Register Sentinel Live Generation Design

Goal

Replace the expired static nodatadog.js sentinel fallback in the register flow with live sentinel generation based on the current /backend-api/sentinel/req -> turnstile.dx -> VM flow.

Scope

Only the register flow is in scope.
checkout may benefit indirectly because it reuses registration, but payment flow changes are out of scope.
codex-login is explicitly out of scope.

Design

Add a Python SentinelSolver that:
- fetches the current sentinel SDK bootstrap to discover the active sentinel version;
- asks a local Node runner to generate the current p proof token using the live getConfig() / proof-of-work logic;
- calls https://sentinel.openai.com/backend-api/sentinel/req with {p,id,flow};
- asks the Node runner to execute turnstile.dx and returns the raw encoded VM output;
- builds the final sentinel header as JSON with p, t, c, id, and flow.
Add a Node runtime that contains:
- a readable VM executor for turnstile.dx;
- a small browser-like environment shim;
- the current proof generation logic derived from the active SDK.
Wire ChatGPTRegisterHTTPReverse.register() to generate live sentinel tokens for:
- username_password_create
- oauth_create_account
Remove the old static-capture fallback from the register path.

Failure Policy

If any live sentinel step fails (SDK version fetch, Node runtime, req response parse, VM execution, or final token assembly), registration stops immediately with a descriptive error.

Files

New: src/sentinel_solver.py
New: src/sentinel_vm.js
New: src/sentinel_runner.js
Modify: src/chatgpt_register_http_reverse.py
Modify: pyproject.toml
New tests under tests/

1.7 KiB Raw Blame History