@aria-cli/wireguard 1.0.36 → 1.0.38

package/dist/nat.js

@@ -1,397 +0,0 @@
-"use strict";
-/**
- * STUN client + NAT traversal for ARIA secure networking.
- *
- * Discovers external IP:port via STUN (RFC 5389), enabling WireGuard
- * peers to find each other through NAT. Falls back to a UDP relay
- * when symmetric NAT prevents direct connectivity.
- *
- * No external dependencies — implements STUN binding request/response
- * directly using node:dgram.
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.StunClient = void 0;
-exports.discoverEndpoint = discoverEndpoint;
-exports.detectNatType = detectNatType;
-const dgram = __importStar(require("node:dgram"));
-const crypto = __importStar(require("node:crypto"));
-const os = __importStar(require("node:os"));
-// STUN message types (RFC 5389)
-const STUN_BINDING_REQUEST = 0x0001;
-const STUN_BINDING_RESPONSE = 0x0101;
-const STUN_MAGIC_COOKIE = 0x2112a442;
-const STUN_ATTR_XOR_MAPPED_ADDRESS = 0x0020;
-const STUN_ATTR_MAPPED_ADDRESS = 0x0001;
-/**
- * Detect whether the route to a STUN server exits through a tunnel/VPN
- * interface. If so, STUN results reflect the tunnel exit IP — not the
- * machine's real public IP — and should be discarded.
- *
- * Detection: uses a connected UDP socket to discover the OS-selected source
- * address, then checks if that address belongs to an interface with a
- * zero MAC address (00:00:00:00:00:00). Tunnel/VPN interfaces (WireGuard,
- * OpenVPN, Tailscale, IPSec, ZeroTier, etc.) have no hardware address.
- * Physical interfaces (Ethernet, WiFi) always have a real MAC.
- */
-function routeExitsThroughTunnel(host, port) {
-    return new Promise((resolve) => {
-        const probe = dgram.createSocket("udp4");
-        const timer = setTimeout(() => {
-            probe.close();
-            resolve(false);
-        }, 2000);
-        probe.connect(port, host, () => {
-            clearTimeout(timer);
-            try {
-                const sourceAddr = probe.address().address;
-                const ifaces = os.networkInterfaces();
-                for (const addrs of Object.values(ifaces)) {
-                    for (const a of addrs ?? []) {
-                        if (a.address === sourceAddr && a.mac === "00:00:00:00:00:00") {
-                            probe.close();
-                            resolve(true);
-                            return;
-                        }
-                    }
-                }
-            }
-            catch {
-                // ignore
-            }
-            probe.close();
-            resolve(false);
-        });
-        probe.on("error", () => {
-            clearTimeout(timer);
-            probe.close();
-            resolve(false);
-        });
-    });
-}
-// Well-known public STUN servers (no authentication required)
-const DEFAULT_STUN_SERVERS = [
-    "stun.l.google.com:19302",
-    "stun1.l.google.com:19302",
-    "stun.cloudflare.com:3478",
-];
-/**
- * Build a STUN Binding Request message (RFC 5389).
- * Header: type (2) + length (2) + magic cookie (4) + transaction ID (12) = 20 bytes.
- */
-function buildBindingRequest() {
-    const msg = Buffer.alloc(20);
-    msg.writeUInt16BE(STUN_BINDING_REQUEST, 0); // Message type
-    msg.writeUInt16BE(0, 2); // Message length (no attributes)
-    msg.writeUInt32BE(STUN_MAGIC_COOKIE, 4); // Magic cookie
-    const txId = crypto.randomBytes(12);
-    txId.copy(msg, 8); // Transaction ID
-    return { message: msg, transactionId: txId };
-}
-/**
- * Parse a STUN Binding Response to extract the mapped address.
- * Handles both XOR-MAPPED-ADDRESS (preferred) and MAPPED-ADDRESS (fallback).
