- **Public Mode** - Skip WAC for open read/write access (`--public`)
 - **Schnorr SSO** - Passwordless login via BIP-340 Schnorr signatures using NIP-07 browser extensions (Podkey, nos2x, Alby)
 - **Passkey Authentication** - WebAuthn/FIDO2 passwordless login with Touch ID, Face ID, or security keys
 - **HTTP Range Requests** - Partial content delivery for large files and media streaming
@@ -35,7 +38,7 @@ A minimal, fast, JSON-LD native Solid server.
 - **Content Negotiation** - Turtle <-> JSON-LD conversion, including HTML data islands
 - **CORS Support** - Full cross-origin resource sharing
 - **Git HTTP Backend** - Clone and push to containers via `git` protocol
-- **Nostr Relay** - Integrated NIP-01 relay on the same port (`wss://your.pod/relay`)
+- **Nostr Relay** - Integrated NIP-01/NIP-11/NIP-16 relay on the same port (`wss://your.pod/relay`)
 - **Invite-Only Registration** - CLI-managed invite codes for controlled signups
 - **Storage Quotas** - Per-user storage limits with CLI management
 - **Security** - Blocks access to dotfiles (`.git/`, `.env`, etc.) except Solid-specific ones
@@ -139,6 +142,9 @@ jss --help             # Show help
 | `--ap-display-name <name>` | ActivityPub display name | (username) |
 | `--ap-summary <text>` | ActivityPub bio/summary | - |
 | `--ap-nostr-pubkey <hex>` | Nostr pubkey for identity linking | - |
+| `--public` | Allow unauthenticated access (skip WAC) | false |
+| `--read-only` | Disable PUT/DELETE/PATCH methods | false |
+| `--live-reload` | Auto-refresh browser on file changes | false |
 | `-q, --quiet` | Suppress logs | false |
 
 ### Environment Variables
@@ -159,6 +165,10 @@ export JSS_WEBID_TLS=true
 export JSS_DEFAULT_QUOTA=100MB
 export JSS_ACTIVITYPUB=true
 export JSS_AP_USERNAME=alice
+export JSS_PUBLIC=true
+export JSS_READ_ONLY=true
+export JSS_LIVE_RELOAD=true
+export JSS_SOLIDOS_UI=true
 jss start
 ```
 
@@ -868,7 +878,7 @@ curl -X POST https://example.com/.pods \
 
 | Server | Size | Deps | Notes |
 |--------|------|------|-------|
-| [JSS](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer) | 432 KB | 10 | Minimal, JSON-LD native |
+| [JSS](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer) | ~14K LoC | 14 | Minimal, JSON-LD native |
 | [NSS](https://github.com/nodeSolidServer/node-solid-server) | 777 KB | 58 | Original Solid server |
 | [CSS](https://github.com/CommunitySolidServer/CommunitySolidServer) | 5.8 MB | 70 | Modular, configurable |
 | [Pivot](https://github.com/solid-contrib/pivot) | ~6 MB | 70+ | Built on CSS |
@@ -941,7 +951,7 @@ npm run benchmark
 npm test
 ```
 
-Currently passing: **223 tests** (including 27 conformance tests)
+Currently passing: **229 tests** (including 27 conformance tests)
 
 ### Conformance Test Harness (CTH)
 
@@ -988,12 +998,12 @@ src/
 │   ├── filesystem.js     # File operations
 │   └── quota.js          # Storage quota management
 ├── auth/
-│   ├── middleware.js     # Auth hook
-│   ├── token.js          # Simple token auth
-│   ├── solid-oidc.js     # DPoP verification
-│   ├── nostr.js          # NIP-98 Nostr authentication
-│   ├── did-nostr.js      # did:nostr → WebID resolution
-│   └── webid-tls.js      # WebID-TLS client certificate auth
+│   ├── middleware.js      # Auth hook
+│   ├── token.js           # Simple token auth
+│   ├── solid-oidc.js      # DPoP verification
+│   ├── nostr.js           # NIP-98 Nostr authentication
+│   ├── did-nostr.js       # did:nostr → WebID resolution
+│   └── webid-tls.js       # WebID-TLS client certificate auth
 ├── wac/
 │   ├── parser.js         # ACL parsing
 │   └── checker.js        # Permission checking
@@ -1010,14 +1020,16 @@ src/
 │   ├── events.js         # Event emitter
 │   └── websocket.js      # solid-0.1 protocol
 ├── idp/
-│   ├── index.js          # Identity Provider plugin
-│   ├── provider.js       # oidc-provider config
-│   ├── adapter.js        # Filesystem adapter
-│   ├── accounts.js       # User account management
-│   ├── keys.js           # JWKS key management
-│   ├── interactions.js   # Login/consent handlers
-│   ├── views.js          # HTML templates
-│   └── invites.js        # Invite code management
+│   ├── index.js           # Identity Provider plugin
