#!/usr/bin/env python3 """Build-time: blank any Gemini API key baked into the Sanad config so the P1 image ships KEYLESS — the customer adds their own via the dashboard. Idempotent and best-effort (never fails the build).""" import json BASE = "/app/Sanad" for rel, section in (("config/core_config.json", "gemini_defaults"), ("data/motions/config.json", "gemini")): path = "%s/%s" % (BASE, rel) try: with open(path) as f: d = json.load(f) except Exception: continue sec = d.get(section) if isinstance(sec, dict) and sec.get("api_key"): sec["api_key"] = "" try: with open(path, "w") as f: json.dump(d, f, ensure_ascii=False, indent=2) print("strip_key: blanked %s.api_key in %s" % (section, rel)) except Exception as exc: print("strip_key: could not write %s: %s" % (rel, exc))