From 021ba436f75138d7d4c6227b4c92f81e701e2e98 Mon Sep 17 00:00:00 2001
From: Nicole Rappe <nicole.rappe@bunny-lab.io>
Date: Sun, 26 Oct 2025 03:20:57 -0600
Subject: [PATCH] Auto-provision Engine TLS assets when launching

---
 Data/Engine/bootstrapper.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/Data/Engine/bootstrapper.py b/Data/Engine/bootstrapper.py
index e24caa8..400a1df 100644
--- a/Data/Engine/bootstrapper.py
+++ b/Data/Engine/bootstrapper.py
@@ -29,9 +29,37 @@ def _build_runtime_config() -> Dict[str, Any]:
     }
 
 
+def _ensure_tls_material(context: EngineContext) -> None:
+    """Ensure TLS certificate material exists, updating the context if created."""
+
+    try:  # Lazy import so Engine still starts if legacy modules are unavailable.
+        from Modules.crypto import certificates  # type: ignore
+    except Exception:
+        return
+
+    try:
+        cert_path, key_path, bundle_path = certificates.ensure_certificate()
+    except Exception as exc:
+        context.logger.error("Failed to auto-provision Engine TLS certificates: %s", exc)
+        return
+
+    cert_path_str = str(cert_path)
+    key_path_str = str(key_path)
+    bundle_path_str = str(bundle_path)
+
+    if not context.tls_cert_path or not Path(context.tls_cert_path).is_file():
+        context.tls_cert_path = cert_path_str
+    if not context.tls_key_path or not Path(context.tls_key_path).is_file():
+        context.tls_key_path = key_path_str
+    if not context.tls_bundle_path or not Path(context.tls_bundle_path).is_file():
+        context.tls_bundle_path = bundle_path_str
+
+
 def _prepare_tls_run_kwargs(context: EngineContext) -> Dict[str, Any]:
     """Validate and return TLS arguments for the Socket.IO runner."""
 
+    _ensure_tls_material(context)
+
     run_kwargs: Dict[str, Any] = {}
 
     key_path_value = context.tls_key_path