apiVersion: capsule.dev/v0.1
kind: Capsule
name: lkmeet-livekit-auth-api
version: 0.1.0
type: subsystem
purpose:
  summary: 'Provides a backend API endpoint for generating LiveKit participant access
    tokens. This capsule handles authentication logic and token creation, which is
    a critical part of any LiveKit application.

    '
  owns:
  - API endpoint for connection details
  does_not_own:
  - Client-side token usage
  - LiveKit server configuration
interfaces:
  provides:
  - kind: http_api
    name: /api/connection-details
    description: Endpoint to request LiveKit connection details and participant token.
dependencies:
  capsules:
  - name: lkmeet-livekit-client-utils
    version: '>=0.1.0'
agent:
  summary_for_ai: 'This capsule is a Next.js API route that uses `livekit-server-sdk`
    to create access tokens. It reads environment variables for LiveKit credentials
    and relies on `lkmeet-livekit-client-utils` for helper functions like `randomString`
    and `getLiveKitURL`. Focus on token generation logic and secure handling of LiveKit
    API keys.

    '
verification:
  invariants:
  - Requires valid LIVEKIT_API_KEY, LIVEKIT_API_SECRET, and LIVEKIT_URL to function.
  - Generated tokens must grant appropriate video permissions for room joining, publishing,
    and subscribing.
  - The `COOKIE_KEY` for participant postfix must remain consistent for session continuity.
x-reuse:
  notes: 'The `COOKIE_KEY` (''random-participant-postfix'') is hardcoded and might
    need to be parameterized or changed for different projects. The `getCookieExpirationTime()`
    function sets a fixed expiration, which might need to be configurable. The `createParticipantToken`
    function grants broad permissions (`canPublish`, `canPublishData`, `canSubscribe`),
    which might need to be restricted based on application-specific roles.

    '
x-reconstruct:
  install: install.json