@decentnetwork/lan 0.1.21 → 0.1.22

package/dist/cli/commands.d.ts

@@ -265,3 +265,34 @@ export declare function cmdDoraAutofriend(args: {
     values?: string[];
     configDir?: string;
 }): Promise<void>;
+/**
+ * Install the daemon as a persistent system service.
+ *
+ * Linux  → writes /etc/systemd/system/agentnet.service, daemon-reload,
+ *          enable+start. Sets ExecStart to the resolved `agentnet`
+ *          binary and threads --config-dir so sudo's $HOME=/root
+ *          doesn't pick up an empty /root/.agentnet.
+ * macOS  → writes /Library/LaunchDaemons/com.decentlan.agentnet.plist,
+ *          launchctl load (RunAtLoad + KeepAlive).
+ *
+ * Both surfaces stream stdout/stderr to /var/log/agentnet.log so a
+ * single `tail -f /var/log/agentnet.log` works regardless of platform.
+ * `--uninstall` reverses each respectively.
+ *
+ * Requires root (writes to /etc or /Library). On Linux the resolved
+ * unit will run as User=root; on macOS the LaunchDaemon already runs
+ * as root. The CLI complains loudly with the missing-sudo hint if
+ * the writes fail with EACCES.
+ */
+export declare function cmdServiceInstall(args: {
+    uninstall?: boolean;
+    configDir?: string;
+}): Promise<void>;
+/**
+ * Show whether the service is installed + running. Cross-platform
+ * pass-through to systemctl status / launchctl list with a one-line
+ * up/down summary up top.
+ */
+export declare function cmdServiceStatus(_args: {
+    configDir?: string;
+}): Promise<void>;

