refactor: webstreams overhaul (#171)

* refactor(webstreams): remove dead code and add WebRTC type extensions

- Logger: drop LogLevel enum and setLevel/getLevel; use plain number constant
- Queue: remove 7 unused methods (dequeue, peek, size, isEmpty, clear, toArray,
  Symbol.iterator); replace boolean processing flag with drainPromise; replace
  Math.random() IDs with sequential counter; drain() now re-throws on error
- WebRtcExtensions.ts: add typed interfaces for insertable streams API
  (EncodedStreams, RTCRtpScriptTransformOptions with optional kind, sender/
  receiver with transform, RTCConfigurationWithInsertableStreams,
  WindowWithRTCRtpScriptTransform, WindowWithWasmHandler)

* refactor(webstreams): fix layer boundaries and extract EncryptTransform

Move service/ types into their owning layer:
- src/service/EventDispatcher.ts → src/webStreams/EventDispatcher.ts
  (fix removeOnStateChangeListener filter, add JSDoc, wrap emit in try/catch)
- src/service/WebRtcInterface.ts → src/webStreams/WebRtcInterface.ts
  (remove server event types that belong in native layer; add WebRtcMethodCall
  discriminated union; import Jsep from ApiTypes)

ApiTypes.ts:
- Add Jsep interface (sdp + RTCSdpType) replacing the loose string in WebRtcInterface
- Add StreamTrack interface (replaces StreamApi-local definition)
- Remove dead types: StreamRemoteInfo, StreamList, StreamTrackList, PublishMeta,
  TrackInfo, StreamRoomInfo, StreamRoomList, TrackType

WebRtcInterfaceImpl.ts:
- Update import paths to new locations
- Replace { [K: string]: Function } methodsMap with typed MethodMap
- Fix method bindings with .bind(this) and typed lambda for updateSessionId
- methodCall now uses WebRtcMethodCall["name"] as key type

EncryptTransform.ts (new src/webStreams/worker/):
- Extract per-frame AES-256-GCM logic out of the monolithic worker.ts
- Pure class: no worker globals, no postMessage, no module state
- encryptFrame takes lastRms as a parameter; decryptFrame returns rms | null

worker.ts:
- Use EncryptTransform and new WorkerEvents discriminated unions
- Add RTCRtpScriptTransform entry point (modern browsers) alongside postMessage
- Add stop operation with AbortController-based pipeline cancellation
- logPipelineError ignores AbortError in addition to "Destination stream closed"

KeyStore.ts:
- Make setKeys async (was fire-and-forget; importKeyAndWipeMaterial is async)
- Add getEncryptionExternalKeyId() and resolveKeyId() stubs
  (same value as getEncryptionKeyId for now; session-prefix refactor comes later)

Add EncryptTransform.test.ts covering audio/video encrypt+decrypt round-trips,
header preservation, tamper detection, and short-frame passthrough.

* fix(streaming): ICE trickle serialisation, kind propagation, DataChannelCryptor

ICE trickle candidate serialisation (StreamApiNative):
- Replace JSON.stringify(candidate) with serializeCandidate() which explicitly
  reads all 15 RTCIceCandidate fields; toJSON() only emits 4 fields causing
  bridge-side parse failures for candidates with extension fields

RTCRtpScriptTransform kind propagation (WebRtcClient):
- Pass kind: track.kind to every encode/decode transform option so the worker
  selects the correct header-size table (audio=1B, video key=10B, delta=3B)
  instead of always defaulting to video; fixes silent audio encryption

DataChannelCryptor:
- Use getEncryptionExternalKeyId() for the wire key ID and resolveKeyId() when
  passing to CryptoFacade; separates wire format from internal registry key
- Extract GCM_TAG_LENGTH_BYTES = 16 named constant (was magic number)
- Move Logger to class field (avoids per-call allocation)
- Rename keyId → externalKeyId throughout for clarity
- Add JSDoc on encrypt/decryptFromWireFormat

* refactor(webstreams): decompose WebRtcClient into focused services

Splits the 750-line monolithic WebRtcClient into ten single-responsibility
services (PublisherManager, SubscriberManager, DataChannelSession,
KeySyncManager, PeerConnectionFactory, PeerConnectionManager,
E2eeWorker, E2eeTransformManager, AudioManager,
RemoteStreamListenerRegistry). WebRtcClient becomes a thin facade.

Circular dependencies (PeerConnectionManager→WebRtcClient trickle,
PeerConnectionFactory→SubscriberManager.onRemoteTrack,
E2eeWorker→AudioManager RMS callback) are broken by resolving lazily
inside callback closures in EndpointFactory.createStreamApi.

StreamApiNative now takes WebRtcInterfaceImpl directly; bindApiInterface
wiring is done in EndpointFactory. Removes dead files: WebWorkerHelper,
WebRtcConfig, WebRtcClientTypes, PeerConnectionsManager, Utils.

