An open-source, ultra-low-latency video conferencing platform and API built with Rust. Designed for software professionals, robotics, and embedded systems, it supports WebTransport with WebSocket fallback for high-performance real-time communication.
- Documentation - Comprehensive guides and API reference.
- Crates.io - Download the CLI tool.
- Report a Bug - Help us improve.
- Software Professionals: Build custom video applications with a modern, type-safe Rust API.
- Robotics & IoT Engineers: Stream ultra-low-latency video from drones, robots, and embedded devices (Raspberry Pi, Jetson Nano) using our lightweight CLI and SDKs.
- Privacy Advocates: Self-host your own video conferencing infrastructure with secure JWT authentication and SSO support.
- Overview
- Features
- Compatibility
- Why WebTransport Instead of WebRTC?
- System Architecture
- Getting Started
- Runtime Configuration
- Usage
- Meeting Management
- Performance
- Security
- Feature Flags
- Testing
- Roadmap
- Contributing
- Project Structure
- Demos and Media
- Contributors
- License
videocall.rs is a modern, open-source video conferencing system written entirely in Rust. It is designed for software professionals and robotics engineers who need reliable, scalable, and secure real-time communication capabilities. It provides a robust foundation for building custom video communication solutions, from web apps to autonomous vehicle feeds, with support for both browser-based and native clients.
Project Status: Beta - Actively developed and suitable for non-critical production use
- Ultra-Low Latency: Built with Rust for sub-100ms latency, ideal for robotics and real-time control.
- Multiple Transport Protocols: WebTransport with automatic WebSocket fallback for maximum compatibility.
- Secure Authentication: JWT-based access control with SSO/OAuth support.
- Scalable Architecture: Designed with a pub/sub model using NATS for horizontal scaling (Mesh/SFU hybrid).
- Cross-Platform Support: Chromium-based browsers and Safari supported.
- Robotics & Embedded: High-performance CLI and SDK for headless streaming from Raspberry Pi, Jetson Nano, and other embedded Linux devices.
- Open Source: MIT licensed for maximum flexibility.
| Browser | Support |
|---|---|
| Chrome | ✅ |
| Brave | ✅ |
| Edge | ✅ |
| Safari (macOS, iOS) | ✅ |
| Firefox | ❌ |
WebTransport is a core technology that differentiates videocall.rs from traditional video conferencing solutions. As a developer, here's why our WebTransport approach is technically superior:
-
No SFUs, No NAT Traversal: WebTransport eliminates the need for complex Selective Forwarding Units and NAT traversal mechanisms that plague WebRTC implementations and cause countless developer headaches.
-
Simplified Architecture: No more complex STUN/TURN servers, ICE candidates negotiation, or complicated signaling dances required by WebRTC. Just direct, straightforward connections.
-
Protocol Efficiency: Built on HTTP/3 and QUIC, WebTransport provides multiplexed, bidirectional streams with better congestion control and packet loss recovery than WebRTC's dated SCTP data channels.
-
Lower Latency: QUIC's 0-RTT connection establishment reduces initial connection times compared to WebRTC's multiple roundtrips.
-
Clean Development Experience: WebTransport offers a more intuitive developer API with a promise-based design and cleaner stream management.
-
Future-Proof: As part of the modern web platform developed by the IETF and W3C, WebTransport has strong browser vendor support and an actively evolving specification.
For developers integrating videocall.rs, this means:
- ✅ Drastically simpler deployment architecture
- ✅ No complex network configuration or firewall issues
- ✅ Better performance in challenging network conditions
- ✅ More predictable behavior across implementations
- ✅ Less time spent debugging connectivity issues
- ✅ A forward-looking technology investment
Read our Architecture Document for a deep dive into how we implement WebTransport and the technical benefits it provides.
videocall.rs follows a microservices architecture with these primary components:
graph TD Clients[Clients<br>Browsers, Mobile, CLI] -->|WebSocket| ActixAPI[Actix API<br>WebSocket] Clients -->|WebTransport| WebTransportServer[WebTransport<br>Server] ActixAPI --> NATS[NATS<br>Messaging] WebTransportServer --> NATS - actix-api: Rust-based backend server using Actix Web framework
- yew-ui: Web frontend built with the Yew framework and compiled to WebAssembly
- videocall-types: Shared data types and protocol definitions
- videocall-client: Client library for native integration
- videocall-cli: Command-line interface for headless video streaming
For a more detailed explanation of the system architecture, please see our Architecture Document.
