fix: should now sync with other devices

fix: search
fix: Major bug cleanup pass 1
2026-06-09 22:00:39 +02:00 · 2026-06-09 22:00:06 +02:00 · 2026-06-09 17:59:54 +02:00
146 changed files with 3491 additions and 346 deletions
--- a/.agents/skills/playwright-e2e/SKILL.md
+++ b/.agents/skills/playwright-e2e/SKILL.md
@@ -195,7 +195,7 @@ export class LoginPage {
 | ------------------- | ------------------ | ----------------------- |
 | `/login`            | `LoginPage`        | `LoginComponent`        |
 | `/register`         | `RegisterPage`     | `RegisterComponent`     |
-| `/search`           | `ServerSearchPage` | `ServerSearchComponent` |
+| `/servers`          | `FindServersPage`  | `FindServersComponent`  |
 | `/room/:roomId`     | `ChatRoomPage`     | `ChatRoomComponent`     |
 | `/settings`         | `SettingsPage`     | `SettingsComponent`     |
 | `/invite/:inviteId` | `InvitePage`       | `InviteComponent`       |
--- a/agents-docs/LESSONS.md
+++ b/agents-docs/LESSONS.md
@@ -25,6 +25,41 @@ Durable rules for AI agents working on this project. Read this file at session s
 ## Lessons
 ### When renaming an Angular route, sweep every navigate/url-match/doc reference [routing]
 - **Trigger:** the find-servers route was renamed `/search` → `/servers` in `app.routes.ts`, but `servers-rail.component.ts` still called `router.navigate(['/search'])` (leave-server) and matched `startsWith('/search')` for the user-bar visibility signal, throwing `NG04002: 'search'` on leave and never showing the user-bar on the discovery page.
 - **Rule:** after changing a `path:` in `app.routes.ts`, grep the whole repo for the old literal (`/search`) across `*.ts`/`*.html` (router calls, `startsWith`/url-match signals) and docs (`docs-site`, `.agents/skills/playwright-e2e/SKILL.md` route tables, domain READMEs) and update them all in the same change.
 - **Why:** `router.navigate` to a non-existent path raises `NG04002` and aborts navigation, and stale `startsWith` matches silently break route-derived UI state — neither is caught by the build (string literals) and there was no `servers-rail` spec to catch it.
 - **Example:** fixed `isOnServers`/`router.navigate(['/servers'])` in `servers-rail.component.{ts,html}`; canonical post-leave/discovery route is `/servers` (`FindServersComponent`), matching `DashboardComponent`'s `router.navigate(['/servers'])`.
 ### Server discovery (featured/trending) must fan out across all online endpoints like search [server-directory]
 - **Trigger:** the `/servers` (find-servers) page showed no servers by default but found them as soon as the user typed in the search box. Discovery (`getDiscoveryServers`) queried only the *active* endpoint via `getApiBaseUrl()`, and when that endpoint is a discovery-unsupported production host (`signal.toju.app` / `signal-sweden.toju.app` in `DISCOVERY_UNSUPPORTED_HOSTS`) it short-circuited to `[]`; search meanwhile fans out across every online endpoint, so typing surfaced the servers that lived on other endpoints (e.g. localhost).
 - **Rule:** make `getFeaturedServers`/`getTrendingServers` fan out across `getSearchableEndpoints()` with `forkJoin` + `deduplicateById` (mirroring all-endpoint search), and apply the `endpointSupportsServerDiscovery` gate *per endpoint* (skip → `[]`) instead of short-circuiting the whole request on the active endpoint.
 - **Why:** the empty-query find-servers view renders discovery sections, not search results, so any divergence between discovery's endpoint set and search's endpoint set makes the default view look broken while search works.
 - **Example:** `getDiscoveryServers` + `fetchDiscoveryFromEndpoint` in `server-directory-api.service.ts`; verified the live server returns 12 featured/12 trending while the active production host is gated out client-side.
 ### Server registration needs `ownerPublicKey: oderId || id`, and must not be fire-and-forget [server-directory] [rooms]
 - **Trigger:** creating a server appeared to work (the creator landed in the room view) but the server didn't exist on the backend — invite-link creation and search both 404'd. `createRoom$` sent `ownerPublicKey: currentUser.oderId` with no fallback; on restored sessions `oderId` can be falsy (identify still works because it falls back to `id`), so `POST /api/servers` returned `400 Missing required fields`, and the `.subscribe()` swallowed the error while `createRoomSuccess` fired regardless.
 - **Rule:** resolve owner identity as `oderId || id` everywhere it's required (the server rejects an empty `ownerPublicKey`), and give `registerServer().subscribe()` an `error` handler so a failed registration is never silent.
 - **Why:** verified against the live server — authed POST with a truthy `ownerPublicKey` → 201; authed POST with an empty one → 400; the swallowed 400 is exactly what produces a "ghost" room the creator can enter but no one can find.
 - **Example:** `buildServerRegistrationPayload(room, currentUser, normalizedPassword)` in `toju-app/src/app/store/rooms/server-registration.rules.ts`, used by `RoomsEffects.createRoom$`.
 ### Identify must fall back to the legacy session token, not only the new credential store [realtime] [authentication]
 - **Trigger:** the multi-signal-server auth refactor changed `resolveCredentialForSignalUrl` to read *only* `SignalServerCredentialStoreService`; sessions restored from disk (and logins where `user.homeSignalServerUrl` is unset) have an empty credential store, so `identify` was skipped on every signal server ("Skipping identify because no session token is available") and users appeared alone — no presence, no peers, sent messages visible only to themselves. E2E never caught it because every e2e flow does a *fresh* register/login that writes the credential store directly.
 - **Rule:** when resolving the identify credential for a signal URL, prefer the per-signal credential but fall back to the legacy `AuthTokenStoreService` token reconstructed with the current home user's `id`/`displayName`; never gate `identify` solely on the new credential store.
 - **Why:** `persistSessionToken` always writes the legacy `metoyou.authTokens` store on login, but the per-signal credential store is only populated on fresh login (with a `loginResponse`) or successful migration/provisioning — so on reload it can be empty while a valid session still exists.
 - **Example:** `resolveSignalIdentity(credential, legacyTokenEntry, homeUser)` in `signal-server-credential-resolution.rules.ts`, wired through `SignalServerAuthService.resolveCredentialForSignalUrl` (which now passes `this.authTokenStore.getTokenEntry(httpUrl)` and a `homeUser` carrying `id`). Test cross-user behavior via a *session-restore* path, not just fresh login.
 ### Keep the per-signal-URL identify credential resolvable from the store [realtime] [authentication]
 - **Trigger:** after the multi-signal-server auth refactor, `SignalingManager.getLastIdentify` was switched to `getIdentifyCredentialsForSignalUrl`, which only read an in-memory cache populated *after* `identify()` ran; a freshly (re)connected socket then emitted `join_server` before any identify and users silently never appeared in the presence roster (almost all multi-user e2e tests timed out waiting for the peer's `room-user-card`).
 - **Rule:** `getIdentifyCredentialsForSignalUrl` must fall back to resolving the credential from the credential store so a new socket's `onopen` re-identifies before it re-joins; never restrict it to only the in-memory identify cache.
 - **Why:** the server drops `join_server`/`view_server` on any unauthenticated connection, so an identify-less join is lost with no error and recovery only happens on a later reconnect (often beyond the 20s test timeout).
 - **Example:** server log showed `join_server authed=false ... display=User` dropped, then `User identified: Alice` on a different connection but no `Alice joined server`; fixed in `signaling-transport-handler.ts` by resolving via `dependencies.resolveCredential(signalUrl)` when the cache is empty.
 ### Store clientInstanceId in sessionStorage not localStorage [realtime] [multi-device]
 - **Trigger:** same user logged in on two tabs, browsers, or synced profiles sees alternating "Disconnected from signaling server" and no cross-device chat/voice sync.
--- a/agents-docs/features/authentication.md
+++ b/agents-docs/features/authentication.md
@@ -52,7 +52,7 @@ Require `Authorization: Bearer`:
 ```
 - `oderId` must match the token's user id when provided.
- `clientInstanceId` is a stable per-install UUID generated by the product client (`metoyou.clientInstanceId` in `localStorage`). The signaling server uses it to distinguish multiple WebSocket connections for the same user and to route voice ownership.
+- `clientInstanceId` is a stable per-tab UUID generated by the product client (`metoyou.clientInstanceId` in `sessionStorage`). The signaling server uses it to distinguish multiple WebSocket connections for the same user and to route voice ownership.
 - Server responds with `auth_error` or `auth_required` when authentication fails.
 ## Multi-device sessions
@@ -62,11 +62,59 @@ Require `Authorization: Bearer`:
 - Voice/WebRTC is exclusive per user: only one `clientInstanceId` may own active voice at a time. Other connections show passive UI and can send `voice_client_takeover` to move voice to the local device.
 - Stale reconnect hygiene: when a client re-identifies with the same `(oderId, connectionScope, clientInstanceId)` tuple, the server closes the older socket for that tuple.
 ### Account-owned state sync (`account_sync`)
 When the same account is logged in on multiple devices, account-owned data is kept in sync through the signaling server:
 | Data | Mechanism |
 |---|---|
 | Server chat messages | Existing `chat_message` relay (connection-scoped broadcast) |
 | Voice / typing | Existing `voice_state` / `user_typing` relays |
 | Saved servers (join/leave) | `account_sync` payload `saved-room-sync` / `saved-room-remove` |
 | Profile avatar + card text | `account_sync` `user-avatar-full` + `user-avatar-chunk` |
 | Custom emoji library | `account_sync` `custom-emoji-full` + `custom-emoji-chunk` |
 | Friends list | `account_sync` `friend-added` / `friend-removed` |
 | Server icons, edits, reactions | `account_sync` relay of existing P2P broadcast event types |
 Client rules:
 - `broadcastMessage()` still fans out over peer data channels; relayable events are **also** wrapped in `account_sync` and sent on the WebSocket.
 - The server forwards `account_sync` to every other open connection for the same `oderId` via `notifyOtherConnectionsForOderId`.
 - Receivers ignore payloads whose `clientInstanceId` matches the local tab id.
 - When a new device identifies, the server notifies existing connections with `account_sync_peer_online`; those devices push a full snapshot (saved rooms, friends, profile, emoji library).
 WebSocket envelope:
 ```json
 {
  "type": "account_sync",
  "clientInstanceId": "<per-tab-uuid>",
  "payload": { "type": "saved-room-sync", "room": { "...": "..." } }
 }
 ```
 Server response to other connections includes `fromUserId` set to the sender's `oderId`.
 ## Client storage
 The product client stores tokens per signaling-server base URL in `localStorage` (`metoyou.authTokens`). An HTTP interceptor attaches the bearer token to `/api/*` requests targeting that server.
-Persisted local user state (`metoyou_currentUserId` + IndexedDB/SQLite profile) is **not** sufficient to use chat or presence. On startup, `loadCurrentUser$` requires a non-expired session token for the user's home/active signaling server (or any stored token as a fallback). Missing or rejected tokens dispatch `SESSION_EXPIRED` and redirect to `/login`. WebSocket `auth_required` / `auth_error` responses trigger the same path.
+Per-server credentials (`metoyou.signalServerCredentials`) map each normalized signal-server URL to the authenticated user id, username, display name, session token, expiry, and whether the account was auto-provisioned. The home user profile in SQLite/NgRx remains the device-local identity (`homeSignalServerUrl`); foreign-server credentials are a side map used for REST and WebSocket identify on that URL.
 A per-install **provision secret** enables silent account creation on newly added or encountered signal servers. It is generated on home register/login, stored in Electron `safeStorage` when available (sessionStorage fallback on web), and never persisted as the user's visible login password.
 ### Multi-signal-server auth flows
 | Flow | Action | Effect |
 |---|---|---|
 | Home login/register | `authenticateUser` | Resets local state, stores home credential + provision secret |
 | Foreign login/register | `authorizeSignalServer` | Upserts credential for that URL only; home session unchanged |
 | Auto-provision | `SignalServerProvisionerService` | Registers or logs in on foreign server using provision secret; on username collision tries suffixed username (`alice-<homeUserIdPrefix>`) |
 | Foreign auth failure | `signalServerAuthFailed` | Clears that URL's credential and re-provisions when home token is still valid; global logout only when home server rejects auth |
 Authorize UI: `/login?mode=authorize&serverId=…&returnUrl=…` (also supported on `/register`). Settings → Network shows per-endpoint `Authorized` / `Needs sign-in` badges.
 Persisted local user state (`metoyou_currentUserId` + IndexedDB/SQLite profile) is **not** sufficient to use chat or presence. On startup, `loadCurrentUser$` requires a non-expired session token for the user's home signaling server (or any stored token as a fallback). Missing or rejected **home** tokens dispatch `SESSION_EXPIRED` and redirect to `/login`. Foreign-server `auth_required` / `auth_error` responses clear only that server's credential and attempt re-provision.
 ## Security considerations
--- a/docs-site/docs/developer/dom-structure.md
+++ b/docs-site/docs/developer/dom-structure.md
@@ -10,14 +10,20 @@ This page maps the app routes and important DOM areas. It is useful for plugin a
 | Route                        | Component                 | Purpose                                                               |
 | ---------------------------- | ------------------------- | --------------------------------------------------------------------- |
-| `/`                          | Redirect                  | Redirects to `/search`.                                               |
+| `/`                          | Redirect                  | Redirects to `/dashboard`.                                            |
 | `/login`                     | `LoginComponent`          | User login.                                                           |
 | `/register`                  | `RegisterComponent`       | User registration.                                                    |
 | `/invite/:inviteId`          | `InviteComponent`         | Resolve and accept invite links.                                      |
-| `/search`                    | `ServerSearchComponent`   | Search and join servers.                                              |
+| `/dashboard`                 | `DashboardComponent`      | Landing dashboard after sign-in.                                      |
 | `/people`                    | `FindPeopleComponent`     | Discover and start direct messages with people.                       |
 | `/servers`                   | `FindServersComponent`    | Search, discover, and join servers.                                   |
 | `/create-server`             | `CreateServerComponent`   | Create a new server.                                                  |
 | `/room/:roomId`              | `ChatRoomComponent`       | Main server page with text, voice, members, and plugin panels.        |
 | `/dm`                        | `DmWorkspaceComponent`    | Direct-message workspace.                                             |
 | `/dm/:conversationId`        | `DmWorkspaceComponent`    | A selected direct-message conversation.                               |
 | `/pm`                        | `DmWorkspaceComponent`    | Private-message workspace (alias of the DM workspace).                |
 | `/pm/:conversationId`        | `DmWorkspaceComponent`    | A selected private-message conversation.                              |
 | `/call/:callId`              | `PrivateCallComponent`    | Active private (1:1) call.                                            |
 | `/settings`                  | `SettingsComponent`       | App, voice, server, plugin, desktop, theme, local API settings.       |
 | `/plugin-store`              | `PluginStoreComponent`    | Browse plugin sources and install/update plugins.                     |
 | `/plugins/:pluginId/:pageId` | `PluginPageHostComponent` | Host for plugin app pages registered with `api.ui.registerAppPage()`. |
--- a/docs-site/docs/developer/llm-plugin-builder-guide.md
+++ b/docs-site/docs/developer/llm-plugin-builder-guide.md
@@ -124,7 +124,7 @@ Important routes:
 | Route                           | Purpose                                                             |
 | ------------------------------- | ------------------------------------------------------------------- |
-| `/search`                       | Search and join servers.                                            |
+| `/servers`                      | Search, discover, and join servers.                                 |
 | `/room/:roomId`                 | Main server workspace with text, voice, members, and plugin panels. |
 | `/dm` and `/dm/:conversationId` | Direct-message workspace.                                           |
 | `/settings`                     | App, voice, server, plugin, desktop, theme, and local API settings. |
--- a/e2e/helpers/app-menu.ts
+++ b/e2e/helpers/app-menu.ts
@@ -0,0 +1,20 @@
 import { expect, type Page } from '@playwright/test';
 export async function openTitleBarMenu(page: Page): Promise<void> {
  const menuButton = page.getByRole('button', { name: 'Menu' });
  await expect(menuButton).toBeVisible({ timeout: 15_000 });
  await menuButton.click();
  await expect(page.locator('app-title-bar .absolute.right-0.top-full').first()).toBeVisible({ timeout: 10_000 });
 }
 export async function openPluginStore(page: Page): Promise<void> {
  await openTitleBarMenu(page);
  await page.getByRole('button', { name: 'Plugin Store' }).click();
  await expect(page).toHaveURL(/\/plugin-store/, { timeout: 20_000 });
 }
 export async function openSettingsFromMenu(page: Page): Promise<void> {
  await openTitleBarMenu(page);
  await page.getByRole('button', { name: 'Settings' }).click();
 }
--- a/e2e/helpers/auth-api.ts
+++ b/e2e/helpers/auth-api.ts
@@ -1,6 +1,7 @@
 import { type APIRequestContext, type Page } from '@playwright/test';
 export const AUTH_TOKENS_STORAGE_KEY = 'metoyou.authTokens';
 export const SIGNAL_SERVER_CREDENTIALS_STORAGE_KEY = 'metoyou.signalServerCredentials';
 export interface AuthSession {
  id: string;
@@ -56,6 +57,36 @@ export async function loginTestUser(
  return await response.json() as AuthSession;
 }
 export async function readSignalServerCredentialFromPage(
  page: Page,
  serverUrl: string
 ): Promise<{ userId: string; token: string; username: string } | null> {
  return await page.evaluate(({ storageKey, url }) => {
    try {
      const store = JSON.parse(localStorage.getItem(storageKey) || '{}') as Record<string, {
        userId: string;
        token: string;
        username: string;
        expiresAt: number;
      }>;
      const normalizedUrl = url.trim().replace(/\/+$/, '');
      const entry = store[normalizedUrl];
      if (!entry || entry.expiresAt <= Date.now()) {
        return null;
      }
      return {
        userId: entry.userId,
        token: entry.token,
        username: entry.username
      };
    } catch {
      return null;
    }
  }, { storageKey: SIGNAL_SERVER_CREDENTIALS_STORAGE_KEY, url: serverUrl });
 }
 export async function readAuthTokenFromPage(page: Page, serverUrl: string): Promise<string | null> {
  return await page.evaluate(({ storageKey, url }) => {
    try {
--- a/e2e/helpers/dashboard.ts
+++ b/e2e/helpers/dashboard.ts
@@ -0,0 +1,11 @@
 import { expect, type Page } from '@playwright/test';
 /** Dashboard omnibox (desktop placeholder copy changed with i18n refresh). */
 export function dashboardSearchInput(page: Page) {
  return page.getByRole('textbox', { name: 'Search people, servers, and invites' });
 }
 export async function expectDashboardReady(page: Page, timeout = 30_000): Promise<void> {
  await expect(page).toHaveURL(/\/dashboard/, { timeout });
  await expect(dashboardSearchInput(page)).toBeVisible({ timeout });
 }
--- a/e2e/helpers/multi-device-session.ts
+++ b/e2e/helpers/multi-device-session.ts
@@ -41,7 +41,6 @@ export async function createMultiDeviceScenario(
    password: MULTI_DEVICE_PASSWORD
  };
  const serverName = `Multi Device Server ${suffix}`;
  const clientA = await createClient();
  const clientB = await createClient();
@@ -59,6 +58,7 @@ export async function createMultiDeviceScenario(
  await searchA.createServer(serverName, {
    description: options.serverDescription ?? 'Multi-device session coverage'
  });
  await expect(clientA.page).toHaveURL(/\/room\//, { timeout: 15_000 });
  await waitForCurrentRoomName(clientA.page, serverName);
@@ -115,7 +115,8 @@ export async function expectCrossDeviceMessage(
  await sender.sendMessage(message);
  await expect.poll(async () => {
-    return await receiver.getMessageItemByText(message).isVisible().catch(() => false);
+    return await receiver.getMessageItemByText(message).isVisible()
      .catch(() => false);
  }, { timeout }).toBe(true);
 }
@@ -150,7 +151,15 @@ async function waitForCurrentRoomName(page: Page, roomName: string, timeout = 20
 }
 export async function readClientInstanceId(page: Page): Promise<string | null> {
-  return page.evaluate(() => localStorage.getItem('metoyou.clientInstanceId'));
+  return page.evaluate(() => {
    const sessionId = sessionStorage.getItem('metoyou.clientInstanceId')?.trim();
    if (sessionId) {
      return sessionId;
    }
    return localStorage.getItem('metoyou.clientInstanceId')?.trim() ?? null;
  });
 }
 export async function logoutFromMenu(page: Page): Promise<void> {
@@ -191,9 +200,14 @@ export async function expectPassiveVoiceOnDevice(
      .getByText('In voice on another device', { exact: false })
      .isVisible()
      .catch(() => false);
-    const joinBadge = await passiveVoiceChannelJoinBadge(page, channelName).isVisible().catch(() => false);
+    const joinBadge = await passiveVoiceChannelJoinBadge(page, channelName).isVisible()
      .catch(() => false);
    const grayedVoiceUser = displayName
-      ? await channelsSidePanel(page).locator('.opacity-50').filter({ hasText: displayName }).first().isVisible().catch(() => false)
+      ? await channelsSidePanel(page).locator('.opacity-50')
        .filter({ hasText: displayName })
        .first()
        .isVisible()
        .catch(() => false)
      : false;
    return membersLabel || joinBadge || grayedVoiceUser;
--- a/e2e/helpers/plugin-store.ts
+++ b/e2e/helpers/plugin-store.ts
@@ -0,0 +1,19 @@
 import { expect, type Page } from '@playwright/test';
 export const E2E_PLUGIN_SOURCE_URL = 'http://localhost:4200/plugins/e2e-plugin-source.json';
 export const E2E_PLUGIN_TITLE = 'E2E All API Plugin';
 export async function addPluginSource(page: Page, sourceUrl = E2E_PLUGIN_SOURCE_URL): Promise<void> {
  const sourceInput = page.getByLabel('Plugin source manifest URL');
  await expect(sourceInput).toBeVisible({ timeout: 15_000 });
  await sourceInput.click();
  await sourceInput.fill(sourceUrl);
  await expect(sourceInput).toHaveValue(sourceUrl, { timeout: 5_000 });
  const addSourceButton = page.getByRole('button', { name: 'Add Source' });
  await expect(addSourceButton).toBeEnabled({ timeout: 10_000 });
  await addSourceButton.click();
  await expect(page.getByRole('heading', { name: E2E_PLUGIN_TITLE })).toBeVisible({ timeout: 20_000 });
 }
--- a/e2e/helpers/webrtc-helpers.ts
+++ b/e2e/helpers/webrtc-helpers.ts
@@ -1,15 +1,19 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
-import { type Page } from '@playwright/test';
+import { type BrowserContext, type Page } from '@playwright/test';
 /**
 * Install RTCPeerConnection monkey-patch on a page BEFORE navigating.
