fix(register): align live sentinel flow with successful HAR

docs/superpowers/specs/2026-04-07-register-sentinel-design.md

@@ -0,0 +1,36 @@
+# Register Sentinel Live Generation Design
+
+## Goal
+Replace the expired static `nodatadog.js` sentinel fallback in the register flow with live sentinel generation based on the current `/backend-api/sentinel/req -> turnstile.dx -> VM` flow.
+
+## Scope
+- Only the `register` flow is in scope.
+- `checkout` may benefit indirectly because it reuses registration, but payment flow changes are out of scope.
+- `codex-login` is explicitly out of scope.
+
+## Design
+1. Add a Python `SentinelSolver` that:
+   - fetches the current sentinel SDK bootstrap to discover the active sentinel version;
+   - asks a local Node runner to generate the current `p` proof token using the live `getConfig()` / proof-of-work logic;
+   - calls `https://sentinel.openai.com/backend-api/sentinel/req` with `{p,id,flow}`;
+   - asks the Node runner to execute `turnstile.dx` and returns the raw encoded VM output;
+   - builds the final sentinel header as JSON with `p`, `t`, `c`, `id`, and `flow`.
+2. Add a Node runtime that contains:
+   - a readable VM executor for `turnstile.dx`;
+   - a small browser-like environment shim;
+   - the current proof generation logic derived from the active SDK.
+3. Wire `ChatGPTRegisterHTTPReverse.register()` to generate live sentinel tokens for:
+   - `username_password_create`
+   - `oauth_create_account`
+4. Remove the old static-capture fallback from the register path.
+
+## Failure Policy
+If any live sentinel step fails (SDK version fetch, Node runtime, req response parse, VM execution, or final token assembly), registration stops immediately with a descriptive error.
+
+## Files
+- New: `src/sentinel_solver.py`
+- New: `src/sentinel_vm.js`
+- New: `src/sentinel_runner.js`
+- Modify: `src/chatgpt_register_http_reverse.py`
+- Modify: `pyproject.toml`
+- New tests under `tests/`