# ECP-0056: TURN ICE Bootstrap Endpoint

Status: Draft

## Problem

WebRTC connectivity is unreliable across diverse NAT / firewall environments when we rely only on
public STUN servers. For "send a link to mom" reliability, viewers need TURN available.

We also need a single, stable place for the web app and native CLI to fetch ICE server config
without exposing implementation details in the UI.

## Proposal

- Add `GET /api/turn` on `every.channel`.
- Response returns a `just-webrtc` compatible `PeerConfiguration` subset:
  - `ice_servers`: array of STUN/TURN servers.
- Default behavior:
  - Always include STUN servers (Cloudflare STUN + Google STUN fallback).
  - If a TURN shared secret is configured in the Worker environment, also include TURN servers
    with short-lived credentials generated via the TURN REST pattern (HMAC-based).

This keeps the container DO offline (`enableInternet=false`) and centralizes "how to TURN" in the
Worker, while clients remain generic.

## Security / Abuse Notes

- TURN credentials are short-lived (hour-scale) and only usable against the TURN provider.
- We do not log or persist TURN credentials.
- The shared secret is stored as a Worker secret (not in git).

## Rollout

1. Deploy Worker with `/api/turn`.
2. Update web viewer + `ec-node` direct publish/subscribe to fetch and use `/api/turn`.
3. If/when Cloudflare Calls TURN keys are enabled for the account, store the Calls TURN key as the
   shared secret in the Worker and turn on TURN at the edge.