⭐ RECOMMENDED: Docker is the only fully supported development method ⭐
We strongly recommend using the Docker-based setup for development, as it's well-maintained and provides consistent behavior across platforms. The manual setup described below is not as well maintained and may require additional troubleshooting.
- Modern Linux distribution, macOS, or Windows 10/11
- Docker and Docker Compose (for containerized setup)
- Rust toolchain 1.89+ (for manual setup)
- Chromium-based browser (Chrome, Edge, Brave) for frontend access - Firefox is not supported
- Safari both in iOS and macOS are supported for frontend access
The quickest way to get started is with our Docker-based setup:
-
Clone the repository:
git clone https://github.com/security-union/videocall-rs.git cd videocall-rs -
Create a
.envfile from the sample and fill in your OAuth credentials:cp docker/.env-sample .envEdit
.envand setOAUTH_CLIENT_IDandOAUTH_CLIENT_SECRET.Getting Google OAuth credentials:
- Go to Google Cloud Console → APIs & Credentials
- Create an OAuth 2.0 Client ID (Web application type)
- Add
http://localhost:8081/login/callbackas an Authorized redirect URI - Copy the Client ID and Secret into your
.env
Note:
make upwill auto-create.envfrom the sample if it does not exist, but you must still edit it to add your credentials before the app will work. -
Start the stack:
make upThe first run compiles Rust/WASM inside the containers — this takes several minutes. Watch the
yew-uilogs; it's ready when Trunk printsserver listening on http://0.0.0.0:<port>. -
Access the application at:
http://localhostThen navigate to a meeting:
http://localhost/meeting/<username>/<meeting-id>
Platform notes:
- Rancher Desktop (Windows/WSL2) with Traefik Ingress on port 80: Rancher Desktop runs Traefik on port 80 by default, which conflicts with the yew-ui frontend. Override the port in your local
.env(not.env-sample):Then access the app atTRUNK_SERVE_PORT=8088 AFTER_LOGIN_URL=http://localhost:8088 ALLOWED_REDIRECT_URLS=http://localhost:8088,http://localhost:3001http://localhost:8088. - Shell environment variables: If you have
API_BASE_URL,OAUTH_REDIRECT_URL, or similar variables exported in your shell profile (~/.bashrc,~/.zshrc), they will override.envvalues. Remove them from your profile before runningmake up. - Slow first run: WASM compilation inside Docker can take 5–15 minutes on a cold cache. Subsequent runs reuse the build cache and start in seconds.
We are migrating the build infrastructure to Nix for reproducible, fast builds. Currently the leptos-website is the first component being nixified.
Status: Work in progress — see the nixify-docker-build branch.
What Nix replaces: Previously, Docker builds spent 15-20 minutes compiling tools like cargo-leptos and wasm-bindgen-cli from source on every build. Nix provides these as pre-built binaries from the binary cache, reducing tool setup from minutes to seconds.
What's done so far:
flake.nixat the repo root provides dev shells with pinned versions of the Rust nightly toolchain,cargo-leptos,wasm-bindgen-cli,binaryen, Node.js, and system dependenciesdocker/Dockerfile.websiteanddocker/Dockerfile.website.devusenixos/nixas a builder image.github/workflows/leptos-website-build.yamlusesDeterminateSystems/nix-installer-actionwithmagic-nix-cache-actionfor cached CI builds
Quick start (requires Nix):
The integration is transparent to the user, and the development experience is the same as with Docker.
What's next: Nixifying additional components (actix-api, yew-ui) and evaluating crane for full Nix-managed Rust dependency caching.
For advanced users who prefer to run services directly on their machine:
-
Create a PostgreSQL database:
createdb actix-api-db -
Install required tools:
# Install NATS server curl -L https://github.com/nats-io/nats-server/releases/download/v2.9.8/nats-server-v2.9.8-linux-amd64.tar.gz | tar xz sudo mv nats-server-v2.9.8-linux-amd64/nats-server /usr/local/bin # Install trurl cargo install trurl -
Start the development environment:
./start_dev.sh -
Connect to:
http://localhost:8081/meeting/<meeting-id>
For detailed configuration options, see our setup documentation.