- */
-function parseBindingResponse(msg, expectedTxId) {
-    if (msg.length < 20)
-        return null;
-    const msgType = msg.readUInt16BE(0);
-    if (msgType !== STUN_BINDING_RESPONSE)
-        return null;
-    // Verify magic cookie
-    if (msg.readUInt32BE(4) !== STUN_MAGIC_COOKIE)
-        return null;
-    // Verify transaction ID
-    if (!msg.subarray(8, 20).equals(expectedTxId))
-        return null;
-    const attrLength = msg.readUInt16BE(2);
-    let offset = 20;
-    const end = 20 + attrLength;
-    let mappedAddress = null;
-    while (offset + 4 <= end) {
-        const attrType = msg.readUInt16BE(offset);
-        const attrLen = msg.readUInt16BE(offset + 2);
-        const attrStart = offset + 4;
-        if (attrType === STUN_ATTR_XOR_MAPPED_ADDRESS && attrLen >= 8) {
-            const family = msg.readUInt8(attrStart + 1);
-            if (family === 0x01) {
-                // IPv4
-                const xPort = msg.readUInt16BE(attrStart + 2) ^ (STUN_MAGIC_COOKIE >> 16);
-                const xAddr = msg.readUInt32BE(attrStart + 4) ^ STUN_MAGIC_COOKIE;
-                const a = (xAddr >> 24) & 0xff;
-                const b = (xAddr >> 16) & 0xff;
-                const c = (xAddr >> 8) & 0xff;
-                const d = xAddr & 0xff;
-                return { address: `${a}.${b}.${c}.${d}`, port: xPort };
-            }
-        }
-        if (attrType === STUN_ATTR_MAPPED_ADDRESS && attrLen >= 8) {
-            const family = msg.readUInt8(attrStart + 1);
-            if (family === 0x01) {
-                // IPv4 (not XORed)
-                const port = msg.readUInt16BE(attrStart + 2);
-                const addr = msg.readUInt32BE(attrStart + 4);
-                const a = (addr >> 24) & 0xff;
-                const b = (addr >> 16) & 0xff;
-                const c = (addr >> 8) & 0xff;
-                const d = addr & 0xff;
-                mappedAddress = { address: `${a}.${b}.${c}.${d}`, port };
-            }
-        }
-        // Attribute value is padded to 4-byte boundary
-        offset = attrStart + Math.ceil(attrLen / 4) * 4;
-    }
-    return mappedAddress;
-}
-/**
- * Discover our external endpoint by sending a STUN Binding Request.
- *
- * Tries multiple STUN servers in parallel, returns the first successful response.
- * Timeout: 3 seconds per server, 5 second total.
- */
-/**
- * Discover external endpoint via STUN.
- *
- * @param server STUN server hostname:port (or undefined to try defaults)
- * @param timeoutMs Timeout in milliseconds
- * @param existingSocket Optional: use this socket for STUN instead of creating
- *   ephemeral ones. This is critical for the shared-socket WG model — STUN must
- *   discover the NAT mapping of the ACTUAL listening socket, not a throwaway one.
- *   When provided, the socket is NOT closed after discovery.
- */
-async function discoverEndpoint(server, timeoutMs = 5000, existingSocket) {
-    const servers = server ? [server] : DEFAULT_STUN_SERVERS;
-    // Pre-check: if the route to the STUN server exits through a tunnel
-    // interface (VPN), the result will be the VPN exit IP — not our real
-    // public IP. Reject early to prevent advertising a wrong endpoint.
-    const [firstHost, firstPortStr] = servers[0].split(":");
-    const isTunnel = await routeExitsThroughTunnel(firstHost, parseInt(firstPortStr ?? "3478", 10));
-    if (isTunnel) {
-        throw new Error("STUN route exits through a tunnel interface — result would be unreliable");
-    }
-    return new Promise((resolve, reject) => {
-        let resolved = false;
-        const ownedSockets = []; // sockets WE created (will be closed)
-        const timer = setTimeout(() => {
-            if (!resolved) {
-                resolved = true;
-                ownedSockets.forEach((s) => {
-                    try {
-                        s.close();
-                    }
-                    catch {
-                        // ignore
-                    }
-                });
-                reject(new Error(`STUN discovery timed out after ${timeoutMs}ms`));
-            }
-        }, timeoutMs);
-        for (const srv of servers) {
-            const [host, portStr] = srv.split(":");
-            const port = parseInt(portStr ?? "3478", 10);
-            // Use existing socket if provided (shared socket model), else create ephemeral
-            const socket = existingSocket ?? dgram.createSocket("udp4");
-            if (!existingSocket)
-                ownedSockets.push(socket);
-            const { message, transactionId } = buildBindingRequest();
-            const handler = (msg) => {
-                if (resolved)
-                    return;
-                const result = parseBindingResponse(msg, transactionId);
-                if (result) {
-                    resolved = true;
-                    clearTimeout(timer);
-                    // Remove our handler from the existing socket (don't close it)
-                    if (existingSocket) {
-                        existingSocket.off("message", handler);
-                    }
-                    ownedSockets.forEach((s) => {
-                        try {
-                            s.close();
-                        }
-                        catch {
-                            // ignore
-                        }
-                    });
-                    resolve({ ...result, server: srv });
-                }
-            };
-            socket.on("message", handler);
-            socket.on("error", () => {
-                // Individual socket errors are non-fatal — other servers may succeed
-                if (!existingSocket) {
-                    try {
-                        socket.close();
-                    }
-                    catch {
-                        /* already closed */
-                    }
-                }
-            });
-            socket.send(message, port, host);
-        }
-    });
-}
-/**
- * Detect NAT type by querying two STUN servers and comparing mapped ports.