 * Tracks all created peer connections and their remote tracks so tests
 * can inspect WebRTC state via `page.evaluate()`.
 *
- * Call immediately after page creation, before any `goto()`.
+ * Call on the browser context (preferred) or page before any `goto()`.
 */
-export async function installWebRTCTracking(page: Page): Promise<void> {
+export async function installWebRTCTracking(target: BrowserContext | Page): Promise<void> {
-  await page.addInitScript(() => {
+  const addInitScript = 'addInitScript' in target && typeof target.addInitScript === 'function'
    ? target.addInitScript.bind(target)
    : (target as Page).addInitScript.bind(target);
  await addInitScript(() => {
    const connections: RTCPeerConnection[] = [];
    const dataChannels: RTCDataChannel[] = [];
    const syntheticMediaResources: {
@@ -197,6 +201,7 @@ export async function waitForPeerConnected(page: Page, timeout = 30_000): Promis
    () => (window as any).__rtcConnections?.some(
      (pc: RTCPeerConnection) => pc.connectionState === 'connected'
    ) ?? false,
    undefined,
    { timeout }
  );
 }
@@ -611,6 +616,7 @@ export async function waitForAudioStatsPresent(page: Page, timeout = 15_000): Pr
      return false;
    },
    undefined,
    { timeout }
  );
 }
@@ -818,6 +824,7 @@ export async function waitForVideoStatsPresent(page: Page, timeout = 15_000): Pr
      return false;
    },
    undefined,
    { timeout }
  );
 }
--- a/e2e/tests/auth/multi-device-session.spec.ts
+++ b/e2e/tests/auth/multi-device-session.spec.ts
@@ -1,7 +1,4 @@
-import {
+import { test, expect } from '../../fixtures/multi-client';
  test,
  expect
 } from '../../fixtures/multi-client';
 import {
  MULTI_DEVICE_VOICE_CHANNEL,
  channelsSidePanel,
@@ -57,13 +54,17 @@ test.describe('Multi-device session', () => {
      await expectPassiveVoiceOnDevice(scenario.clientB.page, {
        displayName: scenario.credentials.displayName
      });
      await expect(
        membersSidePanel(scenario.clientB.page).getByText('In voice on another device', { exact: false })
      ).toBeVisible({ timeout: 20_000 });
      await expect(
-        channelsSidePanel(scenario.clientB.page).locator('.opacity-50').filter({
+        channelsSidePanel(scenario.clientB.page).locator('.opacity-50')
          .filter({
            hasText: scenario.credentials.displayName
-        }).first()
+          })
          .first()
      ).toBeVisible({ timeout: 20_000 });
    });
--- a/e2e/tests/auth/multi-signal-server-auth.spec.ts
+++ b/e2e/tests/auth/multi-signal-server-auth.spec.ts
@@ -0,0 +1,111 @@
 import { expect } from '@playwright/test';
 import { test } from '../../fixtures/multi-client';
 import { openSettingsFromMenu } from '../../helpers/app-menu';
 import { expectDashboardReady } from '../../helpers/dashboard';
 import { installTestServerEndpoints } from '../../helpers/seed-test-endpoint';
 import { startTestServer } from '../../helpers/test-server';
 import {
  readAuthTokenFromPage,
  readSignalServerCredentialFromPage,
  registerTestUser
 } from '../../helpers/auth-api';
 import { RegisterPage } from '../../pages/register.page';
 const PRIMARY_ENDPOINT_ID = 'e2e-multi-auth-primary';
 const USER_PASSWORD = 'TestPass123!';
 test.describe('Multi-signal-server authentication', () => {
  test.describe.configure({ timeout: 180_000 });
  test('auto-provisions a foreign signal server when a new endpoint is added', async ({ createClient, request }) => {
    const primaryServer = await startTestServer();
    const secondaryServer = await startTestServer();
    try {
      const client = await createClient();
      const suffix = `multi_auth_${Date.now()}`;
      const username = `user_${suffix}`;
      await installTestServerEndpoints(client.context, [
        {
          id: PRIMARY_ENDPOINT_ID,
          name: 'E2E Primary Signal',
          url: primaryServer.url,
          isActive: true,
          status: 'online'
        }
      ]);
      await test.step('Register on the home signal server', async () => {
        const register = new RegisterPage(client.page);
        await register.goto();
        await register.register(username, 'Multi Auth User', USER_PASSWORD);
        await expectDashboardReady(client.page);
      });
      await test.step('Add a second signal server in network settings', async () => {
        await openSettingsFromMenu(client.page);
        await client.page.getByRole('button', { name: 'Network' }).click();
        await client.page.getByPlaceholder('Server name').fill('E2E Secondary Signal');
        await client.page.getByPlaceholder('Server URL (e.g., http://localhost:3001)').fill(secondaryServer.url);
        await client.page.getByTestId('add-signal-server-button').click();
        await expect(client.page.getByText(secondaryServer.url)).toBeVisible({ timeout: 15_000 });
      });
      await test.step('Wait for auto-provisioned credentials on the secondary server', async () => {
        await expect.poll(async () =>
          await readSignalServerCredentialFromPage(client.page, secondaryServer.url),
        { timeout: 30_000 }
        ).not.toBeNull();
        const homeToken = await readAuthTokenFromPage(client.page, primaryServer.url);
        const secondaryCredential = await readSignalServerCredentialFromPage(client.page, secondaryServer.url);
        expect(homeToken).toBeTruthy();
        expect(secondaryCredential?.username).toBe(username);
        expect(secondaryCredential?.token).toBeTruthy();
      });
      await test.step('Secondary credential can call authenticated APIs', async () => {
        const secondaryCredential = await readSignalServerCredentialFromPage(client.page, secondaryServer.url);
        if (!secondaryCredential) {
          throw new Error('Expected secondary signal-server credential to be provisioned');
        }
        const response = await request.post(`${secondaryServer.url}/api/servers`, {
          headers: {
            Authorization: `Bearer ${secondaryCredential.token}`,
            'Content-Type': 'application/json'
          },
          data: {
            name: `Secondary Provisioned Server ${suffix}`,
            description: 'Created with auto-provisioned credentials',
            ownerId: secondaryCredential.userId,
            ownerPublicKey: 'e2e-secondary-owner-key'
          }
        });
        expect(response.ok(), `POST /api/servers failed: ${response.status()} ${await response.text()}`).toBe(true);
      });
      await test.step('Home registration still works independently on the secondary server', async () => {
        const otherUser = await registerTestUser(
          request,
          secondaryServer.url,
          `other_${suffix}`,
          USER_PASSWORD,
          'Other User'
        );
        expect(otherUser.username).toBe(`other_${suffix}`);
      });
    } finally {
      await primaryServer.stop();
      await secondaryServer.stop();
    }
  });
 });
--- a/e2e/tests/chat/notifications.spec.ts
+++ b/e2e/tests/chat/notifications.spec.ts
@@ -1,5 +1,6 @@
 import {
  expect,
  type BrowserContext,
  type Locator,
  type Page
 } from '@playwright/test';
@@ -35,6 +36,7 @@ test.describe('Chat notifications', () => {
      await clearDesktopNotifications(scenario.alice.page);
      await scenario.bobRoom.joinTextChannel(scenario.channelName);
      await scenario.bobMessages.sendMessage(message);
      await expectUnreadCounts(scenario.alice.page, scenario.serverName, scenario.channelName);
    });
    await test.step('Alice receives a desktop notification with the channel preview', async () => {
@@ -67,8 +69,7 @@ test.describe('Chat notifications', () => {
    });
    await test.step('Alice still sees unread badges for the room and channel', async () => {
-      await expect(getUnreadBadge(getSavedRoomButton(scenario.alice.page, scenario.serverName))).toHaveText('1', { timeout: 20_000 });
+      await expectUnreadCounts(scenario.alice.page, scenario.serverName, scenario.channelName);
      await expect(getUnreadBadge(getTextChannelButton(scenario.alice.page, scenario.channelName))).toHaveText('1', { timeout: 20_000 });
    });
    await test.step('Alice does not get a muted desktop popup', async () => {
@@ -96,7 +97,7 @@ async function createNotificationScenario(createClient: () => Promise<Client>):
  const alice = await createClient();
  const bob = await createClient();
-  await installDesktopNotificationSpy(alice.page);
+  await installDesktopNotificationSpy(alice.context);
  await registerUser(alice.page, aliceCredentials.username, aliceCredentials.displayName, aliceCredentials.password);
  await registerUser(bob.page, bobCredentials.username, bobCredentials.displayName, bobCredentials.password);
@@ -143,8 +144,8 @@ async function registerUser(page: Page, username: string, displayName: string, p
  await expect(page).toHaveURL(/\/dashboard/, { timeout: 15_000 });
 }
-async function installDesktopNotificationSpy(page: Page): Promise<void> {
+async function installDesktopNotificationSpy(context: BrowserContext): Promise<void> {
-  await page.addInitScript(() => {
+  await context.addInitScript(() => {
    const notifications: DesktopNotificationRecord[] = [];
    class MockNotification {
@@ -250,6 +251,11 @@ function getUnreadBadge(container: Locator): Locator {
  return container.locator('span.rounded-full').first();
 }
 async function expectUnreadCounts(page: Page, serverName: string, channelName: string): Promise<void> {
  await expect(getUnreadBadge(getSavedRoomButton(page, serverName))).toHaveText('1', { timeout: 45_000 });
  await expect(getUnreadBadge(getTextChannelButton(page, channelName))).toHaveText('1', { timeout: 45_000 });
 }
 function uniqueName(prefix: string): string {
  return `${prefix}-${Date.now()}-${Math.random().toString(36)
    .slice(2, 8)}`;
--- a/e2e/tests/chat/profile-avatar-sync.spec.ts
+++ b/e2e/tests/chat/profile-avatar-sync.spec.ts
@@ -367,11 +367,10 @@ async function launchPersistentSession(
  });
  await installTestServerEndpoint(context, testServerPort);
  await installWebRTCTracking(context);
  const page = context.pages()[0] ?? await context.newPage();
  await installWebRTCTracking(page);
  return { context, page };
 }
--- a/e2e/tests/chat/server-icon-sync.spec.ts
+++ b/e2e/tests/chat/server-icon-sync.spec.ts
@@ -196,11 +196,10 @@ async function launchPersistentSession(userDataDir: string, testServerPort: numb
  });
  await installTestServerEndpoint(context, testServerPort);
  await installWebRTCTracking(context);
  const page = context.pages()[0] ?? (await context.newPage());
  await installWebRTCTracking(page);
  return { context, page };
 }
--- a/e2e/tests/plugins/plugin-api-two-users.spec.ts
+++ b/e2e/tests/plugins/plugin-api-two-users.spec.ts
@@ -4,13 +4,20 @@ import {
  test,
  type Client
 } from '../../fixtures/multi-client';
 import { openPluginStore } from '../../helpers/app-menu';
 import {
  addPluginSource,
  E2E_PLUGIN_SOURCE_URL,
  E2E_PLUGIN_TITLE
 } from '../../helpers/plugin-store';
 import { installWebRTCTracking } from '../../helpers/webrtc-helpers';
 import { ChatMessagesPage } from '../../pages/chat-messages.page';
 import { ChatRoomPage } from '../../pages/chat-room.page';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
-const PLUGIN_SOURCE_URL = 'http://localhost:4200/plugins/e2e-plugin-source.json';
+const PLUGIN_SOURCE_URL = E2E_PLUGIN_SOURCE_URL;
-const PLUGIN_TITLE = 'E2E All API Plugin';
+const PLUGIN_TITLE = E2E_PLUGIN_TITLE;
 const EDITED_MESSAGE = 'Plugin API edited message';
 const ORIGINAL_MESSAGE = 'Plugin API original message';
 const DELETED_MESSAGE = 'Plugin API deleted message';
@@ -87,6 +94,9 @@ async function createPluginApiScenario(createClient: () => Promise<Client>): Pro
  const alice = await createClient();
  const bob = await createClient();
  await installWebRTCTracking(alice.page);
  await installWebRTCTracking(bob.page);
  await registerUser(alice.page, `alice_${suffix}`, 'Alice');
  await registerUser(bob.page, `bob_${suffix}`, 'Bob');
@@ -98,13 +108,10 @@ async function createPluginApiScenario(createClient: () => Promise<Client>): Pro
  const aliceRoom = new ChatRoomPage(alice.page);
  await aliceRoom.ensureVoiceChannelExists(VOICE_CHANNEL);
  await installGrantAndActivatePlugin(alice.page, true);
  await closeSettingsModal(alice.page);
  await expect(soundboardComposerButton(alice.page)).toBeVisible({ timeout: 20_000 });
  const bobSearch = new ServerSearchPage(bob.page);
-  await bobSearch.joinServerFromSearch(serverName, { acceptPluginDownloads: true });
+  await bobSearch.joinServerFromSearch(serverName);
  await expect(bob.page).toHaveURL(/\/room\//, { timeout: 30_000 });
  const bobRoom = new ChatRoomPage(bob.page);
@@ -113,6 +120,9 @@ async function createPluginApiScenario(createClient: () => Promise<Client>): Pro
  await bobRoom.joinVoiceChannel(VOICE_CHANNEL);
  await expect(aliceRoom.voiceControls).toBeVisible({ timeout: 30_000 });
  await expect(bobRoom.voiceControls).toBeVisible({ timeout: 30_000 });
  await installGrantAndActivatePlugin(alice.page, true);
  await closeSettingsModal(alice.page);
  await expect(soundboardComposerButton(alice.page)).toBeVisible({ timeout: 20_000 });
  const aliceMessages = new ChatMessagesPage(alice.page);
  const bobMessages = new ChatMessagesPage(bob.page);
@@ -141,14 +151,11 @@ async function registerUser(page: Page, username: string, displayName: string):
 }
 async function installGrantAndActivatePlugin(page: Page, installFromStore: boolean): Promise<void> {
-  await page.getByRole('button', { name: 'Plugin Store' }).click();
+  await openPluginStore(page);
  await expect(page).toHaveURL(/\/plugin-store/, { timeout: 20_000 });
  await expect(page.getByTestId('plugin-store-page')).toBeVisible({ timeout: 20_000 });
  if (installFromStore) {
-    await page.getByLabel('Plugin source manifest URL').fill(PLUGIN_SOURCE_URL);
+    await addPluginSource(page, PLUGIN_SOURCE_URL);
    await page.getByRole('button', { name: 'Add Source' }).click();
    await expect(page.getByRole('heading', { name: PLUGIN_TITLE })).toBeVisible({ timeout: 20_000 });
    await page.locator('article', { hasText: PLUGIN_TITLE }).getByRole('button', { exact: true, name: /^(Install|Install to Server)$/ })
      .click();
--- a/e2e/tests/plugins/plugin-manager-ui.spec.ts
+++ b/e2e/tests/plugins/plugin-manager-ui.spec.ts
@@ -1,4 +1,7 @@
 import { expect, test } from '../../fixtures/multi-client';
 import { openPluginStore } from '../../helpers/app-menu';
 import { expectDashboardReady } from '../../helpers/dashboard';
 import { addPluginSource } from '../../helpers/plugin-store';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
@@ -15,7 +18,7 @@ test.describe('Plugin manager UI', () => {
    await test.step('Register user and create server context', async () => {
      await register.goto();
      await register.register(`plugin_${suffix}`, 'Plugin Tester', 'TestPass123!');
-      await expect(page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(page);
      await search.createServer(`Plugin API Server ${suffix}`, {
        description: 'Plugin manager UI E2E coverage'
      });
@@ -23,16 +26,13 @@ test.describe('Plugin manager UI', () => {
      await expect(page).toHaveURL(/\/room\//, { timeout: 30_000 });
    });
-    await test.step('Open visible Plugin Store button', async () => {
+    await test.step('Open Plugin Store from the title-bar menu', async () => {
-      await page.getByRole('button', { name: 'Plugin Store' }).click();
+      await openPluginStore(page);
      await expect(page).toHaveURL(/\/plugin-store/, { timeout: 10_000 });
      await expect(page.getByTestId('plugin-store-page')).toBeVisible({ timeout: 10_000 });
    });
    await test.step('Install fixture plugin from source manifest', async () => {
-      await page.getByLabel('Plugin source manifest URL').fill('http://localhost:4200/plugins/e2e-plugin-source.json');
+      await addPluginSource(page);
      await page.getByRole('button', { name: 'Add Source' }).click();
      await expect(page.getByRole('heading', { name: 'E2E All API Plugin' })).toBeVisible({ timeout: 15_000 });
      const pluginCard = page.locator('article', { hasText: 'E2E All API Plugin' });
      await pluginCard.getByRole('button', { name: 'Readme' }).click();
--- a/e2e/tests/settings/connectivity-warning.spec.ts
+++ b/e2e/tests/settings/connectivity-warning.spec.ts
@@ -1,4 +1,5 @@
 import { test, expect } from '../../fixtures/multi-client';
 import { expectDashboardReady } from '../../helpers/dashboard';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
 import { ChatRoomPage } from '../../pages/chat-room.page';
@@ -88,7 +89,7 @@ test.describe('Connectivity warning', () => {
      await register.goto();
      await register.register(`alice_${suffix}`, 'Alice', 'TestPass123!');
-      await expect(alice.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(alice.page);
    });
    await test.step('Register Bob', async () => {
@@ -96,7 +97,7 @@ test.describe('Connectivity warning', () => {
      await register.goto();
      await register.register(`bob_${suffix}`, 'Bob', 'TestPass123!');
-      await expect(bob.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(bob.page);
    });
    await test.step('Register Charlie', async () => {
@@ -104,7 +105,7 @@ test.describe('Connectivity warning', () => {
      await register.goto();
      await register.register(`charlie_${suffix}`, 'Charlie', 'TestPass123!');
-      await expect(charlie.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(charlie.page);
    });
    // ── Create server and have everyone join ──
--- a/e2e/tests/settings/ice-server-settings.spec.ts
+++ b/e2e/tests/settings/ice-server-settings.spec.ts
@@ -1,4 +1,6 @@