package/dist/cli/commands.js

@@ -4,7 +4,7 @@
 import { resolve, dirname } from "path";
 import { existsSync, mkdirSync, readFileSync } from "fs";
 import { createConnection } from "net";
-import { ConfigLoader } from "../config/loader.js";
+import { ConfigLoader, DEFAULT_DORA_USERID, DEFAULT_DORA_ADDRESS } from "../config/loader.js";
 import { ipcSocketPath } from "../daemon/ipc.js";
 import { DaemonServer } from "../daemon/server.js";
 import { Ipam } from "../ipam/ipam.js";
@@ -129,7 +129,31 @@ export async function cmdInit(args) {
     console.log(`  Config dir: ${dir}`);
     console.log(`  Subnet: ${config.network.subnet}`);
     console.log(`  Interface: ${config.network.interface}`);
-    console.log(`\nNext: agentnet up --name ${nodeName}`);
+    // Send the one-time friend-request to the default dora so the daemon
+    // can register on first start. Best-effort: a friend-request requires
+    // joinNetwork + an announce round, ~10-30s; we cap the wait and
+    // surface a hint if it doesn't go through. Skipped when the user
+    // overrode dora.userids away from the default (i.e. they're pointing
+    // at a private dora — they'll run `agentnet dora enable` themselves).
+    const defaultDoraConfigured = (config.dora?.userids ?? []).includes(DEFAULT_DORA_USERID);
+    if (defaultDoraConfigured) {
+        console.log(`\nFriending the public dora (${DEFAULT_DORA_USERID.slice(0, 16)}...) so the daemon can join the shared network on first start.`);
+        try {
+            await cmdFriendRequest({
+                address: DEFAULT_DORA_ADDRESS,
+                hello: `decentlan init (${nodeName})`,
+                waitMs: 8000,
+                configDir: dir,
+            });
+            console.log(`  Friend-request dispatched. Auto-accept on the dora side will take it from here.`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.warn(`  Friend-request to the default dora failed: ${msg}`);
+            console.warn(`  Re-run later: agentnet dora enable --address ${DEFAULT_DORA_ADDRESS}`);
+        }
+    }
+    console.log(`\nNext: sudo agentnet service install   # or 'agentnet up --real-tun' to run in foreground`);
 }
 /**
  * Show identity information.
@@ -1238,3 +1262,169 @@ export async function cmdDoraAutofriend(args) {
     }
     console.log(`Takes effect on the next roster refresh (~60s) or daemon restart.`);
 }
+/**
+ * Install the daemon as a persistent system service.
+ *
+ * Linux  → writes /etc/systemd/system/agentnet.service, daemon-reload,
+ *          enable+start. Sets ExecStart to the resolved `agentnet`
+ *          binary and threads --config-dir so sudo's $HOME=/root
+ *          doesn't pick up an empty /root/.agentnet.
+ * macOS  → writes /Library/LaunchDaemons/com.decentlan.agentnet.plist,
+ *          launchctl load (RunAtLoad + KeepAlive).
+ *
+ * Both surfaces stream stdout/stderr to /var/log/agentnet.log so a
+ * single `tail -f /var/log/agentnet.log` works regardless of platform.
+ * `--uninstall` reverses each respectively.
+ *
+ * Requires root (writes to /etc or /Library). On Linux the resolved
+ * unit will run as User=root; on macOS the LaunchDaemon already runs
+ * as root. The CLI complains loudly with the missing-sudo hint if
+ * the writes fail with EACCES.
+ */
+export async function cmdServiceInstall(args) {
+    const dir = args.configDir || ConfigLoader.defaultConfigDir();
+    const { spawnSync, execSync } = await import("child_process");
+    if (process.platform === "linux") {
+        const unitPath = "/etc/systemd/system/agentnet.service";
+        if (args.uninstall) {
+            spawnSync("systemctl", ["disable", "--now", "agentnet"], { stdio: "inherit" });
+            try {
+                const { unlinkSync, existsSync } = await import("fs");
+                if (existsSync(unitPath))
+                    unlinkSync(unitPath);
+                execSync("systemctl daemon-reload");
+                console.log(`Removed ${unitPath} and disabled the service.`);
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                throw new Error(`Could not remove ${unitPath} (need root?): ${msg}`);
+            }
+            return;
+        }
+        // Resolve the `agentnet` binary. argv[1] is dist/cli/index.js when
+        // invoked as `node …/index.js`, so a `which` lookup is more
+        // portable. Fall back to /usr/local/bin/agentnet (npm-default
+        // global prefix on most Linux setups) if the lookup fails.
+        let agentnetBin;
+        try {
+            agentnetBin = execSync("command -v agentnet", { encoding: "utf-8" }).trim();
+            if (!agentnetBin)
+                throw new Error("not found");
+        }
+        catch {
+            agentnetBin = "/usr/local/bin/agentnet";
+        }
+        const unit = `[Unit]
+Description=Decent AgentNet daemon
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=root
+ExecStart=${agentnetBin} up --real-tun --config-dir ${dir}
+Restart=on-failure
+RestartSec=5
+StandardOutput=append:/var/log/agentnet.log
+StandardError=append:/var/log/agentnet.log
+
+[Install]
+WantedBy=multi-user.target
+`;
+        try {
+            const fs = await import("fs/promises");
+            await fs.writeFile(unitPath, unit, "utf-8");
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Could not write ${unitPath} (need root? try 'sudo'): ${msg}`);
+        }
+        execSync("systemctl daemon-reload");
+        execSync("systemctl enable --now agentnet");
+        console.log(`Installed ${unitPath} and started agentnet.service.`);
+        console.log(`Logs: journalctl -u agentnet -f   (or /var/log/agentnet.log)`);
+        return;
+    }
+    if (process.platform === "darwin") {
+        const plistPath = "/Library/LaunchDaemons/com.decentlan.agentnet.plist";
+        if (args.uninstall) {
+            spawnSync("launchctl", ["unload", plistPath], { stdio: "inherit" });
+            try {
+                const { unlinkSync, existsSync } = await import("fs");
+                if (existsSync(plistPath))
+                    unlinkSync(plistPath);
+                console.log(`Unloaded and removed ${plistPath}.`);
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                throw new Error(`Could not remove ${plistPath} (need root?): ${msg}`);
+            }
+            return;
+        }
+        let agentnetBin;
+        try {
+            agentnetBin = execSync("command -v agentnet", { encoding: "utf-8" }).trim();
+            if (!agentnetBin)
+                throw new Error("not found");
+        }
+        catch {
+            agentnetBin = "/usr/local/bin/agentnet";
+        }
+        const plist = `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0"><dict>
+  <key>Label</key><string>com.decentlan.agentnet</string>
+  <key>UserName</key><string>root</string>
+  <key>ProgramArguments</key><array>
+    <string>${agentnetBin}</string>
+    <string>up</string>
+    <string>--real-tun</string>
+    <string>--config-dir</string>
+    <string>${dir}</string>
+  </array>
+  <key>RunAtLoad</key><true/>
+  <key>KeepAlive</key><true/>
+  <key>StandardOutPath</key><string>/var/log/agentnet.log</string>
+  <key>StandardErrorPath</key><string>/var/log/agentnet.log</string>
+</dict></plist>
+`;
+        try {
+            const fs = await import("fs/promises");
+            await fs.writeFile(plistPath, plist, "utf-8");
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Could not write ${plistPath} (need root? try 'sudo'): ${msg}`);
+        }
+        execSync(`launchctl load ${plistPath}`);
+        console.log(`Installed ${plistPath} and started com.decentlan.agentnet.`);
+        console.log(`Logs: tail -f /var/log/agentnet.log`);
+        return;
+    }
+    throw new Error(`'service install' isn't wired up for ${process.platform}. Run 'agentnet up --real-tun' in the foreground for now.`);
+}
+/**
+ * Show whether the service is installed + running. Cross-platform
+ * pass-through to systemctl status / launchctl list with a one-line
+ * up/down summary up top.
+ */
+export async function cmdServiceStatus(_args) {
+    const { spawnSync } = await import("child_process");
+    if (process.platform === "linux") {
+        const r = spawnSync("systemctl", ["status", "agentnet", "--no-pager"], { encoding: "utf-8" });
+        process.stdout.write(r.stdout || "");
+        if (r.stderr)
+            process.stderr.write(r.stderr);
+        process.exit(r.status ?? 0);
+    }
+    if (process.platform === "darwin") {
+        const r = spawnSync("launchctl", ["list", "com.decentlan.agentnet"], { encoding: "utf-8" });
+        if ((r.status ?? 0) !== 0) {
+            console.log("Not loaded. Install with 'sudo agentnet service install'.");
+            return;
+        }
+        process.stdout.write(r.stdout || "");
+        return;
+    }
+    console.log(`'service status' isn't wired up for ${process.platform}.`);
+}

