@decentnetwork/lan 0.1.21 → 0.1.23

package/dist/cli/commands.d.ts

@@ -265,3 +265,34 @@ export declare function cmdDoraAutofriend(args: {
     values?: string[];
     configDir?: string;
 }): Promise<void>;
+/**
+ * Install the daemon as a persistent system service.
+ *
+ * Linux  → writes /etc/systemd/system/agentnet.service, daemon-reload,
+ *          enable+start. Sets ExecStart to the resolved `agentnet`
+ *          binary and threads --config-dir so sudo's $HOME=/root
+ *          doesn't pick up an empty /root/.agentnet.
+ * macOS  → writes /Library/LaunchDaemons/com.decentlan.agentnet.plist,
+ *          launchctl load (RunAtLoad + KeepAlive).
+ *
+ * Both surfaces stream stdout/stderr to /var/log/agentnet.log so a
+ * single `tail -f /var/log/agentnet.log` works regardless of platform.
+ * `--uninstall` reverses each respectively.
+ *
+ * Requires root (writes to /etc or /Library). On Linux the resolved
+ * unit will run as User=root; on macOS the LaunchDaemon already runs
+ * as root. The CLI complains loudly with the missing-sudo hint if
+ * the writes fail with EACCES.
+ */
+export declare function cmdServiceInstall(args: {
+    uninstall?: boolean;
+    configDir?: string;
+}): Promise<void>;
+/**
+ * Show whether the service is installed + running. Cross-platform
+ * pass-through to systemctl status / launchctl list with a one-line
+ * up/down summary up top.
+ */
+export declare function cmdServiceStatus(_args: {
+    configDir?: string;
+}): Promise<void>;

