@decentnetwork/lan 0.1.3 → 0.1.4

package/dist/cli/commands.d.ts

@@ -254,3 +254,14 @@ export declare function cmdDoraDisable(args: {
 export declare function cmdDoraStatus(args: {
     configDir?: string;
 }): Promise<void>;
+/**
+ * Set the dora auto-friend policy. Three modes:
+ *   - 'none' (default): never auto-friend roster peers
+ *   - 'all':           friend every roster entry that carries an address
+ *   - 'allow <id-or-name>...' / 'remove <id-or-name>...': whitelist
+ */
+export declare function cmdDoraAutofriend(args: {
+    mode: "none" | "all" | "allow" | "remove" | "list";
+    values?: string[];
+    configDir?: string;
+}): Promise<void>;

package/dist/cli/commands.js

@@ -1045,6 +1045,65 @@ export async function cmdDoraStatus(args) {
     }
     const refresh = dora.refreshIntervalMs ?? 60_000;
     console.log(`  refresh:       every ${Math.round(refresh / 1000)}s`);
+    const af = dora.autoFriend ?? "none";
+    if (af === "none" || af === "all") {
+        console.log(`  auto-friend:   ${af}`);
+    }
+    else {
+        console.log(`  auto-friend:   whitelist [${af.length}]: ${af.join(", ")}`);
+    }
     console.log("");
     console.log("Note: live state (allocated IP, last refresh) requires querying a running daemon — not yet wired.");
 }
+/**
+ * Set the dora auto-friend policy. Three modes:
+ *   - 'none' (default): never auto-friend roster peers
+ *   - 'all':           friend every roster entry that carries an address
+ *   - 'allow <id-or-name>...' / 'remove <id-or-name>...': whitelist
+ */
+export async function cmdDoraAutofriend(args) {
+    const dir = args.configDir || ConfigLoader.defaultConfigDir();
+    const configPath = resolve(dir, "config.yaml");
+    const config = await ConfigLoader.load(configPath);
+    const dora = config.dora ?? { enabled: false, userids: [], refreshIntervalMs: 60_000 };
+    const current = dora.autoFriend ?? "none";
+    if (args.mode === "list") {
+        if (current === "none" || current === "all") {
+            console.log(`auto-friend: ${current}`);
+        }
+        else {
+            console.log(`auto-friend: whitelist (${current.length})`);
+            for (const t of current)
+                console.log(`  - ${t}`);
+        }
+        return;
+    }
+    let next;
+    if (args.mode === "none" || args.mode === "all") {
+        next = args.mode;
+    }
+    else if (args.mode === "allow") {
+        const list = Array.isArray(current) ? new Set(current) : new Set();
+        for (const v of args.values ?? [])
+            list.add(v);
+        next = [...list];
+    }
+    else if (args.mode === "remove") {
+        const list = Array.isArray(current) ? new Set(current) : new Set();
+        for (const v of args.values ?? [])
+            list.delete(v);
+        next = list.size === 0 ? "none" : [...list];
+    }
+    else {
+        throw new Error(`unknown autofriend mode: ${args.mode}`);
+    }
+    config.dora = { ...dora, autoFriend: next };
+    await ConfigLoader.save(config, configPath);
+    if (next === "none" || next === "all") {
+        console.log(`auto-friend set to '${next}'.`);
+    }
+    else {
+        console.log(`auto-friend whitelist now (${next.length}): ${next.join(", ")}`);
+    }
+    console.log(`Takes effect on the next roster refresh (~60s) or daemon restart.`);
+}

package/dist/cli/index.js

@@ -10,7 +10,7 @@ import { hideBin } from "yargs/helpers";
 // Belt-and-braces — also raise it here in case the CLI is run directly
 // (e.g. `node dist/cli/index.js` rather than via dist/index.js).
 EventEmitter.defaultMaxListeners = 100;
-import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDiag, cmdDnsInstall, cmdDnsHosts, } from "./commands.js";
+import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDoraAutofriend, cmdDiag, cmdDnsInstall, cmdDnsHosts, } from "./commands.js";
 async function main() {
     await yargs(hideBin(process.argv))
         .scriptName("agentnet")
@@ -204,6 +204,25 @@ async function main() {
     })
         .command("status", "Show dora configuration", (yy) => yy.option("config-dir", { type: "string" }), async (argv) => {
         await cmdDoraStatus({ configDir: argv["config-dir"] });
+    })
+        .command("autofriend <mode> [values..]", "Auto-friend policy: 'none' (default), 'all', 'allow <name|userid>...', 'remove <name|userid>...', or 'list'", (yy) => yy
+        .positional("mode", {
+        type: "string",
+        demandOption: true,
+        choices: ["none", "all", "allow", "remove", "list"],
+        describe: "Policy mode",
+    })
+        .positional("values", {
+        type: "string",
+        array: true,
+        describe: "For 'allow'/'remove': one or more names or userids",
+    })
+        .option("config-dir", { type: "string" }), async (argv) => {
+        await cmdDoraAutofriend({
+            mode: argv.mode,
+            values: argv.values,
+            configDir: argv["config-dir"],
+        });
     })
         .demandCommand(1, "Specify a dora subcommand (run 'agentnet dora --help')"), () => {
         // parent handler — never invoked because demandCommand above