package/dist/cli/index.js

@@ -10,7 +10,7 @@ import { hideBin } from "yargs/helpers";
 // Belt-and-braces — also raise it here in case the CLI is run directly
 // (e.g. `node dist/cli/index.js` rather than via dist/index.js).
 EventEmitter.defaultMaxListeners = 100;
-import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDoraAutofriend, cmdDiag, cmdDnsInstall, cmdDnsHosts, } from "./commands.js";
+import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDoraAutofriend, cmdDiag, cmdDnsInstall, cmdDnsHosts, cmdServiceInstall, cmdServiceStatus, } from "./commands.js";
 async function main() {
     await yargs(hideBin(process.argv))
         .scriptName("agentnet")
@@ -97,6 +97,27 @@ async function main() {
     })
         .demandCommand(1, "Specify a dns subcommand (run 'agentnet dns --help')"), () => {
         // parent handler — never invoked because demandCommand
+    })
+        // Persistent system service — wraps systemctl (Linux) and
+        // launchctl (macOS) so a new operator runs ONE command to install
+        // + start + persist instead of hand-writing a unit/plist.
+        .command("service", "Install/uninstall/inspect the daemon as a system service (systemd on Linux, launchd on macOS)", (y) => y
+        .command("install", "Write the unit/plist, enable + start (needs sudo)", (yy) => yy
+        .option("uninstall", { type: "boolean", default: false, describe: "Reverse the install" })
+        .option("config-dir", { type: "string" }), async (argv) => {
+        await cmdServiceInstall({
+            uninstall: argv.uninstall,
+            configDir: argv["config-dir"],
+        });
+    })
+        .command("uninstall", "Stop and remove the system service (alias for 'service install --uninstall')", (yy) => yy.option("config-dir", { type: "string" }), async (argv) => {
+        await cmdServiceInstall({ uninstall: true, configDir: argv["config-dir"] });
+    })
+        .command("status", "Show service status (systemctl status / launchctl list)", (yy) => yy.option("config-dir", { type: "string" }), async (argv) => {
+        await cmdServiceStatus({ configDir: argv["config-dir"] });
+    })
+        .demandCommand(1, "Specify a service subcommand (run 'agentnet service --help')"), () => {
+        // parent handler — never invoked because demandCommand above
     })
         .command("up", "Start the daemon", (y) => y
         .option("name", { type: "string" })