- *
- * Symmetric NAT allocates a new external port for each destination,
- * so mapped ports will differ across STUN servers. Cone NATs reuse
- * the same external port, so mapped ports will match.
- *
- * Returns "unknown" if fewer than 2 STUN servers respond.
- */
-async function detectNatType(servers = DEFAULT_STUN_SERVERS, timeoutMs = 5000) {
-    const results = [];
-    // Query each server individually (sequential to avoid port reuse confusion)
-    for (const server of servers.slice(0, 3)) {
-        try {
-            const result = await discoverEndpoint(server, timeoutMs);
-            results.push(result);
-            if (results.length >= 2)
-                break; // Only need 2 for comparison
-        }
-        catch {
-            // Server unreachable — try next
-        }
-    }
-    if (results.length < 2) {
-        return { natType: "unknown", results };
-    }
-    // Compare mapped ports: if different → symmetric NAT
-    const port1 = results[0].port;
-    const port2 = results[1].port;
-    if (port1 !== port2) {
-        return { natType: "symmetric", results };
-    }
-    // Same port → cone or restricted (both allow direct connections)
-    // We can't distinguish full cone from restricted cone with STUN alone
-    // (would need a STUN server that sends from a different IP), but both work for us.
-    return { natType: "full_cone", results };
-}
-/**
- * STUN client for periodic endpoint discovery.
- *
- * Use for ongoing NAT traversal — discovers and tracks endpoint changes.
- */
-class StunClient {
-    servers;
-    pollIntervalMs;
-    interval = null;
-    lastResult = null;
-    _natType = null;
-    /** Number of consecutive discovery failures (reset to 0 on success) */
-    consecutiveFailures = 0;
-    constructor(servers = DEFAULT_STUN_SERVERS, pollIntervalMs = 60_000) {
-        this.servers = servers;
-        this.pollIntervalMs = pollIntervalMs;
-    }
-    /** Get the detected NAT type (null if not yet detected) */
-    getNatType() {
-        return this._natType;
-    }
-    /** Get the last discovered endpoint */
-    getEndpoint() {
-        return this.lastResult;
-    }
-    /** Discover endpoint once — uses first configured server (or defaults) */
-    async discover() {
-        const result = await discoverEndpoint(this.servers[0], 5000);
-        this.lastResult = result;
-        return result;
-    }
-    /** Start periodic endpoint discovery. Detects NAT type on first call. */
-    start(onUpdate) {
-        if (this.interval)
-            return;
-        // Check once if we're behind a VPN. If so, STUN will always return
-        // the wrong IP — skip the entire poll loop instead of spamming errors.
-        void (async () => {
-            const [firstHost, firstPortStr] = this.servers[0].split(":");
-            const isTunnel = await routeExitsThroughTunnel(firstHost, parseInt(firstPortStr ?? "3478", 10));
-            if (isTunnel) {
-                if (typeof process !== "undefined" && process.stderr) {
-                    process.stderr.write("[wireguard] STUN skipped — route exits through VPN/tunnel interface\n");
-                }
-                return; // Don't start the poll loop
-            }
-            // Initial discovery + NAT type detection
-            try {
-                if (!this._natType) {
-                    const detection = await detectNatType(this.servers);
-                    this._natType = detection.natType;
-                    if (detection.results.length > 0) {
-                        this.lastResult = detection.results[0];
-                        this.consecutiveFailures = 0;
-                        onUpdate?.(detection.results[0]);
-                    }
-                }
-                if (!this.lastResult) {
-                    const r = await this.discover();
-                    this.consecutiveFailures = 0;
-                    onUpdate?.(r);
-                }
-            }
-            catch {
-                this.consecutiveFailures++;
-            }
-            // Start periodic refresh only after confirming STUN works
-            this.interval = setInterval(async () => {
-                try {
-                    const result = await this.discover();
-                    this.consecutiveFailures = 0;
-                    onUpdate?.(result);
-                }
-                catch {
-                    this.consecutiveFailures++;
-                    if (this.consecutiveFailures >= 3) {
-                        if (typeof process !== "undefined" && process.stderr) {
-                            process.stderr.write(`[wireguard] STUN discovery failed ${this.consecutiveFailures} consecutive times\n`);
-                        }
-                    }
-                }
-            }, this.pollIntervalMs);
-        })();
-    }
-    /** Stop periodic discovery */
-    stop() {
-        if (this.interval) {
-            clearInterval(this.interval);
-            this.interval = null;
-        }
-    }
-}
-exports.StunClient = StunClient;
-//# sourceMappingURL=nat.js.map

package/dist/network-state-store.js

@@ -1,248 +0,0 @@
-"use strict";
-/**
- * NetworkStateStore — canonical, machine-scoped persistence for network control-plane state.
