fix(access): verify subscription readiness with real user keys

When subscription access is requested with an explicit access_api_key, assign the subscription to the real target user, bind that user's API key to the subscription group, and probe readiness with the same key instead of falling back to a managed synthetic user. Update the runtime/reconcile flows, adapter tests, and source-of-truth docs so subscription_ready now reflects user-visible host access rather than managed-key-only closure success.
2026-06-01 09:55:11 +08:00
parent 702ae19a61
commit c588a95c7d
11 changed files with 260 additions and 24 deletions
--- a/internal/app/batch_runtime.go
+++ b/internal/app/batch_runtime.go
@@ -216,6 +216,29 @@ func (r batchImportRuntimeRunner) resolveValidationAPIKey(ctx context.Context, i
 		if err != nil {
 			return "", err
 		}
+		probeAPIKey := strings.TrimSpace(r.request.ProbeAPIKey)
+		if probeAPIKey != "" {
+			if _, err := r.hostClient.AssignSubscription(ctx, sub2api.AssignSubscriptionRequest{
+				UserID:       r.request.SubscriptionUsers[0],
+				GroupID:      groupID,
+				DurationDays: r.request.SubscriptionDays,
+			}); err != nil {
+				return "", err
+			}
+			accessRef, err := r.hostClient.EnsureSubscriptionAccess(ctx, sub2api.EnsureSubscriptionAccessRequest{
+				UserSelector: r.request.SubscriptionUsers[0],
+				GroupID:      groupID,
+				ProbeAPIKey:  probeAPIKey,
+			})
+			if err != nil {
+				return "", err
+			}
+			if strings.TrimSpace(accessRef.APIKey) == "" {
+				return probeAPIKey, nil
+			}
+			return strings.TrimSpace(accessRef.APIKey), nil
+		}
+
 		accessRef, err := r.hostClient.EnsureSubscriptionAccess(ctx, sub2api.EnsureSubscriptionAccessRequest{
 			UserSelector: r.request.SubscriptionUsers[0],
 			GroupID:      groupID,