@decentnetwork/lan 0.1.7 → 0.1.9

package/dist/config/loader.js

@@ -108,11 +108,13 @@ export class ConfigLoader {
                 enabled: false,
                 userids: [],
                 refreshIntervalMs: 60_000,
-                // Default: do NOT auto-friend roster peers. Dora is a naming
-                // / IP service, not a trust statement. Operators opt in with
-                // `agentnet dora autofriend all` (closed labs) or
-                // `agentnet dora autofriend allow <name|userid>` (whitelist).
-                autoFriend: "none",
+                // Default: auto-friend every peer in the dora roster. Dora
+                // membership IS the trust statement — joining a dora means
+                // "I want to be on this network", and a single-tenant lab is
+                // the common case. Operators on a multi-tenant / public
+                // dora opt out with `agentnet dora autofriend none` or
+                // whitelist via `agentnet dora autofriend allow <peer>...`.
+                autoFriend: "all",
             },
         };
     }

package/dist/daemon/server.js

@@ -191,6 +191,48 @@ export class DaemonServer {
                     ipam: this.ipam,
                     nodeName: this.config.node.name,
                     preferredIp: this.config.network.ip,
+                    // Fires when dora's background retry eventually succeeds
+                    // AFTER the initial bootstrap already returned the fallback
+                    // IP. At that point the TUN is up on the fallback (e.g.
+                    // 10.86.1.10) but our record in dora's roster says we're
+                    // at 10.86.1.15 — other peers route to .15, our kernel
+                    // doesn't recognize it as local, packets drop. Rebuild
+                    // the TUN at the new IP so traffic actually reaches us.
+                    onAllocatedIpChanged: async (newIp) => {
+                        if (!this.tunDevice || !this.routeManager)
+                            return;
+                        const currentIp = this.tunDevice.getConfig().ip;
+                        if (currentIp === newIp)
+                            return;
+                        this.logger.info(`Reconfiguring TUN: dora-allocated IP changed ${currentIp} -> ${newIp}`);
+                        const ifname = this.tunDevice.getInterface();
+                        try {
+                            await this.routeManager.cleanup(ifname, this.config.network.subnet, currentIp);
+                            await this.tunDevice.close();
+                            this.tunDevice = new TunDevice({
+                                config: {
+                                    name: this.config.network.interface,
+                                    ip: newIp,
+                                    subnet: this.config.network.subnet,
+                                },
+                                mockMode: this.useMockTun,
+                            });
+                            await this.tunDevice.open();
+                            if (!this.useMockTun) {
+                                await this.routeManager.configureTun({
+                                    ...this.tunDevice.getConfig(),
+                                    name: this.tunDevice.getInterface(),
+                                });
+                            }
+                            // Re-attach the packet-router's TUN listener — the
+                            // listener was bound to the old TunDevice instance.
+                            this.packetRouter?.swapTunDevice(this.tunDevice);
+                            this.logger.info(`TUN now at ${newIp}`);
+                        }
+                        catch (err) {
+                            this.logger.error(`Failed to reconfigure TUN to ${newIp}: ${err instanceof Error ? err.message : err}`);
+                        }
+                    },
                 });
                 const doraIp = await this.doraIntegration.bootstrap();
                 if (doraIp && doraIp !== tunIp) {

package/dist/dora/dora-integration.d.ts

@@ -23,6 +23,15 @@ export interface DoraIntegrationOptions {
     /** Preferred virtual IP from local config — sent as `requestedIp` so a
      *  restart keeps the same address when possible. */
     preferredIp?: string;
+    /**
+     * Fires when dora register completes AFTER the initial bootstrap
+     * already returned (i.e. the retry path). At that moment the TUN
+     * is already configured at the fallback IP, but our actual record
+     * in dora's roster has a different IP. The daemon needs to
+     * reconfigure the TUN, or the peer is reachable at neither IP
+     * (TUN listens on fallback, peers' IPAM says our allocated IP).
+     */
+    onAllocatedIpChanged?: (newIp: string) => Promise<void> | void;
 }
 export declare class DoraIntegration {
     private opts;

