@decentnetwork/lan 0.1.44 → 0.1.46

package/dist/acl/audit.d.ts

@@ -8,7 +8,13 @@ export declare class AuditLog {
     private logger;
     private buffer;
     private bufferLimit;
-    constructor(filePath: string);
+    private maxBytes;
+    private keepFiles;
+    private curBytes;
+    constructor(filePath: string, opts?: {
+        maxBytes?: number;
+        keepFiles?: number;
+    });
     /**
      * Log an access attempt (allowed or denied)
      */
@@ -67,4 +73,11 @@ export declare class AuditLog {
      */
     readSince(timestamp: number): AuditEntry[];
     private write;
+    /**
+     * Size-based rotation: audit.log -> audit.log.1 -> ... -> audit.log.N,
+     * dropping the oldest. Bounds total on-disk audit data to
+     * maxBytes * (keepFiles + 1). Best-effort — a failure here must never
+     * break the daemon, so errors are logged and writing continues.
+     */
+    private rotate;
 }

package/dist/acl/audit.js

@@ -2,20 +2,40 @@
  * Audit logger for ACL decisions and connection events
  * Append-only JSONL file format
  */
-import { appendFileSync, readFileSync, mkdirSync, existsSync } from "fs";
+import { appendFileSync, readFileSync, mkdirSync, existsSync, statSync, renameSync, rmSync, } from "fs";
 import { dirname } from "path";
 import { Logger } from "../utils/logger.js";
+// Defaults chosen so a busy exit (proxy_open/proxy_close per CONNECT — can
+// be hundreds/sec for HLS video) can never fill the disk: at most
+// maxBytes * (keepFiles + 1) on disk (~200 MB by default), oldest dropped.
+const DEFAULT_MAX_BYTES = 50 * 1024 * 1024; // rotate when the live file passes 50 MB
+const DEFAULT_KEEP_FILES = 3; // audit.log.1 .. audit.log.3
 export class AuditLog {
     filePath;
     logger;
     buffer = [];
     bufferLimit = 100; // Keep last N entries in memory for fast reads
-    constructor(filePath) {
+    maxBytes;
+    keepFiles;
+    curBytes = 0; // running size of the live file (avoids stat() per write)
+    constructor(filePath, opts) {
         this.filePath = filePath;
         this.logger = new Logger({ prefix: "AuditLog" });
+        this.maxBytes = opts?.maxBytes ?? DEFAULT_MAX_BYTES;
+        this.keepFiles = opts?.keepFiles ?? DEFAULT_KEEP_FILES;
         // Ensure parent dir exists
         const dir = dirname(filePath);
         mkdirSync(dir, { recursive: true });
+        // Seed the byte counter from any existing file so a daemon that
+        // restarts onto an already-large log rotates promptly instead of
+        // letting it grow further.
+        try {
+            if (existsSync(this.filePath))
+                this.curBytes = statSync(this.filePath).size;
+        }
+        catch {
+            this.curBytes = 0;
+        }
     }
     /**
      * Log an access attempt (allowed or denied)
@@ -134,11 +154,48 @@ export class AuditLog {
             this.buffer = this.buffer.slice(-this.bufferLimit);
         }
         // Append to file (JSONL)
+        const line = JSON.stringify(entry) + "\n";
         try {
-            appendFileSync(this.filePath, JSON.stringify(entry) + "\n", "utf-8");
+            // Rotate BEFORE the write that would push us over the cap, so the
+            // live file never exceeds maxBytes by more than one line.
+            if (this.curBytes + Buffer.byteLength(line) > this.maxBytes) {
+                this.rotate();
+            }
+            appendFileSync(this.filePath, line, "utf-8");
+            this.curBytes += Buffer.byteLength(line);
         }
         catch (error) {
             this.logger.error(`Failed to write audit entry: ${error}`);
         }
     }
+    /**
+     * Size-based rotation: audit.log -> audit.log.1 -> ... -> audit.log.N,
+     * dropping the oldest. Bounds total on-disk audit data to
+     * maxBytes * (keepFiles + 1). Best-effort — a failure here must never
+     * break the daemon, so errors are logged and writing continues.
+     */
+    rotate() {
+        try {
+            // Drop the oldest, then shift each backup up by one.
+            const oldest = `${this.filePath}.${this.keepFiles}`;
+            if (existsSync(oldest))
+                rmSync(oldest, { force: true });
+            for (let i = this.keepFiles - 1; i >= 1; i--) {
+                const src = `${this.filePath}.${i}`;
+                if (existsSync(src))
+                    renameSync(src, `${this.filePath}.${i + 1}`);
+            }
+            if (existsSync(this.filePath))
+                renameSync(this.filePath, `${this.filePath}.1`);
+            this.curBytes = 0;
+            this.logger.info(`Rotated audit log (cap ${Math.round(this.maxBytes / 1048576)} MB, keep ${this.keepFiles})`);
+        }
+        catch (error) {
+            // Couldn't rotate (permissions, races). Don't let the file grow
+            // unbounded: reset the counter so we retry on the next write, but
+            // keep the daemon running.
+            this.logger.error(`Audit log rotation failed: ${error}`);
+            this.curBytes = 0;
+        }
+    }
 }