+│   ├── provider.js        # oidc-provider config
+│   ├── adapter.js         # Filesystem adapter
+│   ├── accounts.js        # User account management
+│   ├── credentials.js     # Credentials endpoint
+│   ├── keys.js            # JWKS key management
+│   ├── interactions.js    # Login/consent handlers
+│   ├── passkey.js         # WebAuthn/FIDO2 passkey support
+│   ├── views.js           # HTML templates
+│   └── invites.js         # Invite code management
 ├── ap/
 │   ├── index.js          # ActivityPub plugin
 │   ├── keys.js           # RSA keypair management
@@ -1030,23 +1042,31 @@ src/
 ├── rdf/
 │   ├── turtle.js         # Turtle <-> JSON-LD
 │   └── conneg.js         # Content negotiation
+├── mashlib/
+│   └── index.js           # Mashlib data browser plugin
 └── utils/
-    ├── url.js            # URL utilities
-    └── conditional.js    # If-Match/If-None-Match
+    ├── url.js             # URL utilities
+    ├── conditional.js     # If-Match/If-None-Match
+    └── ssrf.js            # SSRF protection
 ```
 
 ## Dependencies
 
-Minimal dependencies for a fast, secure server:
+14 direct dependencies for a fast, secure server:
 
 - **fastify** - High-performance HTTP server
+- **@fastify/middie** - Express/Connect middleware bridge (for IdP)
+- **@fastify/rate-limit** - Rate limiting for API endpoints
 - **@fastify/websocket** - WebSocket support for notifications
+- **@simplewebauthn/server** - Passkey/WebAuthn authentication
+- **bcryptjs** - Password hashing (pure JS, works on Termux/Android)
+- **commander** - CLI command parsing
 - **fs-extra** - Enhanced file operations
 - **jose** - JWT/JWK handling for Solid-OIDC
+- **microfed** - ActivityPub primitives (only when activitypub enabled)
 - **n3** - Turtle parsing (only used when conneg enabled)
+- **nostr-tools** - Nostr protocol and Schnorr signature verification
 - **oidc-provider** - OpenID Connect Identity Provider (only when IdP enabled)
-- **bcryptjs** - Password hashing (only when IdP enabled)
-- **microfed** - ActivityPub primitives (only when activitypub enabled)
 - **sql.js** - SQLite storage for federation data (WASM, cross-platform)
 
 ## License

package/bin/jss.js

@@ -105,6 +105,8 @@ program
 
       // Create and start server
       const server = createServer({
+        port: config.port,
+        host: config.host,
         logger: config.logger,
         conneg: config.conneg,
         notifications: config.notifications,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.85",
+  "version": "0.0.87",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/config.js

@@ -228,6 +228,11 @@ export async function loadConfig(cliOptions = {}, configFile = null) {
     config.logger = false;
   }
 
+  // Mashlib requires content negotiation for Turtle support
+  if (config.mashlib || config.mashlibCdn) {
+    config.conneg = true;
+  }
+
   // Validate SSL config
   if ((config.sslKey && !config.sslCert) || (!config.sslKey && config.sslCert)) {
     throw new Error('Both --ssl-key and --ssl-cert must be provided together');

package/src/notifications/websocket.js

@@ -40,6 +40,7 @@ export function handleWebSocket(socket, request, webId = null) {
   // Store webId and server info on socket for ACL checks
   socket.webId = webId;
   socket.serverOrigin = `${request.protocol}://${request.hostname}`;
+  socket.publicMode = request.config?.public || false;
 
   // Send protocol greeting
   socket.send('protocol solid-0.1');
@@ -123,6 +124,11 @@ async function checkSubscriptionAccess(url, socket) {
     const stats = await storage.stat(resourcePath);
     const isContainer = stats?.isDirectory || resourcePath.endsWith('/');
 
+    // Skip WAC check in public mode
+    if (socket.publicMode) {
+      return true;
+    }
+
     // Check WAC read permission
     const { allowed } = await checkAccess({
       resourceUrl: url,

package/src/wac/parser.js

@@ -144,8 +144,9 @@ function parseAuthorization(node, aclUrl) {
   auth.default = parseUriArray(node['acl:default'] || node['default'])
     .map(uri => resolveUri(uri, baseUrl));
 
-  // Parse agents (WebIDs can be relative too)
-  auth.agents = parseUriArray(node['acl:agent'] || node['agent']);
