import hmac
import hashlib
from orchestrator.config import SECRET_KEY

def sign_payload(payload: str) -> str:
    """Signs a string payload using HMAC-SHA256."""
    return hmac.new(SECRET_KEY.encode(), payload.encode(), hashlib.sha256).hexdigest()

def sign_browser_action(action_type: str, url: str, session_id: str) -> str:
    """Signs a browser action based on its key identify fields."""
    sign_base = f"{action_type}:{url}:{session_id}"
    return sign_payload(sign_base)

def verify_signature(payload: str, signature: str) -> bool:
    """Verifies a signature against a payload using HMAC-SHA256."""
    expected = sign_payload(payload)
    return hmac.compare_digest(signature, expected)