config-service/scripts/register_agent.py

#!/usr/bin/env python3
"""Register an agent token in the config service KV.

Usage: python3 register_agent.py <agent_id> <role> [token]

If token is omitted, a random one is generated.
Outputs the KV entry to add via wrangler CLI.
"""

import hashlib
import json
import secrets
import sys


def main():
    if len(sys.argv) < 3:
        print(f"Usage: {sys.argv[0]} <agent_id> <role> [token]")
        print("  role: agent or admin")
        sys.exit(1)

    agent_id = sys.argv[1]
    role = sys.argv[2]
    token = sys.argv[3] if len(sys.argv) > 3 else secrets.token_urlsafe(32)

    if role not in ("agent", "admin"):
        print("Role must be 'agent' or 'admin'", file=sys.stderr)
        sys.exit(1)

    token_hash = hashlib.sha256(token.encode()).hexdigest()
    entry = json.dumps({"agent_id": agent_id, "role": role})

    print(f"Agent ID:    {agent_id}")
    print(f"Role:        {role}")
    print(f"Token:       {token}")
    print(f"Token hash:  {token_hash}")
    print()
    print("Add to KV:")
    print(f'  wrangler kv key put --binding CONFIG_KV "auth:{token_hash}" \'{entry}\'')


if __name__ == "__main__":
    main()