Expand description
Box-side WebRTC rendezvous client (ADR 0003, P2).
For universal remote viewing the box must be reachable from any browser on any network, but it is
typically behind CGNAT (no inbound). The fix — like the rest of the kernel’s cloud seams — is to dial
OUT: this loop maintains an outbound HTTP long-poll to a public rendezvous (the private heldar
Cloudflare Worker + Durable Object — apps/edge/). When a browser asks to view a camera, the
rendezvous hands the box the browser’s WebRTC SDP offer; the box bridges it to its OWN local MediaMTX
WHEP endpoint and returns the answer. Media then flows browser ⇄ TURN ⇄ MediaMTX (DTLS-SRTP) — never
through the rendezvous, never re-encoded here. The box only shuttles two SDP blobs per session.
Pure outbound HTTP, no new crates — the only seam is HELDAR_REMOTE_RENDEZVOUS_URL. Strictly opt-in:
unset (the default) and this loop parks forever, the same posture as fleet_register. Reuses the
HELDAR_CP_TLS_* mTLS identity when configured (not needed for the Cloudflare Worker — it uses the
HELDAR_CP_TOKEN bearer).
Functions§
- run
- The dial-out loop. Parks forever unless
HELDAR_REMOTE_RENDEZVOUS_URL+HELDAR_SITE_IDare set (remote access is opt-in). Otherwise long-polls the rendezvous, bridging each viewing session to the local MediaMTX, with exponential backoff on transport failure. Never returns. - run_ice
- Periodically program MediaMTX’s WebRTC ICE servers for remote viewing — the operator’s own
HELDAR_WEBRTC_ICE_SERVERS, else short-lived TURN fetched from the rendezvous, else STUN. Parks when remote viewing is not configured (neither ICE config nor a rendezvous URL set). - run_
relay - The relay dial-out loop (Stage C). Parks unless remote viewing is configured AND kernel auth is enabled AND a real (active) user exists — so the REST API is never relayed while auth is off. Runs a small pool of concurrent pollers for responsiveness.