The Yew UI is configured at runtime via a window.__APP_CONFIG object provided by a config.js file. The file is copied by Trunk and loaded at /config.js by yew-ui/index.html.
- Start services with
./start_dev.sh. - Create
yew-ui/scripts/config.jsthat assignswindow.__APP_CONFIG = Object.freeze({...}). - Keep the keys in sync with the authoritative sources below. Trunk will copy the file and the app will pick it up on refresh.
- Tip:
mkdir -p yew-ui/scriptsto ensure the directory exists.
Authoritative keys and defaults: see docker/start-yew.sh and the Helm template referenced below.
The vadThreshold config parameter controls how sensitive the speaking detection is. It sets the minimum RMS audio level that counts as "speaking" — used for tile border glow, peer list mic glow, and self-video glow indicators.
window.__APP_CONFIG = Object.freeze({ // ... other config ... vadThreshold: 0.02 // default });| Value | Sensitivity | Use case |
|---|---|---|
0.01 | High — picks up quiet speech and background noise | Quiet environments, soft speakers |
0.02 | Medium (default) — good balance for most setups | General use |
0.05 | Low — only triggers on louder speech | Noisy environments, reduces false positives |
0.10 | Very low — requires loud/close speech | Very noisy environments |
The threshold can also be set via the VAD_THRESHOLD environment variable when running in Docker (see docker/start-yew.sh and docker/start-dioxus.sh), or via runtimeConfig.vadThreshold in Helm values.
docker/start-yew.sh generates /app/yew-ui/scripts/config.js from environment variables at container startup. For the current list of supported variables and defaults, refer directly to docker/start-yew.sh. Restart the container to apply changes.
helm/rustlemania-ui/templates/configmap-configjs.yaml renders config.js from .Values.runtimeConfig. Define runtimeConfig in your values file and deploy/upgrade. For the exact structure and latest behavior, refer to the template itself.
-
Navigate to your deployed instance or localhost setup:
http://<server-address>/meeting/<username>/<meeting-id> -
Grant camera and microphone permissions when prompted
-
Click "Connect" to join the meeting
For headless devices like Raspberry Pi:
# Install the CLI tool cargo install videocall-cli # Stream from a camera videocall-cli stream \ --user-id <your-user-id> \ --video-device-index 0 \ --meeting-id <meeting-id> \ --resolution 1280x720 \ --fps 30 \ --frame-format NV12 \ --bitrate-kbps 500For detailed information about the CLI tool and all available options, see the videocall-cli README.
videocall.rs includes a comprehensive meeting management system with ownership, waiting rooms, and host controls.
- Meeting Ownership: Each meeting has an owner (the creator) identified by their email
- My Meetings: Users can view and manage all meetings they own from the home page
- Waiting Room: Non-owners enter a waiting room and must be admitted by an existing participant
- Host Identification: The meeting owner is visually identified with "(Host)" in the UI
- Soft Delete: Owners can delete their meetings; deleted meeting IDs can be reused
- Create/Join: Navigate to
/meeting/{meeting-id}- if the meeting doesn't exist, you become the owner - Start/Join Button: Owners see "Start Meeting", others see "Join Meeting"
- Waiting Room: Non-owners wait for admission; admitted participants can manage the waiting room
- Auto-Join: When admitted from the waiting room, participants automatically enter the meeting
For detailed information about the meeting system:
- Meeting Ownership & Workflow - Ownership model, lifecycle, and user workflows
- Meeting API Reference - Complete API endpoint documentation
Meeting management requires the FEATURE_MEETING_MANAGEMENT flag:
export FEATURE_MEETING_MANAGEMENT=trueOr in Docker:
docker run -e FEATURE_MEETING_MANAGEMENT=true ...videocall.rs has been benchmarked and optimized for the following scenarios:
- 1-on-1 Calls: Minimal resource utilization with <100ms latency on typical connections
- Small Groups (3-10): Efficient mesh topology with adaptive quality based on network conditions
- Large Conferences: Tested with up to 1000 participants using selective forwarding architecture
- Zero-Copy Design: Minimizes data copying between network stack and application code
- Asynchronous Core: Built on Rust's async/await ecosystem with Tokio runtime
- SIMD-Accelerated Processing: Uses CPU vectorization for media operations where available
- Lock-Free Data Structures: Minimizes contention in high-throughput scenarios
- Protocol-Level Optimizations: Custom-tuned congestion control and packet scheduling
Our server-side architecture is designed for efficiency at scale:
- Horizontal Scaling: Linear performance scaling with additional server instances
- Load Distribution: Automatic connection balancing across server pool
- Resource Governance: Configurable limits for bandwidth, connections, and CPU utilization
- Container-Optimized: Designed for efficient deployment in Kubernetes environments
Performance metrics and tuning guidelines will be available in our performance documentation. (WIP)
Security is a core focus of videocall.rs:
- Transport Security: All communications use TLS/HTTPS.
