@decentnetwork/lan 0.1.47 → 0.1.49

package/dist/cli/commands.d.ts

@@ -214,6 +214,25 @@ export declare function cmdProxyUse(args: {
     peer: string;
     configDir?: string;
 }): Promise<void>;
+/**
+ * Run the multi-exit client router: a local HTTPS (CONNECT) proxy that
+ * load-balances / fails over across several exit nodes, sending only China
+ * traffic through them and everything else direct. This is the client-side
+ * counterpart to `agentnet proxy enable` (which is the per-exit server).
+ *
+ * Exits come from --exit (repeatable, "host[:port]" or "name=host[:port]").
+ * If none are given we auto-discover them from the daemon's live IPAM (every
+ * known peer becomes a candidate exit on its proxy port; health checks drop
+ * the ones that aren't actually serving a proxy).
+ */
+export declare function cmdProxyRouter(args: {
+    exit?: string[];
+    port?: number;
+    listen?: string;
+    mode?: string;
+    all?: boolean;
+    configDir?: string;
+}): Promise<void>;
 /**
  * Parse duration string like "1h", "24h", "30m"
  */

package/dist/cli/commands.js

@@ -11,6 +11,7 @@ import { Ipam } from "../ipam/ipam.js";
 import { Policy } from "../acl/policy.js";
 import { AclEngine } from "../acl/acl-engine.js";
 import { AuditLog } from "../acl/audit.js";
+import { startMultiExitRouter } from "../proxy/multi-exit-router.js";
 /**
  * Refuse to open a second Carrier peer with this identity if the
  * daemon is already running with the same keypair. Two peers sharing
@@ -995,6 +996,59 @@ export async function cmdProxyUse(args) {
     console.log(`#   agentnet proxy enable`);
     console.log(`#   agentnet grant --peer <your-userid> --tcp ${port}`);
 }
+/**
+ * Run the multi-exit client router: a local HTTPS (CONNECT) proxy that
+ * load-balances / fails over across several exit nodes, sending only China
+ * traffic through them and everything else direct. This is the client-side
+ * counterpart to `agentnet proxy enable` (which is the per-exit server).
+ *
+ * Exits come from --exit (repeatable, "host[:port]" or "name=host[:port]").
+ * If none are given we auto-discover them from the daemon's live IPAM (every
+ * known peer becomes a candidate exit on its proxy port; health checks drop
+ * the ones that aren't actually serving a proxy).
+ */
+export async function cmdProxyRouter(args) {
+    const dir = args.configDir || ConfigLoader.defaultConfigDir();
+    const config = await ConfigLoader.load(resolve(dir, "config.yaml"));
+    const defaultExitPort = config.proxy?.port ?? 8888;
+    const parseExit = (spec) => {
+        let name;
+        let rest = spec;
+        const eq = spec.indexOf("=");
+        if (eq !== -1) {
+            name = spec.slice(0, eq);
+            rest = spec.slice(eq + 1);
+        }
+        const [host, portStr] = rest.split(":");
+        return { name: name || host, host, port: Number(portStr) || defaultExitPort };
+    };
+    let exits = (args.exit ?? []).map(parseExit);
+    if (exits.length === 0) {
+        // Auto-discover from the daemon's live IPAM.
+        const { peers, source } = await fetchLiveIpam(config);
+        exits = peers
+            .filter((p) => p.virtualIp)
+            .map((p) => ({ name: p.name || p.virtualIp, host: p.virtualIp, port: defaultExitPort }));
+        if (exits.length === 0) {
+            console.error(`No exits given and none discovered from IPAM (${source}).`);
+            console.error(`Pass exits explicitly, e.g.:`);
+            console.error(`  agentnet proxy router --exit 10.86.1.15 --exit 10.86.1.16 --exit 10.86.1.17`);
+            process.exit(1);
+        }
+        console.log(`Auto-discovered ${exits.length} exit(s) from IPAM (${source}): ${exits.map((e) => e.name).join(", ")}`);
+        console.log(`(health checks will drop any that aren't actually running a proxy)\n`);
+    }
+    const mode = args.mode === "failover" ? "failover" : "loadbalance";
+    startMultiExitRouter({
+        exits,
+        listenHost: args.listen ?? "127.0.0.1",
+        listenPort: args.port ?? 8889,
+        mode,
+        routeAll: args.all ?? false,
+    });
+    // Keep the process alive; the router runs until Ctrl-C / signal.
+    await new Promise(() => { });
+}
 /**
  * Parse duration string like "1h", "24h", "30m"
  */