+  // Parse agents (WebIDs can be relative too) - resolve against ACL URL
+  auth.agents = parseUriArray(node['acl:agent'] || node['agent'])
+    .map(uri => resolveUri(uri, aclUrl));
 
   // Parse agentClass
   auth.agentClasses = parseUriArray(node['acl:agentClass'] || node['agentClass']);

package/test/live-reload.test.js

@@ -0,0 +1,265 @@
+/**
+ * Live Reload Test
+ *
+ * Tests the full chain: file change → WebSocket pub → client receives
+ */
+
+import { createServer } from '../src/server.js';
+import { writeFileSync, mkdirSync, rmSync, existsSync } from 'fs';
+import { join } from 'path';
+import WebSocket from 'ws';
+
+const TEST_PORT = 9876;
+const TEST_DIR = '/tmp/live-reload-test-suite';
+const BASE_URL = `http://localhost:${TEST_PORT}`;
+
+// Setup and teardown
+function setupTestDir() {
+  if (existsSync(TEST_DIR)) {
+    rmSync(TEST_DIR, { recursive: true });
+  }
+  mkdirSync(TEST_DIR, { recursive: true });
+  writeFileSync(join(TEST_DIR, 'index.html'), '<!DOCTYPE html><html><body>Hello</body></html>');
+  writeFileSync(join(TEST_DIR, 'test.txt'), 'initial content');
+}
+
+function cleanupTestDir() {
+  if (existsSync(TEST_DIR)) {
+    rmSync(TEST_DIR, { recursive: true });
+  }
+}
+
+// Test 1: Verify WebSocket notifications work for HTTP PUT
+async function testHttpPutNotification() {
+  console.log('\n=== Test 1: HTTP PUT triggers WebSocket notification ===');
+
+  setupTestDir();
+
+  const server = createServer({
+    root: TEST_DIR,
+    port: TEST_PORT,
+    logger: false,
+    liveReload: true,
+    public: true,
+  });
+
+  await server.listen({ port: TEST_PORT, host: '0.0.0.0' });
+  console.log('Server started on port', TEST_PORT);
+
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      ws.close();
+      server.close();
+      reject(new Error('Timeout: No WebSocket notification received'));
+    }, 5000);
+
+    const ws = new WebSocket(`ws://localhost:${TEST_PORT}/.notifications`);
+
+    ws.on('open', () => {
+      console.log('WebSocket connected');
+      // Subscribe to the test file
+      ws.send(`sub ${BASE_URL}/test.txt`);
+      console.log('Subscribed to', `${BASE_URL}/test.txt`);
+
+      // Wait a bit then do HTTP PUT
+      setTimeout(async () => {
+        console.log('Doing HTTP PUT...');
+        const res = await fetch(`${BASE_URL}/test.txt`, {
+          method: 'PUT',
+          body: 'updated via HTTP',
+          headers: { 'Content-Type': 'text/plain' }
+        });
+        console.log('PUT response:', res.status);
+      }, 500);
+    });
+
+    ws.on('message', (data) => {
+      const msg = data.toString();
+      console.log('WebSocket received:', msg);
+
+      if (msg.startsWith('pub ')) {
+        clearTimeout(timeout);
+        console.log('SUCCESS: Received pub notification');
+        ws.close();
+        server.close().then(() => {
+          cleanupTestDir();
+          resolve(true);
+        });
+      }
+    });
+
+    ws.on('error', (err) => {
+      clearTimeout(timeout);
+      server.close();
+      reject(err);
+    });
+  });
+}
+
+// Test 2: Verify file watcher detects filesystem changes
+async function testFileWatcherNotification() {
+  console.log('\n=== Test 2: Filesystem change triggers WebSocket notification ===');
+
+  setupTestDir();
+
+  const server = createServer({
+    root: TEST_DIR,
+    port: TEST_PORT,
+    logger: false,
+    liveReload: true,
+    public: true,
+  });
+
+  await server.listen({ port: TEST_PORT, host: '0.0.0.0' });
+  console.log('Server started on port', TEST_PORT);
+
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      ws.close();
+      server.close();
+      reject(new Error('Timeout: No WebSocket notification received for filesystem change'));
+    }, 5000);
+
+    const ws = new WebSocket(`ws://localhost:${TEST_PORT}/.notifications`);
+
+    ws.on('open', () => {
+      console.log('WebSocket connected');
+      // Subscribe to the test file
+      ws.send(`sub ${BASE_URL}/test.txt`);
+      console.log('Subscribed to', `${BASE_URL}/test.txt`);
+
+      // Wait a bit then modify file directly on filesystem
+      setTimeout(() => {
+        console.log('Modifying file via filesystem...');
+        writeFileSync(join(TEST_DIR, 'test.txt'), 'updated via filesystem ' + Date.now());
