# Register Sentinel Live Generation Design

## Goal
Replace the expired static `nodatadog.js` sentinel fallback in the register flow with live sentinel generation based on the current `/backend-api/sentinel/req -> turnstile.dx -> VM` flow.

## Scope
- Only the `register` flow is in scope.
- `checkout` may benefit indirectly because it reuses registration, but payment flow changes are out of scope.
- `codex-login` is explicitly out of scope.

## Design
1. Add a Python `SentinelSolver` that:
   - fetches the current sentinel SDK bootstrap to discover the active sentinel version;
   - asks a local Node runner to generate the current `p` proof token using the live `getConfig()` / proof-of-work logic;
   - calls `https://sentinel.openai.com/backend-api/sentinel/req` with `{p,id,flow}`;
   - asks the Node runner to execute `turnstile.dx` and returns the raw encoded VM output;
   - builds the final sentinel header as JSON with `p`, `t`, `c`, `id`, and `flow`.
2. Add a Node runtime that contains:
   - a readable VM executor for `turnstile.dx`;
   - a small browser-like environment shim;
   - the current proof generation logic derived from the active SDK.
3. Wire `ChatGPTRegisterHTTPReverse.register()` to generate live sentinel tokens for:
   - `username_password_create`
   - `oauth_create_account`
4. Remove the old static-capture fallback from the register path.

## Failure Policy
If any live sentinel step fails (SDK version fetch, Node runtime, req response parse, VM execution, or final token assembly), registration stops immediately with a descriptive error.

## Files
- New: `src/sentinel_solver.py`
- New: `src/sentinel_vm.js`
- New: `src/sentinel_runner.js`
- Modify: `src/chatgpt_register_http_reverse.py`
- Modify: `pyproject.toml`
- New tests under `tests/`