- *
- * All network-adjacent durable state (peers, signing keys, revocations, nonces, trust)
- * lives in ONE canonical store at ARIA_HOME/network/state.db, independent of any
- * arion-specific Memoria DB. This eliminates the split-brain where peer state could
- * drift across multiple DB paths.
- *
- * PeerRegistry, RevocationStore, and other network stores all use the Database
- * returned by getDatabase().
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.NetworkStateStore = void 0;
-exports.canonicalNetworkStatePath = canonicalNetworkStatePath;
-const fs = __importStar(require("node:fs"));
-const path = __importStar(require("node:path"));
-const network_runtime_1 = require("@aria-cli/tools/network-runtime");
-/**
- * Canonical schema for the network state DB.
- *
- * Only creates tables that PeerRegistry depends on (it does NO schema creation).
- * Other stores (RevocationStore, PeerTrustStore, PeerSigningKeyStore,
- * InviteConsumeLedger, DurableReplayGuard, etc.) create their own tables
- * via ensureTable() in their constructors — they're self-managing.
- */
-const NETWORK_PEERS_TABLE_SQL = `
-CREATE TABLE IF NOT EXISTS network_peers (
-  node_id TEXT PRIMARY KEY,
-  public_key TEXT NOT NULL,
-  name TEXT NOT NULL,
-  endpoint_host TEXT,
-  endpoint_port INTEGER,
-  endpoint_revision INTEGER NOT NULL DEFAULT 0,
-  control_endpoint_host TEXT,
-  control_endpoint_port INTEGER,
-  control_tls_ca_fingerprint TEXT,
-  preshared_key TEXT,
-  allowed_ips TEXT DEFAULT '0.0.0.0/0',
-  invite_token TEXT,
-  status TEXT DEFAULT 'active',
-  last_handshake INTEGER,
-  created_at INTEGER,
-  updated_at INTEGER,
-  signing_public_key TEXT
-);`;
-const NETWORK_PEERS_INDEX_SQL = `
-CREATE INDEX IF NOT EXISTS idx_network_peers_name ON network_peers(name);
-CREATE INDEX IF NOT EXISTS idx_network_peers_status ON network_peers(status);
-CREATE UNIQUE INDEX IF NOT EXISTS idx_network_peers_public_key
-ON network_peers(public_key);
-`;
-const SCHEMA_SQL = `
--- Peer registry canonical hard-cut schema
-${NETWORK_PEERS_TABLE_SQL}
-
--- Token replay protection (used by PeerRegistry.claimToken/releaseToken)
-CREATE TABLE IF NOT EXISTS token_claims (
-  nonce TEXT PRIMARY KEY,
-  claimed_at INTEGER NOT NULL
-);
-
--- Pending tunnel/pair requests (used by PeerRegistry.listByStatus)
-CREATE TABLE IF NOT EXISTS pending_tunnel (
-  id TEXT PRIMARY KEY,
-  peer_name TEXT NOT NULL,
-  peer_public_key TEXT NOT NULL,
-  status TEXT DEFAULT 'pending',
-  created_at INTEGER NOT NULL,
-  updated_at INTEGER
-);
-
--- Schema version tracking
-CREATE TABLE IF NOT EXISTS network_schema_version (
-  version INTEGER NOT NULL
-);
-`;
-const CURRENT_SCHEMA_VERSION = 6;
-class NetworkStateStore {
-    options;
-    db = null;
-    dbPath;
-    constructor(options) {
-        this.options = options;
-        this.dbPath = options.dbPath ?? path.join(options.ariaHome, "network", "state.db");
-    }
-    /** Canonical path to the network state DB */
-    get path() {
-        return this.dbPath;
-    }
-    /** Whether the store has been opened */
-    get isOpen() {
-        return this.db !== null;
-    }
-    /** Open the database, creating schema if needed */
-    open() {
-        if (this.db)
-            return this.db;
-        // Ensure directory exists
-        const dir = path.dirname(this.dbPath);
-        fs.mkdirSync(dir, { recursive: true });
-        // Dynamic import better-sqlite3 (same pattern as PeerRegistry)
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
-        const BetterSqlite3 = require("better-sqlite3");
-        this.db = new BetterSqlite3(this.dbPath);
-        try {
-            this.db.pragma("journal_mode = WAL");
-            this.db.pragma("busy_timeout = 5000");
-            // Create schema
-            this.db.exec(SCHEMA_SQL);
-            this.reconcilePeerTableSchema(this.db);
-            this.db.exec(NETWORK_PEERS_INDEX_SQL);
-            // Track schema version
-            const versionRow = this.db
-                .prepare("SELECT version FROM network_schema_version LIMIT 1")
-                .get();
-            if (!versionRow) {
-                this.db
-                    .prepare("INSERT INTO network_schema_version (version) VALUES (?)")