package/dist/config/loader.d.ts

@@ -1,4 +1,17 @@
 import type { DecentAgentNetConfig } from "../types.js";
+/**
+ * Public dora server baked into `agentnet init` so an operator can join
+ * the canonical Decent AgentNet without first hunting down a registry
+ * address. Override by editing `dora.userids` (and re-running
+ * `agentnet dora enable --address <yours>`) — or by running a private
+ * dora and pointing your own peers at it.
+ *
+ * Both fields are required: the daemon needs `userid` to talk to the
+ * server over Carrier, and `address` so `agentnet init` can send the
+ * one-time friend-request that establishes the Carrier session.
+ */
+export declare const DEFAULT_DORA_USERID = "98rsHv17h8G6AP9RagyrBiT1kmw4cn8MFPEembS6ZVjv";
+export declare const DEFAULT_DORA_ADDRESS = "Jt7w1pKkyLT5GVue9h6ZPkjg1EeuuTbD6JVSLycXLsdm6nvBGSUd";
 export declare class ConfigLoader {
     static defaultConfigPath(): string;
     static defaultConfigDir(): string;

package/dist/config/loader.js

@@ -23,6 +23,19 @@ const DEFAULT_BOOTSTRAP_NODES = [
 const DEFAULT_EXPRESS_NODES = [
     { host: "lens.beagle.chat", port: 443, pk: "ECbs4GxwGzxGerNkmqDJFibEmevu8jAXqAZtikccvD95" },
 ];
+/**
+ * Public dora server baked into `agentnet init` so an operator can join
+ * the canonical Decent AgentNet without first hunting down a registry
+ * address. Override by editing `dora.userids` (and re-running
+ * `agentnet dora enable --address <yours>`) — or by running a private
+ * dora and pointing your own peers at it.
+ *
+ * Both fields are required: the daemon needs `userid` to talk to the
+ * server over Carrier, and `address` so `agentnet init` can send the
+ * one-time friend-request that establishes the Carrier session.
+ */
+export const DEFAULT_DORA_USERID = "98rsHv17h8G6AP9RagyrBiT1kmw4cn8MFPEembS6ZVjv";
+export const DEFAULT_DORA_ADDRESS = "Jt7w1pKkyLT5GVue9h6ZPkjg1EeuuTbD6JVSLycXLsdm6nvBGSUd";
 export class ConfigLoader {
     static defaultConfigPath() {
         return DEFAULT_CONFIG_FILE;
@@ -101,12 +114,16 @@ export class ConfigLoader {
             friends: {
                 autoAccept: true,
             },
-            // Dora integration is opt-in. Leave userids empty to fall back to
-            // manual ipam.yaml mode. Once a dora server's userid is added,
-            // the daemon registers itself on startup and pulls the roster.
+            // Dora integration is ON by default and points at the public
+            // canonical dora — `agentnet init` follows up with a one-time
+            // friend-request to its address, so a fresh install joins the
+            // shared network with zero additional commands. To run in
+            // private (no dora) mode: `agentnet dora disable`. To point at
+            // your own dora: `agentnet dora enable --address <addr>` (it
+            // replaces the default).
             dora: {
-                enabled: false,
-                userids: [],
+                enabled: true,
+                userids: [DEFAULT_DORA_USERID],
                 refreshIntervalMs: 60_000,
                 // Default: auto-friend every peer in the dora roster. Dora
                 // membership IS the trust statement — joining a dora means

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.21",
+  "version": "0.1.22",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",