package/dist/cli/commands.js

@@ -4,7 +4,7 @@
 import { resolve, dirname } from "path";
 import { existsSync, mkdirSync, readFileSync } from "fs";
 import { createConnection } from "net";
-import { ConfigLoader } from "../config/loader.js";
+import { ConfigLoader, DEFAULT_DORA_USERID, DEFAULT_DORA_ADDRESS } from "../config/loader.js";
 import { ipcSocketPath } from "../daemon/ipc.js";
 import { DaemonServer } from "../daemon/server.js";
 import { Ipam } from "../ipam/ipam.js";
@@ -129,7 +129,31 @@ export async function cmdInit(args) {
     console.log(`  Config dir: ${dir}`);
     console.log(`  Subnet: ${config.network.subnet}`);
     console.log(`  Interface: ${config.network.interface}`);
-    console.log(`\nNext: agentnet up --name ${nodeName}`);
+    // Send the one-time friend-request to the default dora so the daemon
+    // can register on first start. Best-effort: a friend-request requires
+    // joinNetwork + an announce round, ~10-30s; we cap the wait and
+    // surface a hint if it doesn't go through. Skipped when the user
+    // overrode dora.userids away from the default (i.e. they're pointing
+    // at a private dora — they'll run `agentnet dora enable` themselves).
+    const defaultDoraConfigured = (config.dora?.userids ?? []).includes(DEFAULT_DORA_USERID);
+    if (defaultDoraConfigured) {
+        console.log(`\nFriending the public dora (${DEFAULT_DORA_USERID.slice(0, 16)}...) so the daemon can join the shared network on first start.`);
+        try {
+            await cmdFriendRequest({
+                address: DEFAULT_DORA_ADDRESS,
+                hello: `decentlan init (${nodeName})`,
+                waitMs: 8000,
+                configDir: dir,
+            });
+            console.log(`  Friend-request dispatched. Auto-accept on the dora side will take it from here.`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.warn(`  Friend-request to the default dora failed: ${msg}`);
+            console.warn(`  Re-run later: agentnet dora enable --address ${DEFAULT_DORA_ADDRESS}`);
+        }
+    }
+    console.log(`\nNext: sudo agentnet service install   # or 'agentnet up --real-tun' to run in foreground`);
 }
 /**
  * Show identity information.
@@ -1238,3 +1262,194 @@ export async function cmdDoraAutofriend(args) {
     }
     console.log(`Takes effect on the next roster refresh (~60s) or daemon restart.`);
 }
+/**
+ * Install the daemon as a persistent system service.
+ *
+ * Linux  → writes /etc/systemd/system/agentnet.service, daemon-reload,
+ *          enable+start. Sets ExecStart to the resolved `agentnet`
+ *          binary and threads --config-dir so sudo's $HOME=/root
+ *          doesn't pick up an empty /root/.agentnet.
+ * macOS  → writes /Library/LaunchDaemons/com.decentlan.agentnet.plist,
+ *          launchctl load (RunAtLoad + KeepAlive).
+ *
+ * Both surfaces stream stdout/stderr to /var/log/agentnet.log so a
+ * single `tail -f /var/log/agentnet.log` works regardless of platform.
+ * `--uninstall` reverses each respectively.
+ *
+ * Requires root (writes to /etc or /Library). On Linux the resolved
+ * unit will run as User=root; on macOS the LaunchDaemon already runs
+ * as root. The CLI complains loudly with the missing-sudo hint if
+ * the writes fail with EACCES.
+ */
+export async function cmdServiceInstall(args) {
+    // Detect sudo's $HOME=/root trap. When `service install` is run via
+    // sudo and no --config-dir is provided, derive the home dir from
+    // SUDO_USER instead of os.homedir() — otherwise the unit's
+    // ExecStart points at /root/.agentnet which is empty and the daemon
+    // immediately crash-loops. Falls back to defaultConfigDir() when
+    // SUDO_USER isn't set (non-sudo invocation).
+    let dir;
+    if (args.configDir) {
+        dir = args.configDir;
+    }
+    else if (process.env.SUDO_USER && process.env.SUDO_USER !== "root") {
+        const { execSync } = await import("child_process");
+        try {
+            const sudoHome = execSync(`getent passwd ${process.env.SUDO_USER} | cut -d: -f6`, { encoding: "utf-8" }).trim();
+            dir = sudoHome
+                ? `${sudoHome}/.agentnet`
+                : ConfigLoader.defaultConfigDir();
+            console.log(`[service install] sudo detected — using ${dir} (override with --config-dir)`);
+        }
+        catch {
+            dir = ConfigLoader.defaultConfigDir();
+        }
+    }
+    else {
+        dir = ConfigLoader.defaultConfigDir();
+    }
+    const { spawnSync, execSync } = await import("child_process");
+    if (process.platform === "linux") {
+        const unitPath = "/etc/systemd/system/agentnet.service";
+        if (args.uninstall) {
+            spawnSync("systemctl", ["disable", "--now", "agentnet"], { stdio: "inherit" });
+            try {
+                const { unlinkSync, existsSync } = await import("fs");
+                if (existsSync(unitPath))
+                    unlinkSync(unitPath);
+                execSync("systemctl daemon-reload");
