enigma-sfu 0.0.1

Enigma SFU server core: rooms, publishers/subscribers, RTP/RTCP forwarding, scalable group calls (no hard participant limits).
Documentation

Enigma SFU

Enigma SFU is a Rust SFU core focused on forwarding RTP/RTCP for group audio/video without hard participant caps. It exposes an HTTP control plane for room lifecycle and WebRTC signaling so operators can layer their own admission control, quotas, and policies.

Why an SFU

Peer-to-peer meshes break down as rooms grow. An SFU receives encrypted media from publishers and forwards it to subscribers without decrypting payloads, keeping bandwidth predictable while leaving end-to-end encryption to the endpoints.

No hard participant limits

The crate never enforces a maximum number of rooms or peers. Operators handle admission by policy, auth tokens, reverse proxies, or external orchestration. Configuration knobs cover timeouts, bitrate caps per sender, and idle cleanup only.

Features

  • HTTP signaling API for creating rooms, joining, trickle ICE, and leaving
  • Room and router engine that maps publishers to subscribers and forwards RTP/RTCP
  • Optional HMAC token checks for control plane requests
  • Extensible hooks for metrics and policy enforcement

Quickstart

cargo test

Example signaling calls (replace host/port as needed):

curl -X POST http://127.0.0.1:8088/rooms -d '{"options":{"name":"demo","created_at_ms":1700000000000}}'
curl -X POST http://127.0.0.1:8088/rooms/join -d '{"room_id":"<room uuid>","peer":{"peer_id":"<uuid>","joined_at_ms":1700000001000},"offer_sdp":"dummy"}'
curl -X POST http://127.0.0.1:8088/rooms/ice -d '{"room_id":"<room uuid>","peer_id":"<uuid>","candidate":"candidate:1 1 udp 1 0.0.0.0 9 typ host"}'
curl -X POST http://127.0.0.1:8088/rooms/leave -d '{"room_id":"<room uuid>","peer_id":"<uuid>"}'
curl http://127.0.0.1:8088/rooms

Safety and E2EE

Media payloads stay opaque to the SFU. It inspects headers for routing only. If clients use insertable streams or SFrame, decryption stays at the endpoints.

Contributing

CI-friendly tests rely on synthetic packets and in-process HTTP calls, so they do not need real devices. Contributions should preserve the no-panic rule for library code and keep JSON payloads strict.