 import { test, expect } from '../../fixtures/multi-client';
 import { openSettingsFromMenu } from '../../helpers/app-menu';
 import { expectDashboardReady } from '../../helpers/dashboard';
 import { RegisterPage } from '../../pages/register.page';
 test.describe('ICE server settings', () => {
@@ -9,8 +11,8 @@ test.describe('ICE server settings', () => {
    await register.goto();
    await register.register(`user_${suffix}`, 'IceTestUser', 'TestPass123!');
-    await expect(page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+    await expectDashboardReady(page);
-    await page.getByTitle('Settings').click();
+    await openSettingsFromMenu(page);
    await expect(page.getByRole('button', { name: 'Network' })).toBeVisible({ timeout: 10_000 });
    await page.getByRole('button', { name: 'Network' }).click();
    await expect(page.getByTestId('ice-server-settings')).toBeVisible({ timeout: 10_000 });
@@ -101,7 +103,7 @@ test.describe('ICE server settings', () => {
      await expect(page.getByText('stun:persist-test.example.com:3478')).toBeVisible({ timeout: 5_000 });
      await page.reload({ waitUntil: 'domcontentloaded' });
-      await page.getByTitle('Settings').click();
+      await openSettingsFromMenu(page);
      await expect(page.getByRole('button', { name: 'Network' })).toBeVisible({ timeout: 10_000 });
      await page.getByRole('button', { name: 'Network' }).click();
      await expect(page.getByText('stun:persist-test.example.com:3478')).toBeVisible({ timeout: 10_000 });
--- a/e2e/tests/settings/stun-turn-fallback.spec.ts
+++ b/e2e/tests/settings/stun-turn-fallback.spec.ts
@@ -1,4 +1,5 @@
 import { test, expect } from '../../fixtures/multi-client';
 import { expectDashboardReady } from '../../helpers/dashboard';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
 import { ChatRoomPage } from '../../pages/chat-room.page';
@@ -89,7 +90,7 @@ test.describe('STUN/TURN fallback behaviour', () => {
      await register.goto();
      await register.register(`alice_${suffix}`, 'Alice', 'TestPass123!');
-      await expect(alice.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(alice.page);
    });
    await test.step('Register Bob', async () => {
@@ -97,7 +98,7 @@ test.describe('STUN/TURN fallback behaviour', () => {
      await register.goto();
      await register.register(`bob_${suffix}`, 'Bob', 'TestPass123!');
-      await expect(bob.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(bob.page);
    });
    await test.step('Alice creates a server', async () => {
--- a/electron/api/provision-secret-store.ts
+++ b/electron/api/provision-secret-store.ts
@@ -0,0 +1,60 @@
 import { safeStorage } from 'electron';
 import {
  mkdir,
  readFile,
  writeFile
 } from 'fs/promises';
 import path from 'path';
 import { app } from 'electron';
 const STORAGE_DIR_NAME = 'provision-secrets';
 function getStorageDir(): string {
  return path.join(app.getPath('userData'), STORAGE_DIR_NAME);
 }
 function getSecretFilePath(homeUserId: string): string {
  return path.join(getStorageDir(), `${homeUserId}.bin`);
 }
 async function ensureStorageDir(): Promise<void> {
  await mkdir(getStorageDir(), { recursive: true });
 }
 export async function storeProvisionSecret(homeUserId: string, secret: string): Promise<boolean> {
  if (!homeUserId.trim() || !secret) {
    return false;
  }
  await ensureStorageDir();
  if (!safeStorage.isEncryptionAvailable()) {
    await writeFile(getSecretFilePath(homeUserId), secret, 'utf8');
    return true;
  }
  const encrypted = safeStorage.encryptString(secret);
  await writeFile(getSecretFilePath(homeUserId), encrypted);
  return true;
 }
 export async function getProvisionSecret(homeUserId: string): Promise<string | null> {
  if (!homeUserId.trim()) {
    return null;
  }
  try {
    const filePath = getSecretFilePath(homeUserId);
    const payload = await readFile(filePath);
    if (!safeStorage.isEncryptionAvailable()) {
      return payload.toString('utf8');
    }
    return safeStorage.decryptString(payload);
  } catch {
    return null;
  }
 }
--- a/electron/ipc/system.ts
+++ b/electron/ipc/system.ts
@@ -20,6 +20,7 @@ import {
  type DesktopSettings
 } from '../desktop-settings';
 import { applyLocalApiSettings, getLocalApiSnapshot } from '../api';
 import { getProvisionSecret, storeProvisionSecret } from '../api/provision-secret-store';
 import {
  activateLinuxScreenShareAudioRouting,
  deactivateLinuxScreenShareAudioRouting,
@@ -62,7 +63,11 @@ import { listRunningProcessNames } from '../process-list';
 import { detectActiveGame } from '../game-detection';
 import { collectAppMetricsSnapshot } from '../app-metrics';
 import { clearAllTokens } from '../api/auth-store';
-import { assertPathUnderUserData, grantPluginReadRoot, resolveReadablePath } from '../path-jail';
+import {
  assertPathUnderUserData,
  grantPluginReadRoot,
  resolveReadablePath
 } from '../path-jail';
 const DEFAULT_MIME_TYPE = 'application/octet-stream';
 const MAX_ACTIVE_DESKTOP_NOTIFICATIONS = 20;
@@ -380,6 +385,14 @@ export function setupSystemHandlers(): void {
  ipcMain.handle('get-app-metrics', () => collectAppMetricsSnapshot());
  ipcMain.handle('store-provision-secret', async (_event, homeUserId: string, secret: string) =>
    await storeProvisionSecret(homeUserId, secret)
  );
  ipcMain.handle('get-provision-secret', async (_event, homeUserId: string) =>
    await getProvisionSecret(homeUserId)
  );
  ipcMain.handle('get-app-data-path', () => app.getPath('userData'));
  ipcMain.handle('open-current-data-folder', async () => await openCurrentDataFolder());
  ipcMain.handle('export-user-data', async () => await exportUserData());
--- a/electron/path-jail.spec.ts
+++ b/electron/path-jail.spec.ts
@@ -37,8 +37,10 @@ describe('path-jail', () => {
  it('accepts cached plugin bundle paths under plugin-bundles', async () => {
    const bundleDir = path.join(tempRoot, 'plugin-bundles', 'example.plugin', '1.0.0');
    fs.mkdirSync(bundleDir, { recursive: true });
    const bundlePath = path.join(bundleDir, 'main.js');
    fs.writeFileSync(bundlePath, 'export default {}');
    await expect(assertPathUnderRoot(tempRoot, bundlePath)).resolves.toBe(bundlePath);
@@ -59,6 +61,7 @@ describe('path-jail', () => {
  it('allows user-granted plugin source roots outside app data', async () => {
    const externalRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'metoyou-plugin-source-'));
    const manifestPath = path.join(externalRoot, 'plugin-source.json');
    fs.writeFileSync(manifestPath, '{}');
    grantPluginReadRoot(externalRoot);
--- a/electron/preload.ts
+++ b/electron/preload.ts
@@ -346,6 +346,9 @@ export interface ElectronAPI {
  command: <T = unknown>(command: Command) => Promise<T>;
  query: <T = unknown>(query: Query) => Promise<T>;
  storeProvisionSecret: (homeUserId: string, secret: string) => Promise<boolean>;
  getProvisionSecret: (homeUserId: string) => Promise<string | null>;
 }
 const electronAPI: ElectronAPI = {
@@ -502,7 +505,10 @@ const electronAPI: ElectronAPI = {
  },
  command: (command) => ipcRenderer.invoke('cqrs:command', command),
-  query: (query) => ipcRenderer.invoke('cqrs:query', query)
+  query: (query) => ipcRenderer.invoke('cqrs:query', query),
  storeProvisionSecret: (homeUserId, secret) => ipcRenderer.invoke('store-provision-secret', homeUserId, secret),
  getProvisionSecret: (homeUserId) => ipcRenderer.invoke('get-provision-secret', homeUserId)
 };
 contextBridge.exposeInMainWorld('electronAPI', electronAPI);
--- a/server/src/app.ts
+++ b/server/src/app.ts
@@ -41,7 +41,7 @@ function buildCorsOptions() {
 export function createApp(): express.Express {
  const app = express();
-  // Trust loopback proxies only — avoids express-rate-limit ERR_ERL_PERMISSIVE_TRUST_PROXY.
+  // Trust loopback proxies only - avoids express-rate-limit ERR_ERL_PERMISSIVE_TRUST_PROXY.
  app.set('trust proxy', 'loopback');
  app.use(cors(buildCorsOptions()));
  app.use(express.json());
--- a/server/src/routes/user-registration.rules.spec.ts
+++ b/server/src/routes/user-registration.rules.spec.ts
@@ -0,0 +1,30 @@
 import {
  describe,
  it,
  expect
 } from 'vitest';
 import { isDuplicateUsernameError } from './user-registration.rules';
 describe('user-registration.rules', () => {
  it('detects sqlite unique constraint failures on username', () => {
    expect(isDuplicateUsernameError({
      message: 'UNIQUE constraint failed: users.username'
    })).toBe(true);
  });
  it('detects typeorm query failed errors with username constraint text', () => {
    expect(isDuplicateUsernameError({
      name: 'QueryFailedError',
      message: 'SQLITE_CONSTRAINT: UNIQUE constraint failed: users.username'
    })).toBe(true);
  });
  it('ignores unrelated database errors', () => {
    expect(isDuplicateUsernameError({
      message: 'UNIQUE constraint failed: servers.id'
    })).toBe(false);
    expect(isDuplicateUsernameError(new Error('connection lost'))).toBe(false);
    expect(isDuplicateUsernameError(null)).toBe(false);
  });
 });
--- a/server/src/routes/user-registration.rules.ts
+++ b/server/src/routes/user-registration.rules.ts
@@ -0,0 +1,11 @@
 export function isDuplicateUsernameError(error: unknown): boolean {
  if (!error || typeof error !== 'object') {
    return false;
  }
  const message = 'message' in error && typeof error.message === 'string'
    ? error.message
    : '';
  return message.includes('UNIQUE constraint failed: users.username');
 }
--- a/server/src/routes/users.ts
+++ b/server/src/routes/users.ts
@@ -10,6 +10,7 @@ import {
 import { hashPasswordForStorage, verifyPassword } from '../services/password-auth.service';
 import { issueSessionToken, revokeSessionToken } from '../services/session-auth.service';
 import { getAuthenticatedUserId, requireAuth } from '../middleware/require-auth';
 import { isDuplicateUsernameError } from './user-registration.rules';
 const router = Router();
@@ -46,7 +47,16 @@ router.post('/register', async (req, res) => {
    createdAt: Date.now()
  };
  try {
    await registerUser(user);
  } catch (error) {
    if (isDuplicateUsernameError(error)) {
      return res.status(409).json({ error: 'Username taken' });
    }
    throw error;
  }
  const session = await issueSessionToken(user.id);
  res.status(201).json(buildAuthResponse(user, session.token, session.expiresAt));
--- a/server/src/websocket/broadcast.spec.ts
+++ b/server/src/websocket/broadcast.spec.ts
@@ -7,7 +7,11 @@ import {
 import { WebSocket } from 'ws';
 import { connectedUsers } from './state';
 import { ConnectedUser } from './types';
-import { broadcastToServer, findUserByOderId, findVoiceActiveConnection } from './broadcast';
+import {
  broadcastToServer,
  findUserByOderId,
  findVoiceActiveConnection
 } from './broadcast';
 function createMockWs(): WebSocket & { sentMessages: string[] } {
  const sent: string[] = [];
--- a/server/src/websocket/handler-multi-client.spec.ts
+++ b/server/src/websocket/handler-multi-client.spec.ts
@@ -134,12 +134,14 @@ describe('server websocket handler - multi-client sessions', () => {
      oderId: 'user-2',
      serverIds: new Set(['server-1'])
    });
    createConnectedUser('conn-passive', {
      authenticated: true,
      oderId: 'user-1',
      serverIds: new Set(['server-1']),
      clientInstanceId: 'device-passive'
    });
    const active = createConnectedUser('conn-active', {
      authenticated: true,
      oderId: 'user-1',
@@ -169,6 +171,7 @@ describe('server websocket handler - multi-client sessions', () => {
      serverIds: new Set(['server-1']),
      clientInstanceId: 'device-b'
    });
    const active = createConnectedUser('conn-active', {
      authenticated: true,
      oderId: 'user-1',
@@ -197,6 +200,7 @@ describe('server websocket handler - multi-client sessions', () => {
      connectionScope: 'ws://localhost:3001',
      clientInstanceId: 'device-a'
    });
    createConnectedUser('conn-new', {
      authenticated: false,
      connectionScope: 'ws://localhost:3001',
@@ -216,4 +220,50 @@ describe('server websocket handler - multi-client sessions', () => {
    expect((stale.ws as WebSocket & { closeCalled: boolean }).closeCalled).toBe(true);
    expect(connectedUsers.get('conn-new')?.authenticated).toBe(true);
  });
  it('relays account_sync payloads to other connections for the same user', async () => {
    createConnectedUser('conn-a1', {
      authenticated: true,
      oderId: 'user-1',
      serverIds: new Set(['server-1']),
      clientInstanceId: 'device-a'
    });
    const receiver = createConnectedUser('conn-a2', {
      authenticated: true,
      oderId: 'user-1',
      serverIds: new Set(['server-1']),
      clientInstanceId: 'device-b'
    });
    getSentMessages(receiver).length = 0;
    await handleWebSocketMessage('conn-a1', {
      type: 'account_sync',
      clientInstanceId: 'device-a',
      payload: {
        type: 'friend-added',
        userId: 'friend-1',
        addedAt: 123
      }
    });
    const messages = getSentMessages(receiver).map((raw) => JSON.parse(raw) as {
      type: string;
      payload?: { type: string; userId?: string };
      clientInstanceId?: string;
      fromUserId?: string;
    });
    const relay = messages.find((message) => message.type === 'account_sync');
    expect(relay).toEqual({
      type: 'account_sync',
      clientInstanceId: 'device-a',
      fromUserId: 'user-1',
      payload: {
        type: 'friend-added',
        userId: 'friend-1',
        addedAt: 123
      }
    });
  });
 });
--- a/server/src/websocket/handler.ts
+++ b/server/src/websocket/handler.ts
@@ -296,6 +296,11 @@ async function handleIdentify(user: ConnectedUser, message: WsMessage, connectio
  connectedUsers.set(connectionId, user);
  console.log(`User identified: ${user.displayName} (${user.oderId})`);
  notifyOtherConnectionsForOderId(newOderId, {
    type: 'account_sync_peer_online',
    clientInstanceId: newClientInstanceId
  }, connectionId);
  const voiceSnapshot = Array.from(connectedUsers.entries()).find(([otherConnectionId, otherUser]) =>
    otherConnectionId !== connectionId
    && otherUser.oderId === newOderId
@@ -541,6 +546,21 @@ function handleVoiceClientTakeover(user: ConnectedUser, message: WsMessage, conn
  }, connectionId);
 }
 function handleAccountSync(user: ConnectedUser, message: WsMessage, connectionId: string): void {
  const payload = message['payload'];
  if (!payload || typeof payload !== 'object' || typeof (payload as { type?: unknown }).type !== 'string') {
    return;
  }
  notifyOtherConnectionsForOderId(user.oderId, {
    type: 'account_sync',
    clientInstanceId: normalizeClientInstanceId(message['clientInstanceId']) ?? user.clientInstanceId,
    fromUserId: user.oderId,
    payload
  }, connectionId);
 }
 function handleTyping(user: ConnectedUser, message: WsMessage, connectionId: string): void {
  const typingSid = (message['serverId'] as string | undefined) ?? user.viewedServerId;
  const channelId = typeof message['channelId'] === 'string' && message['channelId'].trim() ? message['channelId'].trim() : 'general';
@@ -747,6 +767,10 @@ export async function handleWebSocketMessage(connectionId: string, message: WsMe
      handleVoiceClientTakeover(user, message, connectionId);
      break;
    case 'account_sync':
      handleAccountSync(user, message, connectionId);
      break;
    case 'typing':
      handleTyping(user, message, connectionId);
      break;
--- a/toju-app/public/i18n/catalog/auth.json
+++ b/toju-app/public/i18n/catalog/auth.json
@@ -29,6 +29,15 @@
      "prepareStateFailed": "Failed to prepare local user state.",
      "noCurrentUser": "No current user",
      "sessionExpired": "Your session expired. Please sign in again."
    },
    "authorize": {
      "title": "Sign in to {{serverName}}",
      "registerTitle": "Create account on {{serverName}}",
      "description": "Your home account stays signed in. This only authorizes the selected signal server.",
      "defaultServerName": "Signal Server"
    },
    "provision": {
      "usernameCollision": "Username {{preferredUsername}} was taken on {{serverName}}. Created {{provisionedUsername}} instead."
    }
  }
 }
--- a/toju-app/public/i18n/catalog/servers.json
+++ b/toju-app/public/i18n/catalog/servers.json
@@ -124,6 +124,7 @@
        "loading": "Loading invite...",
        "joining": "Joining {{name}}...",
        "redirectingLogin": "Redirecting to login...",
        "redirectingAuthorize": "Authorizing signal server...",
        "missingInfo": "This invite link is missing required server information.",
        "acceptFailed": "Unable to accept this invite.",
        "banned": "You are banned from this server and cannot accept this invite.",
--- a/toju-app/public/i18n/catalog/settings.json
+++ b/toju-app/public/i18n/catalog/settings.json
@@ -93,6 +93,11 @@
        "errors": {
          "invalidUrl": "Please enter a valid URL",
          "duplicateUrl": "This server URL already exists"
        },
        "auth": {
          "authorized": "Authorized",
          "needsSignIn": "Needs sign-in",
          "signIn": "Sign in"
        }
      },
      "connection": {
@@ -116,6 +121,7 @@
        "turnUser": "User: {{username}}",
        "moveUp": "Move up (higher priority)",
        "moveDown": "Move down (lower priority)",
        "remove": "Remove",
        "empty": "No ICE servers configured. P2P connections may fail across networks.",
        "addTitle": "Add ICE Server",
        "stunPlaceholder": "stun:stun.example.com:19302",
--- a/toju-app/public/i18n/en.json
+++ b/toju-app/public/i18n/en.json
@@ -59,6 +59,15 @@
      "prepareStateFailed": "Failed to prepare local user state.",
      "noCurrentUser": "No current user",
      "sessionExpired": "Your session expired. Please sign in again."
