@decentnetwork/lan 0.1.22 → 0.1.24

package/dist/carrier/peer-manager.d.ts

@@ -2,6 +2,7 @@
  * Manages Carrier peer identity and connections
  * Wraps @decentnetwork/peer SDK
  */
+import { Peer } from "@decentnetwork/peer";
 import { EventEmitter } from "events";
 import { PacketSession } from "./packet-session.js";
 import type { PeerIdentity, RemotePeer } from "./types.js";
@@ -62,6 +63,16 @@ export declare class PeerManager extends EventEmitter {
     getHexPubkey(): string;
     getAddress(): string;
     getFriends(): RemotePeer[];
+    /**
+     * Snapshot of the underlying net_crypto session — UDP-direct vs
+     * TCP-relay vs not-yet-established. Surfaces what's behind a
+     * "friend.status === online" so an operator can see whether
+     * latency is going via a fast direct UDP path or via a TCP relay.
+     * Returns null if the SDK has no session record for the pubkey
+     * yet (i.e. handshake hasn't happened). See peer.ts for the
+     * Status shape.
+     */
+    getSessionStatus(pubkey: string): ReturnType<Peer["sessionStatus"]> | null;
     /**
      * Check if a specific friend is currently online (direct UDP path established).
      * Returns false for unknown pubkeys.

package/dist/carrier/peer-manager.js

@@ -183,6 +183,20 @@ export class PeerManager extends EventEmitter {
             };
         });
     }
+    /**
+     * Snapshot of the underlying net_crypto session — UDP-direct vs
+     * TCP-relay vs not-yet-established. Surfaces what's behind a
+     * "friend.status === online" so an operator can see whether
+     * latency is going via a fast direct UDP path or via a TCP relay.
+     * Returns null if the SDK has no session record for the pubkey
+     * yet (i.e. handshake hasn't happened). See peer.ts for the
+     * Status shape.
+     */
+    getSessionStatus(pubkey) {
+        if (!this.peer)
+            return null;
+        return this.peer.sessionStatus(pubkey);
+    }
     /**
      * Check if a specific friend is currently online (direct UDP path established).
      * Returns false for unknown pubkeys.

package/dist/cli/commands.js

@@ -1282,7 +1282,32 @@ export async function cmdDoraAutofriend(args) {
  * the writes fail with EACCES.
  */
 export async function cmdServiceInstall(args) {
-    const dir = args.configDir || ConfigLoader.defaultConfigDir();
+    // Detect sudo's $HOME=/root trap. When `service install` is run via
+    // sudo and no --config-dir is provided, derive the home dir from
+    // SUDO_USER instead of os.homedir() — otherwise the unit's
+    // ExecStart points at /root/.agentnet which is empty and the daemon
+    // immediately crash-loops. Falls back to defaultConfigDir() when
+    // SUDO_USER isn't set (non-sudo invocation).
+    let dir;
+    if (args.configDir) {
+        dir = args.configDir;
+    }
+    else if (process.env.SUDO_USER && process.env.SUDO_USER !== "root") {
+        const { execSync } = await import("child_process");
+        try {
+            const sudoHome = execSync(`getent passwd ${process.env.SUDO_USER} | cut -d: -f6`, { encoding: "utf-8" }).trim();
+            dir = sudoHome
+                ? `${sudoHome}/.agentnet`
+                : ConfigLoader.defaultConfigDir();
+            console.log(`[service install] sudo detected — using ${dir} (override with --config-dir)`);
+        }
+        catch {
+            dir = ConfigLoader.defaultConfigDir();
+        }
+    }
+    else {
+        dir = ConfigLoader.defaultConfigDir();
+    }
     const { spawnSync, execSync } = await import("child_process");
     if (process.platform === "linux") {
         const unitPath = "/etc/systemd/system/agentnet.service";

package/dist/daemon/server.js

@@ -202,6 +202,13 @@ export class DaemonServer {
                             status: f.status,
                             address: f.address,
                             acceptedAt: f.acceptedAt,
+                            // Transport state of the underlying net_crypto session.
+                            // Surface this so operators can tell "online via direct UDP
+                            // (~80ms RTT)" from "online via TCP relay (~500ms+ RTT)" —
+                            // the difference matters a lot and `status: online` hides it.
+                            // Null when no session record exists yet (handshake hasn't
+                            // happened).
+                            session: this.peerManager?.getSessionStatus(f.pubkey) ?? null,
                         })),
                         ipam: ipamPeers,
                     };

package/dist/dora/dora-integration.d.ts

@@ -61,6 +61,20 @@ export declare class DoraIntegration {
      * us, and auto-IP allocation is lost. bootstrap() re-derives its
      * own myUserid so we don't need to thread it through.
      */
+    /**
+     * Re-send the friend-request to each configured dora userid that's
+     * still in "requested" state. The public express relay can drop
+     * friend-requests transiently (HTTP 500s observed in the wild) AND
+     * DHT onion discovery can miss freshly-restarted dora announces;
+     * either path failing strands a daemon with `status: requested`
+     * forever. The Carrier SDK doesn't retry the friend-request on
+     * its own, so we kick it again here whenever bootstrap retry runs.
+     *
+     * We read the address back from peer.friends() — `sendFriendRequest`
+     * stored it in the friend record when the original (failed) request
+     * went out, so we don't need it threaded through config.
+     */
+    private resendStuckFriendRequests;
     private scheduleBootstrapRetry;
     /**
      * Wrap a single register call with up to 3 retries spaced 2s apart.