+                console.log(`Removed ${unitPath} and disabled the service.`);
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                throw new Error(`Could not remove ${unitPath} (need root?): ${msg}`);
+            }
+            return;
+        }
+        // Resolve the `agentnet` binary. argv[1] is dist/cli/index.js when
+        // invoked as `node …/index.js`, so a `which` lookup is more
+        // portable. Fall back to /usr/local/bin/agentnet (npm-default
+        // global prefix on most Linux setups) if the lookup fails.
+        let agentnetBin;
+        try {
+            agentnetBin = execSync("command -v agentnet", { encoding: "utf-8" }).trim();
+            if (!agentnetBin)
+                throw new Error("not found");
+        }
+        catch {
+            agentnetBin = "/usr/local/bin/agentnet";
+        }
+        const unit = `[Unit]
+Description=Decent AgentNet daemon
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=root
+ExecStart=${agentnetBin} up --real-tun --config-dir ${dir}
+Restart=on-failure
+RestartSec=5
+StandardOutput=append:/var/log/agentnet.log
+StandardError=append:/var/log/agentnet.log
+
+[Install]
+WantedBy=multi-user.target
+`;
+        try {
+            const fs = await import("fs/promises");
+            await fs.writeFile(unitPath, unit, "utf-8");
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Could not write ${unitPath} (need root? try 'sudo'): ${msg}`);
+        }
+        execSync("systemctl daemon-reload");
+        execSync("systemctl enable --now agentnet");
+        console.log(`Installed ${unitPath} and started agentnet.service.`);
+        console.log(`Logs: journalctl -u agentnet -f   (or /var/log/agentnet.log)`);
+        return;
+    }
+    if (process.platform === "darwin") {
+        const plistPath = "/Library/LaunchDaemons/com.decentlan.agentnet.plist";
+        if (args.uninstall) {
+            spawnSync("launchctl", ["unload", plistPath], { stdio: "inherit" });
+            try {
+                const { unlinkSync, existsSync } = await import("fs");
+                if (existsSync(plistPath))
+                    unlinkSync(plistPath);
+                console.log(`Unloaded and removed ${plistPath}.`);
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                throw new Error(`Could not remove ${plistPath} (need root?): ${msg}`);
+            }
+            return;
+        }
+        let agentnetBin;
+        try {
+            agentnetBin = execSync("command -v agentnet", { encoding: "utf-8" }).trim();
+            if (!agentnetBin)
+                throw new Error("not found");
+        }
+        catch {
+            agentnetBin = "/usr/local/bin/agentnet";
+        }
+        const plist = `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0"><dict>
+  <key>Label</key><string>com.decentlan.agentnet</string>
+  <key>UserName</key><string>root</string>
+  <key>ProgramArguments</key><array>
+    <string>${agentnetBin}</string>
+    <string>up</string>
+    <string>--real-tun</string>
+    <string>--config-dir</string>
+    <string>${dir}</string>
+  </array>
+  <key>RunAtLoad</key><true/>
+  <key>KeepAlive</key><true/>
+  <key>StandardOutPath</key><string>/var/log/agentnet.log</string>
+  <key>StandardErrorPath</key><string>/var/log/agentnet.log</string>
+</dict></plist>
+`;
+        try {
+            const fs = await import("fs/promises");
+            await fs.writeFile(plistPath, plist, "utf-8");
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Could not write ${plistPath} (need root? try 'sudo'): ${msg}`);
+        }
+        execSync(`launchctl load ${plistPath}`);
+        console.log(`Installed ${plistPath} and started com.decentlan.agentnet.`);
+        console.log(`Logs: tail -f /var/log/agentnet.log`);
+        return;
+    }
+    throw new Error(`'service install' isn't wired up for ${process.platform}. Run 'agentnet up --real-tun' in the foreground for now.`);
+}
+/**
+ * Show whether the service is installed + running. Cross-platform
+ * pass-through to systemctl status / launchctl list with a one-line
+ * up/down summary up top.
+ */
+export async function cmdServiceStatus(_args) {
+    const { spawnSync } = await import("child_process");
+    if (process.platform === "linux") {
+        const r = spawnSync("systemctl", ["status", "agentnet", "--no-pager"], { encoding: "utf-8" });
+        process.stdout.write(r.stdout || "");
+        if (r.stderr)
+            process.stderr.write(r.stderr);
+        process.exit(r.status ?? 0);
+    }
+    if (process.platform === "darwin") {
+        const r = spawnSync("launchctl", ["list", "com.decentlan.agentnet"], { encoding: "utf-8" });
+        if ((r.status ?? 0) !== 0) {
+            console.log("Not loaded. Install with 'sudo agentnet service install'.");
+            return;
+        }
+        process.stdout.write(r.stdout || "");
+        return;
+    }
+    console.log(`'service status' isn't wired up for ${process.platform}.`);
+}