    },
    "authorize": {
      "title": "Sign in to {{serverName}}",
      "registerTitle": "Create account on {{serverName}}",
      "description": "Your home account stays signed in. This only authorizes the selected signal server.",
      "defaultServerName": "Signal Server"
    },
    "provision": {
      "usernameCollision": "Username {{preferredUsername}} was taken on {{serverName}}. Created {{provisionedUsername}} instead."
    }
  },
  "call": {
@@ -1013,6 +1022,7 @@
        "loading": "Loading invite...",
        "joining": "Joining {{name}}...",
        "redirectingLogin": "Redirecting to login...",
        "redirectingAuthorize": "Authorizing signal server...",
        "missingInfo": "This invite link is missing required server information.",
        "acceptFailed": "Unable to accept this invite.",
        "banned": "You are banned from this server and cannot accept this invite.",
@@ -1138,6 +1148,11 @@
        "errors": {
          "invalidUrl": "Please enter a valid URL",
          "duplicateUrl": "This server URL already exists"
        },
        "auth": {
          "authorized": "Authorized",
          "needsSignIn": "Needs sign-in",
          "signIn": "Sign in"
        }
      },
      "connection": {
@@ -1161,6 +1176,7 @@
        "turnUser": "User: {{username}}",
        "moveUp": "Move up (higher priority)",
        "moveDown": "Move down (lower priority)",
        "remove": "Remove",
        "empty": "No ICE servers configured. P2P connections may fail across networks.",
        "addTitle": "Add ICE Server",
        "stunPlaceholder": "stun:stun.example.com:19302",
--- a/toju-app/src/app/app.config.ts
+++ b/toju-app/src/app/app.config.ts
@@ -17,6 +17,7 @@ import { usersReducer } from './store/users/users.reducer';
 import { roomsReducer } from './store/rooms/rooms.reducer';
 import { NotificationsEffects } from './domains/notifications';
 import { CustomEmojiSyncEffects } from './domains/custom-emoji';
 import { AccountSyncEffects } from './infrastructure/realtime/account-sync/account-sync.effects';
 import { MessagesEffects } from './store/messages/messages.effects';
 import { MessagesSyncEffects } from './store/messages/messages-sync.effects';
 import { UserAvatarEffects } from './store/users/user-avatar.effects';
@@ -45,6 +46,7 @@ export const appConfig: ApplicationConfig = {
    }),
    provideEffects([
      NotificationsEffects,
      AccountSyncEffects,
      CustomEmojiSyncEffects,
      MessagesEffects,
      MessagesSyncEffects,
--- a/toju-app/src/app/core/platform/electron/electron-api.models.ts
+++ b/toju-app/src/app/core/platform/electron/electron-api.models.ts
@@ -323,6 +323,8 @@ export interface ElectronApi {
  copyImageToClipboard: (srcURL: string) => Promise<boolean>;
  command: <T = unknown>(command: ElectronCommand) => Promise<T>;
  query: <T = unknown>(query: ElectronQuery) => Promise<T>;
  storeProvisionSecret?: (homeUserId: string, secret: string) => Promise<boolean>;
  getProvisionSecret?: (homeUserId: string) => Promise<string | null>;
 }
 export type ElectronWindow = Window & {
--- a/toju-app/src/app/domains/authentication/application/services/auth-token-store.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/auth-token-store.service.ts
@@ -18,6 +18,12 @@ export class AuthTokenStoreService {
  }
  getToken(serverUrl: string): string | null {
    const entry = this.getTokenEntry(serverUrl);
    return entry?.token ?? null;
  }
  getTokenEntry(serverUrl: string): StoredAuthToken | null {
    const normalizedUrl = this.normalizeServerUrl(serverUrl);
    const entry = this.readStore()[normalizedUrl];
@@ -30,7 +36,7 @@ export class AuthTokenStoreService {
      return null;
    }
-    return entry.token;
+    return entry;
  }
  clearToken(serverUrl: string): void {
--- a/toju-app/src/app/domains/authentication/application/services/authentication.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/authentication.service.ts
@@ -34,7 +34,13 @@ export class AuthenticationService {
  }
  private persistSessionToken(serverId: string | undefined, response: LoginResponse): void {
-    this.authTokenStore.setToken(this.resolveServerUrl(serverId), response.token, response.expiresAt);
+    const serverUrl = this.resolveServerUrl(serverId);
    this.authTokenStore.setToken(serverUrl, response.token, response.expiresAt);
  }
  resolveServerUrlFor(serverId?: string): string {
    return this.resolveServerUrl(serverId);
  }
  private endpointFor(serverId?: string): string {
--- a/toju-app/src/app/domains/authentication/application/services/message-signing.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/message-signing.service.ts
@@ -101,10 +101,7 @@ export class MessageSigningService {
    const stored = this.readStoredKeyPair();
    if (stored) {
-      const [publicKey, privateKey] = await Promise.all([
+      const [publicKey, privateKey] = await Promise.all([crypto.subtle.importKey('jwk', stored.publicKeyJwk, { name: 'Ed25519' }, true, ['verify']), crypto.subtle.importKey('jwk', stored.privateKeyJwk, { name: 'Ed25519' }, false, ['sign'])]);
        crypto.subtle.importKey('jwk', stored.publicKeyJwk, { name: 'Ed25519' }, true, ['verify']),
        crypto.subtle.importKey('jwk', stored.privateKeyJwk, { name: 'Ed25519' }, false, ['sign'])
      ]);
      return { publicKey, privateKey };
    }
@@ -114,10 +111,7 @@ export class MessageSigningService {
      true,
      ['sign', 'verify']
    );
-    const [publicKeyJwk, privateKeyJwk] = await Promise.all([
+    const [publicKeyJwk, privateKeyJwk] = await Promise.all([crypto.subtle.exportKey('jwk', generated.publicKey), crypto.subtle.exportKey('jwk', generated.privateKey)]);
      crypto.subtle.exportKey('jwk', generated.publicKey),
      crypto.subtle.exportKey('jwk', generated.privateKey)
    ]);
    this.writeStoredKeyPair({ publicKeyJwk, privateKeyJwk });
--- a/toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.spec.ts
+++ b/toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.spec.ts
@@ -0,0 +1,65 @@
 import {
  describe,
  it,
  expect,
  beforeEach,
  vi
 } from 'vitest';
 import { ProvisionSecretStoreService } from './provision-secret-store.service';
 import { ElectronBridgeService } from '../../../../core/platform/electron/electron-bridge.service';
 describe('ProvisionSecretStoreService', () => {
  let service: ProvisionSecretStoreService;
  let electronBridge: ElectronBridgeService;
  beforeEach(() => {
    const sessionStorageMap = new Map<string, string>();
    vi.stubGlobal('sessionStorage', {
      getItem: (key: string) => sessionStorageMap.get(key) ?? null,
      setItem: (key: string, value: string) => { sessionStorageMap.set(key, value); },
      removeItem: (key: string) => { sessionStorageMap.delete(key); },
      clear: () => { sessionStorageMap.clear(); }
    });
    electronBridge = {
      isAvailable: false,
      getApi: () => null,
      requireApi: () => {
        throw new Error('Electron API is not available in this runtime.');
      }
    } as ElectronBridgeService;
    service = new ProvisionSecretStoreService(electronBridge);
  });
  it('stores and retrieves provision secrets in session storage when electron is unavailable', async () => {
    await service.storeSecret('home-user-1', 'secret-abc');
    await expect(service.getSecret('home-user-1')).resolves.toBe('secret-abc');
  });
  it('uses electron secure storage when available', async () => {
    const storeProvisionSecret = vi.fn(async () => true);
    const getProvisionSecret = vi.fn(async () => 'electron-secret');
    electronBridge = {
      isAvailable: true,
      getApi: () => ({
        storeProvisionSecret,
        getProvisionSecret
      }),
      requireApi: () => ({
        storeProvisionSecret,
        getProvisionSecret
      })
    } as unknown as ElectronBridgeService;
    service = new ProvisionSecretStoreService(electronBridge);
    await service.storeSecret('home-user-1', 'secret-abc');
    await expect(service.getSecret('home-user-1')).resolves.toBe('electron-secret');
    expect(storeProvisionSecret).toHaveBeenCalledWith('home-user-1', 'secret-abc');
    expect(getProvisionSecret).toHaveBeenCalledWith('home-user-1');
  });
 });
--- a/toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.ts
@@ -0,0 +1,52 @@
 import { Injectable, inject } from '@angular/core';
 import { ElectronBridgeService } from '../../../../core/platform/electron/electron-bridge.service';
 const SESSION_STORAGE_PREFIX = 'metoyou.provisionSecret.';
@Injectable({ providedIn: 'root' })
 export class ProvisionSecretStoreService {
  private readonly electronBridge: ElectronBridgeService;
  constructor(electronBridge: ElectronBridgeService = inject(ElectronBridgeService)) {
    this.electronBridge = electronBridge;
  }
  async storeSecret(homeUserId: string, secret: string): Promise<void> {
    const api = this.electronBridge.getApi();
    if (api?.storeProvisionSecret) {
      await api.storeProvisionSecret(homeUserId, secret);
      return;
    }
    sessionStorage.setItem(this.sessionKey(homeUserId), secret);
  }
  async getSecret(homeUserId: string): Promise<string | null> {
    const api = this.electronBridge.getApi();
    if (api?.getProvisionSecret) {
      return api.getProvisionSecret(homeUserId);
    }
    return sessionStorage.getItem(this.sessionKey(homeUserId));
  }
  async hasSecret(homeUserId: string): Promise<boolean> {
    const secret = await this.getSecret(homeUserId);
    return !!secret;
  }
  private sessionKey(homeUserId: string): string {
    return `${SESSION_STORAGE_PREFIX}${homeUserId}`;
  }
 }
 export function generateProvisionSecret(): string {
  const bytes = new Uint8Array(32);
  crypto.getRandomValues(bytes);
  return Array.from(bytes, (byte) => byte.toString(16).padStart(2, '0')).join('');
 }
--- a/toju-app/src/app/domains/authentication/application/services/signal-server-auth.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/signal-server-auth.service.ts
@@ -0,0 +1,206 @@
 import { Injectable, inject } from '@angular/core';
 import { Store } from '@ngrx/store';
 import { firstValueFrom } from 'rxjs';
 import type { User } from '../../../../shared-kernel';
 import { selectCurrentUser } from '../../../../store/users/users.selectors';
 import type { LoginResponse } from '../../domain/models/authentication.model';
 import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
 import { ProvisionUsernameCollisionError } from '../../domain/logic/signal-server-provision.rules';
 import { type ResolvedSignalIdentity, resolveSignalIdentity } from '../../domain/logic/signal-server-credential-resolution.rules';
 import { resolveSelfPresenceUserIds } from '../../domain/logic/self-presence-identity.rules';
 import { AuthTokenStoreService } from './auth-token-store.service';
 import { ProvisionSecretStoreService, generateProvisionSecret } from './provision-secret-store.service';
 import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
 import { SignalServerProvisionerService, type ProvisionResult } from './signal-server-provisioner.service';
 import { SignalServerProvisionNoticeService } from './signal-server-provision-notice.service';
 export type EnsureProvisionedResult =
  | { kind: 'existing'; credential: SignalServerCredential }
  | { kind: 'provisioned'; result: ProvisionResult }
  | { kind: 'skipped'; reason: 'no-home-user' | 'no-provision-secret' | 'already-valid' }
  | { kind: 'collision'; error: ProvisionUsernameCollisionError };
@Injectable({ providedIn: 'root' })
 export class SignalServerAuthService {
  private readonly store = inject(Store);
  private readonly credentialStore = inject(SignalServerCredentialStoreService);
  private readonly authTokenStore = inject(AuthTokenStoreService);
  private readonly provisionSecretStore = inject(ProvisionSecretStoreService);
  private readonly provisioner = inject(SignalServerProvisionerService);
  private readonly provisionNotice = inject(SignalServerProvisionNoticeService);
  private readonly provisionInFlight = new Map<string, Promise<EnsureProvisionedResult>>();
  getCredential(serverUrl: string): SignalServerCredential | null {
    return this.credentialStore.getCredential(serverUrl);
  }
  hasValidCredential(serverUrl: string): boolean {
    return this.credentialStore.hasValidCredential(serverUrl);
  }
  upsertCredentialFromLogin(
    serverUrl: string,
    response: LoginResponse,
    options: { provisioned?: boolean } = {}
  ): SignalServerCredential {
    return this.provisioner.upsertManualCredential(serverUrl, response, options.provisioned ?? false);
  }
  clearCredential(serverUrl: string): void {
    this.credentialStore.clearCredential(serverUrl);
  }
  migrateHomeCredential(user: Pick<User, 'id' | 'username' | 'displayName' | 'homeSignalServerUrl'>): void {
    const homeSignalServerUrl = user.homeSignalServerUrl?.trim();
    if (!homeSignalServerUrl || this.credentialStore.hasValidCredential(homeSignalServerUrl)) {
      return;
    }
    const tokenEntry = this.authTokenStore.getTokenEntry(homeSignalServerUrl);
    if (!tokenEntry) {
      return;
    }
    this.credentialStore.upsertCredential({
      serverUrl: homeSignalServerUrl,
      userId: user.id,
      username: user.username,
      displayName: user.displayName,
      token: tokenEntry.token,
      expiresAt: tokenEntry.expiresAt,
      provisioned: false
    });
  }
  async ensureHomeProvisionSecret(homeUser: Pick<User, 'id'>, existingSecret?: string | null): Promise<string> {
    const stored = existingSecret ?? await this.provisionSecretStore.getSecret(homeUser.id);
    if (stored) {
      return stored;
    }
    const generated = generateProvisionSecret();
    await this.provisionSecretStore.storeSecret(homeUser.id, generated);
    return generated;
  }
  async ensureProvisioned(serverUrl: string, homeUser?: User | null): Promise<EnsureProvisionedResult> {
    const normalizedUrl = this.normalizeServerUrl(serverUrl);
    const existing = this.credentialStore.getCredential(normalizedUrl);
    if (existing) {
      return { kind: 'existing', credential: existing };
    }
    const inFlight = this.provisionInFlight.get(normalizedUrl);
    if (inFlight) {
      return inFlight;
    }
    const provisionPromise = this.runProvision(normalizedUrl, homeUser);
    this.provisionInFlight.set(normalizedUrl, provisionPromise);
    try {
      return await provisionPromise;
    } finally {
      this.provisionInFlight.delete(normalizedUrl);
    }
  }
  resolveActorUserIdForServer(serverUrl: string | undefined, fallbackUserId: string): string {
    if (!serverUrl?.trim()) {
      return fallbackUserId;
    }
    const credential = this.getCredential(serverUrl);
    return credential?.userId ?? fallbackUserId;
  }
  resolveSelfPresenceUserIdsForRoom(
    currentUser: Pick<User, 'id' | 'oderId'> | null | undefined,
    roomSourceUrl: string | undefined
  ): ReadonlySet<string> {
    const homeOderId = currentUser?.oderId || currentUser?.id;
    return resolveSelfPresenceUserIds({
      homeUserId: currentUser?.id,
      homeOderId,
      actorUserId: homeOderId
        ? this.resolveActorUserIdForServer(roomSourceUrl, homeOderId)
        : undefined
    });
  }
  resolveCredentialForSignalUrl(
    signalUrl: string,
    homeUser?: Pick<User, 'id' | 'homeSignalServerUrl' | 'displayName'> | null
  ): ResolvedSignalIdentity | null {
    const httpUrl = signalUrl.replace(/^ws/i, 'http');
    return resolveSignalIdentity(
      this.credentialStore.getCredential(httpUrl),
      this.authTokenStore.getTokenEntry(httpUrl),
      homeUser
    );
  }
  private async runProvision(
    normalizedUrl: string,
    homeUser?: User | null
  ): Promise<EnsureProvisionedResult> {
    const user = homeUser ?? await firstValueFrom(this.store.select(selectCurrentUser));
    if (!user) {
      return { kind: 'skipped', reason: 'no-home-user' };
    }
    const provisionSecret = await this.provisionSecretStore.getSecret(user.id);
    if (!provisionSecret) {
      return { kind: 'skipped', reason: 'no-provision-secret' };
    }
    try {
      const result = await this.provisioner.provisionOnServer({
        serverUrl: normalizedUrl,
        homeUser: user,
        provisionSecret
      });
      if (result.usedSuffix) {
        this.provisionNotice.publish({
          serverName: this.resolveServerDisplayName(normalizedUrl),
          preferredUsername: user.username,
          provisionedUsername: result.username
        });
      }
      return { kind: 'provisioned', result };
    } catch (error) {
      if (error instanceof ProvisionUsernameCollisionError) {
        return { kind: 'collision', error };
      }
      throw error;
    }
  }
  private normalizeServerUrl(serverUrl: string): string {
    return serverUrl.trim().replace(/\/+$/, '');
  }
  private resolveServerDisplayName(serverUrl: string): string {
    try {
      return new URL(serverUrl).hostname;
    } catch {
      return serverUrl;
    }
  }
 }
--- a/toju-app/src/app/domains/authentication/application/services/signal-server-authorize.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/signal-server-authorize.service.ts
@@ -0,0 +1,68 @@
 import { Injectable, inject } from '@angular/core';
 import { Router } from '@angular/router';
 import { Store } from '@ngrx/store';
 import { firstValueFrom } from 'rxjs';
 import { selectCurrentUser } from '../../../../store/users/users.selectors';
 import { ServerDirectoryFacade } from '../../../server-directory';
 import { AUTH_MODE_AUTHORIZE, buildLoginReturnQueryParams } from '../../domain/logic/auth-navigation.rules';
 import { SignalServerAuthService } from './signal-server-auth.service';
@Injectable({ providedIn: 'root' })
 export class SignalServerAuthorizeService {
  private readonly router = inject(Router);
  private readonly store = inject(Store);
  private readonly serverDirectory = inject(ServerDirectoryFacade);
  private readonly signalServerAuth = inject(SignalServerAuthService);
  async ensureCredentialForServerUrl(serverUrl: string): Promise<boolean> {
    if (this.signalServerAuth.hasValidCredential(serverUrl)) {
      return true;
    }
    const currentUser = await firstValueFrom(this.store.select(selectCurrentUser));
    if (!currentUser) {
      return false;
    }
    const result = await this.signalServerAuth.ensureProvisioned(serverUrl, currentUser);
    if (result.kind === 'existing' || result.kind === 'provisioned') {
      return true;
    }
    if (result.kind === 'collision') {
      await this.navigateToAuthorize(serverUrl, this.router.url);
      return false;
    }
    if (result.kind === 'skipped' && result.reason === 'no-provision-secret') {
      await this.navigateToAuthorize(serverUrl, this.router.url);
      return false;
    }
    return false;
  }
  async navigateToAuthorize(serverUrl: string, returnUrl: string): Promise<void> {
    const endpoint = this.serverDirectory.ensureServerEndpoint({
      name: this.buildEndpointName(serverUrl),
      url: serverUrl
    });
    await this.router.navigate(['/login'], {
      queryParams: buildLoginReturnQueryParams(returnUrl, undefined, {
        mode: AUTH_MODE_AUTHORIZE,
        serverId: endpoint.id
      })
    });
  }
  private buildEndpointName(serverUrl: string): string {
    try {
      return new URL(serverUrl).hostname;
    } catch {
      return serverUrl;
    }
  }
 }
--- a/toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.spec.ts
+++ b/toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.spec.ts
@@ -0,0 +1,84 @@
 import {
  describe,
  it,
  expect,
  beforeEach
 } from 'vitest';
 import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
 import { AuthTokenStoreService } from './auth-token-store.service';
 describe('SignalServerCredentialStoreService', () => {
  let service: SignalServerCredentialStoreService;
  beforeEach(() => {
    const storage = new Map<string, string>();
    vi.stubGlobal('localStorage', {
      getItem: (key: string) => storage.get(key) ?? null,
      setItem: (key: string, value: string) => { storage.set(key, value); },
      removeItem: (key: string) => { storage.delete(key); },
      clear: () => { storage.clear(); }
    });
    service = new SignalServerCredentialStoreService(new AuthTokenStoreService());
  });
  it('stores and retrieves credentials by normalized server url', () => {
    service.upsertCredential({
      serverUrl: 'https://signal.example.com/',
      userId: 'user-1',
      username: 'alice',
      displayName: 'Alice',
      token: 'token-abc',
      expiresAt: Date.now() + 60_000,
      provisioned: true
    });
    const credential = service.getCredential('https://signal.example.com');
    expect(credential?.userId).toBe('user-1');
    expect(credential?.token).toBe('token-abc');
  });
  it('clears expired credentials on read', () => {
    service.upsertCredential({
      serverUrl: 'https://signal.example.com',
      userId: 'user-1',
      username: 'alice',
      displayName: 'Alice',
      token: 'expired',
      expiresAt: Date.now() - 1,
      provisioned: false
    });