package/dist/dora/dora-integration.js

@@ -185,12 +185,48 @@ export class DoraIntegration {
      * us, and auto-IP allocation is lost. bootstrap() re-derives its
      * own myUserid so we don't need to thread it through.
      */
+    /**
+     * Re-send the friend-request to each configured dora userid that's
+     * still in "requested" state. The public express relay can drop
+     * friend-requests transiently (HTTP 500s observed in the wild) AND
+     * DHT onion discovery can miss freshly-restarted dora announces;
+     * either path failing strands a daemon with `status: requested`
+     * forever. The Carrier SDK doesn't retry the friend-request on
+     * its own, so we kick it again here whenever bootstrap retry runs.
+     *
+     * We read the address back from peer.friends() — `sendFriendRequest`
+     * stored it in the friend record when the original (failed) request
+     * went out, so we don't need it threaded through config.
+     */
+    resendStuckFriendRequests() {
+        const userids = this.opts.config.userids ?? [];
+        const peer = this.opts.peerManager;
+        const friends = peer.getFriends();
+        for (const id of userids) {
+            const f = friends.find((x) => x.userid === id || x.pubkey === id);
+            if (!f)
+                continue;
+            if (f.status !== "requested")
+                continue;
+            if (!f.address)
+                continue;
+            this.logger.info(`Re-sending friend-request to dora ${id.slice(0, 16)}... (status was 'requested')`);
+            peer
+                .sendFriendRequest(f.address, "decentlan: dora retry")
+                .catch((err) => {
+                this.logger.debug(`friend-request retry failed for ${id.slice(0, 16)}: ${err instanceof Error ? err.message : err}`);
+            });
+        }
+    }
     scheduleBootstrapRetry() {
         if (this.retryBootstrapTimer || this.registered)
             return;
         const tick = () => {
             if (this.registered)
                 return;
+            // Re-send the friend-request first — if it was lost to express
+            // 500s or DHT misses, this is what unblocks the retry.
+            this.resendStuckFriendRequests();
             this.logger.debug("Retrying dora bootstrap…");
             // Don't await — let it run async and clear the timer if it
             // succeeds, otherwise leave the timer running.

package/docs/INSTALL.md

@@ -35,25 +35,56 @@ specific TUN helper binaries (we ship `linux-amd64`, `linux-arm64`,
 agentnet --help
 ```
 
-## First-time setup
+## First-time setup — three commands
 
 ```bash
-# 1. Generate this machine's Carrier identity + default config
-agentnet init --name my-laptop
+sudo npm install -g @decentnetwork/lan
+agentnet init --name my-machine
+sudo agentnet service install --config-dir $HOME/.agentnet
+```
+
+That's it. `agentnet init` already points at the public dora and sends
+the one-time friend-request; `service install` writes a systemd unit
+(Linux) or LaunchDaemon (macOS) that runs the daemon as root with
+auto-restart and logs to `/var/log/agentnet.log`.
 
-# 2. Point at the dora name server. Pass the FULL ADDRESS (whoever
-#    runs dora publishes it). This one command friends dora,
-#    derives its userid, and writes the config — no separate
-#    friend-request step needed.
-agentnet dora enable --address <dora's Carrier address>
+Wait ~60–90s, then verify:
 
-# 3. Start the daemon (needs sudo for the TUN device)
-sudo $(which agentnet) up --real-tun
+```bash
+agentnet ipam list           # should show 6+ peers
+agentnet diag | grep tun     # your allocated 10.86.1.x
+```
+
+> ### If `ipam list` shows only yourself after 2 minutes
+> The friend-request to dora didn't land — usually because the public
+> express relay is having a bad day and Vultr/cloud DHT discovery
+> sometimes misses freshly-restarted dora announces. Two quick
+> recovery steps:
+>
+> 1. Re-send the friend-request directly through your live daemon:
+>    ```bash
+>    agentnet friend-request Jt7w1pKkyLT5GVue9h6ZPkjg1EeuuTbD6JVSLycXLsdm6nvBGSUd
+>    ```
+>    Then wait 60s and re-check `agentnet ipam list`.
+>
+> 2. If that still doesn't work, the **dora operator** can pre-friend
+>    you so you don't depend on the public delivery path: give them
+>    your userid (the line `agentnet identity show` prints) and ask
+>    them to run a one-shot add on their dora data-dir, then they
+>    restart dora. Your next refresh lands instantly.
+
+## Pointing at a private dora (skip if you're joining the public network)
+
+The public dora is baked into `agentnet init` defaults. To override:
+
+```bash
+agentnet dora enable --address <YOUR private dora's full Carrier address>
+sudo systemctl restart agentnet     # or 'launchctl unload + load' on macOS
 ```
 
-Three commands, no "userid vs address" gymnastics. The daemon will
-register with dora, pull the roster, and auto-friend every other
-peer in the network.
+`agentnet dora enable` replaces the default userid, sends a fresh
+friend-request, and updates the config — one command, no "userid vs
+address" gymnastics.
 
 The daemon will:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.22",
+  "version": "0.1.24",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",