package/dist/cli/commands.d.ts

@@ -81,6 +81,34 @@ export declare function cmdFriendRequest(args: {
     configDir?: string;
     waitMs?: number;
 }): Promise<void>;
+/**
+ * Send friend requests to MANY addresses in a single Carrier session.
+ *
+ * The expensive parts of a standalone friend-request — start, joinNetwork,
+ * announceSelf, and the relay-delivery wait — are PER-SESSION, not
+ * per-recipient. Sending N requests by calling cmdFriendRequest N times
+ * pays them N times (~25s each). This opens the peer once, joins/announces
+ * once, fires all requests, waits once, and stops once — so friending 4
+ * doras costs about the same as friending 1 (~25s instead of ~100s).
+ *
+ * Used by `agentnet init` to friend all federated default doras. Returns
+ * per-address ok/error so the caller can report which landed. If the
+ * daemon is already running, each request is routed via IPC (no peer).
+ */
+export declare function cmdFriendRequestMany(args: {
+    targets: {
+        address: string;
+        label: string;
+    }[];
+    hello?: string;
+    configDir?: string;
+    waitMs?: number;
+}): Promise<{
+    label: string;
+    address: string;
+    ok: boolean;
+    error?: string;
+}[]>;
 /**
  * Accept a pending friend request.
  * Run while daemon is DOWN — opens a temporary peer, accepts, exits.

package/dist/cli/commands.js

@@ -139,21 +139,27 @@ export async function cmdInit(args) {
     // them gives redundancy: any one staying up is enough to get an IP.
     const configuredUserids = new Set(config.dora?.userids ?? []);
     const dorasToFriend = DEFAULT_DORAS.filter((d) => configuredUserids.has(d.userid));
-    for (const dora of dorasToFriend) {
-        console.log(`\nFriending ${dora.name} (${dora.userid.slice(0, 16)}...) so the daemon can join the shared network on first start.`);
+    if (dorasToFriend.length > 0) {
+        console.log(`\nFriending ${dorasToFriend.length} default dora${dorasToFriend.length > 1 ? "s" : ""} (${dorasToFriend
+            .map((d) => d.name)
+            .join(", ")}) in one Carrier session so the daemon can join the shared network on first start.`);
         try {
-            await cmdFriendRequest({
-                address: dora.address,
+            const results = await cmdFriendRequestMany({
+                targets: dorasToFriend.map((d) => ({ address: d.address, label: d.name })),
                 hello: `decentlan init (${nodeName})`,
                 waitMs: 8000,
                 configDir: dir,
             });
-            console.log(`  Friend-request dispatched. Auto-accept on the dora side will take it from here.`);
+            const failed = results.filter((r) => !r.ok);
+            for (const f of failed) {
+                console.warn(`  ${f.label} failed: ${f.error} — re-run later: agentnet dora enable --address ${f.address}`);
+            }
+            console.log(`  Friended ${results.length - failed.length}/${results.length} doras. Auto-accept on their side takes it from here (you only need one to get an IP).`);
         }
         catch (err) {
             const msg = err instanceof Error ? err.message : String(err);
-            console.warn(`  Friend-request to ${dora.name} failed: ${msg}`);
-            console.warn(`  Re-run later: agentnet dora enable --address ${dora.address}`);
+            console.warn(`  Friend-requests failed: ${msg}`);
+            console.warn(`  Re-run later with: agentnet up --real-tun (the daemon retries joining a dora on start).`);
         }
     }
     console.log(`\nNext: sudo agentnet service install   # or 'agentnet up --real-tun' to run in foreground`);
@@ -476,6 +482,78 @@ export async function cmdFriendRequest(args) {
     console.log(`pick it up on next start (and still auto-accept). Only run 'agentnet friend-accept --pubkey ${myPubkey}'`);
     console.log(`manually if their daemon is down AND they've disabled autoAccept.`);
 }
+/**
+ * Send friend requests to MANY addresses in a single Carrier session.
+ *
+ * The expensive parts of a standalone friend-request — start, joinNetwork,
+ * announceSelf, and the relay-delivery wait — are PER-SESSION, not
+ * per-recipient. Sending N requests by calling cmdFriendRequest N times
+ * pays them N times (~25s each). This opens the peer once, joins/announces
+ * once, fires all requests, waits once, and stops once — so friending 4
+ * doras costs about the same as friending 1 (~25s instead of ~100s).
+ *
+ * Used by `agentnet init` to friend all federated default doras. Returns
+ * per-address ok/error so the caller can report which landed. If the
+ * daemon is already running, each request is routed via IPC (no peer).
+ */
+export async function cmdFriendRequestMany(args) {
+    const dir = args.configDir || ConfigLoader.defaultConfigDir();
+    const config = await ConfigLoader.load(resolve(dir, "config.yaml"));
+    const results = [];
+    // Daemon up → route each via IPC (no second peer, no announce cost).
+    const livePid = daemonPid(config);
+    if (livePid !== null) {
+        console.log(`Daemon is running (pid ${livePid}); routing friend-requests via IPC...`);
+        for (const t of args.targets) {
+            const res = await ipcCall(config, { op: "friend-request", address: t.address, hello: args.hello });
+            results.push({ label: t.label, address: t.address, ok: res.ok, error: res.ok ? undefined : res.error });
+            console.log(res.ok ? `  ✓ ${t.label}` : `  ✗ ${t.label}: ${res.error}`);
+        }
+        return results;
+    }
+    // Daemon down → one standalone peer session for ALL requests.
+    const { Peer } = await import("@decentnetwork/peer");
+    const keyFile = resolve(config.carrier.dataDir, "keypair.json");
+    console.log(`Opening peer with identity at ${keyFile}...`);
+    const peer = await Peer.create({
+        keyFile,
+        compatibilityMode: "legacy",
+        bootstrapNodes: config.carrier.bootstrapNodes,
+        expressNodes: config.carrier.expressNodes,
+    });
+    await peer.start();
+    console.log(`My address: ${peer.address()}`);
+    console.log(`My pubkey: ${peer.pubkey()}`);
+    console.log(`Joining Carrier network...`);
+    const joinResult = await peer.joinNetwork();
+    console.log(`Joined via ${joinResult.respondingNode.host}:${joinResult.respondingNode.port}`);
+    console.log(`Announcing self (15s)...`);
+    await peer.announceSelf(15000).catch((err) => {
+        console.warn(`Self-announce failed: ${err.message}`);
+    });
+    // Fire all requests on the one announced session.
+    for (const t of args.targets) {
+        try {
+            console.log(`Sending friend request to ${t.label} (${t.address.slice(0, 16)}...)...`);
+            await peer.sendFriendRequest(t.address, args.hello || "Decent AgentNet friend request");
+            results.push({ label: t.label, address: t.address, ok: true });
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.warn(`  Failed to send to ${t.label}: ${msg}`);
+            results.push({ label: t.label, address: t.address, ok: false, error: msg });
+        }
+    }
+    // Single shared wait for relay delivery of all requests above.
+    const waitMs = args.waitMs ?? 8000;
+    console.log(`Waiting ${waitMs}ms for relay delivery...`);
+    await new Promise((r) => setTimeout(r, waitMs));
+    const myUserid = peer.userid();
+    await peer.stop();
+    console.log(`\nFriend requests sent. Recipients running with autoAccept (the default) have already`);
+    console.log(`accepted — they can confirm with 'agentnet diag' and look for userid ${myUserid}.`);
+    return results;
+}
 /**
  * Accept a pending friend request.
  * Run while daemon is DOWN — opens a temporary peer, accepts, exits.