    expect(service.getCredential('https://signal.example.com')).toBeNull();
    expect(service.hasValidCredential('https://signal.example.com')).toBe(false);
  });
  it('removes credentials for a single server url', () => {
    service.upsertCredential({
      serverUrl: 'https://signal-a.example.com',
      userId: 'user-a',
      username: 'alice',
      displayName: 'Alice',
      token: 'token-a',
      expiresAt: Date.now() + 60_000,
      provisioned: true
    });
    service.upsertCredential({
      serverUrl: 'https://signal-b.example.com',
      userId: 'user-b',
      username: 'alice',
      displayName: 'Alice',
      token: 'token-b',
      expiresAt: Date.now() + 60_000,
      provisioned: true
    });
    service.clearCredential('https://signal-a.example.com');
    expect(service.getCredential('https://signal-a.example.com')).toBeNull();
    expect(service.getCredential('https://signal-b.example.com')?.token).toBe('token-b');
  });
 });
--- a/toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.ts
@@ -0,0 +1,88 @@
 import { Injectable, inject } from '@angular/core';
 import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
 import { AuthTokenStoreService } from './auth-token-store.service';
 const STORAGE_KEY = 'metoyou.signalServerCredentials';
@Injectable({ providedIn: 'root' })
 export class SignalServerCredentialStoreService {
  private readonly authTokenStore: AuthTokenStoreService;
  constructor(authTokenStore: AuthTokenStoreService = inject(AuthTokenStoreService)) {
    this.authTokenStore = authTokenStore;
  }
  upsertCredential(credential: SignalServerCredential): void {
    const normalizedUrl = this.normalizeServerUrl(credential.serverUrl);
    const store = this.readStore();
    store[normalizedUrl] = {
      ...credential,
      serverUrl: normalizedUrl
    };
    this.writeStore(store);
    this.authTokenStore.setToken(normalizedUrl, credential.token, credential.expiresAt);
  }
  getCredential(serverUrl: string): SignalServerCredential | null {
    const normalizedUrl = this.normalizeServerUrl(serverUrl);
    const entry = this.readStore()[normalizedUrl];
    if (!entry) {
      return null;
    }
    if (entry.expiresAt <= Date.now()) {
      this.clearCredential(serverUrl);
      return null;
    }
    return entry;
  }
  hasValidCredential(serverUrl: string): boolean {
    return this.getCredential(serverUrl) !== null;
  }
  clearCredential(serverUrl: string): void {
    const normalizedUrl = this.normalizeServerUrl(serverUrl);
    const store = this.readStore();
    const nextStore = Object.fromEntries(
      Object.entries(store).filter(([key]) => key !== normalizedUrl)
    ) as Record<string, SignalServerCredential>;
    this.writeStore(nextStore);
    this.authTokenStore.clearToken(normalizedUrl);
  }
  listValidCredentials(): SignalServerCredential[] {
    const now = Date.now();
    return Object.values(this.readStore()).filter((entry) => entry.expiresAt > now);
  }
  private readStore(): Record<string, SignalServerCredential> {
    try {
      const raw = localStorage.getItem(STORAGE_KEY);
      if (!raw) {
        return {};
      }
      const parsed = JSON.parse(raw) as Record<string, SignalServerCredential>;
      return parsed && typeof parsed === 'object' ? parsed : {};
    } catch {
      return {};
    }
  }
  private writeStore(store: Record<string, SignalServerCredential>): void {
    localStorage.setItem(STORAGE_KEY, JSON.stringify(store));
  }
  private normalizeServerUrl(serverUrl: string): string {
    return serverUrl.trim().replace(/\/+$/, '');
  }
 }
--- a/toju-app/src/app/domains/authentication/application/services/signal-server-provision-notice.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/signal-server-provision-notice.service.ts
@@ -0,0 +1,20 @@
 import { Injectable, signal } from '@angular/core';
 export interface SignalServerProvisionNotice {
  serverName: string;
  preferredUsername: string;
  provisionedUsername: string;
 }
@Injectable({ providedIn: 'root' })
 export class SignalServerProvisionNoticeService {
  readonly notice = signal<SignalServerProvisionNotice | null>(null);
  publish(notice: SignalServerProvisionNotice): void {
    this.notice.set(notice);
  }
  clear(): void {
    this.notice.set(null);
  }
 }
--- a/toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.spec.ts
+++ b/toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.spec.ts
@@ -0,0 +1,171 @@
 import {
  describe,
  it,
  expect,
  beforeEach,
  vi
 } from 'vitest';
 import { of, throwError } from 'rxjs';
 import { HttpClient, HttpErrorResponse } from '@angular/common/http';
 import { SignalServerProvisionerService } from './signal-server-provisioner.service';
 import { AuthTokenStoreService } from './auth-token-store.service';
 import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
 import { ProvisionUsernameCollisionError } from '../../domain/logic/signal-server-provision.rules';
 import type { User } from '../../../../shared-kernel';
 describe('SignalServerProvisionerService', () => {
  let service: SignalServerProvisionerService;
  let httpPost: ReturnType<typeof vi.fn>;
  let credentialStore: SignalServerCredentialStoreService;
  const homeUser: User = {
    id: 'a3f2b1c4-5678-90ab-cdef-1234567890ab',
    oderId: 'a3f2b1c4-5678-90ab-cdef-1234567890ab',
    username: 'alice',
    displayName: 'Alice',
    status: 'online',
    role: 'member',
    joinedAt: Date.now(),
    homeSignalServerUrl: 'https://home.example.com'
  };
  beforeEach(() => {
    const storage = new Map<string, string>();
    vi.stubGlobal('localStorage', {
      getItem: (key: string) => storage.get(key) ?? null,
      setItem: (key: string, value: string) => { storage.set(key, value); },
      removeItem: (key: string) => { storage.delete(key); },
      clear: () => { storage.clear(); }
    });
    httpPost = vi.fn();
    credentialStore = new SignalServerCredentialStoreService(new AuthTokenStoreService());
    service = new SignalServerProvisionerService(
      { post: httpPost } as unknown as HttpClient,
      credentialStore
    );
  });
  it('registers on a foreign server when the preferred username is available', async () => {
    httpPost.mockReturnValue(of({
      id: 'foreign-user-1',
      username: 'alice',
      displayName: 'Alice',
      token: 'foreign-token',
      expiresAt: Date.now() + 60_000
    }));
    const result = await service.provisionOnServer({
      serverUrl: 'https://foreign.example.com',
      homeUser,
      provisionSecret: 'provision-secret'
    });
    expect(result.username).toBe('alice');
    expect(result.usedSuffix).toBe(false);
    expect(credentialStore.getCredential('https://foreign.example.com')?.userId).toBe('foreign-user-1');
    expect(httpPost).toHaveBeenCalledWith(
      'https://foreign.example.com/api/users/register',
      {
        username: 'alice',
        password: 'provision-secret',
        displayName: 'Alice'
      }
    );
  });
  it('logs in when the preferred username was provisioned earlier', async () => {
    httpPost
      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
      .mockReturnValueOnce(of({
        id: 'foreign-user-1',
        username: 'alice',
        displayName: 'Alice',
        token: 'foreign-token',
        expiresAt: Date.now() + 60_000
      }));
    const result = await service.provisionOnServer({
      serverUrl: 'https://foreign.example.com',
      homeUser,
      provisionSecret: 'provision-secret'
    });
    expect(result.username).toBe('alice');
    expect(httpPost).toHaveBeenNthCalledWith(
      2,
      'https://foreign.example.com/api/users/login',
      {
        username: 'alice',
        password: 'provision-secret'
      }
    );
  });
  it('registers with a suffixed username when the preferred name belongs to someone else', async () => {
    httpPost
      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })))
      .mockReturnValueOnce(of({
        id: 'foreign-user-2',
        username: 'alice-a3f2b1',
        displayName: 'Alice',
        token: 'foreign-token-2',
        expiresAt: Date.now() + 60_000
      }));
    const result = await service.provisionOnServer({
      serverUrl: 'https://foreign.example.com',
      homeUser,
      provisionSecret: 'provision-secret'
    });
    expect(result.username).toBe('alice-a3f2b1');
    expect(result.usedSuffix).toBe(true);
    expect(httpPost).toHaveBeenNthCalledWith(
      3,
      'https://foreign.example.com/api/users/register',
      {
        username: 'alice-a3f2b1',
        password: 'provision-secret',
        displayName: 'Alice'
      }
    );
  });
  it('throws when all username candidates are exhausted', async () => {
    httpPost
      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })))
      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })));
    await expect(service.provisionOnServer({
      serverUrl: 'https://foreign.example.com',
      homeUser,
      provisionSecret: 'provision-secret'
    })).rejects.toBeInstanceOf(ProvisionUsernameCollisionError);
  });
  it('returns an existing credential without making network calls', async () => {
    credentialStore.upsertCredential({
      serverUrl: 'https://foreign.example.com',
      userId: 'foreign-user-1',
      username: 'alice',
      displayName: 'Alice',
      token: 'foreign-token',
      expiresAt: Date.now() + 60_000,
      provisioned: true
    });
    const result = await service.provisionOnServer({
      serverUrl: 'https://foreign.example.com',
      homeUser,
      provisionSecret: 'provision-secret'
    });
    expect(result.username).toBe('alice');
    expect(httpPost).not.toHaveBeenCalled();
  });
 });
--- a/toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.ts
+++ b/toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.ts
@@ -0,0 +1,143 @@
 import { Injectable, inject } from '@angular/core';
 import { HttpClient, HttpErrorResponse } from '@angular/common/http';
 import { firstValueFrom } from 'rxjs';
 import type { User } from '../../../../shared-kernel';
 import type { LoginResponse } from '../../domain/models/authentication.model';
 import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
 import { ProvisionUsernameCollisionError, buildProvisionUsernameCandidates } from '../../domain/logic/signal-server-provision.rules';
 import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
 export interface ProvisionResult {
  credential: SignalServerCredential;
  username: string;
  usedSuffix: boolean;
 }
@Injectable({ providedIn: 'root' })
 export class SignalServerProvisionerService {
  private readonly http: HttpClient;
  private readonly credentialStore: SignalServerCredentialStoreService;
  constructor(
    http: HttpClient = inject(HttpClient),
    credentialStore: SignalServerCredentialStoreService = inject(SignalServerCredentialStoreService)
  ) {
    this.http = http;
    this.credentialStore = credentialStore;
  }
  async provisionOnServer(params: {
    serverUrl: string;
    homeUser: Pick<User, 'id' | 'username' | 'displayName'>;
    provisionSecret: string;
  }): Promise<ProvisionResult> {
    const normalizedUrl = this.normalizeServerUrl(params.serverUrl);
    const existing = this.credentialStore.getCredential(normalizedUrl);
    if (existing) {
      return {
        credential: existing,
        username: existing.username,
        usedSuffix: existing.username !== params.homeUser.username.trim()
      };
    }
    const candidates = buildProvisionUsernameCandidates(params.homeUser.username, params.homeUser.id);
    for (let index = 0; index < candidates.length; index += 1) {
      const candidate = candidates[index];
      const usedSuffix = index > 0;
      try {
        const response = await this.register(normalizedUrl, candidate, params.provisionSecret, params.homeUser.displayName);
        return this.persistProvisionResult(normalizedUrl, response, usedSuffix);
      } catch (error) {
        if (!this.isHttpStatus(error, 409)) {
          throw error;
        }
        try {
          const response = await this.login(normalizedUrl, candidate, params.provisionSecret);
          return this.persistProvisionResult(normalizedUrl, response, usedSuffix);
        } catch (loginError) {
          if (!this.isHttpStatus(loginError, 401)) {
            throw loginError;
          }
        }
      }
    }
    throw new ProvisionUsernameCollisionError(normalizedUrl, candidates);
  }
  upsertManualCredential(
    serverUrl: string,
    response: LoginResponse,
    provisioned = false
  ): SignalServerCredential {
    const credential: SignalServerCredential = {
      serverUrl: this.normalizeServerUrl(serverUrl),
      userId: response.id,
      username: response.username,
      displayName: response.displayName,
      token: response.token,
      expiresAt: response.expiresAt,
      provisioned
    };
    this.credentialStore.upsertCredential(credential);
    return credential;
  }
  private async register(
    serverUrl: string,
    username: string,
    password: string,
    displayName: string
  ): Promise<LoginResponse> {
    return firstValueFrom(
      this.http.post<LoginResponse>(`${serverUrl}/api/users/register`, {
        username,
        password,
        displayName
      })
    );
  }
  private async login(
    serverUrl: string,
    username: string,
    password: string
  ): Promise<LoginResponse> {
    return firstValueFrom(
      this.http.post<LoginResponse>(`${serverUrl}/api/users/login`, {
        username,
        password
      })
    );
  }
  private persistProvisionResult(
    serverUrl: string,
    response: LoginResponse,
    usedSuffix: boolean
  ): ProvisionResult {
    const credential = this.upsertManualCredential(serverUrl, response, true);
    return {
      credential,
      username: response.username,
      usedSuffix
    };
  }
  private isHttpStatus(error: unknown, status: number): boolean {
    return error instanceof HttpErrorResponse && error.status === status;
  }
  private normalizeServerUrl(serverUrl: string): string {
    return serverUrl.trim().replace(/\/+$/, '');
  }
 }
--- a/toju-app/src/app/domains/authentication/domain/logic/auth-navigation.rules.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/auth-navigation.rules.ts
@@ -9,6 +9,7 @@ import { UsersActions } from '../../../../store/users/users.actions';
 import type { User } from '../../../../shared-kernel';
 export const DEFAULT_POST_AUTH_URL = '/dashboard';
 export const AUTH_MODE_AUTHORIZE = 'authorize';
 const AUTH_ROUTE_PATHS = new Set(['/login', '/register']);
 const MAX_RETURN_URL_DEPTH = 10;
@@ -79,15 +80,27 @@ export function resolveSafeReturnUrl(
 export function buildLoginReturnQueryParams(
  currentUrl: string,
-  fallback = DEFAULT_POST_AUTH_URL
+  fallback = DEFAULT_POST_AUTH_URL,
-): { returnUrl?: string } {
+  extra: Record<string, string | undefined> = {}
 ): Record<string, string> {
  const safeReturnUrl = resolveSafeReturnUrl(currentUrl, fallback);
  const queryParams: Record<string, string> = {};
-  if (safeReturnUrl === fallback) {
+  if (safeReturnUrl !== fallback) {
-    return {};
+    queryParams['returnUrl'] = safeReturnUrl;
  }
-  return { returnUrl: safeReturnUrl };
+  for (const [key, value] of Object.entries(extra)) {
    if (value?.trim()) {
      queryParams[key] = value.trim();
    }
  }
  return queryParams;
 }
 export function isAuthorizeAuthMode(mode: string | null | undefined): boolean {
  return mode?.trim() === AUTH_MODE_AUTHORIZE;
 }
 export function waitForAuthenticationOutcome(
--- a/toju-app/src/app/domains/authentication/domain/logic/auth-session.rules.spec.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/auth-session.rules.spec.ts
@@ -16,13 +16,9 @@ describe('auth-session.rules', () => {
  } as Pick<User, 'homeSignalServerUrl'>;
  it('collects home and active server urls without duplicates', () => {
-    expect(collectSessionTokenLookupUrls(user, 'https://signal.example.com')).toEqual([
+    expect(collectSessionTokenLookupUrls(user, 'https://signal.example.com')).toEqual(['https://signal.example.com']);
-      'https://signal.example.com'
+
-    ]);
+    expect(collectSessionTokenLookupUrls(user, 'http://localhost:3001')).toEqual(['http://localhost:3001', 'https://signal.example.com']);
    expect(collectSessionTokenLookupUrls(user, 'http://localhost:3001')).toEqual([
      'http://localhost:3001',
      'https://signal.example.com'
    ]);
  });
  it('requires a valid token for a known server url', () => {
--- a/toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.spec.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.spec.ts
@@ -0,0 +1,53 @@
 import {
  describe,
  expect,
  it
 } from 'vitest';
 import { isSelfPresenceUserId, resolveSelfPresenceUserIds } from './self-presence-identity.rules';
 describe('resolveSelfPresenceUserIds', () => {
  it('includes home user id and oderId', () => {
    const ids = resolveSelfPresenceUserIds({
      homeUserId: 'home-id',
      homeOderId: 'peer-a'
    });
    expect([...ids]).toEqual(['home-id', 'peer-a']);
  });
  it('includes the per-server actor user id when provisioned on a foreign server', () => {
    const ids = resolveSelfPresenceUserIds({
      homeUserId: 'home-id',
      homeOderId: 'peer-a',
      actorUserId: 'foreign-id'
    });
    expect([...ids]).toEqual([
      'home-id',
      'peer-a',
      'foreign-id'
    ]);
  });
  it('deduplicates when actor id matches home id', () => {
    const ids = resolveSelfPresenceUserIds({
      homeUserId: 'same-id',
      homeOderId: 'same-id',
      actorUserId: 'same-id'
    });
    expect([...ids]).toEqual(['same-id']);
  });
 });
 describe('isSelfPresenceUserId', () => {
  it('returns true when the user id is part of the self set', () => {
    const selfIds = resolveSelfPresenceUserIds({
      homeUserId: 'home-id',
      actorUserId: 'foreign-id'
    });
    expect(isSelfPresenceUserId('foreign-id', selfIds)).toBe(true);
    expect(isSelfPresenceUserId('other-id', selfIds)).toBe(false);
  });
 });
--- a/toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.ts
@@ -0,0 +1,31 @@
 export interface SelfPresenceIdentityInput {
  homeUserId?: string;
  homeOderId?: string;
  actorUserId?: string;
 }
 /** Collect every user id that represents the local user on a room's signal server. */
 export function resolveSelfPresenceUserIds(input: SelfPresenceIdentityInput): ReadonlySet<string> {
  const ids = new Set<string>();
  if (input.homeUserId?.trim()) {
    ids.add(input.homeUserId.trim());
  }
  if (input.homeOderId?.trim()) {
    ids.add(input.homeOderId.trim());
  }
  if (input.actorUserId?.trim()) {
    ids.add(input.actorUserId.trim());
  }
  return ids;
 }
 export function isSelfPresenceUserId(
  userId: string | undefined,
  selfIds: ReadonlySet<string>
 ): boolean {
  return !!userId?.trim() && selfIds.has(userId.trim());
 }
--- a/toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.spec.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.spec.ts
@@ -0,0 +1,55 @@
 import {
  describe,
  it,
  expect
 } from 'vitest';
 import { resolveSignalIdentity } from './signal-server-credential-resolution.rules';
 describe('resolveSignalIdentity', () => {
  const homeUser = {
    id: 'home-user-1',
    displayName: 'Alice',
    homeSignalServerUrl: 'https://signal.example.com'
  };
  it('prefers the per-signal credential when present', () => {
    const resolved = resolveSignalIdentity(
      { userId: 'provisioned-1', token: 'cred-token', displayName: 'Alice On Foreign' },
      { token: 'legacy-token' },
      homeUser
    );
    expect(resolved).toEqual({
      userId: 'provisioned-1',
      token: 'cred-token',
      displayName: 'Alice On Foreign',
      homeSignalServerUrl: 'https://signal.example.com'
    });
  });
  it('falls back to the legacy session token using the home identity when no credential exists', () => {
    const resolved = resolveSignalIdentity(
      null,
      { token: 'legacy-token' },
      homeUser
    );
    expect(resolved).toEqual({
      userId: 'home-user-1',
      token: 'legacy-token',
      displayName: 'Alice',
      homeSignalServerUrl: 'https://signal.example.com'
    });
  });
  it('returns null when neither a credential nor a legacy token is available', () => {
    expect(resolveSignalIdentity(null, null, homeUser)).toBeNull();
  });
  it('does not fall back to the legacy token without a known home user id', () => {
    expect(resolveSignalIdentity(null, { token: 'legacy-token' }, null)).toBeNull();
    expect(
      resolveSignalIdentity(null, { token: 'legacy-token' }, { displayName: 'Alice' })
    ).toBeNull();
  });
 });
--- a/toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.ts
@@ -0,0 +1,53 @@
 export interface ResolvableHomeUser {
  id?: string;
  displayName?: string;
  homeSignalServerUrl?: string;
 }
 export interface ResolvedSignalIdentity {
  userId: string;
  token: string;
  displayName: string;
  homeSignalServerUrl?: string;
 }
 /**
 * Resolve the identity (oder id + session token) used to `identify` on a signal
 * server.