package/dist/cli/index.js

@@ -10,7 +10,7 @@ import { hideBin } from "yargs/helpers";
 // Belt-and-braces — also raise it here in case the CLI is run directly
 // (e.g. `node dist/cli/index.js` rather than via dist/index.js).
 EventEmitter.defaultMaxListeners = 100;
-import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDoraAutofriend, cmdDiag, cmdDnsInstall, cmdDnsHosts, cmdServiceInstall, cmdRestart, cmdServiceStatus, } from "./commands.js";
+import { cmdInit, cmdIdentityShow, cmdPeersList, cmdIpamAssign, cmdGrant, cmdRevoke, cmdResolve, cmdStatus, cmdUp, cmdAuditLog, cmdFriendRequest, cmdFriendAccept, cmdFriendsList, cmdFriendsPending, cmdFriendsAccept, cmdFriendsReject, cmdProxyEnable, cmdProxyDisable, cmdProxyStatus, cmdProxyAllowHost, cmdProxyRevokeHost, cmdProxyListHosts, cmdProxyUse, cmdProxyRouter, cmdDoraEnable, cmdDoraDisable, cmdDoraStatus, cmdDoraAutofriend, cmdDiag, cmdDnsInstall, cmdDnsHosts, cmdServiceInstall, cmdRestart, cmdServiceStatus, } from "./commands.js";
 async function main() {
     await yargs(hideBin(process.argv))
         .scriptName("agentnet")
@@ -258,6 +258,26 @@ async function main() {
         .option("peer", { type: "string", demandOption: true, describe: "Peer name or carrier ID" })
         .option("config-dir", { type: "string" }), async (argv) => {
         await cmdProxyUse({ peer: argv.peer, configDir: argv["config-dir"] });
+    })
+        .command("router", "Run a local multi-exit HTTPS proxy: load-balance/failover across exits, China-split tunnel", (yy) => yy
+        .option("exit", {
+        type: "string",
+        array: true,
+        describe: "Exit as 'host[:port]' or 'name=host[:port]' (repeatable). Default: auto-discover from IPAM",
+    })
+        .option("port", { type: "number", default: 8889, describe: "Local listen port" })
+        .option("listen", { type: "string", default: "127.0.0.1", describe: "Listen host (use 0.0.0.0 to reach from Windows → WSL)" })
+        .option("mode", { choices: ["loadbalance", "failover"], default: "loadbalance" })
+        .option("all", { type: "boolean", default: false, describe: "Route ALL hosts through exits (default: China-only split tunnel)" })
+        .option("config-dir", { type: "string" }), async (argv) => {
+        await cmdProxyRouter({
+            exit: argv.exit,
+            port: argv.port,
+            listen: argv.listen,
+            mode: argv.mode,
+            all: argv.all,
+            configDir: argv["config-dir"],
+        });
     })
         .demandCommand(1, "Specify a proxy subcommand (run 'agentnet proxy --help')"), () => {
         // parent handler — never invoked because demandCommand above

package/dist/proxy/multi-exit-router.d.ts

@@ -0,0 +1,20 @@
+export interface ExitTarget {
+    name: string;
+    host: string;
+    port: number;
+}
+export interface MultiExitRouterOptions {
+    exits: ExitTarget[];
+    listenHost?: string;
+    listenPort?: number;
+    mode?: "loadbalance" | "failover";
+    routeAll?: boolean;
+    log?: (msg: string) => void;
+}
+/**
+ * Start the multi-exit router. Returns a stop() that closes the listener.
+ * Runs until stopped (the CLI command keeps the process alive).
+ */
+export declare function startMultiExitRouter(opts: MultiExitRouterOptions): {
+    stop: () => void;
+};