package/dist/cli/index.js

@@ -10,7 +10,7 @@ import { hideBin } from "yargs/helpers";
 // Belt-and-braces — also raise it here in case the CLI is run directly
 // (e.g. `node dist/cli/index.js` rather than via dist/index.js).
 EventEmitter.defaultMaxListeners = 100;
-import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDoraAutofriend, cmdDiag, cmdDnsInstall, cmdDnsHosts, } from "./commands.js";
+import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDoraAutofriend, cmdDiag, cmdDnsInstall, cmdDnsHosts, cmdServiceInstall, cmdServiceStatus, } from "./commands.js";
 async function main() {
     await yargs(hideBin(process.argv))
         .scriptName("agentnet")
@@ -97,6 +97,27 @@ async function main() {
     })
         .demandCommand(1, "Specify a dns subcommand (run 'agentnet dns --help')"), () => {
         // parent handler — never invoked because demandCommand
+    })
+        // Persistent system service — wraps systemctl (Linux) and
+        // launchctl (macOS) so a new operator runs ONE command to install
+        // + start + persist instead of hand-writing a unit/plist.
+        .command("service", "Install/uninstall/inspect the daemon as a system service (systemd on Linux, launchd on macOS)", (y) => y
+        .command("install", "Write the unit/plist, enable + start (needs sudo)", (yy) => yy
+        .option("uninstall", { type: "boolean", default: false, describe: "Reverse the install" })
+        .option("config-dir", { type: "string" }), async (argv) => {
+        await cmdServiceInstall({
+            uninstall: argv.uninstall,
+            configDir: argv["config-dir"],
+        });
+    })
+        .command("uninstall", "Stop and remove the system service (alias for 'service install --uninstall')", (yy) => yy.option("config-dir", { type: "string" }), async (argv) => {
+        await cmdServiceInstall({ uninstall: true, configDir: argv["config-dir"] });
+    })
+        .command("status", "Show service status (systemctl status / launchctl list)", (yy) => yy.option("config-dir", { type: "string" }), async (argv) => {
+        await cmdServiceStatus({ configDir: argv["config-dir"] });
+    })
+        .demandCommand(1, "Specify a service subcommand (run 'agentnet service --help')"), () => {
+        // parent handler — never invoked because demandCommand above
     })
         .command("up", "Start the daemon", (y) => y
         .option("name", { type: "string" })

package/dist/config/loader.d.ts

@@ -1,4 +1,17 @@
 import type { DecentAgentNetConfig } from "../types.js";
+/**
+ * Public dora server baked into `agentnet init` so an operator can join
+ * the canonical Decent AgentNet without first hunting down a registry
+ * address. Override by editing `dora.userids` (and re-running
+ * `agentnet dora enable --address <yours>`) — or by running a private
+ * dora and pointing your own peers at it.
+ *
+ * Both fields are required: the daemon needs `userid` to talk to the
+ * server over Carrier, and `address` so `agentnet init` can send the
+ * one-time friend-request that establishes the Carrier session.
+ */
+export declare const DEFAULT_DORA_USERID = "98rsHv17h8G6AP9RagyrBiT1kmw4cn8MFPEembS6ZVjv";
+export declare const DEFAULT_DORA_ADDRESS = "Jt7w1pKkyLT5GVue9h6ZPkjg1EeuuTbD6JVSLycXLsdm6nvBGSUd";
 export declare class ConfigLoader {
     static defaultConfigPath(): string;
     static defaultConfigDir(): string;