package/dist/config/loader.js

@@ -108,6 +108,11 @@ export class ConfigLoader {
                 enabled: false,
                 userids: [],
                 refreshIntervalMs: 60_000,
+                // Default: do NOT auto-friend roster peers. Dora is a naming
+                // / IP service, not a trust statement. Operators opt in with
+                // `agentnet dora autofriend all` (closed labs) or
+                // `agentnet dora autofriend allow <name|userid>` (whitelist).
+                autoFriend: "none",
             },
         };
     }

package/dist/dora/dora-integration.d.ts

@@ -87,4 +87,10 @@ export declare class DoraIntegration {
      * re-register the peer or fall back to a manual friend-request.
      */
     private maybeFriend;
+    /**
+     * Decide whether a roster entry is allowed by the autoFriend
+     * policy. Names match case-insensitively against the entry's
+     * `name`; userids match exact base58.
+     */
+    private policyAllows;
 }

package/dist/dora/dora-integration.js

@@ -304,6 +304,22 @@ export class DoraIntegration {
             this.friendRequested.add(entry.userid);
             return;
         }
+        // Policy gate. Dora is a name service, not a trust statement.
+        // Default ("none") means we DON'T auto-friend roster peers —
+        // an operator on a multi-tenant dora isn't asking to be
+        // mutually-friended with everyone else just because they share
+        // a name service. "all" reproduces the old behavior (closed
+        // labs). Otherwise the policy is a whitelist of names or
+        // userids; only matches are friended.
+        const policy = this.opts.config.autoFriend ?? "none";
+        if (!this.policyAllows(entry, policy)) {
+            // Mark as "seen" so we don't re-evaluate the policy every
+            // 60s for entries we deliberately skip — but DON'T mark as
+            // "friendRequested" since the operator may flip the policy
+            // later and we should pick them up on next refresh after a
+            // daemon restart.
+            return;
+        }
         if (!entry.address) {
             this.logger.warn(`Roster entry ${entry.name} (${entry.userid.slice(0, 12)}...) has no address — can't auto-friend. ` +
                 `Have them re-register against a newer dora server, or run 'agentnet friend-request' manually.`);
@@ -322,4 +338,25 @@ export class DoraIntegration {
             this.friendRequested.delete(entry.userid);
         });
     }
+    /**
+     * Decide whether a roster entry is allowed by the autoFriend
+     * policy. Names match case-insensitively against the entry's
+     * `name`; userids match exact base58.
+     */
+    policyAllows(entry, policy) {
+        if (policy === "all")
+            return true;
+        if (policy === "none")
+            return false;
+        if (!Array.isArray(policy) || policy.length === 0)
+            return false;
+        const nameLower = entry.name.toLowerCase();
+        for (const token of policy) {
+            if (token === entry.userid)
+                return true;
+            if (token.toLowerCase() === nameLower)
+                return true;
+        }
+        return false;
+    }
 }

package/dist/types.d.ts

@@ -142,6 +142,25 @@ export interface DoraConfig {
     userids?: string[];
     /** How often to re-fetch the full roster from dora. Default 60_000ms. */
     refreshIntervalMs?: number;
+    /**
+     * Policy for auto-friending peers found in the dora roster. Dora is
+     * a NAMING and IP-ALLOCATION service — it does NOT imply trust.
+     * On a large dora (many tenants, customer machines, etc.) you do
+     * NOT want to auto-friend everyone.
+     *
+     * - `"none"` (default): never auto-friend roster peers. The operator
+     *    initiates friend-requests explicitly with `agentnet
+     *    friend-request --address <addr>`. The dora server itself is
+     *    always friended out-of-band when you run `agentnet dora enable
+     *    --address`.
+     * - `"all"`: friend every roster entry that carries an address.
+     *    Useful for a closed lab of trusted peers; **dangerous on a
+     *    shared / public dora.**
+     * - `string[]`: whitelist by peer NAME (matches `name` in the roster
+     *    record) or by userid (base58). Matching entries are auto-
+     *    friended on every refresh; everything else is left alone.
+     */
+    autoFriend?: "none" | "all" | string[];
 }
 export interface DecentAgentNetConfig {
     node: NodeConfig;

package/docs/CONFIGURATION.md

@@ -112,7 +112,27 @@ ACL-gated; see `agentnet proxy --help`.
 - **`userids`** — list of dora servers to try, in order. First
   responder wins.
 - **`refreshIntervalMs`** — how often to re-pull the roster from
-  dora (default 60s). Drives auto-friend discovery of new peers.
+  dora (default 60s).
+- **`autoFriend`** — policy for friending peers found in the dora
+  roster. Dora is a name service, NOT a trust statement; on a
+  multi-tenant dora you do not want the daemon to silently friend
+  every other peer.
+  - `"none"` (default) — never auto-friend roster peers; only the
+    dora server itself is friended (you do that explicitly with
+    `agentnet dora enable --address`).
+  - `"all"` — friend every roster entry that carries an address.
+    Reasonable for closed labs of mutually-trusted peers.
+  - `string[]` — whitelist by peer name OR userid. Only matching
+    entries get auto-friended.
+
+  CLI:
+  ```
+  agentnet dora autofriend none                                 # default
+  agentnet dora autofriend all                                  # closed lab
+  agentnet dora autofriend allow mac-dev snoopy peerX-userid    # whitelist
+  agentnet dora autofriend remove snoopy
+  agentnet dora autofriend list
+  ```
 
 ## `policy.yaml` reference
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",