DECNET

anti/DECNET

Fork 0

Commit Graph

Author	SHA1	Message	Date
anti	9b1299458d	fix(env): resolve DECNET_JWT_SECRET lazily so agent/updater subcommands don't need it The module-level _require_env('DECNET_JWT_SECRET') call blocked `decnet agent` and `decnet updater` from starting on workers that legitimately have no business knowing the master's JWT signing key. Move the resolution into a module `__getattr__`: only consumers that actually read `decnet.env.DECNET_JWT_SECRET` trigger the validation, which in practice means only decnet.web.auth (master-side). Adds tests/test_env_lazy_jwt.py covering both the in-process lazy path and an out-of-process `decnet agent --help` subprocess check with a fully sanitized environment.	2026-04-19 02:43:25 -04:00

Author

SHA1

Message

Date

anti

9b1299458d

fix(env): resolve DECNET_JWT_SECRET lazily so agent/updater subcommands don't need it

The module-level _require_env('DECNET_JWT_SECRET') call blocked
`decnet agent` and `decnet updater` from starting on workers that
legitimately have no business knowing the master's JWT signing key.

Move the resolution into a module `__getattr__`: only consumers that
actually read `decnet.env.DECNET_JWT_SECRET` trigger the validation,
which in practice means only decnet.web.auth (master-side).

Adds tests/test_env_lazy_jwt.py covering both the in-process lazy path
and an out-of-process `decnet agent --help` subprocess check with a
fully sanitized environment.

2026-04-19 02:43:25 -04:00

1 Commits