package/dist/config/loader.js

@@ -23,6 +23,19 @@ const DEFAULT_BOOTSTRAP_NODES = [
 const DEFAULT_EXPRESS_NODES = [
     { host: "lens.beagle.chat", port: 443, pk: "ECbs4GxwGzxGerNkmqDJFibEmevu8jAXqAZtikccvD95" },
 ];
+/**
+ * Public dora server baked into `agentnet init` so an operator can join
+ * the canonical Decent AgentNet without first hunting down a registry
+ * address. Override by editing `dora.userids` (and re-running
+ * `agentnet dora enable --address <yours>`) — or by running a private
+ * dora and pointing your own peers at it.
+ *
+ * Both fields are required: the daemon needs `userid` to talk to the
+ * server over Carrier, and `address` so `agentnet init` can send the
+ * one-time friend-request that establishes the Carrier session.
+ */
+export const DEFAULT_DORA_USERID = "98rsHv17h8G6AP9RagyrBiT1kmw4cn8MFPEembS6ZVjv";
+export const DEFAULT_DORA_ADDRESS = "Jt7w1pKkyLT5GVue9h6ZPkjg1EeuuTbD6JVSLycXLsdm6nvBGSUd";
 export class ConfigLoader {
     static defaultConfigPath() {
         return DEFAULT_CONFIG_FILE;
@@ -101,12 +114,16 @@ export class ConfigLoader {
             friends: {
                 autoAccept: true,
             },
-            // Dora integration is opt-in. Leave userids empty to fall back to
-            // manual ipam.yaml mode. Once a dora server's userid is added,
-            // the daemon registers itself on startup and pulls the roster.
+            // Dora integration is ON by default and points at the public
+            // canonical dora — `agentnet init` follows up with a one-time
+            // friend-request to its address, so a fresh install joins the
+            // shared network with zero additional commands. To run in
+            // private (no dora) mode: `agentnet dora disable`. To point at
+            // your own dora: `agentnet dora enable --address <addr>` (it
+            // replaces the default).
             dora: {
-                enabled: false,
-                userids: [],
+                enabled: true,
+                userids: [DEFAULT_DORA_USERID],
                 refreshIntervalMs: 60_000,
                 // Default: auto-friend every peer in the dora roster. Dora
                 // membership IS the trust statement — joining a dora means

package/dist/dora/dora-integration.d.ts

@@ -61,6 +61,20 @@ export declare class DoraIntegration {
      * us, and auto-IP allocation is lost. bootstrap() re-derives its
      * own myUserid so we don't need to thread it through.
      */
+    /**
+     * Re-send the friend-request to each configured dora userid that's
+     * still in "requested" state. The public express relay can drop
+     * friend-requests transiently (HTTP 500s observed in the wild) AND
+     * DHT onion discovery can miss freshly-restarted dora announces;
+     * either path failing strands a daemon with `status: requested`
+     * forever. The Carrier SDK doesn't retry the friend-request on
+     * its own, so we kick it again here whenever bootstrap retry runs.
+     *
+     * We read the address back from peer.friends() — `sendFriendRequest`
+     * stored it in the friend record when the original (failed) request
+     * went out, so we don't need it threaded through config.
+     */
+    private resendStuckFriendRequests;
     private scheduleBootstrapRetry;
     /**
      * Wrap a single register call with up to 3 retries spaced 2s apart.

package/dist/dora/dora-integration.js

@@ -185,12 +185,48 @@ export class DoraIntegration {
      * us, and auto-IP allocation is lost. bootstrap() re-derives its
      * own myUserid so we don't need to thread it through.
      */
+    /**
+     * Re-send the friend-request to each configured dora userid that's
+     * still in "requested" state. The public express relay can drop
+     * friend-requests transiently (HTTP 500s observed in the wild) AND
+     * DHT onion discovery can miss freshly-restarted dora announces;
+     * either path failing strands a daemon with `status: requested`
+     * forever. The Carrier SDK doesn't retry the friend-request on
+     * its own, so we kick it again here whenever bootstrap retry runs.
+     *
+     * We read the address back from peer.friends() — `sendFriendRequest`
+     * stored it in the friend record when the original (failed) request
+     * went out, so we don't need it threaded through config.
+     */
+    resendStuckFriendRequests() {
+        const userids = this.opts.config.userids ?? [];
+        const peer = this.opts.peerManager;
+        const friends = peer.getFriends();
+        for (const id of userids) {
+            const f = friends.find((x) => x.userid === id || x.pubkey === id);
+            if (!f)
+                continue;
+            if (f.status !== "requested")
+                continue;
+            if (!f.address)
+                continue;
+            this.logger.info(`Re-sending friend-request to dora ${id.slice(0, 16)}... (status was 'requested')`);
+            peer
+                .sendFriendRequest(f.address, "decentlan: dora retry")
+                .catch((err) => {
+                this.logger.debug(`friend-request retry failed for ${id.slice(0, 16)}: ${err instanceof Error ? err.message : err}`);
+            });
+        }
+    }
     scheduleBootstrapRetry() {
         if (this.retryBootstrapTimer || this.registered)
             return;
         const tick = () => {
             if (this.registered)
                 return;
+            // Re-send the friend-request first — if it was lost to express
+            // 500s or DHT misses, this is what unblocks the retry.
+            this.resendStuckFriendRequests();
             this.logger.debug("Retrying dora bootstrap…");
             // Don't await — let it run async and clear the timer if it
             // succeeds, otherwise leave the timer running.

