3 changed files with 15 additions and 0 deletions
--- a/decnet/web/router/swarm_mgmt/api_enroll_bundle.py
+++ b/decnet/web/router/swarm_mgmt/api_enroll_bundle.py
@@ -66,6 +66,11 @@ _EXCLUDES: tuple[str, ...] = (
    "decnet-state.json",
    "master.log", "master.json",
    "decnet.tar",
+    # Dev-host env/config leaks — these bake the master's absolute paths into
+    # the agent and point log handlers at directories that don't exist on the
+    # worker VM.
+    ".env", ".env.*", "**/.env", "**/.env.*",
+    "decnet.ini", "**/decnet.ini",
 )


--- a/decnet/web/templates/enroll_bootstrap.sh.j2
+++ b/decnet/web/templates/enroll_bootstrap.sh.j2
@@ -28,6 +28,9 @@ python3 -m venv .venv
 install -Dm0644 etc/decnet/decnet.ini /etc/decnet/decnet.ini
 [[ -f services.ini ]] && install -Dm0644 services.ini /etc/decnet/services.ini

+# Log directory the baked-in INI points at — must exist before `decnet` imports config.
+install -d -m0755 /var/log/decnet
+
 REAL_USER="${SUDO_USER:-root}"
 REAL_HOME="$(getent passwd "$REAL_USER" | cut -d: -f6)"
 for f in ca.crt worker.crt worker.key; do
@@ -35,6 +38,9 @@ for f in ca.crt worker.crt worker.key; do
    "home/.decnet/agent/$f" "$REAL_HOME/.decnet/agent/$f"
 done

+# Guarantee the pip-installed entrypoint is executable (some setuptools+editable
+# combos drop it with mode 0644) and expose it on PATH.
+chmod 0755 "$INSTALL_DIR/.venv/bin/decnet"
 ln -sf "$INSTALL_DIR/.venv/bin/decnet" /usr/local/bin/decnet
 sudo -u "$REAL_USER" /usr/local/bin/decnet agent --daemon
 echo "[DECNET] agent {{ agent_name }} enrolled -> {{ master_host }}. Forwarder auto-spawned."
--- a/tests/api/swarm_mgmt/test_enroll_bundle.py
+++ b/tests/api/swarm_mgmt/test_enroll_bundle.py
@@ -159,6 +159,10 @@ async def test_get_tgz_contents(client, auth_token, tmp_path):
        assert "__pycache__" not in bad
        assert not bad.endswith(".pyc")
        assert "node_modules" not in bad
+        # Dev-host env leaks would bake absolute master paths into the agent.
+        assert not bad.endswith(".env"), f"leaked env file: {bad}"
+        assert ".env.local" not in bad, f"leaked env file: {bad}"
+        assert ".env.example" not in bad, f"leaked env file: {bad}"

    # INI content is correct
    ini = tf.extractfile("etc/decnet/decnet.ini").read().decode()