package/dist/proxy/multi-exit-router.js

@@ -0,0 +1,225 @@
+//
+// Multi-exit client router — load-balance + failover across several exit
+// proxy nodes, with a China/rest split tunnel. This is the CLIENT-side
+// counterpart to the per-node CONNECT proxy (`agentnet proxy enable`):
+// you run ONE of these on your machine abroad and point your browser at it,
+// and it spreads HTTPS (CONNECT) traffic across all your China exits.
+//
+// Exposed as `agentnet proxy router` so released users get it without
+// cloning the repo (it used to live in scripts/failover-proxy.mjs).
+//
+import http from "node:http";
+import net from "node:net";
+// Split tunnel: ONLY these hosts go through the exits; everything else
+// (Google, US sites, etc.) connects DIRECT. Critical because China-blocked
+// sites FAIL through a China exit, and US sites are faster direct anyway.
+const CHINA_HOSTS = [
+    ".cn",
+    ".cctv.com", ".cctvpic.com", ".cntv.cn", ".cctv.cn",
+    ".bilibili.com", ".biliapi.net", ".bilivideo.com", ".bilivideo.cn", ".hdslb.com",
+    ".youku.com", ".iqiyi.com", ".iq.com", ".mgtv.com", ".hitv.com",
+    ".miguvideo.com", ".cmvideo.cn", ".migu.cn",
+    ".qq.com", ".qcloud.com", ".myqcloud.com", ".qlivecdn.com", ".qpic.cn",
+    ".volcfcdn.com", ".volccdn.com", ".byteimg.com", ".bytedance.com",
+    ".weibo.com", ".weibocdn.com", ".sinaimg.cn", ".youku.cn",
+];
+function isChinaHost(host) {
+    host = (host || "").toLowerCase();
+    return CHINA_HOSTS.some((s) => host === s.slice(1) || host.endsWith(s));
+}
+const HEALTH_INTERVAL_MS = 1000;
+const HEALTH_TIMEOUT_MS = 1500;
+const DOWN_AFTER_FAILS = 2;
+const CONNECT_TIMEOUT_MS = 8000;
+/**
+ * Start the multi-exit router. Returns a stop() that closes the listener.
+ * Runs until stopped (the CLI command keeps the process alive).
+ */
+export function startMultiExitRouter(opts) {
+    const listenHost = opts.listenHost ?? "127.0.0.1";
+    const listenPort = opts.listenPort ?? 8889;
+    const mode = opts.mode === "failover" ? "failover" : "loadbalance";
+    const routeAll = opts.routeAll ?? false;
+    const ts = () => new Date().toTimeString().slice(0, 8);
+    const log = opts.log ?? ((s) => console.log(`${ts()} ${s}`));
+    const exits = opts.exits.map((e) => ({
+        ...e,
+        healthy: false,
+        fails: 0,
+        oks: 0,
+        active: 0,
+        served: 0,
+        lastRtt: null,
+    }));
+    let directActive = 0;
+    let directTotal = 0;
+    let lastPool = null;
+    let stopped = false;
+    // ---- health checks --------------------------------------------------------
+    function probe(exit) {
+        return new Promise((resolve) => {
+            const t0 = Date.now();
+            const s = net.connect(exit.port, exit.host);
+            const timer = setTimeout(() => { s.destroy(); resolve(false); }, HEALTH_TIMEOUT_MS);
+            s.once("connect", () => { clearTimeout(timer); s.destroy(); exit.lastRtt = Date.now() - t0; resolve(true); });
+            s.once("error", () => { clearTimeout(timer); resolve(false); });
+        });
+    }
+    function printPool() {
+        const healthy = exits.filter((e) => e.healthy).map((e) => `${e.name}(${e.lastRtt}ms)`).join(", ") || "NONE";
+        if (healthy !== lastPool) {
+            log(`pool [${mode}]: ${healthy}`);
+            lastPool = healthy;
+        }
+    }
+    async function healthLoop() {
+        while (!stopped) {
+            for (const exit of exits) {
+                const ok = await probe(exit);
+                if (ok) {
+                    exit.oks++;
+                    exit.fails = 0;
+                    if (!exit.healthy) {
+                        exit.healthy = true;
+                        log(`✓ ${exit.name} UP (${exit.lastRtt}ms)`);
+                        printPool();
+                    }
+                }
+                else {
+                    exit.fails++;
+                    exit.oks = 0;
+                    if (exit.healthy && exit.fails >= DOWN_AFTER_FAILS) {
+                        exit.healthy = false;
+                        log(`✗ ${exit.name} DOWN`);
+                        printPool();
+                    }
+                }
+            }
+            await new Promise((r) => setTimeout(r, HEALTH_INTERVAL_MS));
+        }
+    }
+    // ---- exit selection -------------------------------------------------------
+    function pickOrder() {
+        const healthy = exits.filter((e) => e.healthy);
+        if (healthy.length === 0)
+            return [];
+        if (mode === "failover")
+            return healthy; // priority order (input order)
+        return [...healthy].sort((a, b) => a.active - b.active || a.served - b.served);
+    }
+    // ---- CONNECT through an exit ----------------------------------------------
+    function forward(exit, target, client, head, onFail) {
+        const up = net.connect(exit.port, exit.host);
+        let established = false;
+        const fail = (why) => { if (!established) {
+            up.destroy();
+            onFail(why);