package/docs/INSTALL.md

@@ -35,25 +35,56 @@ specific TUN helper binaries (we ship `linux-amd64`, `linux-arm64`,
 agentnet --help
 ```
 
-## First-time setup
+## First-time setup — three commands
 
 ```bash
-# 1. Generate this machine's Carrier identity + default config
-agentnet init --name my-laptop
+sudo npm install -g @decentnetwork/lan
+agentnet init --name my-machine
+sudo agentnet service install --config-dir $HOME/.agentnet
+```
+
+That's it. `agentnet init` already points at the public dora and sends
+the one-time friend-request; `service install` writes a systemd unit
+(Linux) or LaunchDaemon (macOS) that runs the daemon as root with
+auto-restart and logs to `/var/log/agentnet.log`.
 
-# 2. Point at the dora name server. Pass the FULL ADDRESS (whoever
-#    runs dora publishes it). This one command friends dora,
-#    derives its userid, and writes the config — no separate
-#    friend-request step needed.
-agentnet dora enable --address <dora's Carrier address>
+Wait ~60–90s, then verify:
 
-# 3. Start the daemon (needs sudo for the TUN device)
-sudo $(which agentnet) up --real-tun
+```bash
+agentnet ipam list           # should show 6+ peers
+agentnet diag | grep tun     # your allocated 10.86.1.x
+```
+
+> ### If `ipam list` shows only yourself after 2 minutes
+> The friend-request to dora didn't land — usually because the public
+> express relay is having a bad day and Vultr/cloud DHT discovery
+> sometimes misses freshly-restarted dora announces. Two quick
+> recovery steps:
+>
+> 1. Re-send the friend-request directly through your live daemon:
+>    ```bash
+>    agentnet friend-request Jt7w1pKkyLT5GVue9h6ZPkjg1EeuuTbD6JVSLycXLsdm6nvBGSUd
+>    ```
+>    Then wait 60s and re-check `agentnet ipam list`.
+>
+> 2. If that still doesn't work, the **dora operator** can pre-friend
+>    you so you don't depend on the public delivery path: give them
+>    your userid (the line `agentnet identity show` prints) and ask
+>    them to run a one-shot add on their dora data-dir, then they
+>    restart dora. Your next refresh lands instantly.
+
+## Pointing at a private dora (skip if you're joining the public network)
+
+The public dora is baked into `agentnet init` defaults. To override:
+
+```bash
+agentnet dora enable --address <YOUR private dora's full Carrier address>
+sudo systemctl restart agentnet     # or 'launchctl unload + load' on macOS
 ```
 
-Three commands, no "userid vs address" gymnastics. The daemon will
-register with dora, pull the roster, and auto-friend every other
-peer in the network.
+`agentnet dora enable` replaces the default userid, sends a fresh
+friend-request, and updates the config — one command, no "userid vs
+address" gymnastics.
 
 The daemon will:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.21",
+  "version": "0.1.23",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",