 *
 * Order of precedence:
 *  1. The per-signal-server credential (the authoritative source for both home
 *     and provisioned foreign servers).
 *  2. The legacy single-session token store, reconstructed with the home user's
 *     identity. This keeps `identify` working for sessions restored from disk
 *     that pre-date the per-signal credential store (otherwise the client never
 *     authenticates and the user appears alone in every room).
 *
 * Foreign servers are never reconstructed from the legacy token: their account
 * id is the provisioned id, which only the per-signal credential carries.
 */
 export function resolveSignalIdentity(
  credential: { userId: string; token: string; displayName: string } | null,
  legacyToken: { token: string } | null,
  homeUser: ResolvableHomeUser | null | undefined
 ): ResolvedSignalIdentity | null {
  if (credential) {
    return {
      userId: credential.userId,
      token: credential.token,
      displayName: credential.displayName,
      homeSignalServerUrl: homeUser?.homeSignalServerUrl
    };
  }
  if (legacyToken && homeUser?.id) {
    return {
      userId: homeUser.id,
      token: legacyToken.token,
      displayName: homeUser.displayName ?? '',
      homeSignalServerUrl: homeUser.homeSignalServerUrl
    };
  }
  return null;
 }
--- a/toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.spec.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.spec.ts
@@ -0,0 +1,36 @@
 import {
  describe,
  it,
  expect
 } from 'vitest';
 import {
  ProvisionUsernameCollisionError,
  buildProvisionUsernameCandidates,
  shortHomeUserId
 } from './signal-server-provision.rules';
 describe('signal-server-provision.rules', () => {
  it('derives a stable short id from a home user uuid', () => {
    expect(shortHomeUserId('a3f2b1c4-5678-90ab-cdef-1234567890ab')).toBe('a3f2b1');
  });
  it('orders username candidates with preferred first then suffixed fallback', () => {
    expect(
      buildProvisionUsernameCandidates('alice', 'a3f2b1c4-5678-90ab-cdef-1234567890ab')
    ).toEqual(['alice', 'alice-a3f2b1']);
  });
  it('deduplicates candidates when suffix would repeat preferred username', () => {
    expect(
      buildProvisionUsernameCandidates('alice-a3f2b1', 'a3f2b1c4-5678-90ab-cdef-1234567890ab')
    ).toEqual(['alice-a3f2b1']);
  });
  it('exposes attempted usernames on collision errors', () => {
    const error = new ProvisionUsernameCollisionError('https://signal.example.com', ['alice', 'alice-a3f2b1']);
    expect(error.name).toBe('ProvisionUsernameCollisionError');
    expect(error.serverUrl).toBe('https://signal.example.com');
    expect(error.attemptedUsernames).toEqual(['alice', 'alice-a3f2b1']);
  });
 });
--- a/toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.ts
+++ b/toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.ts
@@ -0,0 +1,34 @@
 export class ProvisionUsernameCollisionError extends Error {
  constructor(
    readonly serverUrl: string,
    readonly attemptedUsernames: readonly string[]
  ) {
    super(`Could not provision account on ${serverUrl}`);
    this.name = 'ProvisionUsernameCollisionError';
  }
 }
 export function shortHomeUserId(homeUserId: string): string {
  return homeUserId.replace(/-/g, '').slice(0, 6)
    .toLowerCase();
 }
 export function buildProvisionUsernameCandidates(
  preferredUsername: string,
  homeUserId: string
 ): string[] {
  const trimmed = preferredUsername.trim();
  if (!trimmed) {
    return [];
  }
  const candidates = [trimmed];
  const suffix = shortHomeUserId(homeUserId);
  if (suffix && !trimmed.endsWith(`-${suffix}`)) {
    candidates.push(`${trimmed}-${suffix}`);
  }
  return [...new Set(candidates)];
 }
--- a/toju-app/src/app/domains/authentication/domain/models/signal-server-credential.model.ts
+++ b/toju-app/src/app/domains/authentication/domain/models/signal-server-credential.model.ts
@@ -0,0 +1,9 @@
 export interface SignalServerCredential {
  serverUrl: string;
  userId: string;
  username: string;
  displayName: string;
  token: string;
  expiresAt: number;
  provisioned: boolean;
 }
--- a/toju-app/src/app/domains/authentication/feature/login/login.component.html
+++ b/toju-app/src/app/domains/authentication/feature/login/login.component.html
@@ -5,9 +5,19 @@
        name="lucideLogIn"
        class="w-5 h-5 text-primary"
      />
-      <h1 class="text-lg font-semibold text-foreground">{{ 'auth.login.title' | translate }}</h1>
+      <h1 class="text-lg font-semibold text-foreground">
        @if (isAuthorizeMode()) {
          {{ 'auth.authorize.title' | translate: { serverName: authorizeServerName() } }}
        } @else {
          {{ 'auth.login.title' | translate }}
        }
      </h1>
    </div>
    @if (isAuthorizeMode()) {
      <p class="text-xs text-muted-foreground mb-4">{{ 'auth.authorize.description' | translate }}</p>
    }
    <form
      class="space-y-3"
      (ngSubmit)="submit()"
--- a/toju-app/src/app/domains/authentication/feature/login/login.component.ts
+++ b/toju-app/src/app/domains/authentication/feature/login/login.component.ts
@@ -1,6 +1,7 @@
 import {
  Component,
  computed,
  inject,
  OnInit,
  signal
@@ -21,7 +22,9 @@ import {
 import { AuthenticationService } from '../../application/services/authentication.service';
 import { ServerDirectoryFacade } from '../../../server-directory';
 import {
  AUTH_MODE_AUTHORIZE,
  buildLoginReturnQueryParams,
  isAuthorizeAuthMode,
  resolveSafeReturnUrl,
  waitForAuthenticationOutcome
 } from '../../domain/logic/auth-navigation.rules';
@@ -56,6 +59,13 @@ export class LoginComponent implements OnInit {
  password = '';
  serverId: string | undefined = this.serversSvc.activeServer()?.id;
  error = signal<string | null>(null);
  readonly isAuthorizeMode = signal(false);
  readonly authorizeServerName = computed(() => {
    const sid = this.serverId || this.serversSvc.activeServer()?.id;
    const endpoint = this.servers().find((server) => server.id === sid);
    return endpoint?.name ?? this.appI18n.instant('auth.authorize.defaultServerName');
  });
  private readonly appI18n = inject(AppI18nService);
  private auth = inject(AuthenticationService);
@@ -68,6 +78,19 @@ export class LoginComponent implements OnInit {
  trackById(_index: number, item: { id: string }) { return item.id; }
  ngOnInit(): void {
    const mode = this.route.snapshot.queryParamMap.get('mode');
    const requestedServerId = this.route.snapshot.queryParamMap.get('serverId')?.trim();
    this.isAuthorizeMode.set(isAuthorizeAuthMode(mode));
    if (requestedServerId) {
      this.serverId = requestedServerId;
    }
    if (this.isAuthorizeMode()) {
      return;
    }
    this.store.select(selectCurrentUser).pipe(
      filter(Boolean),
      take(1)
@@ -88,8 +111,24 @@ export class LoginComponent implements OnInit {
      password: this.password,
      serverId: sid }).subscribe({
      next: async (resp) => {
-        if (sid)
+        const serverUrl = this.auth.resolveServerUrlFor(sid);
        if (this.isAuthorizeMode()) {
          this.store.dispatch(UsersActions.authorizeSignalServer({
            serverUrl,
            response: resp,
            provisioned: false
          }));
          const returnUrl = resolveSafeReturnUrl(this.route.snapshot.queryParamMap.get('returnUrl'));
          await this.router.navigateByUrl(returnUrl);
          return;
        }
        if (sid) {
          this.serversSvc.setActiveServer(sid);
        }
        const homeSignalServerUrl = this.serversSvc.servers().find((server) => server.id === sid)?.url
          ?? this.serversSvc.activeServer()?.url;
@@ -104,7 +143,7 @@ export class LoginComponent implements OnInit {
          homeSignalServerUrl
        };
-        this.store.dispatch(UsersActions.authenticateUser({ user }));
+        this.store.dispatch(UsersActions.authenticateUser({ user, loginResponse: resp }));
        const outcome = await firstValueFrom(waitForAuthenticationOutcome(this.actions$));
@@ -126,7 +165,10 @@ export class LoginComponent implements OnInit {
  /** Navigate to the registration page. */
  goRegister() {
    this.router.navigate(['/register'], {
-      queryParams: buildLoginReturnQueryParams(this.router.url)
+      queryParams: buildLoginReturnQueryParams(this.router.url, undefined, {
        mode: this.isAuthorizeMode() ? AUTH_MODE_AUTHORIZE : undefined,
        serverId: this.serverId
      })
    });
  }
 }
--- a/toju-app/src/app/domains/authentication/feature/register/register.component.html
+++ b/toju-app/src/app/domains/authentication/feature/register/register.component.html
@@ -5,9 +5,19 @@
        name="lucideUserPlus"
        class="w-5 h-5 text-primary"
      />
-      <h1 class="text-lg font-semibold text-foreground">{{ 'auth.register.title' | translate }}</h1>
+      <h1 class="text-lg font-semibold text-foreground">
        @if (isAuthorizeMode()) {
          {{ 'auth.authorize.registerTitle' | translate: { serverName: authorizeServerName() } }}
        } @else {
          {{ 'auth.register.title' | translate }}
        }
      </h1>
    </div>
    @if (isAuthorizeMode()) {
      <p class="text-xs text-muted-foreground mb-4">{{ 'auth.authorize.description' | translate }}</p>
    }
    <form
      class="space-y-3"
      (ngSubmit)="submit()"
--- a/toju-app/src/app/domains/authentication/feature/register/register.component.ts
+++ b/toju-app/src/app/domains/authentication/feature/register/register.component.ts
@@ -1,7 +1,9 @@
 import {
  Component,
  computed,
  inject,
  OnInit,
  signal
 } from '@angular/core';
 import { CommonModule } from '@angular/common';
@@ -16,7 +18,9 @@ import { firstValueFrom } from 'rxjs';
 import { AuthenticationService } from '../../application/services/authentication.service';
 import { ServerDirectoryFacade } from '../../../server-directory';
 import {
  AUTH_MODE_AUTHORIZE,
  buildLoginReturnQueryParams,
  isAuthorizeAuthMode,
  resolveSafeReturnUrl,
  waitForAuthenticationOutcome
 } from '../../domain/logic/auth-navigation.rules';
@@ -42,7 +46,7 @@ import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/d
 /**
 * Registration form allowing new users to create an account on a selected server.
 */
-export class RegisterComponent {
+export class RegisterComponent implements OnInit {
  serversSvc = inject(ServerDirectoryFacade);
  servers = this.serversSvc.servers;
@@ -51,6 +55,13 @@ export class RegisterComponent {
  password = '';
  serverId: string | undefined = this.serversSvc.activeServer()?.id;
  error = signal<string | null>(null);
  readonly isAuthorizeMode = signal(false);
  readonly authorizeServerName = computed(() => {
    const sid = this.serverId || this.serversSvc.activeServer()?.id;
    const endpoint = this.servers().find((server) => server.id === sid);
    return endpoint?.name ?? this.appI18n.instant('auth.authorize.defaultServerName');
  });
  private readonly appI18n = inject(AppI18nService);
  private auth = inject(AuthenticationService);
@@ -62,6 +73,17 @@ export class RegisterComponent {
  /** TrackBy function for server list rendering. */
  trackById(_index: number, item: { id: string }) { return item.id; }
  ngOnInit(): void {
    const mode = this.route.snapshot.queryParamMap.get('mode');
    const requestedServerId = this.route.snapshot.queryParamMap.get('serverId')?.trim();
    this.isAuthorizeMode.set(isAuthorizeAuthMode(mode));
    if (requestedServerId) {
      this.serverId = requestedServerId;
    }
  }
  /** Validate and submit the registration form, then navigate to search on success. */
  submit() {
    this.error.set(null);
@@ -72,8 +94,24 @@ export class RegisterComponent {
      displayName: this.displayName.trim(),
      serverId: sid }).subscribe({
      next: async (resp) => {
-        if (sid)
+        const serverUrl = this.auth.resolveServerUrlFor(sid);
        if (this.isAuthorizeMode()) {
          this.store.dispatch(UsersActions.authorizeSignalServer({
            serverUrl,
            response: resp,
            provisioned: false
          }));
          const returnUrl = resolveSafeReturnUrl(this.route.snapshot.queryParamMap.get('returnUrl'));
          await this.router.navigateByUrl(returnUrl);
          return;
        }
        if (sid) {
          this.serversSvc.setActiveServer(sid);
        }
        const homeSignalServerUrl = this.serversSvc.servers().find((server) => server.id === sid)?.url
          ?? this.serversSvc.activeServer()?.url;
@@ -88,7 +126,7 @@ export class RegisterComponent {
          homeSignalServerUrl
        };
-        this.store.dispatch(UsersActions.authenticateUser({ user }));
+        this.store.dispatch(UsersActions.authenticateUser({ user, loginResponse: resp }));
        const outcome = await firstValueFrom(waitForAuthenticationOutcome(this.actions$));
@@ -110,7 +148,10 @@ export class RegisterComponent {
  /** Navigate to the login page. */
  goLogin() {
    this.router.navigate(['/login'], {
-      queryParams: buildLoginReturnQueryParams(this.router.url)
+      queryParams: buildLoginReturnQueryParams(this.router.url, undefined, {
        mode: this.isAuthorizeMode() ? AUTH_MODE_AUTHORIZE : undefined,
        serverId: this.serverId
      })
    });
  }
 }
--- a/toju-app/src/app/domains/authentication/index.ts
+++ b/toju-app/src/app/domains/authentication/index.ts
@@ -1,3 +1,12 @@
 export * from './application/services/authentication.service';
 export * from './application/services/auth-token-store.service';
 export * from './application/services/signal-server-auth.service';
 export * from './application/services/signal-server-authorize.service';
 export * from './application/services/signal-server-credential-store.service';
 export * from './application/services/signal-server-provisioner.service';
 export * from './application/services/signal-server-provision-notice.service';
 export * from './application/services/provision-secret-store.service';
 export * from './domain/models/authentication.model';
 export * from './domain/models/signal-server-credential.model';
 export * from './domain/logic/signal-server-provision.rules';
 export * from './domain/logic/auth-navigation.rules';
--- a/toju-app/src/app/domains/chat/domain/rules/message-integrity.rules.ts
+++ b/toju-app/src/app/domains/chat/domain/rules/message-integrity.rules.ts
@@ -21,14 +21,14 @@ export interface InventoryIntegritySnapshot {
  headHash: string;
 }
-export type RemoteInventoryItem = {
+export interface RemoteInventoryItem {
  id: string;
  ts: number;
  rc?: number;
  ac?: number;
  revision?: number;
  headHash?: string;
-};
+}
 export type MessageRevisionAction = MessageRevisionType;
--- a/toju-app/src/app/domains/chat/domain/rules/message-revision-signing.rules.spec.ts
+++ b/toju-app/src/app/domains/chat/domain/rules/message-revision-signing.rules.spec.ts
@@ -5,10 +5,7 @@ import {
  vi
 } from 'vitest';
 import type { MessageRevision } from '../../../../shared-kernel';
-import {
+import { attachRevisionSignatureIfPossible, shouldAcceptRevisionWithoutRegisteredKey } from './message-revision-signing.rules';
  attachRevisionSignatureIfPossible,
  shouldAcceptRevisionWithoutRegisteredKey
 } from './message-revision-signing.rules';
 describe('message-revision-signing.rules', () => {
  const revision: MessageRevision = {
@@ -43,6 +40,7 @@ describe('message-revision-signing.rules', () => {
      ...revision,
      signature: 'signature'
    }, null)).toBe(true);
    expect(shouldAcceptRevisionWithoutRegisteredKey(revision, null)).toBe(false);
  });
 });
--- a/toju-app/src/app/domains/chat/domain/rules/message-sync.rules.spec.ts
+++ b/toju-app/src/app/domains/chat/domain/rules/message-sync.rules.spec.ts
@@ -7,11 +7,7 @@ import { findMissingIds } from './message-sync.rules';
 describe('message-sync.rules', () => {
  it('requests ids with newer revision or mismatched head hash', () => {
-    const localMap = new Map([
+    const localMap = new Map([['m1', { ts: 10, rc: 0, ac: 0, revision: 1, headHash: 'aaa' }], ['m2', { ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' }]]);
      ['m1', { ts: 10, rc: 0, ac: 0, revision: 1, headHash: 'aaa' }],
      ['m2', { ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' }]
    ]);
    const missing = findMissingIds([
      { id: 'm1', ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'ccc' },
      { id: 'm2', ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' },
--- a/toju-app/src/app/domains/chat/feature/typing-indicator/typing-indicator.component.ts
+++ b/toju-app/src/app/domains/chat/feature/typing-indicator/typing-indicator.component.ts
@@ -1,4 +1,4 @@
-/* eslint-disable @typescript-eslint/member-ordering, id-length, id-denylist, */
+/* eslint-disable @typescript-eslint/member-ordering, */
 import {
  Component,
  computed,
--- a/toju-app/src/app/domains/custom-emoji/application/custom-emoji.service.ts
+++ b/toju-app/src/app/domains/custom-emoji/application/custom-emoji.service.ts
@@ -317,6 +317,46 @@ export class CustomEmojiService {
    const peers = this.webrtc.getConnectedPeers();
    await Promise.all(peers.map((peerId) => this.sendEmojiToPeer(peerId, emoji)));
    await this.relayEmojiViaAccountSync(emoji);
  }
  private async relayEmojiViaAccountSync(emoji: CustomEmoji): Promise<void> {
    if (canInlineCustomEmojiTransfer(emoji)) {
      this.webrtc.relayAccountSync({
        type: 'custom-emoji-full',
        customEmoji: emoji
      });
      return;
    }
    const transfer = splitCustomEmojiDataUrl(emoji.dataUrl);
    const manifest: CustomEmojiTransferManifest = {
      id: emoji.id,
      name: emoji.name,
      creatorUserId: emoji.creatorUserId,
      hash: emoji.hash,
      mime: emoji.mime,
      size: emoji.size,
      createdAt: emoji.createdAt,
      updatedAt: emoji.updatedAt
    };
    this.webrtc.relayAccountSync({
      type: 'custom-emoji-full',
      customEmojiTransfer: manifest,
      total: transfer.total
    });
    for (let chunkIndex = 0; chunkIndex < transfer.chunks.length; chunkIndex++) {
      this.webrtc.relayAccountSync({
        type: 'custom-emoji-chunk',
        customEmojiId: emoji.id,
        index: chunkIndex,
        total: transfer.total,
        data: transfer.chunks[chunkIndex]
      });
    }
  }
  private async sendEmojiToPeer(peerId: string, emoji: CustomEmoji): Promise<void> {
--- a/toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.spec.ts
+++ b/toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.spec.ts
@@ -94,6 +94,7 @@ describe('CustomEmojiPickerComponent', () => {
        }
      ]
    });
    initializeAppI18nForTests(injector);
    return runInInjectionContext(injector, () => injector.get(CustomEmojiPickerComponent));
--- a/toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.ts
+++ b/toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.ts
@@ -22,10 +22,7 @@ import {
 import { CustomEmoji, EmojiShortcutEntry } from '../../../../shared-kernel';