package/dist/dora/dora-integration.js

@@ -194,10 +194,24 @@ export class DoraIntegration {
             this.logger.debug("Retrying dora bootstrap…");
             // Don't await — let it run async and clear the timer if it
             // succeeds, otherwise leave the timer running.
-            void this.bootstrap().then(() => {
+            void this.bootstrap().then(async () => {
                 if (this.registered && this.retryBootstrapTimer) {
                     clearInterval(this.retryBootstrapTimer);
                     this.retryBootstrapTimer = undefined;
+                    // Notify the daemon so it can reconfigure the TUN — the
+                    // TUN is already up at the fallback IP at this point, but
+                    // dora gave us a different IP and our record in the roster
+                    // reflects that. Without rebuild, other peers route to our
+                    // dora IP and our kernel drops the packet because the TUN
+                    // listens on the fallback.
+                    if (this.allocatedIp && this.opts.onAllocatedIpChanged) {
+                        try {
+                            await this.opts.onAllocatedIpChanged(this.allocatedIp);
+                        }
+                        catch (err) {
+                            this.logger.warn(`onAllocatedIpChanged callback failed: ${err instanceof Error ? err.message : err}`);
+                        }
+                    }
                 }
             });
         };
@@ -318,14 +332,16 @@ export class DoraIntegration {
             this.friendRequested.add(entry.userid);
             return;
         }
-        // Policy gate. Dora is a name service, not a trust statement.
-        // Default ("none") means we DON'T auto-friend roster peers —
-        // an operator on a multi-tenant dora isn't asking to be
-        // mutually-friended with everyone else just because they share
-        // a name service. "all" reproduces the old behavior (closed
-        // labs). Otherwise the policy is a whitelist of names or
-        // userids; only matches are friended.
-        const policy = this.opts.config.autoFriend ?? "none";
+        // Policy gate. The undefined default is "all" because a peer
+        // that just joined a dora explicitly said "I want to be on
+        // this network" — that's the trust statement. Without "all"
+        // as the legacy-config default, new peers can never join an
+        // existing mesh: their roster fills up but everyone else's
+        // legacy configs (lacking autoFriend) silently refuse to
+        // friend them back. Operators on a public / multi-tenant dora
+        // can opt out with `agentnet dora autofriend none` or supply
+        // a whitelist via `agentnet dora autofriend allow <peer>...`.
+        const policy = this.opts.config.autoFriend ?? "all";
         if (!this.policyAllows(entry, policy)) {
             // Mark as "seen" so we don't re-evaluate the policy every
             // 60s for entries we deliberately skip — but DON'T mark as

package/dist/router/packet-router.d.ts

@@ -30,6 +30,16 @@ export declare class PacketRouter extends EventEmitter {
     constructor(opts: PacketRouterOptions);
     start(): Promise<void>;
     stop(): Promise<void>;
+    /**
+     * Swap the active TUN device. Used when dora's background retry
+     * succeeds with a different IP than the daemon's initial fallback
+     * — the daemon tears down the old TUN, brings up a fresh one at
+     * the new IP, and calls this to re-wire the packet read loop +
+     * the packet event handler.
+     *
+     * Caller is responsible for opening the new TUN before calling.
+     */
+    swapTunDevice(newDevice: TunDevice): Promise<void>;
     /**
      * Periodically send a 1-byte ping through each connected packet session
      * so the Carrier crypto session doesn't idle out. The receiver's IpParser

package/dist/router/packet-router.js

@@ -83,6 +83,38 @@ export class PacketRouter extends EventEmitter {
         this.sessionManager.closeAll();
         this.logger.info("Packet router stopped");
     }
+    /**
+     * Swap the active TUN device. Used when dora's background retry
+     * succeeds with a different IP than the daemon's initial fallback
+     * — the daemon tears down the old TUN, brings up a fresh one at
+     * the new IP, and calls this to re-wire the packet read loop +
+     * the packet event handler.
+     *
+     * Caller is responsible for opening the new TUN before calling.
+     */
+    async swapTunDevice(newDevice) {
+        if (this.tunDevice === newDevice)
+            return;
+        this.logger.info("Swapping TUN device");
+        // Old device is already torn down by the caller (or about to be).
+        this.tunDevice = newDevice;
+        if (!this.isRunning)
+            return;
+        this.tunDevice.on("packet", (packet) => {
+            this.handleOutgoingPacket(packet).catch((err) => {
+                const msg = err instanceof Error ? err.message : String(err);
+                if (msg.includes("offline") ||
+                    msg.includes("no transport") ||
+                    msg.includes("Handshake timeout")) {
+                    this.logger.debug(`Outgoing packet dropped: ${msg}`);
+                }
+                else {
+                    this.logger.error("Outgoing packet error:", err);
+                }
+            });
+        });
+        await this.tunDevice.startReadLoop();
+    }
     /**
      * Periodically send a 1-byte ping through each connected packet session
      * so the Carrier crypto session doesn't idle out. The receiver's IpParser

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decentnetwork/lan",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "Private virtual LAN for self-hosted services and AI agents, built on Elastos Carrier. NAT-traversal, name service, ACL, all over a peer-to-peer mesh — no public IP required.",
   "type": "module",
   "main": "./dist/index.js",