- add iceServers.js: allowlist-based validation/normalization of user-supplied
STUN/TURN URLs (rejects javascript:/data:/http/ws, control chars, enforces limits)
- add iceSettingsStore.js: opt-in persistence encrypted at rest with a
non-extractable AES-GCM device key in IndexedDB; load/save/clear
- add IceServerSettings.jsx modal: public vs custom servers, JSON/line input,
live validation, relay-only toggle, 'Test servers' connectivity check,
save-on-device prompt, forget-saved action
- wire chosen servers/privacy mode into EnhancedSecureWebRTCManager construction
(priority: custom > operator override > built-in defaults)
- entry point on the connection-creation screen next to the relay-only toggle
- add ice-servers-validation.test.mjs to the suite
Complete the mandatory receiver-consent gate that was wired in the
backend but never connected to the UI callback chain:
- Add the missing onIncomingFileRequest (4th) callback to
setFileTransferCallbacks in app.jsx — its absence caused
handleFileTransferStart to auto-reject every incoming file.
- Remove independent callback registration from FileTransferComponent;
the component was overwriting app-level callbacks on mount and
nulling all four on unmount, silently breaking progress/received/
error handlers whenever the panel was hidden.
- Lift pendingIncomingFiles state to the root component so consent
prompts are shown regardless of panel visibility; auto-open the
panel on incoming request.
- Add getReceivedFileObjectURL / revokeReceivedFileObjectURL on
EnhancedSecureWebRTCManager for download buttons in the panel.
- Update file-transfer-ui-cleanup regression test to match the new
single-owner callback architecture.
- All 14 tests pass; clean production build.
lockbitchat