 import { CustomEmojiService } from '../../application/custom-emoji.service';
 import { APP_TRANSLATE_IMPORTS, AppI18nService } from '../../../../core/i18n';
-import {
+import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
  AutoFocusDirective,
  SelectOnFocusDirective
 } from '../../../../shared/directives';
 import {
  CUSTOM_EMOJI_ACCEPT_ATTRIBUTE,
  UNICODE_EMOJI_PICKER_ENTRIES,
--- a/toju-app/src/app/domains/direct-call/application/services/direct-call.service.spec.ts
+++ b/toju-app/src/app/domains/direct-call/application/services/direct-call.service.spec.ts
@@ -9,7 +9,11 @@ import { Router } from '@angular/router';
 import { Store } from '@ngrx/store';
 import { Subject } from 'rxjs';
 import { NotificationAudioService, AppSound } from '../../../../core/services/notification-audio.service';
-import { MobileCallSessionService, MobileMediaService, MobileNotificationsService } from '../../../../infrastructure/mobile';
+import {
  MobileCallSessionService,
  MobileMediaService,
  MobileNotificationsService
 } from '../../../../infrastructure/mobile';
 import { initializeAppI18nForTests, provideAppI18nForTests } from '../../../../core/i18n/app-i18n.testing';
 import { ViewportService } from '../../../../core/platform';
 import {
@@ -575,6 +579,7 @@ function createServiceContext(options: ServiceContextOptions): ServiceContext {
      ...provideAppI18nForTests()
    ]
  });
  initializeAppI18nForTests(injector);
  return {
--- a/toju-app/src/app/domains/direct-call/application/services/direct-call.service.ts
+++ b/toju-app/src/app/domains/direct-call/application/services/direct-call.service.ts
@@ -21,10 +21,7 @@ import {
  VoiceConnectionFacade,
  VoicePlaybackService
 } from '../../../voice-connection';
-import {
+import { VoiceSessionFacade, isVoiceOnAnotherClient } from '../../../voice-session';
  VoiceSessionFacade,
  isVoiceOnAnotherClient
 } from '../../../voice-session';
 import { RealtimeSessionFacade } from '../../../../core/realtime';
 import { DirectMessageService, PeerDeliveryService } from '../../../direct-message';
 import type { DirectMessageConversation } from '../../../direct-message';
--- a/toju-app/src/app/domains/direct-message/application/services/friend.service.ts
+++ b/toju-app/src/app/domains/direct-message/application/services/friend.service.ts
@@ -7,6 +7,7 @@ import {
  signal
 } from '@angular/core';
 import { Store } from '@ngrx/store';
 import { RealtimeSessionFacade } from '../../../../core/realtime';
 import { FriendRepository } from '../../infrastructure/friend.repository';
 import type { Friend } from '../../domain/models/direct-message.model';
 import { selectCurrentUser } from '../../../../store/users/users.selectors';
@@ -15,6 +16,7 @@ import { selectCurrentUser } from '../../../../store/users/users.selectors';
 export class FriendService {
  private readonly repository = inject(FriendRepository);
  private readonly store = inject(Store);
  private readonly webrtc = inject(RealtimeSessionFacade);
  private readonly currentUser = this.store.selectSignal(selectCurrentUser);
  private readonly friendsSignal = signal<Friend[]>([]);
  private loadedOwnerId: string | null = null;
@@ -36,11 +38,42 @@ export class FriendService {
    await this.repository.addFriend(ownerId, friend);
    await this.loadForOwner(ownerId, true);
    this.webrtc.relayAccountSync({
      type: 'friend-added',
      userId,
      addedAt: friend.addedAt
    });
  }
  async removeFriend(userId: string): Promise<void> {
    const ownerId = await this.requireOwnerId();
    await this.repository.removeFriend(ownerId, userId);
    await this.loadForOwner(ownerId, true);
    this.webrtc.relayAccountSync({
      type: 'friend-removed',
      userId
    });
  }
  async applyRemoteFriendAdded(userId: string, addedAt: number): Promise<void> {
    const ownerId = await this.requireOwnerId();
    if (this.isFriend(userId)) {
      return;
    }
    await this.repository.addFriend(ownerId, { userId, addedAt });
    await this.loadForOwner(ownerId, true);
  }
  async applyRemoteFriendRemoved(userId: string): Promise<void> {
    const ownerId = await this.requireOwnerId();
    if (!this.isFriend(userId)) {
      return;
    }
    await this.repository.removeFriend(ownerId, userId);
    await this.loadForOwner(ownerId, true);
  }
--- a/toju-app/src/app/domains/direct-message/feature/find-people/find-people.component.ts
+++ b/toju-app/src/app/domains/direct-message/feature/find-people/find-people.component.ts
@@ -17,10 +17,7 @@ import {
 } from '@ng-icons/lucide';
 import { AppI18nService, APP_TRANSLATE_IMPORTS } from '../../../../core/i18n';
-import {
+import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
  AutoFocusDirective,
  SelectOnFocusDirective
 } from '../../../../shared/directives';
 import { UserSearchListComponent } from '../user-search-list/user-search-list.component';
 import { selectAllUsers } from '../../../../store/users/users.selectors';
 import { selectSavedRooms } from '../../../../store/rooms/rooms.selectors';
--- a/toju-app/src/app/domains/direct-message/feature/friend-button/friend-button.component.ts
+++ b/toju-app/src/app/domains/direct-message/feature/friend-button/friend-button.component.ts
@@ -15,7 +15,11 @@ import type { User } from '../../../../shared-kernel';
@Component({
  selector: 'app-friend-button',
  standalone: true,
-  imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
+  imports: [
    CommonModule,
    NgIcon,
    ...APP_TRANSLATE_IMPORTS
  ],
  viewProviders: [provideIcons({ lucideUserCheck, lucideUserPlus })],
  templateUrl: './friend-button.component.html'
 })
--- a/toju-app/src/app/domains/experimental-media/feature/experimental-vlc-player/experimental-vlc-player.component.ts
+++ b/toju-app/src/app/domains/experimental-media/feature/experimental-vlc-player/experimental-vlc-player.component.ts
@@ -23,7 +23,11 @@ import { ExperimentalVlcPlayerHandle, ExperimentalVlcRuntimeService } from '../.
@Component({
  selector: 'app-experimental-vlc-player',
  standalone: true,
-  imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
+  imports: [
    CommonModule,
    NgIcon,
    ...APP_TRANSLATE_IMPORTS
  ],
  viewProviders: [
    provideIcons({
      lucideDownload,
--- a/toju-app/src/app/domains/game-activity/application/game-activity.service.spec.ts
+++ b/toju-app/src/app/domains/game-activity/application/game-activity.service.spec.ts
@@ -232,6 +232,7 @@ function createServiceContext(options: ServiceContextOptions): ServiceContext {
      }
    ]
  });
  initializeAppI18nForTests(injector);
  const service = runInInjectionContext(injector, () => new GameActivityService());
  const context = {
--- a/toju-app/src/app/domains/notifications/feature/settings/notifications-settings/notifications-settings.component.ts
+++ b/toju-app/src/app/domains/notifications/feature/settings/notifications-settings/notifications-settings.component.ts
@@ -21,7 +21,11 @@ import { APP_TRANSLATE_IMPORTS } from '../../../../../core/i18n';
@Component({
  selector: 'app-notifications-settings',
  standalone: true,
-  imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
+  imports: [
    CommonModule,
    NgIcon,
    ...APP_TRANSLATE_IMPORTS
  ],
  viewProviders: [
    provideIcons({
      lucideBell,
--- a/toju-app/src/app/domains/plugins/application/services/plugin-client-api.service.spec.ts
+++ b/toju-app/src/app/domains/plugins/application/services/plugin-client-api.service.spec.ts
@@ -125,6 +125,7 @@ describe('PluginClientApiService', () => {
        })
      })
    );
    expect(context.voice.broadcastMessage).toHaveBeenCalledWith(expect.objectContaining({
      type: 'chat-message',
      message: expect.objectContaining({
@@ -132,6 +133,7 @@ describe('PluginClientApiService', () => {
        roomId: 'room-1'
      })
    }));
    expect(context.messageRevisions.broadcastRevision).toHaveBeenCalled();
  });
--- a/toju-app/src/app/domains/plugins/application/services/plugin-host.service.ts
+++ b/toju-app/src/app/domains/plugins/application/services/plugin-host.service.ts
@@ -17,6 +17,7 @@ import type {
  LocalPluginRegistrationResult,
  RegisteredPlugin
 } from '../../domain/models/plugin-runtime.models';
 import { isSecurePluginRemoteUrl } from '../../domain/rules/plugin-source-url.rules';
 import { LocalPluginDiscoveryService } from '../../infrastructure/local-plugin-discovery.service';
 import { PluginCapabilityService } from './plugin-capability.service';
 import { PluginDesktopStateService } from './plugin-desktop-state.service';
@@ -24,10 +25,7 @@ import { PluginClientApiService } from './plugin-client-api.service';
 import { PluginLoggerService } from './plugin-logger.service';
 import { PluginRegistryService } from './plugin-registry.service';
 import { PluginUiRegistryService } from './plugin-ui-registry.service';
-import {
+import { fileUrlToPath, grantPluginReadRoots } from '../../domain/rules/plugin-local-file.rules';
  fileUrlToPath,
  grantPluginReadRoots
 } from '../../domain/rules/plugin-local-file.rules';
 interface ActivePluginRuntime {
  context: TojuPluginActivationContext;
@@ -379,7 +377,7 @@ export class PluginHostService {
      return { module, moduleObjectUrl };
    }
-    if (!entrypointUrl.startsWith('file://') && !entrypointUrl.startsWith('https://')) {
+    if (!entrypointUrl.startsWith('file://') && !isSecurePluginRemoteUrl(entrypointUrl)) {
      throw new Error('Remote plugin entrypoints must use HTTPS');
    }
@@ -388,7 +386,7 @@ export class PluginHostService {
        module: await import(/* @vite-ignore */ entrypointUrl) as TojuClientPluginModule
      };
    } catch (error) {
-      if (!entrypointUrl.startsWith('https://')) {
+      if (!isSecurePluginRemoteUrl(entrypointUrl)) {
        throw error;
      }
@@ -420,7 +418,7 @@ export class PluginHostService {
  }
  private async createRemoteModuleObjectUrl(entrypointUrl: string, manifest: TojuPluginManifest): Promise<string> {
-    if (!entrypointUrl.startsWith('https://')) {
+    if (!isSecurePluginRemoteUrl(entrypointUrl)) {
      throw new Error('Remote plugin entrypoints must use HTTPS');
    }
--- a/toju-app/src/app/domains/plugins/application/services/plugin-store.service.spec.ts
+++ b/toju-app/src/app/domains/plugins/application/services/plugin-store.service.spec.ts
@@ -238,6 +238,22 @@ describe('PluginStoreService', () => {
      url: plugin.readmeUrl
    });
  });
  it('allows localhost HTTP plugin source URLs for local dev and E2E', async () => {
    const localSourceUrl = 'http://localhost:4200/plugins/e2e-plugin-source.json';
    mockFetchResponses(fetchMock, {
      [localSourceUrl]: jsonResponse({
        title: 'Local E2E Source',
        plugins: []
      })
    });
    const service = createService(registerLocalManifest, unregister);
    await expect(service.addSourceUrl(localSourceUrl)).resolves.toBeUndefined();
    expect(service.sourceUrls()).toContain(localSourceUrl);
  });
 });
 function mockFetchResponses(fetchMock: ReturnType<typeof vi.fn>, responses: Record<string, Response>): void {
@@ -312,8 +328,8 @@ function createService(
      }
    ]
  });
  const service = injector.get(PluginStoreService);
  injector.get(AppI18nService).initialize();
  return service;
--- a/toju-app/src/app/domains/plugins/application/services/plugin-store.service.ts
+++ b/toju-app/src/app/domains/plugins/application/services/plugin-store.service.ts
@@ -11,6 +11,7 @@ import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
 import { Store } from '@ngrx/store';
 import { firstValueFrom } from 'rxjs';
 import { environment } from '../../../../../environments/environment';
 import { isLocalDevPluginSourceUrl } from '../../domain/rules/plugin-source-url.rules';
 import { RealtimeSessionFacade } from '../../../../core/realtime';
 import { AppI18nService } from '../../../../core/i18n';
 import { getUserScopedStorageKey } from '../../../../core/storage/current-user-storage';
@@ -45,10 +46,7 @@ import { PluginCapabilityService } from './plugin-capability.service';
 import { PluginDesktopStateService } from './plugin-desktop-state.service';
 import { PluginRequirementService } from './plugin-requirement.service';
 import { PluginRegistryService } from './plugin-registry.service';
-import {
+import { fileUrlToPath, grantPluginReadRoots } from '../../domain/rules/plugin-local-file.rules';
  fileUrlToPath,
  grantPluginReadRoots
 } from '../../domain/rules/plugin-local-file.rules';
 const STORE_SCHEMA_VERSION = 2;
 const STORAGE_KEY_PLUGIN_STORE = 'metoyou_plugin_store';
@@ -172,8 +170,8 @@ export class PluginStoreService {
    }
    this.sourceUrlsSignal.update((sourceUrls) => [...sourceUrls, sourceUrl]);
    await this.ensurePluginSourceReadRoot(sourceUrl);
    this.saveState();
    await this.ensurePluginSourceReadRoot(sourceUrl);
    await this.refreshSources();
  }
@@ -514,7 +512,7 @@ export class PluginStoreService {
      return await this.readLocalFileUrl(url);
    }
-    if (!url.startsWith('https://')) {
+    if (!url.startsWith('https://') && !isLocalDevPluginSourceUrl(url)) {
      throw new Error('Remote plugin store requests must use HTTPS');
    }
--- a/toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.spec.ts
+++ b/toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.spec.ts
@@ -1,4 +1,8 @@
-import { describe, expect, it } from 'vitest';
+import {
  describe,
  expect,
  it
 } from 'vitest';
 import {
  collectPluginReadRoots,
  fileUrlToPath,
@@ -15,18 +19,12 @@ describe('plugin-local-file.rules', () => {
    expect(collectPluginReadRoots(
      'file:///home/ludde/Desktop/TestPlugin/plugin-source.json',
      'file:///home/ludde/Desktop/TestPlugin/dist/main.js'
-    )).toEqual([
+    )).toEqual(['/home/ludde/Desktop/TestPlugin', '/home/ludde/Desktop/TestPlugin/dist']);
      '/home/ludde/Desktop/TestPlugin',
      '/home/ludde/Desktop/TestPlugin/dist'
    ]);
  });
  it('treats directory file URLs as their own read roots', () => {
-    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin/')).toEqual([
+    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin/')).toEqual(['/home/ludde/Desktop/TestPlugin']);
-      '/home/ludde/Desktop/TestPlugin'
+
-    ]);
+    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin')).toEqual(['/home/ludde/Desktop/TestPlugin']);
    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin')).toEqual([
      '/home/ludde/Desktop/TestPlugin'
    ]);
  });
 });
--- a/toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.ts
+++ b/toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.ts
@@ -8,7 +8,8 @@ export function pluginFileParentDir(filePath: string): string {
 }
 export function pluginReadRootForFileUrl(fileUrl: string): string {
-  const filePath = fileUrlToPath(fileUrl).replace(/\\/g, '/').replace(/\/+$/, '');
+  const filePath = fileUrlToPath(fileUrl).replace(/\\/g, '/')
    .replace(/\/+$/, '');
  const basename = filePath.split('/').pop() ?? '';
  if (fileUrl.endsWith('/') || !basename.includes('.')) {
@@ -18,7 +19,7 @@ export function pluginReadRootForFileUrl(fileUrl: string): string {
  return pluginFileParentDir(filePath);
 }
-export function collectPluginReadRoots(...fileUrls: Array<string | undefined>): string[] {
+export function collectPluginReadRoots(...fileUrls: (string | undefined)[]): string[] {
  const roots = new Set<string>();
  for (const fileUrl of fileUrls) {
@@ -34,7 +35,7 @@ export function collectPluginReadRoots(...fileUrls: Array<string | undefined>):
 export async function grantPluginReadRoots(
  api: Pick<ElectronApi, 'grantPluginReadRoot'> | null | undefined,
-  ...fileUrls: Array<string | undefined>
+  ...fileUrls: (string | undefined)[]
 ): Promise<void> {
  if (!api?.grantPluginReadRoot) {
    return;
--- a/toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.spec.ts
+++ b/toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.spec.ts
@@ -0,0 +1,16 @@
 import { isLocalDevPluginSourceUrl, isSecurePluginRemoteUrl } from './plugin-source-url.rules';
 describe('plugin source URL rules', () => {
  it('treats localhost HTTP URLs as local dev plugin sources', () => {
    expect(isLocalDevPluginSourceUrl('http://localhost:4200/plugins/e2e-plugin-source.json')).toBe(true);
    expect(isLocalDevPluginSourceUrl('http://127.0.0.1:4200/plugins/e2e-plugin-source.json')).toBe(true);
    expect(isLocalDevPluginSourceUrl('http://example.com/plugins.json')).toBe(false);
    expect(isLocalDevPluginSourceUrl('https://localhost/plugins.json')).toBe(false);
  });
  it('accepts HTTPS and localhost HTTP as secure remote plugin URLs', () => {
    expect(isSecurePluginRemoteUrl('https://plugins.example.test/index.json')).toBe(true);
    expect(isSecurePluginRemoteUrl('http://localhost:4200/plugins/e2e-plugin-source.json')).toBe(true);
    expect(isSecurePluginRemoteUrl('http://example.com/plugins.json')).toBe(false);
  });
 });
--- a/toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.ts
+++ b/toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.ts
@@ -0,0 +1,14 @@
 export function isLocalDevPluginSourceUrl(url: string): boolean {
  try {
    const parsed = new URL(url);
    return parsed.protocol === 'http:'
      && (parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1');
  } catch {
    return false;
  }
 }
 export function isSecurePluginRemoteUrl(url: string): boolean {
  return url.startsWith('https://') || isLocalDevPluginSourceUrl(url);
 }
--- a/toju-app/src/app/domains/profile-avatar/feature/profile-avatar-editor/profile-avatar-editor.component.ts
+++ b/toju-app/src/app/domains/profile-avatar/feature/profile-avatar-editor/profile-avatar-editor.component.ts
@@ -23,7 +23,11 @@ import {
@Component({
  selector: 'app-profile-avatar-editor',
  standalone: true,
-  imports: [CommonModule, ModalBackdropComponent, ...APP_TRANSLATE_IMPORTS],
+  imports: [
    CommonModule,
    ModalBackdropComponent,
    ...APP_TRANSLATE_IMPORTS
  ],
  templateUrl: './profile-avatar-editor.component.html'
 })
 export class ProfileAvatarEditorComponent {
--- a/toju-app/src/app/domains/server-directory/README.md
+++ b/toju-app/src/app/domains/server-directory/README.md
@@ -160,7 +160,7 @@ Beyond free-text search, the directory exposes curated discovery lists that powe
 - `ServerDirectoryFacade.getFeaturedServers()` → `GET /api/servers/featured`
 - `ServerDirectoryFacade.getTrendingServers()` → `GET /api/servers/trending`
-Both pass through `ServerDirectoryService` to `ServerDirectoryApiService.getFeaturedServers()` / `getTrendingServers()`, which share a private `getDiscoveryServers(path)` HTTP helper and normalise results into `ServerInfo[]` exactly like search. The server ranks featured servers (stable curation) and trending servers (recent activity) via `server-ranking.util.ts`; each route caps results at 50 (`parseDiscoveryLimit`). The discovery routes are registered before the parameterised `/:id` route so `featured`/`trending` are not captured as server IDs.