-                    .run(CURRENT_SCHEMA_VERSION);
-            }
-            else if (versionRow.version < CURRENT_SCHEMA_VERSION) {
-                this.db
-                    .prepare("UPDATE network_schema_version SET version = ?")
-                    .run(CURRENT_SCHEMA_VERSION);
-            }
-        }
-        catch (error) {
-            this.db.close();
-            this.db = null;
-            throw error;
-        }
-        return this.db;
-    }
-    reconcilePeerTableSchema(db) {
-        const tableRow = db
-            .prepare("SELECT sql FROM sqlite_master WHERE type='table' AND name='network_peers'")
-            .get();
-        if (!tableRow?.sql)
-            return;
-        const tableSql = tableRow.sql.toLowerCase();
-        const hasLegacyStatusCheck = tableSql.includes("check") && !tableSql.includes("pending_verification");
-        const columns = db.prepare("PRAGMA table_info(network_peers)").all();
-        const columnNames = new Set(columns.map((column) => column.name));
-        const primaryKey = columns.find((column) => column.pk === 1)?.name;
-        const requiredColumns = [
-            "public_key",
-            "node_id",
-            "name",
-            "endpoint_host",
-            "endpoint_port",
-            "endpoint_revision",
-            "control_endpoint_host",
-            "control_endpoint_port",
-            "control_tls_ca_fingerprint",
-            "preshared_key",
-            "allowed_ips",
-            "invite_token",
-            "status",
-            "last_handshake",
-            "created_at",
-            "updated_at",
-            "signing_public_key",
-        ];
-        const missingColumns = requiredColumns.filter((column) => !columnNames.has(column));
-        const legacySchemaProblems = [];
-        if (hasLegacyStatusCheck) {
-            legacySchemaProblems.push("legacy status check");
-        }
-        if (columnNames.has("message_port")) {
-            legacySchemaProblems.push("message_port column");
-        }
-        if (columnNames.has("peer_id")) {
-            legacySchemaProblems.push("legacy peer_id column");
-        }
-        if (primaryKey !== "node_id") {
-            legacySchemaProblems.push(`primary key is ${primaryKey ?? "missing"}`);
-        }
-        if (missingColumns.length > 0) {
-            legacySchemaProblems.push(`missing columns: ${missingColumns.join(", ")}`);
-        }
-        if (legacySchemaProblems.length === 0) {
-            return;
-        }
-        throw new Error(`Legacy network_peers schema requires hard reset: ${legacySchemaProblems.join(", ")}`);
-    }
-    /** Get the underlying Database handle (opens if needed) */
-    getDatabase() {
-        return this.open();
-    }
-    /**
-     * Claim the owner epoch for this runtime on the shared network state DB.
-     * Must be called after open() and before any durable writes.
-     * Throws StaleOwnerError if a newer generation already owns the DB.
-     */
-    claimOwnerEpoch(generation) {
-        const db = this.open();
-        (0, network_runtime_1.claimDbOwnerEpoch)(db, generation);
-    }
-    /** Close the database */
-    close() {
-        if (this.db) {
-            this.db.close();
-            this.db = null;
-        }
-    }
-}
-exports.NetworkStateStore = NetworkStateStore;
-/**
- * Resolve the canonical network state DB path for a given ARIA home.
- */
-function canonicalNetworkStatePath(ariaHome) {
-    return path.join(ariaHome, "network", "state.db");
-}
-//# sourceMappingURL=network-state-store.js.map