diff --git a/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts b/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts index b8bd55fc..86b615e9 100644 --- a/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts +++ b/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts @@ -31,6 +31,7 @@ export function remotePythonScript(mode: "sync" | "validate" | "trace" | "cleanu set -u python3 - <<'PY' import base64 +import hashlib import json import re import secrets @@ -1022,6 +1023,16 @@ def safe_kube_json(args, label): return None, {"label": label, "exitCode": proc.returncode, "error": str(exc), "stdoutTail": text(proc.stdout, 1000)} def sentinel_runtime_status(): + if not TARGET_SENTINEL_ENABLED: + return { + "ok": True, + "action": "skipped-target-disabled", + "desired": { + "monitorEnabled": SENTINEL_CONFIG.get("monitor", {}).get("enabled"), + "actionsEnabled": SENTINEL_CONFIG.get("actions", {}).get("enabled"), + }, + "valuesPrinted": False, + } cfg = SENTINEL_CONFIG cronjob_name = cfg.get("cronJobName") secret_name = cfg.get("credentialsSecretName") @@ -2349,6 +2360,9 @@ def api_key_preview(api_key): return "***" return api_key[:10] + "..." + api_key[-4:] +def secret_fingerprint(value): + return "sha256:" + hashlib.sha256(value.encode("utf-8")).hexdigest()[:16] + def run_sync(): global MANUAL_ACCOUNT_PROTECTIONS payload = json.loads(base64.b64decode(PAYLOAD_B64).decode("utf-8")) @@ -2427,7 +2441,7 @@ def run_sync(): "sub2apiId": api_key_result["id"], "groupId": api_key_result["groupId"], "userId": api_key_result["userId"], - "keyPreview": api_key_preview(api_key), + "apiKeyFingerprint": secret_fingerprint(api_key), "valuesPrinted": False, }, "ownerBalance": owner_balance, @@ -2473,7 +2487,7 @@ def run_validate(): "sub2apiId": key_item.get("id") if isinstance(key_item, dict) else None, "userId": key_item.get("user_id") if isinstance(key_item, dict) else None, "groupId": key_item.get("group_id") if isinstance(key_item, dict) else None, - "keyPreview": api_key_preview(api_key), + "apiKeyFingerprint": secret_fingerprint(api_key), "valuesPrinted": False, }, "ownerBalance": owner_balance,