+Both pass through `ServerDirectoryService` to `ServerDirectoryApiService.getFeaturedServers()` / `getTrendingServers()`, which share a private `getDiscoveryServers(path)` HTTP helper and normalise results into `ServerInfo[]` exactly like search. Discovery **fans out across every online endpoint** (`getSearchableEndpoints()` + `forkJoin`, deduplicated by ID), mirroring all-endpoint search — querying only the active endpoint made the default `/servers` view appear empty whenever that endpoint was a discovery-unsupported production host (`endpointSupportsServerDiscovery`), even though plenty of servers existed on other online endpoints. Each endpoint that is in `DISCOVERY_UNSUPPORTED_HOSTS` is skipped (returns `[]`) per-endpoint rather than short-circuiting the whole request. The server ranks featured servers (stable curation) and trending servers (recent activity) via `server-ranking.util.ts`; each route caps results at 50 (`parseDiscoveryLimit`). The discovery routes are registered before the parameterised `/:id` route so `featured`/`trending` are not captured as server IDs.
 `FindServersComponent` (`/servers`) composes these into discovery sections — **Recently active** (the user's saved rooms, capped at 6), **Featured servers**, and **Trending** — and renders them through the reusable `app-server-browser`. `DashboardComponent` (`/dashboard`) uses the same facade methods for its quick search results.
--- a/toju-app/src/app/domains/server-directory/application/services/server-directory.service.ts
+++ b/toju-app/src/app/domains/server-directory/application/services/server-directory.service.ts
@@ -29,6 +29,7 @@ import {
 import { ServerEndpointCompatibilityService } from '../../infrastructure/services/server-endpoint-compatibility.service';
 import { ServerEndpointHealthService } from '../../infrastructure/services/server-endpoint-health.service';
 import { ServerEndpointStateService } from './server-endpoint-state.service';
 import { SignalServerAuthService } from '../../../authentication/application/services/signal-server-auth.service';
@Injectable({ providedIn: 'root' })
 export class ServerDirectoryService {
@@ -41,6 +42,7 @@ export class ServerDirectoryService {
  private readonly endpointCompatibility = inject(ServerEndpointCompatibilityService);
  private readonly endpointHealth = inject(ServerEndpointHealthService);
  private readonly api = inject(ServerDirectoryApiService);
  private readonly signalServerAuth = inject(SignalServerAuthService);
  private readonly initialServerHealthCheck: Promise<void>;
  private shouldSearchAllServers = true;
@@ -217,6 +219,10 @@ export class ServerDirectoryService {
      healthResult.serverTag
    );
    if (healthResult.status === 'online' && endpoint.isActive) {
      void this.signalServerAuth.ensureProvisioned(endpoint.url).catch(() => undefined);
    }
    return healthResult.status === 'online';
  }
@@ -286,7 +292,13 @@ export class ServerDirectoryService {
    request: ServerJoinAccessRequest,
    selector?: ServerSourceSelector
  ): Observable<ServerJoinAccessResponse> {
-    return this.api.requestJoin(request, selector);
+    const actorUserId = this.resolveActorUserId(request.userId, selector);
    return this.api.requestJoin({
      ...request,
      userId: actorUserId,
      userPublicKey: actorUserId
    }, selector);
  }
  createInvite(
@@ -326,7 +338,7 @@ export class ServerDirectoryService {
  }
  notifyLeave(serverId: string, userId: string, selector?: ServerSourceSelector): Observable<void> {
-    return this.api.notifyLeave(serverId, userId, selector);
+    return this.api.notifyLeave(serverId, this.resolveActorUserId(userId, selector), selector);
  }
  updateUserCount(serverId: string, count: number): Observable<void> {
@@ -353,4 +365,27 @@ export class ServerDirectoryService {
      this.shouldSearchAllServers = true;
    }
  }
  private resolveActorUserId(userId: string, selector?: ServerSourceSelector): string {
    return this.signalServerAuth.resolveActorUserIdForServer(
      this.resolveSelectorServerUrl(selector),
      userId
    );
  }
  private resolveSelectorServerUrl(selector?: ServerSourceSelector): string | undefined {
    const sourceUrl = selector?.sourceUrl?.trim();
    if (sourceUrl) {
      return this.endpointState.sanitiseUrl(sourceUrl);
    }
    const sourceId = selector?.sourceId?.trim();
    if (sourceId) {
      return this.servers().find((endpoint) => endpoint.id === sourceId)?.url;
    }
    return this.activeServer()?.url;
  }
 }
--- a/toju-app/src/app/domains/server-directory/feature/create-server-dialog/create-server-dialog.component.ts
+++ b/toju-app/src/app/domains/server-directory/feature/create-server-dialog/create-server-dialog.component.ts
@@ -20,10 +20,7 @@ import { ServerDirectoryFacade } from '../../application/facades/server-director
 import { ThemeNodeDirective } from '../../../theme';
 import { ViewportService } from '../../../../core/platform';
 import { BottomSheetComponent, ModalBackdropComponent } from '../../../../shared';
-import {
+import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
  AutoFocusDirective,
  SelectOnFocusDirective
 } from '../../../../shared/directives';
 import { CATEGORY_PRESETS, ServerCategoryPreset } from '../create-server/create-server.component';
 /**
@@ -114,6 +111,7 @@ export class CreateServerDialogComponent {
      this.router.navigate(['/login'], {
        queryParams: buildLoginReturnQueryParams(this.router.url)
      });
      return;
    }
--- a/toju-app/src/app/domains/server-directory/feature/find-servers/find-servers.component.spec.ts
+++ b/toju-app/src/app/domains/server-directory/feature/find-servers/find-servers.component.spec.ts
@@ -52,6 +52,7 @@ function createHarness(options: HarnessOptions = {}) {
      ...provideAppI18nForTests()
    ]
  });
  initializeAppI18nForTests(injector);
  const component = runInInjectionContext(injector, () => injector.get(FindServersComponent));
--- a/toju-app/src/app/domains/server-directory/feature/invite/invite.component.ts
+++ b/toju-app/src/app/domains/server-directory/feature/invite/invite.component.ts
@@ -18,6 +18,7 @@ import { DatabaseService } from '../../../../infrastructure/persistence';
 import { ServerDirectoryFacade } from '../../application/facades/server-directory.facade';
 import { User } from '../../../../shared-kernel';
 import { buildLoginReturnQueryParams } from '../../../authentication/domain/logic/auth-navigation.rules';
 import { SignalServerAuthorizeService } from '../../../authentication/application/services/signal-server-authorize.service';
@Component({
  selector: 'app-invite',
@@ -26,19 +27,22 @@ import { buildLoginReturnQueryParams } from '../../../authentication/domain/logi
  templateUrl: './invite.component.html'
 })
 export class InviteComponent implements OnInit {
  private readonly i18n = inject(AppI18nService);
  readonly currentUser = inject(Store).selectSignal(selectCurrentUser);
  readonly invite = signal<ServerInviteInfo | null>(null);
  readonly status = signal<'loading' | 'redirecting' | 'joining' | 'error'>('loading');
-  readonly message = signal(this.i18n.instant('servers.invite.messages.loading'));
+  readonly message = signal('');
  private readonly i18n = inject(AppI18nService);
  private readonly route = inject(ActivatedRoute);
  private readonly router = inject(Router);
  private readonly store = inject(Store);
  private readonly serverDirectory = inject(ServerDirectoryFacade);
  private readonly databaseService = inject(DatabaseService);
  private readonly signalServerAuthorize = inject(SignalServerAuthorizeService);
  async ngOnInit(): Promise<void> {
    this.message.set(this.i18n.instant('servers.invite.messages.loading'));
    const inviteContext = this.resolveInviteContext();
    if (!inviteContext) {
@@ -127,6 +131,15 @@ export class InviteComponent implements OnInit {
    this.message.set(this.i18n.instant('servers.invite.messages.joining', { name: invite.server.name }));
    const currentUser = await this.hydrateCurrentUser();
    const hasCredential = await this.signalServerAuthorize.ensureCredentialForServerUrl(context.sourceUrl);
    if (!hasCredential) {
      this.status.set('redirecting');
      this.message.set(this.i18n.instant('servers.invite.messages.redirectingAuthorize'));
      return;
    }
    const joinResponse = await firstValueFrom(this.serverDirectory.requestJoin({
      roomId: invite.server.id,
      userId: currentUserId,
--- a/toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.spec.ts
+++ b/toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.spec.ts
@@ -114,6 +114,7 @@ function createHarness(options: HarnessOptions = {}) {
      ...provideAppI18nForTests()
    ]
  });
  initializeAppI18nForTests(injector);
  const component = runInInjectionContext(injector, () => injector.get(ServerBrowserComponent));
--- a/toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.ts
+++ b/toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.ts
@@ -32,6 +32,7 @@ import {
 import { AppI18nService, APP_TRANSLATE_IMPORTS } from '../../../../core/i18n';
 import { setStoredCurrentUserId } from '../../../../core/storage/current-user-storage';
 import { buildLoginReturnQueryParams } from '../../../authentication/domain/logic/auth-navigation.rules';
 import { SignalServerAuthorizeService } from '../../../authentication/application/services/signal-server-authorize.service';
 import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
 import { RoomsActions } from '../../../../store/rooms/rooms.actions';
 import {
@@ -124,6 +125,7 @@ export class ServerBrowserComponent implements OnInit {
  private pluginStore = inject(PluginStoreService);
  private injector = inject(Injector);
  private readonly i18n = inject(AppI18nService);
  private readonly signalServerAuthorize = inject(SignalServerAuthorizeService);
  private searchSubject = new Subject<string>();
  private banLookupRequestVersion = 0;
@@ -530,6 +532,14 @@ export class ServerBrowserComponent implements OnInit {
        }
      }
      if (server.sourceUrl) {
        const hasCredential = await this.signalServerAuthorize.ensureCredentialForServerUrl(server.sourceUrl);
        if (!hasCredential) {
          return;
        }
      }
      const response = await firstValueFrom(
        this.serverDirectory.requestJoin(
          {
--- a/toju-app/src/app/domains/server-directory/infrastructure/services/server-directory-api.service.spec.ts
+++ b/toju-app/src/app/domains/server-directory/infrastructure/services/server-directory-api.service.spec.ts
@@ -80,3 +80,80 @@ describe('ServerDirectoryApiService discovery endpoints', () => {
    expect(result).toEqual([]);
  });
 });
 function createMultiEndpointHarness(
  endpoints: { id: string; name: string; url: string; status: string }[],
  getImpl: (url: string) => unknown
 ) {
  const get = vi.fn((url: string) => of(getImpl(url) ?? { servers: [], total: 0 }));
  const http = { get } as unknown as HttpClient;
  const endpointState = {
    activeServer: () => endpoints[0],
    activeServers: () => endpoints,
    servers: () => [],
    resolveCanonicalEndpoint: (endpoint: unknown) => endpoint ?? null,
    findServerByUrl: () => null,
    sanitiseUrl: (value: string) => value
  } as unknown as ServerEndpointStateService;
  const injector = Injector.create({
    providers: [
      ServerDirectoryApiService,
      { provide: HttpClient, useValue: http },
      { provide: ServerEndpointStateService, useValue: endpointState }
    ]
  });
  const service = runInInjectionContext(injector, () => injector.get(ServerDirectoryApiService));
  return { service, get };
 }
 describe('ServerDirectoryApiService discovery fan-out', () => {
  const endpoints = [
    { id: 'ep-1', name: 'Local', url: 'https://local.test', status: 'online' },
    { id: 'ep-2', name: 'Other', url: 'https://other.test', status: 'online' },
    { id: 'ep-3', name: 'Prod', url: 'https://signal.toju.app', status: 'online' }
  ];
  it('aggregates discovery results across all online endpoints', async () => {
    const { service, get } = createMultiEndpointHarness(endpoints, (url) => {
      if (url.startsWith('https://local.test'))
        return { servers: [{ id: 's1', name: 'Alpha' }], total: 1 };
      if (url.startsWith('https://other.test'))
        return { servers: [{ id: 's2', name: 'Beta' }], total: 1 };
      return { servers: [], total: 0 };
    });
    const result = await firstValueFrom(service.getFeaturedServers());
    expect(result.map((server) => server.id).sort()).toEqual(['s1', 's2']);
    const calledUrls = get.mock.calls.map((call) => call[0] as string);
    expect(calledUrls).toContain('https://local.test/api/servers/featured');
    expect(calledUrls).toContain('https://other.test/api/servers/featured');
  });
  it('does not query discovery-unsupported hosts but still returns the supported endpoints', async () => {
    const { service, get } = createMultiEndpointHarness(endpoints, (url) => {
      if (url.startsWith('https://local.test'))
        return { servers: [{ id: 's1', name: 'Alpha' }], total: 1 };
      return { servers: [], total: 0 };
    });
    const result = await firstValueFrom(service.getTrendingServers());
    expect(result.map((server) => server.id)).toEqual(['s1']);
    const calledUrls = get.mock.calls.map((call) => call[0] as string);
    expect(calledUrls.some((url) => url.includes('signal.toju.app'))).toBe(false);
  });
  it('deduplicates the same server returned by multiple endpoints', async () => {
    const { service } = createMultiEndpointHarness(endpoints, () =>
      ({ servers: [{ id: 'dup', name: 'Shared' }], total: 1 })
    );
    const result = await firstValueFrom(service.getFeaturedServers());
    expect(result.map((server) => server.id)).toEqual(['dup']);
  });
 });
--- a/toju-app/src/app/domains/server-directory/infrastructure/services/server-directory-api.service.ts
+++ b/toju-app/src/app/domains/server-directory/infrastructure/services/server-directory-api.service.ts
@@ -297,18 +297,43 @@ export class ServerDirectoryApiService {
  }
  private getDiscoveryServers(kind: 'featured' | 'trending', limit?: number): Observable<ServerInfo[]> {
-    const baseUrl = this.resolveBaseServerUrl();
+    const params = typeof limit === 'number' ? new HttpParams().set('limit', String(limit)) : undefined;
    const onlineEndpoints = this.getSearchableEndpoints();
    // Fan discovery out across every online endpoint (mirroring search) so the
    // default find-servers view isn't empty just because the *active* endpoint
    // is a discovery-unsupported production host. Querying only the active
    // endpoint made servers invisible until the user typed a search query.
    if (onlineEndpoints.length === 0) {
      return this.fetchDiscoveryFromEndpoint(
        kind,
        this.resolveBaseServerUrl(),
        this.endpointState.activeServer(),
        params
      );
    }
    return forkJoin(
      onlineEndpoints.map((endpoint) =>
        this.fetchDiscoveryFromEndpoint(kind, endpoint.url, endpoint, params)
      )
    ).pipe(map((resultArrays) => this.deduplicateById(resultArrays.flat())));
  }
  private fetchDiscoveryFromEndpoint(
    kind: 'featured' | 'trending',
    baseUrl: string,
    source: ServerEndpoint | null | undefined,
    params?: HttpParams
  ): Observable<ServerInfo[]> {
    if (!endpointSupportsServerDiscovery(baseUrl)) {
      return of([]);
    }
    const params = typeof limit === 'number' ? new HttpParams().set('limit', String(limit)) : undefined;
    return this.http
-      .get<{ servers: ServerInfo[]; total: number }>(`${this.getApiBaseUrl()}/servers/${kind}`, params ? { params } : {})
+      .get<{ servers: ServerInfo[]; total: number }>(`${baseUrl}/api/servers/${kind}`, params ? { params } : {})
      .pipe(
-        map((response) => this.normalizeServerList(response, this.endpointState.activeServer())),
+        map((response) => this.normalizeServerList(response, source ?? null)),
        catchError((error) => {
          console.error(`Failed to get ${kind} servers:`, error);
          return of([]);
--- a/toju-app/src/app/domains/theme/application/services/theme.service.spec.ts
+++ b/toju-app/src/app/domains/theme/application/services/theme.service.spec.ts
@@ -28,6 +28,7 @@ describe('ThemeService theme application', () => {
        useValue: createDocumentStub(styleElements)
      }
    ]);
    initializeAppI18nForTests(injector);
    service = injector.get(ThemeService);
--- a/toju-app/src/app/domains/theme/application/services/theme.service.ts
+++ b/toju-app/src/app/domains/theme/application/services/theme.service.ts
@@ -347,7 +347,12 @@ export class ThemeService {
      return false;
    }
-    this.commitTheme(result.value, stringifyTheme(result.value), this.appI18n.instant('theme.status.presetApplied', { name: result.value.meta.name }));
+    this.commitTheme(
      result.value,
      stringifyTheme(result.value),
      this.appI18n.instant('theme.status.presetApplied', { name: result.value.meta.name })
    );
    return true;
  }
--- a/toju-app/src/app/domains/theme/feature/theme-picker-overlay/theme-picker-overlay.component.ts
+++ b/toju-app/src/app/domains/theme/feature/theme-picker-overlay/theme-picker-overlay.component.ts
@@ -12,10 +12,7 @@ import { ThemeRegistryService } from '../../application/services/theme-registry.
@Component({
  selector: 'app-theme-picker-overlay',
  standalone: true,
-  imports: [
+  imports: [CommonModule, ...APP_TRANSLATE_IMPORTS],
    CommonModule,
    ...APP_TRANSLATE_IMPORTS
  ],
  templateUrl: './theme-picker-overlay.component.html'
 })
 export class ThemePickerOverlayComponent {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Myx	d0aff6319d	fix: should now sync with other devices All checks were successful Queue Release Build / prepare (push) Successful in 25s Details Deploy Web Apps / deploy (push) Successful in 7m8s Details Queue Release Build / build-windows (push) Successful in 28m10s Details Queue Release Build / build-linux (push) Successful in 44m38s Details Queue Release Build / build-android (push) Successful in 18m36s Details Queue Release Build / finalize (push) Successful in 1m40s Details	2026-06-09 22:00:39 +02:00
Myx	1274ad9b46	fix: search	2026-06-09 22:00:06 +02:00
Myx	eb51f043ac	fix: Major bug cleanup pass 1 All checks were successful Queue Release Build / prepare (push) Successful in 19s Details Deploy Web Apps / deploy (push) Successful in 8m12s Details Queue Release Build / build-windows (push) Successful in 27m44s Details Queue Release Build / build-linux (push) Successful in 48m1s Details Queue Release Build / build-android (push) Successful in 22m7s Details Queue Release Build / finalize (push) Successful in 2m42s Details	2026-06-09 17:59:54 +02:00