package/dist/daemon/server.js

@@ -551,12 +551,19 @@ export class DaemonServer {
                             allowHosts: this.config.proxy.allowHosts ?? [],
                             allowConnectPorts: this.config.proxy.allowConnectPorts,
                             resolvePeerName: (srcIp) => this.ipam.resolveIp(srcIp)?.name,
-                            onTunnelOpen: ({ src, srcName, target }) => {
-                                this.auditLog.logProxyOpen({ srcIp: src, srcName, target });
-                            },
-                            onTunnelClose: ({ src, srcName, target, bytesTransferred }) => {
-                                this.auditLog.logProxyClose({ srcIp: src, srcName, target, bytesTransferred });
-                            },
+                            // Per-tunnel audit is opt-in: on a busy exit it floods the
+                            // log (the 13 GB audit.log bug). Off by default; ACL and
+                            // connect events are still always audited.
+                            onTunnelOpen: this.config.proxy.auditTunnels
+                                ? ({ src, srcName, target }) => {
+                                    this.auditLog.logProxyOpen({ srcIp: src, srcName, target });
+                                }
+                                : undefined,
+                            onTunnelClose: this.config.proxy.auditTunnels
+                                ? ({ src, srcName, target, bytesTransferred }) => {
+                                    this.auditLog.logProxyClose({ srcIp: src, srcName, target, bytesTransferred });
+                                }
+                                : undefined,
                         });
                         await this.connectProxy.start();
                         this.logger.info(`Proxy listening on ${tunIp}:${this.config.proxy.port}`);

package/dist/types.d.ts

@@ -129,6 +129,7 @@ export interface ProxyConfig {
     port: number;
     allowHosts?: string[];
     allowConnectPorts?: number[];
+    auditTunnels?: boolean;
 }
 export interface FriendsConfig {
     /** When true (default), the running daemon auto-accepts incoming

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.44",
+  "version": "0.1.46",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",