- Authentication: Flexible integration with identity providers (SSO/OAuth).
- Access Controls: Fine-grained permission system for meeting rooms.
For details on our security model and best practices, see our security documentation.
videocall.rs uses environment-based feature flags to enable or disable experimental or optional functionality at runtime. Flags are loaded lazily on first access and can be overridden for testing purposes.
Feature flags are set via environment variables with the FEATURE_ prefix:
# Enable a feature flag export FEATURE_MEETING_MANAGEMENT=true # Or when running with Docker docker run -e FEATURE_MEETING_MANAGEMENT=true ...| Flag | Environment Variable | Description | Default |
|---|---|---|---|
| Meeting Management | FEATURE_MEETING_MANAGEMENT | Enable meeting lifecycle management including creation, tracking, and host controls | false |
The following values are recognized as enabling a flag (case-insensitive):
true1yes
Any other value (or unset variable) is treated as false.
The Yew frontend uses a three-layer testing pyramid, all running in a real browser via wasm-bindgen-test:
| Layer | What it covers | Example |
|---|---|---|
| Unit | MediaDeviceList logic — hot-plug, fallback, device switching | videocall-client/src/media_devices/media_device_list.rs |
| Component | Isolated Yew components with mock MediaDeviceInfo objects | yew-ui/tests/device_selector.rs, yew-ui/tests/video_control_buttons.rs |
| Integration | Real Chrome fake devices → component rendering end-to-end | yew-ui/tests/device_integration.rs |
# Run UI component tests natively (requires Chrome + chromedriver) make yew-tests # Run in headed mode to watch the browser make yew-tests HEADED=1 # Run UI component tests in Docker (no local deps needed) make yew-tests-dockerCI runs these tests automatically via .github/workflows/wasm-test.yaml. For the full testing guide — including how to write new tests, the test harness API, and the mock device vs real fake device strategy — see yew-ui/TESTING.md.
The actix-api crate contains unit and integration tests that run against real PostgreSQL and NATS instances, spun up via Docker Compose. Tests cover:
- Session management — meeting creation, multi-user join/leave, host controls, system email rejection
- WebSocket transport — full meeting lifecycle over WebSocket connections
- WebTransport — meeting lifecycle over QUIC/HTTP3
- Packet handling — classification of empty, garbage, and RTT packets
- Metrics server — session tracking, health metrics export, stale session cleanup, concurrent access
- Feature flags — behavior with
FEATURE_MEETING_MANAGEMENTon and off
Tests use #[serial_test::serial] because they share a database, and each test cleans up its own data. The infrastructure is defined in docker/docker-compose.integration.yaml, which provides:
| Service | Purpose |
|---|---|
postgres:12 | Database for meetings and sessions |
nats:2.10-alpine | Message broker with JetStream |
rust-tests | Test runner (runs dbmate migrations, then cargo test) |
# Build + run all backend tests (PostgreSQL + NATS in Docker) make tests_run # Tear down test containers make tests_downCI runs these tests automatically via .github/workflows/cargo-test.yaml, triggered on PRs that touch actix-api/, videocall-types/, or protobuf/. For the full backend testing guide — including test patterns, database cleanup, and how to write new tests — see actix-api/TESTING.md.