+        console.log('File written');
+      }, 1000);
+    });
+
+    ws.on('message', (data) => {
+      const msg = data.toString();
+      console.log('WebSocket received:', msg);
+
+      if (msg.startsWith('pub ')) {
+        clearTimeout(timeout);
+        console.log('SUCCESS: Received pub notification for filesystem change');
+        ws.close();
+        server.close().then(() => {
+          cleanupTestDir();
+          resolve(true);
+        });
+      }
+    });
+
+    ws.on('error', (err) => {
+      clearTimeout(timeout);
+      server.close();
+      reject(err);
+    });
+  });
+}
+
+// Test 3: Verify fs.watch works on this platform
+async function testFsWatch() {
+  console.log('\n=== Test 3: Basic fs.watch functionality ===');
+
+  const { watch } = await import('fs');
+  const testFile = '/tmp/fswatch-test.txt';
+
+  writeFileSync(testFile, 'initial');
+
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      watcher.close();
+      reject(new Error('fs.watch did not detect file change'));
+    }, 3000);
+
+    const watcher = watch(testFile, (eventType, filename) => {
+      console.log('fs.watch detected:', eventType, filename);
+      clearTimeout(timeout);
+      watcher.close();
+      resolve(true);
+    });
+
+    // Modify file after short delay
+    setTimeout(() => {
+      console.log('Modifying file...');
+      writeFileSync(testFile, 'modified ' + Date.now());
+    }, 500);
+  });
+}
+
+// Test 4: Verify fs.watch with recursive option
+async function testFsWatchRecursive() {
+  console.log('\n=== Test 4: fs.watch with recursive option ===');
+
+  const { watch } = await import('fs');
+  const testDir = '/tmp/fswatch-recursive-test';
+
+  if (existsSync(testDir)) rmSync(testDir, { recursive: true });
+  mkdirSync(testDir, { recursive: true });
+  writeFileSync(join(testDir, 'file.txt'), 'initial');
+
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      watcher.close();
+      console.log('FAIL: fs.watch recursive did not detect file change');
+      resolve(false); // Don't reject, just report failure
+    }, 3000);
+
+    let detected = false;
+    const watcher = watch(testDir, { recursive: true }, (eventType, filename) => {
+      if (!detected) {
+        detected = true;
+        console.log('fs.watch recursive detected:', eventType, filename);
+        clearTimeout(timeout);
+        watcher.close();
+        resolve(true);
+      }
+    });
+
+    watcher.on('error', (err) => {
+      console.log('fs.watch error:', err.message);
+      clearTimeout(timeout);
+      resolve(false);
+    });
+
+    // Modify file after short delay
+    setTimeout(() => {
+      console.log('Modifying file in watched directory...');
+      writeFileSync(join(testDir, 'file.txt'), 'modified ' + Date.now());
+    }, 500);
+  });
+}
+
+// Run all tests
+async function runTests() {
+  console.log('Live Reload Test Suite');
+  console.log('======================');
+
+  try {
+    // Test basic fs.watch first
+    const fsWatchWorks = await testFsWatch();
+    console.log('Test 3 result: fs.watch works =', fsWatchWorks);
+
+    // Test recursive fs.watch
+    const fsWatchRecursiveWorks = await testFsWatchRecursive();
+    console.log('Test 4 result: fs.watch recursive works =', fsWatchRecursiveWorks);
+
+    // Test HTTP PUT notification
+    await testHttpPutNotification();
+    console.log('Test 1 result: PASSED');
+
+    // Test file watcher notification
+    await testFileWatcherNotification();
+    console.log('Test 2 result: PASSED');
+
+    console.log('\n=== All tests passed ===');
+  } catch (err) {
+    console.error('\n=== Test FAILED ===');
+    console.error(err.message);
+    process.exit(1);
+  }
+}
+
+runTests();

package/test/wac.test.js

@@ -187,6 +187,23 @@ describe('WAC Parser', () => {
         `Expected accessTo to include 'https://alice.example/other/', got: ${auths[0].accessTo}`);
     });
 
+    it('should resolve relative agent URIs against ACL URL', async () => {
+      const acl = {
+        '@context': { 'acl': 'http://www.w3.org/ns/auth/acl#' },
+        '@id': '#owner',
+        '@type': 'acl:Authorization',
+        'acl:agent': { '@id': './#me' },
