@decentnetwork/lan 0.1.12 → 0.1.14

package/dist/cli/index.js

@@ -126,21 +126,31 @@ async function main() {
             configDir: argv["config-dir"],
         });
     })
-        .command("friends list", "List Carrier friends (daemon must be down)", (y) => y.option("config-dir", { type: "string" }), async (argv) => {
+        // `friends X` MUST be defined as a nested subcommand tree, not as
+        // four flat `.command("friends X", ...)` entries — yargs treats the
+        // second word as a positional in that flat form and the
+        // last-registered subcommand silently swallows the others.
+        // Symptom: `agentnet friends pending` would run `friends reject` and
+        // complain about a missing --userid.
+        .command("friends", "Manage Carrier friends (run 'agentnet friends --help')", (y) => y
+        .command("list", "List Carrier friends (daemon must be down)", (yy) => yy.option("config-dir", { type: "string" }), async (argv) => {
         await cmdFriendsList({ configDir: argv["config-dir"] });
     })
-        .command("friends pending", "List queued friend-requests (over IPC; daemon must be up)", (y) => y.option("config-dir", { type: "string" }), async (argv) => {
+        .command("pending", "List queued friend-requests (over IPC; daemon must be up)", (yy) => yy.option("config-dir", { type: "string" }), async (argv) => {
         await cmdFriendsPending({ configDir: argv["config-dir"] });
     })
-        .command("friends accept", "Accept a queued friend-request by userid (over IPC; daemon stays up)", (y) => y
+        .command("accept", "Accept a queued friend-request by userid (over IPC; daemon stays up)", (yy) => yy
         .option("userid", { type: "string", demandOption: true, describe: "Sender's Carrier userid (base58)" })
         .option("config-dir", { type: "string" }), async (argv) => {
         await cmdFriendsAccept({ userid: argv.userid, configDir: argv["config-dir"] });
     })
-        .command("friends reject", "Drop a queued friend-request by userid (over IPC; daemon stays up)", (y) => y
+        .command("reject", "Drop a queued friend-request by userid (over IPC; daemon stays up)", (yy) => yy
         .option("userid", { type: "string", demandOption: true })
         .option("config-dir", { type: "string" }), async (argv) => {
         await cmdFriendsReject({ userid: argv.userid, configDir: argv["config-dir"] });
+    })
+        .demandCommand(1, "Specify a friends subcommand (run 'agentnet friends --help')"), () => {
+        // parent handler — never invoked because demandCommand above
     })
         .command("audit log", "View audit log", (y) => y.option("tail", { type: "number", default: 50 }).option("config-dir", { type: "string" }), async (argv) => {
         await cmdAuditLog({ tail: argv.tail, configDir: argv["config-dir"] });

package/dist/router/packet-router.d.ts

@@ -20,6 +20,7 @@ export interface PacketRouterOptions {
 export declare class PacketRouter extends EventEmitter {
     private tunDevice;
     private peerManager;
+    private ipam;
     private acl;
     private sessionManager;
     private logger;
@@ -54,6 +55,16 @@ export declare class PacketRouter extends EventEmitter {
      */
     private sendKeepalivesToActiveSessions;
     getStats(): ForwardingStats;
+    /**
+     * Add (or correct) a (carrierId, virtualIp) mapping in IPAM based on
+     * an authenticated inbound packet. Idempotent and cheap — does
+     * nothing when the mapping already matches.
+     *
+     * The IP can change for a single peer (dora re-allocation, daemon
+     * restart with a different fallback IP) so we always overwrite on
+     * mismatch rather than first-write-wins.
+     */
+    private learnPeerMapping;
     /**
      * Record a drop and bump per-destination diagnostics. Logs the FIRST
      * occurrence of each (dstIp, reason) at info level so the failure mode

package/dist/router/packet-router.js

@@ -9,9 +9,11 @@ import { EventEmitter } from "events";
 import { IpParser } from "./ip-parser.js";
 import { SessionManager } from "./session-manager.js";
 import { Logger } from "../utils/logger.js";
+const SUBNET_PREFIX = "10.86.";
 export class PacketRouter extends EventEmitter {
     tunDevice;
     peerManager;
+    ipam;
     acl;
     sessionManager;
     logger;
@@ -36,6 +38,7 @@ export class PacketRouter extends EventEmitter {
         super();
         this.tunDevice = opts.tunDevice;
         this.peerManager = opts.peerManager;
+        this.ipam = opts.ipam;
         this.acl = opts.acl;
         this.sessionManager = new SessionManager({
             peerManager: opts.peerManager,
@@ -154,6 +157,33 @@ export class PacketRouter extends EventEmitter {
             dropsByDst,
         };
     }
+    /**
+     * Add (or correct) a (carrierId, virtualIp) mapping in IPAM based on
+     * an authenticated inbound packet. Idempotent and cheap — does
+     * nothing when the mapping already matches.
+     *
+     * The IP can change for a single peer (dora re-allocation, daemon
+     * restart with a different fallback IP) so we always overwrite on
+     * mismatch rather than first-write-wins.
+     */
+    learnPeerMapping(srcPubkey, srcIp) {
+        const existing = this.ipam.resolveCarrierId(srcPubkey);
+        if (existing && existing.virtualIp === srcIp)
+            return;
+        // Skip our own pubkey — we already own our IPAM entry.
+        if (srcPubkey === this.peerManager.getPubkey())
+            return;
+        const name = existing?.name ?? `peer-${srcPubkey.slice(0, 8)}`;
+        this.ipam.assignPeer({
+            name,
+            carrierId: srcPubkey,
+            virtualIp: srcIp,
+            services: existing?.services ?? [],
+        });
+        this.logger.info(existing
+            ? `IPAM updated from inbound: ${name} ${existing.virtualIp} -> ${srcIp}`
+            : `IPAM learned from inbound: ${name} (${srcPubkey.slice(0, 12)}...) -> ${srcIp}`);
+    }
     /**
      * Record a drop and bump per-destination diagnostics. Logs the FIRST
      * occurrence of each (dstIp, reason) at info level so the failure mode
@@ -253,6 +283,25 @@ export class PacketRouter extends EventEmitter {
             this.logger.debug("Dropped invalid incoming IP packet");
             return;
         }
+        // Auto-learn (srcPubkey -> srcIp) into IPAM. Without this, ubuntu
+        // can receive cn's ICMP fine but the reply path fails: ubuntu's
+        // outbound handleOutgoingPacket calls ipam.resolveIp("10.86.1.15")
+        // which returns null when ubuntu's dora roster sync is broken
+        // (dora friend offline, no other source for cn's virtualIp).
+        //
+        // We trust the (srcPubkey, srcIp) pairing for two reasons:
+        //   1. srcPubkey is Carrier-authenticated — only the real cn can
+        //      open a PacketSession against ubuntu under cn's userid.
+        //   2. The only damage a lying sender could cause is shadowing
+        //      their OWN reply routing — the IP is the destination for
+        //      packets WE send back to THEM, no third party affected.
+        //
+        // Scope to the agentnet subnet (10.86.0.0/16) so a buggy peer
+        // leaking RFC1918 traffic through the TUN can't pollute our IPAM
+        // with 192.168.x.x entries.
+        if (parsed.srcIp.startsWith(SUBNET_PREFIX)) {
+            this.learnPeerMapping(srcPubkey, parsed.srcIp);
+        }
         const proto = IpParser.protoName(parsed.protocol);
         // ACL check (inbound)
         if (parsed.dstPort !== undefined && (proto === "tcp" || proto === "udp")) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",