Full browser-based end-to-end tests using Playwright. Tests run against both the Dioxus UI and Yew UI simultaneously, verifying meeting flows with real browsers. Authentication is bypassed via JWT cookie injection — no OAuth setup needed.
The E2E stack is defined in docker/docker-compose.e2e.yaml and uses the same Nix-based dev Dockerfiles as CI. Tests run automatically on pushes to main and can be triggered manually from the GitHub Actions page.
See the e2e-* targets in the Makefile for available commands.
| Version | Target Date | Key Features |
|---|---|---|
| 0.6.0 | Q3 2023 | ✅ Safari Browser Support |
| 0.7.0 | Q4 2023 | ✅ Native Mobile SDKs |
| 0.5.0 | Q2 2023 | ✅ JWT Authentication & SSO |
| 0.8.0 | Q1 2024 | 🔄 Screen Sharing Improvements |
| 1.0.0 | Q2 2024 | 🔄 Production Release with Full API Stability |
We welcome contributions from the community! Here's how to get involved:
-
Issues: Report bugs or suggest features via GitHub Issues
-
Pull Requests: Submit PRs for bug fixes or enhancements
-
RFC Process: For significant changes, participate in our RFC process
-
Community: Join our Discord server to discuss development
See our Contributing Guidelines for more detailed information.
- Backend: Rust + Actix Web + PostgreSQL + NATS
- Frontend: Rust + Yew + WebAssembly + Tailwind CSS
- Transport: WebTransport (QUIC/HTTP3) + WebSockets (fallback)
- Build System: Cargo + Trunk + Nix (WIP) + Docker + Helm
- Testing:
cargo test+wasm-bindgen-test(browser-based UI tests) + Docker Compose (backend integration)
- Bidirectional Streaming: Fully asynchronous message passing using QUIC streams
- Error Handling: Comprehensive Result-based error propagation throughout the codebase
- Modularity: Clean separation of concerns with well-defined interfaces between components
- Type Safety: Extensive use of Rust's type system to prevent runtime errors
- Binary Protocol: Efficient Protocol Buffer serialization for all messages
For a more comprehensive technical overview, see the Architecture Document.
This repository includes Git hooks to ensure code quality:
- Pre-commit Hook: Automatically runs
cargo fmtbefore each commit to ensure consistent code formatting. - Post-commit Hook: Runs
cargo clippyafter each commit to check for potential code improvements.
To install these hooks, run the following commands from the project root:
# Create the hooks directory if it doesn't exist mkdir -p .git/hooks # Create the pre-commit hook cat > .git/hooks/pre-commit << 'EOF' #!/bin/sh # Run cargo fmt and check if there are changes echo "Running cargo fmt..." cargo fmt --all -- --check # Check the exit code of cargo fmt if [ $? -ne 0 ]; then echo "cargo fmt found formatting issues. Please fix them before committing." exit 1 fi exit 0 EOF # Create the post-commit hook cat > .git/hooks/post-commit << 'EOF' #!/bin/sh # Run cargo clippy after the commit echo "Running cargo clippy..." ACTIX_UI_BACKEND_URL="" WEBTRANSPORT_HOST="" LOGIN_URL="" WEBTRANSPORT_URL="" ACTIX_API_URL="" cargo clippy -- -D warnings # Check the exit code of cargo clippy if [ $? -ne 0 ]; then echo "Cargo clippy found issues in your code. Please fix them." # We can't abort the commit since it's already done, but we can inform the user echo "The commit was successful, but please consider fixing the clippy issues before pushing." fi exit 0 EOF # Make the hooks executable chmod +x .git/hooks/pre-commit .git/hooks/post-commitThese hooks help maintain code quality by ensuring proper formatting and checking for common issues.
 Dario Lencina |  Seth Reid |  Griffin Obeid |  Ronen Barzel |  Leone |  Victor Martínez |
Start your journey with videocall.rs today. Whether you're building a robot, a drone, or a next-gen video app, we have the tools you need.
Get Started with Docker or Download the CLI
This project is dual licensed under the MIT License and the Apache License 2.0. See the LICENSE-APACHE and LICENSE-MIT files for details.