+        'acl:accessTo': { '@id': './' },
+        'acl:mode': [{ '@id': 'acl:Read' }]
+      };
+
+      const auths = await parseAcl(JSON.stringify(acl), 'https://alice.example/.acl');
+
+      assert.strictEqual(auths.length, 1);
+      assert.ok(auths[0].agents.includes('https://alice.example/#me'),
+        `Expected agents to include 'https://alice.example/#me', got: ${auths[0].agents}`);
+    });
+
     it('should keep absolute URLs unchanged', async () => {
       const acl = {
         '@context': { 'acl': 'http://www.w3.org/ns/auth/acl#' },

package/fonstr-data/index.html

@@ -1,120 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>fonstr - Your Nostr Relay</title>
-    <style>
-        * { margin: 0; padding: 0; box-sizing: border-box; }
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
-            background: linear-gradient(135deg, #6366f1 0%, #8b5cf6 100%);
-            color: white;
-            min-height: 100vh;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            padding: 2rem;
-        }
-        .container {
-            text-align: center;
-            max-width: 600px;
-        }
-        h1 {
-            font-size: 3rem;
-            margin-bottom: 0.5rem;
-        }
-        .emoji {
-            font-size: 4rem;
-            margin-bottom: 1rem;
-        }
-        p {
-            font-size: 1.25rem;
-            opacity: 0.95;
-            margin-bottom: 2rem;
-            line-height: 1.6;
-        }
-        .relay-info {
-            background: rgba(255, 255, 255, 0.2);
-            backdrop-filter: blur(10px);
-            border-radius: 1rem;
-            padding: 2rem;
-            margin: 2rem 0;
-        }
-        code {
-            background: rgba(255, 255, 255, 0.3);
-            padding: 0.5rem 1rem;
-            border-radius: 0.5rem;
-            font-size: 1.1rem;
-            display: inline-block;
-            margin: 0.5rem 0;
-            font-family: 'Monaco', 'Menlo', monospace;
-        }
-        .stats {
-            display: grid;
-            grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
-            gap: 1rem;
-            margin-top: 2rem;
-        }
-        .stat {
-            background: rgba(255, 255, 255, 0.15);
-            padding: 1rem;
-            border-radius: 0.5rem;
-        }
-        .stat-label {
-            font-size: 0.9rem;
-            opacity: 0.8;
-        }
-        .stat-value {
-            font-size: 1.5rem;
-            font-weight: 700;
-            margin-top: 0.25rem;
-        }
-        a {
-            color: white;
-            text-decoration: none;
-            border-bottom: 2px solid rgba(255, 255, 255, 0.5);
-            transition: border-color 0.2s;
-        }
-        a:hover {
-            border-color: white;
-        }
-    </style>
-</head>
-<body>
-    <div class="container">
-        <div class="emoji">⚡</div>
-        <h1>fonstr</h1>
-        <p>Your Nostr relay is running!</p>
-
-        <div class="relay-info">
-            <p style="font-size: 1rem; margin-bottom: 1rem; opacity: 0.9;">Connect to your relay:</p>
-            <code>ws://localhost:4444/relay</code>
-
-            <div class="stats">
-                <div class="stat">
-                    <div class="stat-label">Status</div>
-                    <div class="stat-value">✓ Online</div>
-                </div>
-                <div class="stat">
-                    <div class="stat-label">Protocol</div>
-                    <div class="stat-value">NIP-01</div>
-                </div>
-                <div class="stat">
-                    <div class="stat-label">Port</div>
-                    <div class="stat-value">4444</div>
-                </div>
-            </div>
-        </div>
-
-        <p style="font-size: 1rem;">
-            Add this relay to your favorite Nostr client and start using it!<br>
-            <a href="https://fonstr.com" target="_blank">Learn more about fonstr</a>
-        </p>
-
-        <p style="font-size: 0.9rem; opacity: 0.7; margin-top: 2rem;">
-            Replace this page by editing <code style="font-size: 0.8rem;">index.html</code> in your data directory
-        </p>
-    </div>
-</body>
-</html>