* refactor(ioc): add IoC container, rename api→native, wire EndpointFactory

- Rename src/api/ → src/native/ (git mv, all imports updated)
- Delete ApiStatic singleton; pass Api explicitly via constructor injection
- Add src/ioc/ with Container, Tokens, buildConnectionApis, buildWebRtcClient
- Replace EndpointFactory manual wiring with GlobalContainer/ConnectionContainer
- Update Connection: private apisRefs, registerApi()/hasApi(), restore freeApis
- Update ExtKey static methods to accept Api as first argument
- Remove abstract newApi() from BaseNative

* fix(webrtc-lifecycle): session-scoped KeyStore, destroyRefs teardown, worker fix

- KeyStore: add sessionPrefix (crypto.randomUUID) to prevent cross-session
  key ID collisions; resolveKeyId() maps external→internal; renamed
  getEncryptionExternalKeyId() strips prefix for wire format
- StreamApi: override destroyRefs() to call client.destroy() on disconnect
- StreamApi: tighten Map types, use EndpointTypes.StreamRoomId throughout
- BaseApi: remove unused BaseNative import
- EventQueue: initialise deferedPromise as null to prevent stale state
- ConnectionNative/EventQueueNative: remove now-dead stub newApi() overrides
- worker.ts: default kind to "video" when undefined
- Add tests: AudioManager, E2eeTransformManager, RemoteStreamListenerRegistry

* refactor(audio): translate rms-processor comments to English, add frame throttling

Polish the AudioWorkletProcessor: replace Polish inline comments with English,
add per-4-frame throttle on postMessage to reduce main-thread pressure.

* refactor(service): tighten optional param signatures, make native fields private

Remove redundant `| undefined` from optional parameters in CryptoApi and
InboxApi; tighten ThreadApi and KvdbApi native fields from protected to
private to prevent accidental subclass access.

* refactor(rename-disambiguate): delete obsolete types, simplify PrivmxClient caching

Remove five dead Janus-era type files (BaseServerTypes, MediaServerWebSocketApiTypes,
SignalingReceiverTypes, SignalingSenderTypes, StreamsApiTypes) and the ServerTypes.ts
barrel that re-exported them. Strip unused ListQuery and StreamAndTracksSelector from
ApiTypes. Simplify PrivmxClient: CryptoApi and EventQueue are now global container
singletons so the local Promise caches are redundant.

* refactor(crypto): add explicit type casts and fix constructor signature forms

Tighten type precision in the crypto layer: explicit `as ArrayBuffer` in Utils,
`as string` and `as elliptic.ec.Signature & { recoveryParam }` casts in EmCrypto,
`!` non-null assertion for `crypto.subtle`, and `{ new(...): T }` form for
constructor-type parameters in assert helpers.

* fix: lint fix

* devel merge and adjustments

* fix(audio): replace activeSince/active with activeUntil in ActiveSpeakerDetector

The old hold-off logic tracked `activeSince` (start of continuous speech)
and marked speakers inactive once `now - activeSince >= holdMs` — the
opposite of the intended behaviour: speakers went silent after holdMs of
*continuous* speech, not holdMs after speech *ended*.

Replace with `activeUntil = timestamp + holdMs`, reset on every
above-threshold frame (aligned with Java PR #145 SpeakingAnalyzer).
Callers evaluate `Date.now() <= state.activeUntil` instead of a stale
boolean snapshot. Add 25 unit tests covering detection, hold-off,
activity window, multi-speaker, pruning, and noise floor adaptation.

* ExtKey api fix

---------

Co-authored-by: Paweł Aniszewski <paniszewski@simplito.com>

Author: imaTik0

package-lock.json

@@ -80,6 +80,7 @@
     "copy-webpack-plugin": "^14.0.0",
     "jest": "^29.7.0",
     "mongodb": "^7.0.0",
+    "oxfmt": "^0.47.0",
     "oxlint": "^1.60.0",
     "ts-jest": "^29.2.5",
     "ts-loader": "^9.5.1",

package.json

@@ -173,7 +173,7 @@ export class CryptoFacade {
         if (key instanceof Uint8Array || key instanceof ArrayBuffer) {
             throw new TypeError(
                 `CryptoFacade.${method}: Raw key bytes are not allowed. ` +
-                    `Use CryptoFacade.importKey() first to obtain a keyId.`,
+                    "Use CryptoFacade.importKey() first to obtain a keyId.",
             );
         }
     }