+        }
+        else {
+            client.destroy();
+        } };
+        up.once("connect", () => up.write(`CONNECT ${target} HTTP/1.1\r\nHost: ${target}\r\n\r\n`));
+        up.setTimeout(CONNECT_TIMEOUT_MS, () => fail("timeout"));
+        let buf = Buffer.alloc(0);
+        const onData = (d) => {
+            buf = Buffer.concat([buf, d]);
+            const idx = buf.indexOf("\r\n\r\n");
+            if (idx === -1)
+                return;
+            const status = buf.slice(0, buf.indexOf("\r\n")).toString();
+            up.removeListener("data", onData);
+            if (status.includes(" 200 ")) {
+                established = true;
+                exit.active++;
+                exit.served++;
+                up.setTimeout(0);
+                client.write("HTTP/1.1 200 Connection Established\r\n\r\n");
+                if (head && head.length)
+                    up.write(head);
+                const rest = buf.slice(idx + 4);
+                if (rest.length)
+                    client.write(rest);
+                client.pipe(up);
+                up.pipe(client);
+                const done = () => { exit.active = Math.max(0, exit.active - 1); };
+                up.once("close", done);
+                client.once("close", () => up.destroy());
+                client.on("error", () => up.destroy());
+                up.on("error", () => client.destroy());
+            }
+            else {
+                fail(`upstream ${status}`);
+            }
+        };
+        up.on("data", onData);
+        up.on("error", () => fail("conn error"));
+    }
+    // Direct connection from THIS machine — for non-China hosts so Google etc.
+    // aren't black-holed through a China exit.
+    function directConnect(target, client, head) {
+        const [host, portStr] = target.split(":");
+        const up = net.connect(Number(portStr) || 443, host);
+        up.setTimeout(CONNECT_TIMEOUT_MS, () => up.destroy());
+        up.once("connect", () => {
+            up.setTimeout(0);
+            directActive++;
+            directTotal++;
+            client.write("HTTP/1.1 200 Connection Established\r\n\r\n");
+            if (head && head.length)
+                up.write(head);
+            client.pipe(up);
+            up.pipe(client);
+            const done = () => { directActive = Math.max(0, directActive - 1); };
+            up.once("close", done);
+            client.once("close", () => up.destroy());
+        });
+        client.on("error", () => up.destroy());
+        up.on("error", () => client.destroy());
+    }
+    const server = http.createServer((_req, res) => { res.writeHead(405); res.end("CONNECT only\n"); });
+    server.on("connect", (req, client, head) => {
+        const target = req.url || "";
+        const host = (target.split(":")[0] || "").toLowerCase();
+        client.on("error", () => { });
+        if (!routeAll && !isChinaHost(host)) {
+            directConnect(target, client, head);
+            return;
+        }
+        const order = pickOrder();
+        if (order.length === 0) {
+            client.end("HTTP/1.1 503 No healthy exit\r\n\r\n");
+            return;
+        }
+        let i = 0;
+        const tryNext = (why) => {
+            if (why)
+                log(`  ${target}: ${order[i - 1]?.name} failed (${why}), retrying`);
+            if (i >= order.length) {
+                client.end("HTTP/1.1 502 All exits failed\r\n\r\n");
+                return;
+            }
+            forward(order[i++], target, client, head, tryNext);
+        };
+        tryNext();
+    });
+    server.listen(listenPort, listenHost, () => {
+        log(`Multi-exit router [${mode}] on http://${listenHost}:${listenPort}`);
+        log(`Exits: ${exits.map((e) => `${e.name}@${e.host}:${e.port}`).join(", ")}`);
+        log(routeAll
+            ? `Routing: ALL hosts through the exits (--all)`
+            : `Routing: China hosts → exits, everything else → DIRECT (so Google/US sites work)`);
+        log(`Point your browser's HTTPS proxy at ${listenHost}:${listenPort}`);
+        void healthLoop();
+    });
+    if (mode === "loadbalance") {
+        const reporter = setInterval(() => {
+            const parts = exits.filter((e) => e.healthy).map((e) => `${e.name}: ${e.active} active / ${e.served} total`);
+            parts.push(`direct: ${directActive} active / ${directTotal} total`);
+            log(`load — ${parts.join("  |  ")}`);
+        }, 15000);
+        server.on("close", () => clearInterval(reporter));
+    }
+    return {
+        stop: () => { stopped = true; server.close(); },
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.47",
+  "version": "0.1.49",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",
@@ -74,7 +74,7 @@
     "prepublishOnly": "rm -rf dist && npm run build && npm run typecheck && npm run build:helpers:all"
   },
   "dependencies": {
-    "@decentnetwork/dora": "^0.1.0",
+    "@decentnetwork/dora": "^0.1.6",
     "@decentnetwork/peer": "^0.1.20",
     "js-yaml": "^4.1.0",
     "yargs": "^17.7.2"