src/ServerTypes.ts

@@ -553,7 +553,7 @@ export class EmCrypto {
         if (params.password instanceof CryptoKey) {
             key = params.password;
         } else {
-            const passwordStr = params.password as string;
+            const passwordStr = params.password;
             key = await subtle.importKey(
                 "raw",
                 textEncoder.encode(passwordStr) as unknown as BufferSource,
@@ -654,7 +654,10 @@ export class EmCrypto {
         assertIsUint8Array(params.signature);
         // signature format: [recovery_byte (1B)] [r (32B)] [s (32B)]
         const compactSig = params.signature.subarray(1, 65); // 64 bytes: r || s
-        return secp.verify(compactSig, params.data, params.publicKey, { prehash: false, lowS: false });
+        return secp.verify(compactSig, params.data, params.publicKey, {
+            prehash: false,
+            lowS: false,
+        });
     }
 
     public async eccVerify2(params: Types.Verify2_PARAMS) {
@@ -716,7 +719,9 @@ export class EmCrypto {
         assertArgsValid(params, Types.BNeq_PARAMS);
         assertIsUint8Array(params.bn);
         assertIsUint8Array(params.bn2);
-        return bytesToBigInt(new Uint8Array(params.bn)) === bytesToBigInt(new Uint8Array(params.bn2));
+        return (
+            bytesToBigInt(new Uint8Array(params.bn)) === bytesToBigInt(new Uint8Array(params.bn2))
+        );
     }
 
     public async pointEncode(params: Types.PointEncode_PARAMS) {

src/api/ApiStatic.ts

@@ -13,10 +13,7 @@ export function toArrayBuffer(buffer: Uint8Array | ArrayBuffer): ArrayBuffer {
     if (buffer instanceof ArrayBuffer) {
         return buffer;
     }
-    return buffer.buffer.slice(
-        buffer.byteOffset,
-        buffer.byteOffset + buffer.byteLength,
-    ) as ArrayBuffer;
+    return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
 }
 
 export function toBuffer(byteArray: ArrayBuffer | Uint8Array): Uint8Array {

src/crypto/CryptoFacade.ts

@@ -26,7 +26,7 @@ export function assertIsNumber(value: unknown): asserts value is number {
     if (typeof value !== "number") throw new Error("Not a number");
 }
 
-export function assertArgsValid<T>(obj: any, argsType: { new (...args: any[]): T }) {
+export function assertArgsValid<T>(obj: any, argsType: new (...args: any[]) => T) {
     const objKeys = Object.keys(obj);
     const expected = Object.keys(new argsType());
     if (!objKeys.every((x) => expected.includes(x))) {
@@ -39,7 +39,7 @@ export function assertArgsValid<T>(obj: any, argsType: { new (...args: any[]): T
     }
 }
 
-export function assertArgsAndValueValid<T>(actualObj: T, defaultObj: { new (...args: any[]): T }) {
+export function assertArgsAndValueValid<T>(actualObj: T, defaultObj: new (...args: any[]) => T) {
     const objKeys = Object.keys(actualObj);
     const expected = Object.keys(new defaultObj());
     if (!objKeys.every((x) => expected.includes(x))) {

src/crypto/EmCrypto.ts

@@ -48,8 +48,6 @@ import { EventManager } from "./events";
  * await client.disconnect();
  */
 export class PrivmxClient {
-    private static cryptoApi: Promise<CryptoApi> | null = null;
-    private static eventQueue: Promise<EventQueue> | null = null;
     private static isSetup = false;
     private static eventManager: Promise<EventManager> | null = null;
 
@@ -97,35 +95,17 @@ export class PrivmxClient {
      * @returns {Promise<CryptoApi>}
      */
     public static async getCryptoApi(): Promise<CryptoApi> {
-        if (this.cryptoApi) {
-            return this.cryptoApi;
-        }
-
         this.checkSetup();
-
-        this.cryptoApi = (async () => {
-            return EndpointFactory.createCryptoApi();
-        })();
-
-        return this.cryptoApi;
+        return EndpointFactory.createCryptoApi();
     }
 
     /**
      * @description Gets the Event Queue.
      * @returns {Promise<EventQueue>}
      */
     public static async getEventQueue(): Promise<EventQueue> {
-        if (this.eventQueue) {
-            return this.eventQueue;
-        }
-
         this.checkSetup();
-
-        this.eventQueue = (async () => {
-            return EndpointFactory.getEventQueue();
-        })();
-
-        return this.eventQueue;
+        return EndpointFactory.getEventQueue();
     }
 
     /**

src/crypto/Utils.ts

@@ -13,7 +13,7 @@ export interface InboxEntryPayload {
     /**
      * Optional files associated with the entry.
      */
-    files?: Array<{
+    files?: {
         /**
          *Optional, contains confidential data that will be encrypted before being sent to server.
          */
@@ -28,7 +28,7 @@ export interface InboxEntryPayload {
          * Content of the file.
          */
         content: File;
-    }>;
+    }[];
 }
 
 /**